Lync Complete Training Guide

· In the most basic setup, which only supports users and phones locally connected to the server, Lync needs two servers an Active Directory server plus a Lync Front End Server

· In order to support users and phones that aren't locally connected to the server (i.e. over the Internet), at least three servers are necessary: Active Directory, Front End Server and Access Edge Server

· Two most common PSTN/Telephone connection options are SIP Trunks and IP Gateway devices. These devices allow for Lync users to make and receive calls to regular phone numbers.

o SIP trunks allow for PSTN access by configuring Lync to pass all inbound and outbound phone calls over the internet without any telephony equipment. They usually take 7 to 14 days to be ordered/provisioned. There are many vendors listed on the Microsoft website.

o As an alternative to SIP trunks, IP Gateway devices allow for Lync calls to be connected through an on-premise piece of hardware. They generally have a network cable port and a phone cable port on them. The network cable leads to the Lync server network and the phone cable plugs in to an existing phone line

o SIP trunks are the most flexible option because they don't have a limit on the number of ports available, which IP Gateway devices have.

· Phone numbers are called DIDs

· Lync doesn't have voicemail on its own. Exchange Unified Messaging does, and the two are designed to work together.

· Microsoft Exchange Subscriber Access is a voicemail feature that allows Exchange/Lync users to check their voicemail messages

· Microsoft Exchange AutoAttendant is a feature that answers calls and allows callers to speak or type an extension that they would like to be connected to

· As of November 2011, Office 365 with Lync Online doesn't offer Enterprise Voice capabilities

[LYNC LESSONS LEARNED] YouTube

· In the Lync Topology Builder, use the internal FQDN referencing an internal IP for each server. Don't use external IPs or external FQDN

· Lync Front End can't coexist with Exchange or AD

· Lync Edge can't coexist with Exchange or AD

· Sharepoint 2010 and Exchange 2010 should not be installed on the same virtual guest server

· SSL Notes

o Godaddy SSL doesn't do trials or refunds but are low cost

o Comodo SSL works but does organization validation, which is more time consuming

o Comodo SSL does trials certs but not for UCC

o Verisign does UCC refunds but the upfront charge is much higher than Comodo and Godaddy

· Active Directory users that are in admin groups like "Domain Admins" cannot be added to Lync via the Control Panel and a cmdlet must be run (that cmdlet is in the video about adding users)

· The Lync Control Panel won't work locally because of IPV6 if you limit the IP so specify "Use all configured IP addresses" (that setting is specified in the install video)

· Requirements

o 4 Windows Licenses minimum (can be Windows Enterprise leveraging 4 virtual)

§ Active Directory (AD) machine

§ Exchange Server machine

§ Lync Front End

§ Lync Access Edge

o Internal DNS Server (can be on the AD machine)

o External DNS Server (can be on the AD machine if exposed to the Internet or hosted elsewhere)

· UCC certificate of Lync needs to have a common name of the federation SIP url in order for AOL federation to work

· To IM with AOL, use the screenname + @aol.com (even for AIM users). If an AIM user has a customer address like firstname.lastname@something.com they are reached in Lync via firstname.lastname(something.com)@aol.com

· At least 4 static IPs is necessary (Exchange, Lync Web, Lync SIP, Lync Intelepeer)

· Local certification authority is necessary.

· There is a Lync test website that checks all your settings at http://www.testocsconnectivity.com/

o The SRV record _sipinternaltls._tcp seems to cause the auto discovery to fail

· You can use NSLOOKUP via a command line to test SRV records

o nslookup -q=srv _sip._tls.macroconnect.co

· Reverse Proxy role can't be on Edge server because of IP and port conflicts. Reverse Proxy role can be skipped by creating router/firewall rules that direct Internet users to the front end server

· The Eventvwr in Windows is the best place to problem solve Lync. Go to Applications and Services Logs -> Lync Server

· The Lync Client log is at %USERPROFILE%\Tracing\Communicator-uccapi-0.uccapilog

· The Lync Phone Edition log gets sent to C:\Lync\1-WebServices-1\DeviceUpdateLogs\Client\CELog

· If you have trouble logging in to the Lync Client, close Lync and delete everything under %LOCALAPPDATA%\Microsoft\Communicator\ or %USERPROFILE%\Local Settings\Application Data\Microsoft\Communicator\

