Lync 2010/2013 and Exchange Online

As the distribution of Office 365 spreads accross the planet, the need for hybrid deployments rises. In many scenarios we find that environments are partly hosted on-prem and in the cloud. The reason for  such deployments vary in some degree, and when it comes to Lync deployments it’s often due to enterprise voice which is not possible in the cloud(at the moment).

To implement a hybrid configuration where Lync resides on-prem and Exchange is hosted online, we have to do some configuration in the on-prem environment.
First, if the Lync environment is a Lync 2010 installation the minimum requirement is that the March 2013 server Update is installed on the Lync servers. In addition to this, a standalone server with Lync 2013 Administrative Tools has to be deployed in order to be able to connect with Office365. All PowerShell commands against the Online environment has to be executed on the server running Lync 2013 Admin Tools.

To enable Lync On-prem integration with Exchange Online, the first step is to make sure that federation is allowed(most environments already have open federation enabled):

Set-CsAccessEdgeConfiguration -AllowFederatedUsers $True

The next step is to configure the shared address space with Exchange Online:

New-CsHostingProvider -Identity "Exchange Online" -Enabled $True -EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFqdn "exap.um.outlook.com" -IsLocal $False -VerificationLevel UseSourceVerification
  • Identity specifies a unique string value identifier for the hosting provider that you are creating (for example, “Exchange Online”). Values that contain spaces must be in double quotes.
  • Enabled indicates whether the network connection between your domain and the hosting provider is enabled. This must be set to True.
  • EnabledSharedAddressSpace indicates whether the hosting provider will be used in a shared SIP address space scenario. This must be set to True.
  • HostsOCSUsers indicates whether the hosting provider is used to host Office Communications Server or Lync Server. This must be set to False.
  • ProxyFQDN specifies the fully qualified domain name (FQDN) for the proxy server used by the hosting provider. For Exchange Online, the FQDN is exap.um.outlook.com.
  • IsLocal indicates whether the proxy server used by the hosting provider is contained within your Lync Server topology. This must be set to False.
  • VerificationLevel Indicates the verification level allowed for messages that are sent to and from the hosted provider. Specify UseSourceVerification, which relies on the verification level included in messages sent from the hosting provider. If this level is not specified, the message will be rejected as being unverifiable.

Check replication status to verify that the changes has replicated to the access edge server:

Get-CsManagementStoreReplicationStatus
Advertisements

Upgrading to Skype4B, things to consider.

Wrote this blogpost in May when attending the Microsoft Ignite Conference in Chicago.
Should have been posted then, but I still think it’s relevant 🙂

As you all know, the Skype4B server upgrade can be done as an in-place upgrade from Lync 2013. However, there are things to consider.

If the server is a Lync 2010 server, there is no way to do an in-place upgrade. Migration is the only way.

Lync 2013 supports the in-place upgrade as long as you can schedule downtime because the services are removed during the process.

When it comes to the server OS, you would want to concider upgrading the server if you’re on WinSrv 2008 or 2008R2. The Skype4B server install will upgrade windows fabric to the latest version, but only on 2008R2.

Recommendation: Win2008 or 2008R2 should be upgraded to 2012R2.

Implication: The upgrade process to Skype4B will have to be done as a migration if your servers are on Win2008 or Win2008R2.

Lync client showing duplicate numbers on contact card.

A customer contacted me with a request to look into a problem regarding duplicate numbers in the Lync client contact card. When a Lync user would call a colleague, the numbers displayed in the list would be duplicates with normal eight digits and the same number with a + sign in front. After some digging in AD, Exchange and Lync without figuring out where this number came from, I kind of stumbled across the solution.

I created a normalization rule that normalized all numbers starting with a +, removing the + and adding +47(for Norway):

RegEx Matching pattern ^\+(\d{8})$ (for Norwegian eight digit phone numbers, replace with your own digit length), Translating rule +47$1 (Norwegian national prefix, replace with your own).

This change in normalization for workaround purposes turned out to be a valid solution to remediate the problem with duplicate numbers. Seems like Lync is collapsing the numbers based on the newly created normalization rule, thereby de-cluttering the number lookup in the contact card and call rooster.

Maybe this is documented somewhere in MS documentation, but if not, here’s how to fix the problem if you stumble across it 🙂

Comments greatly appreciated.

Upgrading to Skype4B, things to concider.

Blogging from the Microsoft Ignite conference in Chicago.

As you all know, the Skype4B server upgrade can be done as an in-place upgrade from Lync 2013. However, there are things to concider.

If the server is a Lync 2010 server, there is no way to do an in-place upgrade. Migration is the only way.