· Lync Location information can be auto populated via set-cslislocation information. HOWEVER, it only works with people that are located on the same LAN/WAN as a Lync server

· Powershell can be used to restart all Lync services via

o Get-Service | Where-Object { $_.DisplayName -match "^Lync Server*" } | Restart-Service

· Vista machines have trouble connecting using the Lync Client without a Local Policy change : Local Security Policy -> Local Policies -> Security Options -> Network Security: Minimum....RPC) clients -> Require 128

· Polycom CX500 is not easy to configure for external user access. The CX600 and CX700 are both very easy to configure for external access.

[PREPARING FOR AD, EXCHANGE, LYNC] YouTube

· Create d:\download

· Download or acquire media for Windows Server 2008 R2 Enterprise with SP1

· Download or acquire media for Exchange Server 2010 with SP1

· Download or acquire media for Lync Server 2010

· Download of acquire media for Lync 2010

· Configure Hyper-V

o Virtual Hard Disks : D:\Hyper-V\Virtual Hard Disks

o Virtual Machines : D:\Hyper-V\

o Virtual Network with one card dedicated to host server and one card dedicated to all the virtual servers with "Allow management operating system..." unchecked

o Automatic Start Action : Startup delay of 60, 600, 660, 720

o Automatic Stop Action : Set shutdown

· Install Windows 4 times for AD (VSERV1 2GB), Exchange (VSERV2 4GB), Lync Front End (VSERV3 4GB), Lync Edge (VSERV4 4GB)

o IP 10.0.1.201, 202, 203, 204

o Windows Updates (including Framework 4.0)

o UAC Off

o Firewall Off

o Internet Explorer ESC Off

o Set clock

o Set name of server in Windows

· Take a Hyper-V snapshot (if you want to be able to roll back)

· Sign up for Intelepeer SIP trunk (takes up to 14 days)

o Order at least 5 DIDs: Exchange AutoAttendant (6504256807), Exchange Subscriber Access(6504256808), Lync Conference Calling (6504256809), Lync Hunt Group (6504256810), shared number for all users (6504256811) or a DID for each user

o Ask them to drop +1 from the phone number on the trunk

o Ask them to enable NAT'ing

o Use the Cloud Central portal to create the request. Keep the default Trunk values except the following:

§ Make/Model: Lync 2010

§ Production Signaling IP: 173.162.52.172

§ Order Notes: I am using Lync 2010. I have a Sonicwall TZ100 running with 1 to 1 NATs. To make media work properly, please enable NAT'ing on your end. My internal IP is 10.0.1.203. I would like 5 test DIDs. Lastly, I would like the +1 to be dropped from inbound calls so that my Lync Dialing Plan can handle normalization.

· UCC certificate for Exchange (mail.macroconnect.co, autodiscover.macroconnect.co, etc)

· UCC certificate of Lync (access.macroconnect.co, lync.macroconnect.co, webservice.macroconnect.co, sip.macroconnect.co, lyncdiscover.macroconnect.co)

[CONFIGURING AD ON VSERV1] YouTube

· Server Manager -> Roles -> Add Role -> Active Directory Domain Services

· DCPROMO

o Create a new domain forest

o macroconnect.local

o Functional level = 2008 R2

o DNS Server

· Server Manager -> Roles -> Add Role -> Active Directory Certificate Services

o Certification Authority + Web Enrollment

o Enterprise

o Root

o New Private key

o Defaults for the rest of the options

[ADDING EXCHANGE UNIFIED MESSAGING ROLE TO VSERV2]

· Powershell from http://technet.microsoft.com/en-us/library/bb691354.aspx

o Import-Module ServerManager

o Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart

o Set-Service NetTcpPortSharing -StartupType Automatic

· Filter Pack 2010

o http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17062

· Unified Communications Managed API 2.0

o http://www.microsoft.com/download/en/details.aspx?id=4705

· Microsoft Speech Platform - Server Runtime (Version 10.1)

o http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24974

· Exchange Updates

· Add/Remove programs to modify Exchange to have the UM role

· Exchange Updates

· Buy 2 UCC certificates credits (one for Exchange and one for Lync)

· SSL

o EMC -> Server Configuration -> New Exchange Certificate

§ ExchangePrivate

§ UM -> Public certificate

§ Set VSERV2.MACROCONNECT.LOCAL as the common name

§ http://vserv1/certsrv -> Request certificate, Advanced, Submit a certificate request, Web server,

§ IE9 blocks the CER download so let it open (instead of save) and then "copy to file"

§ Assign UM to the new cert (which will usually fail)

§ EMC -> Server Configuration -> Unified Messaging -> Properties -> UM Settings -> TLS

§ Restart Microsoft Exchange Unified Messaging

§ Assign UM to the new cert

· SSL

o EMC -> Server Configuration -> New Exchange Certificate

§ ExchangePublic

§ OWA -> Check Internet and Intranet

§ Exchange ActiveSync -> defaults

§ Webservices -> mail.macroconnect.co

§ Webservices second area -> autodiscover.macroconnect.local,autodiscover.macroconnect.co

o Intermediate via mmc

o Complete Pending in EMC

o Assign IIS to the new cert

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 1] YouTube

· DNS to 10.0.1.201

· Join domain

o Server Manager -> Change System Properties : MACROCONNECT.LOCAL

· Powershell from http://technet.microsoft.com/en-us/library/bb691354.aspx

o Import-Module ServerManager

o Set-Service NetTcpPortSharing -StartupType Automatic

· Filter Pack 2010

o http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17062

· Unified Communications Managed API 2.0

o http://www.microsoft.com/download/en/details.aspx?id=4705

· Microsoft Speech Platform - Server Runtime (Version 10.1)

o http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24974

· KB downloads (not necessary if Windows 2008 R2 SP1)

o 979099

§ http://support.microsoft.com/kb/979099

o 979744

o http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=27109

o 983440

o https://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=29092

o 977020

o http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=27977

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 2] YouTube

· Enable Microsoft Updates

· Run Microsoft Updates to get any Exchange prereq updates

· Exchange

o Custom Install including checking Automatically Install roles and Features

o Mailbox, Client Access, Hub, UM

o Client Access mail.macroconnect.co

· Run Microsoft Updates to get any Exchange updates

· Reboot

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 3] YouTube

· Buy 2 UCC certificates credits (one for Exchange and one for Lync)

· SSL

o EMC -> Server Configuration -> New Exchange Certificate

§ ExchangePrivate

§ UM -> Public certificate

§ Set VSERV2.MACROCONNECT.LOCAL as the common name

§ http://vserv1/certsrv -> Request certificate, Advanced, Submit a certificate request, Web server,

§ IE9 blocks the CER download so let it open (instead of save) and then "copy to file"

§ Assign UM to the new cert (which will usually fail)

§ EMC -> Server Configuration -> Unified Messaging -> Properties -> UM Settings -> TLS

§ Restart Microsoft Exchange Unified Messaging

§ Assign UM to the new cert

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 4] YouTube

· SSL

o EMC -> Server Configuration -> New Exchange Certificate

§ ExchangePublic

§ OWA -> Check Internet and Intranet

§ Exchange ActiveSync -> defaults

§ Webservices -> mail.macroconnect.co

§ Webservices second area -> autodiscover.macroconnect.local,autodiscover.macroconnect.co

o Intermediate via mmc

o Complete Pending in EMC

o Assign IIS to the new cert

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 5] YouTube

· EMC -> Organization Configuration -> Hub Transport -> Global Settings -> Transport Settings -> postmaster@macroconnect.co

· EMC -> Organization Configuration -> Hub Transport -> Send Connector -> New Send Connector

o "Send Connector", Custom

o Address Space = *

o Accept defaults for everything else

· EMC -> Server Configuration -> Hub Transport -> Receive Connector -> Default VSERV2 -> Permission Groups = Check Anonymous