Lync 2013 supports the in-place upgrade as long as you can schedule downtime because the services are removed during the process. For enterprise pools you would have to stop the entire pool to upgrade, so users will have to be moved to secondary pool or downtime will occur(there is no option for co-excistense of Lync 2013 and Skype for Business in the same pool).

When it comes to the server OS, you would want to concider upgrading the server if you’re on WinSrv 2008 or 2008R2. The Skype4B server install will upgrade windows fabric to the latest version, but only on 2008R2.

Recommendation: Win2008 or 2008R2 should be upgraded to 2012R2.

Implication: The upgrade process to Skype4B will have to be done as a migration if your servers are on Win2008 or Win2008R2.

Certificate missing private key.

Sometimes when dealing with certificates, a problem occurs when the certificate does not have a private key assigned to it.

In regards to Lync for instance, it’s not possible to assign the certificate to any services when the private key is missing. The solution to this problem is rather simple, and well documented in Microsoft TechNet but i still choose to write a post about it i case someone stumbles accross it and finds it useful.

Import the certificate in the MMC certificate Snap-In as you would do with any other certificate for the computer account. The certificate shows up in the Personal certificate store. Then doubleclick the certificate in the Personal view, and select the Details tab.

Cert_Properties

  • Copy the serial number from the cerificate properties.
  • Start a command prompt with elevated rights and type the following command:
    certutil.exe -repairstore my “serialnumber of the certificate”
  • Refresh the Personal certificates view, and you will see that the certificate has now been assigned a private key.

Ready to go.

Update:

Just to make it clear, as it’s correctly pointed out by Lasse in the comments, it’s not possible to restore a private key to a certificate without actually having the private key in your cert store.

 

 

 

Lync 2013 On-Prem and Client Authentication.

I recently was made aware of a new “feature” in Lync 2013 which I was not aware of. This is regarding client authentication and remote access users.

There are three authentication methods on the security – registrar tab in Lync Server Control Panel:
Security_registrar

The following TechNet article describes each of these  http://technet.microsoft.com/en-us/library/gg182601.aspx
Continue reading “Lync 2013 On-Prem and Client Authentication.”

Unable to route incoming call to a single Lync 2013 User.

Recently I came across a strange problem which I thought I would share.

The scenario is Lync Server 2013 Standard edition and Lync Server 2010 Mediation server(in process of migrating). The problem started when a user reported that he wasn’t able to receive incoming PSTN calls. Outbound calls was working just fine.

I started investigating the problem and ran some tracing with Wireshark on the Mediation server along with Lync Server logging tool. The Wireshark traces showed that the Lync Mediation server was sending “487 – Request terminated” to the PSTN gateway after receiving a CANCEL.
Snooper logs was showing the same messages and also in some cases “504 – Server timed out”. The Lync Monitoring server had no records of the call beeing established at all. After checking with the service provider of the PSTN gateway and doing some thorough checks of the unassigned numbers and all other kind of stuff(including the use of this script from a colleague to check all registered telephone numbers used in Lync and other systems), I was left in the dark. There was no reason for this not to work as it should.

Solution: Rebooted the Lync 2013 FrontEnd server, and everything worked like a charm.
Key takeaway from this post: When in doubt, reboot 🙂

Busy-On-Busy in Lync 2010/2013.

A common challenge when deploying Lync in an enterprise voice environment, is to have the Lync Client behave as close to an “ordinary” phone as possible.

One common “problem” is the busy-on-busy. When an incomming call is routed to a Lync Client already in a call, you would want the caller to get a busy tone. This is, by default, not a function in Lync. To get this behavior, one would have to do it by using MSPL scripting as referred to in this article(not tested, so I don’t know if this actually Works) or use a Third party Application.

I’ve recently deployed this in a small environment using Busy-On-Busy from UnifySquare.

This is a fairly cheap solution, and it’s very easy to set up and configure. The functionality is also delivered in larger call center applications/suites like Competella Unified Communication Suite for Microsoft Lync.

You decide which is the best option in your environment 🙂

Lync client and Reverse Number Lookup(RNL).

I’ve had several customers and colleagues asking about reverse number lookup in Lync, but has not been able to figure out how this is supposed to be working until recently.

Came accross this article which set me off in the right direction(at least it’s working).

Lync looks at the following attributes to retrieve phone numbers:
“LineURI” (Lync Management Shell) / “URI” contact attribute
Telephone number attributes in Active Directory

This means, the contact has to be defined as a mail contact on the Exchange server(with phone number in full E164 format), which in turn syncronizes the information with Active Directory and Lync.

Lync doesn’t look directly into AD, but maintains its own copy of the AD attributes in the Offline Address Book. Make sure you force a sync first if you’d like to have up to date information.