· EMC -> Organization Configuration -> Hub Transport -> Accepted Domains -> New Accepted Domain -> "macroconnect.co" + "macroconnect.co"

o Set macroconnect.co as the default accepted domain

· EMC -> Organization Configuration -> Hub Transport -> Email Address Policy

o Add new accepted domain and set it as the Set as Reply

· Restart Microsoft Exchange Transport

· https://10.0.1.202/owa

· Test outbound flow

· Configure DNS

o MX record as mail.macroconnect.co

o mail.macroconnect.co as 173.162.52.171

o autodiscover.macroconnect.co as 173.162.52.171

o v=spf1 mx -all

· Create two NAT rules to Any port via the wizard for 10.0.1.202/173.162.52.171

· https://mail.macroconnect.co/owa

· Test inbound flow

· EMC -> Server Configuration -> Client Access -> Enable Outlook Anywhere with mail.macroconnect.co

· Test SSL via GoDaddy Tools

· Delete temporary certificate files

· Reboot

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 6] YouTube

· EMC - Organization Configuration -> New Federated Trust -> Accept defaults of the wizard

· Exchange Management Shell -> get-federateddomainproof -domainname macroconnect.co > c:\temp.txt

· Copy c:\temp.txt "proof" line to DNS as TXT record

· EMC - Organization Configuration -> Manage Federation Wizard

o macroconnect.co

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 1] YouTube

· DNS to 10.0.1.201

· Disable IPv6

· Join domain

o Server Manager -> Change System Properties : MACROCONNECT.LOCAL

· Install roles and features

o Feature:3.5.1

o Feature:Remote Server Administration Tools

o Feature:Message Queuing

§ Message Queuing Server + Directory Service Integration

o Restart server

o Role:File Services

o Role:IIS (add Role Services)

§ Static Content

§ Default Document

§ Directory Browsing

§ HTTP Errors

§ ASP.Net

§ .NET Extensibility

§ ISAPI Extensions

§ ISAPI Filters

§ HTTP Logging

§ Logging Tools

§ Request Monitor

§ Tracing

§ Windows Authentication

§ Client Certificate Mapping

§ Request Filtering

§ Static Content Compression

§ IIS Management Console

§ IIS Management Scripts

· Silverlight

o http://www.microsoft.com/getsilverlight/get-started/install/default.aspx

· Unified Communications Managed API 3.0

o http://www.microsoft.com/download/en/confirmation.aspx?id=20958

· Install Deployment Manager via the .iso

o D:\Setup\amd64\setup.exe

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 2] YouTube

· Prepare Active Directory (three steps)

· Raise functional level (if necessary)

o Active Directory Domains and Trusts -> Right Click at the very top level and Raise Domain Functional Level

o Right click on the domain level and make sure it has been upgraded too

· Add Administrator to CSAdministrator and RTCUniversalServerAdmins

· Prepare first Standard Edition server (takes 10 minutes)

· Create file share named "LyncShare" to c:\LyncShare

· Setup DNS on SITE000VSERV005

o lync.macroconnect.co to 173.162.52.172

o webservice.macroconnect.co to 173.162.52.172

o access.macroconnect.co to 173.162.52.173

o lyncdiscover.macroconnect.co to webservice.macroconnect.co

o _sipinternaltls

§ _tcp, 5061, vserv3.macroconnect.local

o _sipfederationtls

§ _tcp, 5061, access.macroconnect.co

o _sip

§ _tls, 443, access.macroconnect.co

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 3] YouTube

· Install the Topology Builder

· Run Topology Builder / Import the published Planning Tool topology (including cleanup of errors)

o New Topology

o SIP = macroconnect.co

o Site name = FirstSite

o Front End FQDN = vserv3.macroconnect.local

o Standard Edition

o "Use all configured IP Addresses"

o Features = Conferencing, PSTN, Enterprise Voice

o Collocate Mediation Server

o Associate server roles -> Enable an Edge pool

o File share = "LyncShare"

o External Base Url = webservice.macroconnect.co

o PSTN Gateway = 68.68.120.62 / 5060 / TCP

o New Edge Pool vserv4.macroconnect.co / Single Computer

§ Single IP

§ Federation

§ NAT

o External FQDN access.macroconnet.co / 443, 4431, 4432

o 10.0.1.204 (primary IP on vserv4)

o 10.0.1.214 (secondary IP on vserv4)

o 173.162.52.173

§ The external IP matching the internal IP of the Access Edge server (access.macroconnect.co)

o Edit properties

§ Setup urls of https://lync.macroconnect.co/admin /meet /dialin

§ Setup vserv3.macroconnect.local as Central Management Server

o Publish Topology

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 4] YouTube

· Run "Install or Update Lync Server System"

o Install Local Configuration Store

o Setup or Remove Lync Server Components

§ If you get an error with WMF2008R2, %systemroot%\system32\dism.exe /online /add-package /packagepath:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum /ignorecheck

o Request, Install, or Assign certificates

§ Create a certificate from VSERV1 via:

· Request

· Online authority->Next

· VSERV1->Next

· Friendly Name of LyncPrivate

· Mark key as exportable

· Macro Connect / IT / US / Michigan / Detroit

· Check for Lync Server updates -> http://www.microsoft.com/download/en/details.aspx?id=11551

o LyncServerUpdateInstaller.exe to test for all updates (Always current)

o OR

o Use either Microsoft Update (Delay about 1 month usually)

· Run update cmdlet

· Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn vserv3.macroconnect.local -UseDefaultSqlPaths

· Start Services

· Get-Service | Where-Object { $_.DisplayName -match "^Lync Server*" } | Restart-Service

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 5] YouTube

· Enable users via LCP or CmdLet

· enable-csuser -identity administrator -sipaddresstype emailaddress -registrarpool vserv3.macroconnect.local

· set-csuser -identity administrator -enterprisevoiceenabled $true -lineuri "tel:+16504256811;ext=801"

· Test lync client

o administrator@macroconnect.co

o macroconnect\administrator

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 6] YouTube

· Create two NAT rules to Any port via the wizard for 10.0.1.203/173.162.52.172 and 10.0.1.214/173.162.52.173

· Intelepeer First Stage

o If not already configured from earlier step, Topology Builder -> Mediation Pool -> Added 68.68.120.62:5060 as a SIP Trunk

o Topology Builder -> Mediation Pool -> Set mediation TCP to 5060

o Control Panel -> Voice Routing -> Dial Plan

§ Region = "US"

§ Normalization (DirectToAutoAttendant)

· If using ;ext=xxx for phone numbers or if inbound calls should ring to the attendant

o This only works if Intelepeer drops "+1" from inbound calls (otherwise normalization rules don't run). Intelepeer refers to this as 10 digit format instead of e.164 format

· This can also be simulated via Route -> Suppress Callerid -> Alternate Callerid, but this option changes all outbound calls to have the same callerid

· ^6504256811$

· +16504256807

§ Normalization (PrefixAll)

· \+?[\s()\-\./]*1?[\s()\-\./]*$?\s*([2-9]\d\d)\s*$?[\s()\-\./]*(\d\d\d)[\s()\-\./]*(\d\d\d\d)[\s]*

· +1$1$2$3

· INSTEAD OF

· ^(\d{11})$

· +$1

§ Normalization (ConvertToExtension)

· ^(\d{3})$

· +16504256811;ext=$1

o Commit All

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 6B] YouTube

· Intelepeer First Stage

o Control Panel -> Voice Routing -> Voice Policy

§ Check CallPark

§ Select -> Associate all PSTN usages listed

o Control Panel -> Voice Routing -> Route -> PstnGateway:68.68.120.62

o Control Panel -> Voice Routing -> Route -> Associate all PSTN usages listed

o Commit All

o Control Panel -> Voice Routin -> Trunk Configuration -> Uncheck refer

§ http://technet.microsoft.com/en-us/library/gg398792.aspx

o Commit All

o Restart Lync Mediation service

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 7] YouTube

· Voice Features-> Call Park : "Call Park" | 20 - 25

o If test server is not high end, set Call Park service to be "Automatic Delayed Start"

· Enable Conferencing

o Conferencing -> Dialin Conferencing -> Dial-in Access Number

§ +16504256809

§ tel:+16504256809

§ sip:dialin@macroconnect.co

§ English

§ Associated Regions: US

· Enable Response Group

o Response Groups -> Group -> New

§ HuntGroup1 / Agent=Administrator

o Response Groups -> Queue -> New

§ Queue1 / Group=HuntGroup1

o Workflow -> Create Hunt Group

§ HuntGroup1@macroconnect.co / Hunt Group 1 / +16504256810 / +16504256810

§ Check Play a welcome message / Hunt Group 1

§ Queue1

· Test phone call from outside phone to 6504256810 will be answered by the Response Group

· Set client policy via http://207.46.16.252/en-us/library/gg398806.aspx and http://207.46.16.252/en-us/library/gg398300.aspx

· set-csclientpolicy -enablecalllogautoarchiving $true -enableclientmusiconhold $true -enableexchangecontactsync $false -enableimautoarchiving $true

· get-csclientpolicy

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 8] YouTube

· Create link to Lync Control Panel from VSERV2

o https://vserv3.macroconnect.local/cscp

o Silverlight

· Configure UM on VSERV2 via http://blog.schertz.name/2010/11/lync-and-exchange-um-integration/

o If not already configured from earlier step, EMC -> Server Configuration -> UM : Security set to TLS

o EMC -> Organization Configuration -> UM : "DefaultDialPlan" / 3 / "SIP URI" / "Secured" / 1

§ Make sure the plan name doesn't have spaces

o Default Dial Plan

§ Create Subscriber access +16504256808

§ Dialing Restrictions->Allow calls to extensions

o Create AutoAttendant access "AutoAttendant" +16504256807

§ Enabled

§ Speech enabled

o Exchange Powershell (need to run this twice)

§ cd "C:\Program Files\Microsoft\Exchange Server\v14\Scripts"

§ .\ExchUCUtil.ps1

o Restart-Service MsExchangeUM -Force

· Configure UM on VSERV3

o C:\Program Files\Common Files\Microsoft Lync Server 2010\Support\OcsUmUtil.exe

§ Make new OU called "Lync"

§ "SubscriberAccess" and "AutoAttendant"

o Restart Lync Front End service and Lync Mediation

· Configure Administrator as UM user on VSERV2

o EMC -> Recipient Configuration -> Enabled UM -> administrator for UM x801

· Test call to 6504256808

· Test call to 6504256807 plus extension 801

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 9] YouTube

· Configure new user kevin.morin as UM user on VSERV2

o EMC -> Recipient Configuration -> Create new user -> kevin.morin, Test123

o LCP -> Users -> Create tel:+16504256811;ext=802, assign 802

o EMC -> Recipient Configuration ->Enable UM with 802 extension

· Test call to 6504256807 plus extension 802

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 1] YouTube

· DNS to 10.0.1.201

· Disable IPv6

· IP to 10.0.1.204 and 10.0.1.214

· Set DNS Suffix (NOT DOMAIN)

o Server Manager -> Change System Properties : MACROCONNECT.LOCAL

· Install roles and features

o Feature:3.5.1

· Install Deployment Manager via the .iso

o D:\Setup\amd64\setup.exe

· Set VSERV1 dns for VSERV4.MACROCONNECT.LOCAL to 10.0.1.204

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 2] YouTube

· From VSERV3, Export-CsConfiguration -FileName c:\configuration.zip

· Run "Install or Update Lync Server System"

o Install Local Configuration Store

o Setup or Remove Lync Server Components

o MMC import from \\VSERV1.macroconnect.local\CertEnroll in to Trusted Certification Authorities

o Request, Install, or Assign certificates

§ Create a certificate from VSERV1 via:

· Request

· Online authority->Next

· VSERV1.macroconnect.local\macroconnect-VSERV1-CA -> Next

· Friendly Name of LyncPrivateEdge

· Mark key as exportable

· Macro Connect / IT / US / Michigan / Detroit

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 3] YouTube

· LCP -> External User Access -> External Access Policy : Remote User Access

· LCP -> External User Access -> Access Edge : Remote User Access

· Lync Deployment -> Install or Update -> Certificates

o External Edge cert

o LyncPublic

o access.macroconnect.co, lync.macroconnect.co, webservice.macroconnect.co, sip.macroconnect.co, lyncdiscover.macroconnect.co

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 3B] YouTube

· Lync Deployment -> Install or Update -> Certificates

o Intermediate via mmc

o Complete Pending in mmc

o Assign Lync to it

· Restart Services

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 4] YouTube

· Check for Lync Server updates -> http://www.microsoft.com/download/en/details.aspx?id=11551

o LyncServerUpdateInstaller.exe to test for all updates (Always current)

o OR

o Use either Microsoft Update (Delay about 1 month usually)

· Restart Services

· Test Lync Client from outside world

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 5] YouTube

· If used phones, reset them first

o For CX600 : Unplug power, wait 10 seconds, hold * # while powering up, accept prompt to clear data

o For CX700 : Insert paper clip in to reset hole by USB port

· Configure via USB cable

· Polycom CX600 and CX700 phone update push

o Download : http://www.microsoft.com/download/en/details.aspx?id=21644

o Download : http://www.microsoft.com/download/en/details.aspx?id=23866

o import-csdeviceupdate -identity service:WebServer:vserv3.macroconnect.local -filename c:\ucupdates.cab

o From Lync Control Panel -> Clients -> Device Update -> Approve Update

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 6] YouTube

· To enable external anonymous access to conferences

o LCP -> External User Access -> Access Edge Configuration -> Enable anonymous users

o Restart Access Edge on VSERV4

· To enable federation with Office 365

o LCP -> External User Access -> External Access Policy -> Enable federated users

o LCP -> External User Access -> Access Edge Configuration -> Enable federation and domain discover

o If not already configured from earlier step, configure DNS

§ _sipfederationtls._tcp to access.macroconnect.co

o If not already configured from earlier step, allow 5061 through on the firewall to 10.0.1.214/access.macroconnect.co

o Allow federation via cmdlet

§ New-CsHostingProvider -Identity "LyncOnline" -Enabled $True -ProxyFqdn "sipfed.online.lync.com" -VerificationLevel UseSourceVerification

o Restart Front End on VSERV3

o Restart Access Edge on VSERV4

o Allow federation in Office 365 Portal via Lync Management

· To enable Public IM (i.e. AOL), pic.lync.com

o LCP -> External User Access -> External Access Policy -> Enable public users

o LCP -> External User Access -> Provider -> Enable AOL

o Up to a 30 day delay

o Need one of the following

§ Microsoft Volume Licensing Agreement

§ Microsoft Partner Network

§ Service Provider Licensing Agreement

§ High Volume Services

o Restart Front End on VSERV3

o Restart Access Edge on VSERV4

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 7] YouTube

· Configure SSL for lync.macroconnect.co and webservice.macroconnect.co and lyncdiscover.macroconnect.co

o Export certificate with extending properties from VSERV4

o Move VSERV4 certificate to desktop on VSERV3

o Download godaddy intermediate certificate

o Import intermediate certificate

o Import Exported certificate

o Use Lync Deployment Wizard to add it to VSERV3 external web services only

o Configure Sonicwall for 443 redirection to 4443

§ If necessary, disable popup blocker on Sonicwall 10.0.1.21

§ Create service HTTPS (4443)

§ Create NAT rule: Any, Original, 10.0.1.203 Public, 10.0.1.203 Private, HTTPS, HTTPS (4443)

§ Create NAT rule: Firewalled, 10.0.1.203 Public, 10.0.1.203 Public, 10.0.1.203 Private, HTTPS, HTTPS (4443)

[CONFIGURING LYNC MOBILE] YouTube

· Enable Lync Mobile : http://www.microsoft.com/download/en/confirmation.aspx?id=28355

o Lync Cumulative Update 4 (CU4)

o Set-CsWebServer -Identity vserv3.macroconnect.local -McxSipPrimaryListeningPort 5086 -McxSipExternalListeningPort 5087

o Enable-CsTopology -verbose

o Install Role-IIS RoleService -> Dynamic Content Compression

o Lync Mobility : http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=28356

§ Save to C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup

o Lync Deployment Wizard

o To automate login configure autodiscover : http://msunified.net/2011/12/12/enabling-lync-mobility/

§ In DNS setup both lyncdiscover.macroconnect.co CNAME webservice.macroconnect.co and lyncdiscoverinternal.macroconnect.co cname to vserv3.macroconnect.local

§ On Acess Edge server, restart Services

o Download Lync App from Marketplace

§ If lyndiscover DNS isn't setup, set url to : https://<ExtPoolFQDN>/Autodiscover/autodiscoverservice.svc/Root

o To allow for push notifications : http://msunified.net/2011/12/12/enabling-lync-mobility/

§ Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $True -EnableMicrosoftPushNotificationService $True

§ If not already completed, New-CsHostingProvider -Identity "LyncOnline" -Enabled $True -ProxyFqdn "sipfed.online.lync.com" -VerificationLevel UseSourceVerification

§ New-CsAllowedDomain -Identity "push.lync.com"

§ In Lync Mobile, enable push notifications

[LOCKING DOWN THE ENVIRONMENT] YouTube

· Lock down firewall rules

o Address Object : "68.68.120.58-68.68.120.63"

o "Lync SIP" = TCP 5060

o "Lync RTP" = UDP 5000-65535

o "Lync SIP Federation" = TCP 5061

o "Lync STUN" = UDP 3478

o "Lync AV over TCP" = TCP 50000 - 59999

o "Lync AV over UDP" = UDP 50000 - 59999

o "Lync SIP 4431-4432" = TCP 4431-4432"

o "Lync SIP 443" = TCP 443

o "Lync Edge Service Group" = Lync AV over TCP + Lync AV over UDP + Lync SIP 443 + Lync SIP 4431-4432 + Lync SIP Federation + Lync STUN

o "Lync Intelepeer Service Group" = Lync SIP + Lync RTP

o 10.0.1.202=173.162.52.171

§ HTTPS to all IPs

§ SMTP to all IPs

o 10.0.1.203=173.162.52.172

§ HTTPS to all IPs

§ Lync Intelepeer Service Group

o 10.0.1.214=173.162.52.173

§ Lync Edge Service Group

· For Added security you can configure a Reverse Proxy like ARR or Forefront Threat Management Gateway. This is recommended but costs more than what has been laid out.

o Configure ARR with a regular Windows 2008 R2 server OR use Microsoft Forefront Threat Management Gateway

o Switch 10.0.1.203 NAT rules from VSERV3 to the ARR machine OR the Forefront Threat Management Gateway

[CUSTOM PROGRAMMING] YouTube

· Install Visual Studio 2010 Pro via d:\setup.exe

· Download UCMA 3.0 SDK : http://www.microsoft.com/download/en/details.aspx?id=10566

· Download Lync Server SDK (not necessary but has samples in it) : http://www.microsoft.com/download/en/confirmation.aspx?id=19675

· New Project -> Visual Basic -> .Net 3.5 -> Communications Workflow

· "Inbound"

· English United States

· Program.vb

o Change : Dim cert as X509Certificate2 = GetLocalCertificate("vserv3.macroconnect.local","MACROCONNECT")

§ If you have any problems compiling, add a break point to this line and step in to it. It is usually a case sensitivity issue with the certificate name or the issuer.

o Change : Dim certIssuedTo as String = certificate.GetNameInfo(X509NameTyper.SimpleName, False)

o Change : 5060 to 5059 (5059 can be any available port to listen with on the server)

o Change : Dim applicationUri As String = "sip:inbound@macroconnect.co"

o Change : Dim ocsFqdn As String = "vserv3.macroconnect.local"

· Create user in AD and Lync named inbound@macroconnect.co

o "Inbound" "Lync", Test123, No password expiration

o Specify a SIP URL as sip:inbound@macroconnect.co, Enterprise Voice

· Drag Speech Statement that says "Welcome to Macro Connect"

· Test

· Build

· Convert program to Windows Service

o In project properties, switch the project to a Windows Service

o Add OnStart and OnEnd routines and copy Initialize() and Cleanup() in to them

§ Protected Overrides Sub OnStart(ByVal args() as String)

§ Protected Overrides Sub OnStop()

o Replace MAIN() routine with the following

§ Dim ServicesToRun() As System.ServiceProcess.ServiceBase

§ ServicesToRun = New System.ServiceProcess.ServiceBase() {New Program}

§ System.ServiceProcess.ServiceBase.Run(ServicesToRun)

o Copy text below "NotInheritable Class Program"

§ Inherits System.ServiceProcess.ServiceBase

o Save All to commit to file system

· From command line run, SC create "Lync Workflow Inbound" binPath= "c:\users\administrator.MACROCONNECT\documents\visual studio 2010\projects\inbound\inbound\bin\inbound.exe"

o A space is mandatory after the equals sign