Part of my upgrade of the Edge from 2010 to 2013 is to export out the certificates on the 2010 so I can import them into the 2013 Edge. Can I just use the MMC Certificate snapin to do this or is there some powershell command I must use. I took a look at the setup program and there is no export option in Step 3.

If I use the MMC, I am guessing I choose the option to export with private key or does it matter?

Hello,

I'm rolling out a fresh deployment of Lync Server 2013.  Right now the idea is to have one Standard Edition server with about 2500 users homed there that will have the following things collocated:

A/V Conferencing service

Mediation service

Monitoring and Archiving services (will probably use Exchange 2013 for storage)

Persistent Chat server

The two Persistent Chat databases: the PC database and the PC Compliance DB

So, from everything I've read, it's supported to have all that stuff on one Standard Edition server.  Is it wise to do that if there are 2500 users?  Seems to me like a lot of load, even though all those roles are technically supported.

We're considering having two Standard Edition servers for high availability that would have our 2500 users spread evenly between them.  (not a Enterprise FE pool).  We should be able to spread out those collocated roles if we had two SE servers, right?

Thanks for the help,

Brandon

****Creating DbSetupInstance for 'Microsoft.Rtc.Common.Data.AbsDatabase'****
Trying to connect to Sql Server vm-labexch-sql.labexch.ru. using windows authent
ication...
Sql version: Major: 10, Minor: 50, Build 2811.
Sql version is acceptable.
Checking state for database rtcab.
Checking state for database rtcab.
State of database rtcab is DbState_RequiresMinorUpgrade.
Database rtcab set to mode Restricted.
Dropping all procedures, functions and views from database rtcab.
Executing RtcAbTypes.sql...
WARNING: Warning: Failed to execute batch --
-- Copyright (c) Microsoft Corporation. All rights reserved.
--
exec sp_addrole N'ServerRole'.
Executing RtcAbDb.sql...
Setting owner for database rtcab to sa.
Creating login LABEXCH\RTCComponentUniversalServices.
Creating user LABEXCH\RTCComponentUniversalServices.
Creating Schema LABEXCH\RTCComponentUniversalServices.
Adding account LABEXCH\RTCComponentUniversalServices to role ServerRole.
Setting database version: Schema Version 62, Sproc Version 42, Update Version 2.

Setting the database rtcab to multi user mode.
Database rtcab is set to multi user mode.
VERBOSE: Successfully installed the database. For details, see the following log:
"C:\Users\Administrator.LABEXCH\AppData\Local\Temp\Create-ABSStore-vm-labexch-sql
.labexch.ru-[2013_11_18][19_06_46].log"
VERBOSE: Installing "ApplicationStore" on vm-labexch-sql.labexch.ru,collocated: False

After applying this database update all services have started successfully, and everything seems to work fine.
As I understand, installer could not execute SQL batch file RtcAbTypes.sql.
Can I safely ignore this warning and try to upgrade my production? Or it may cause problems?

Any help would be appreciated.

Best regards, Pavel

Hi,

      I have 1500 users for Lync 2013, one edge pool with 2 servers with HA, 1 FE pool with 3 servers with HA. looking for load balancing  solution , questions is 

1. as DNS and HLB both supported , is DNS load balancing sufficient for FE pool? will there be any case where some features not working?

2. Is DNS load balancing sufficient for Edge pool? will there be any case where some features not working? HLB is already there for reverse proxy, can i use the same HLB for my Edge pool considering its in perimeter network.

Thanks

Hi, anyone out there knows what is the best practise for moving users from LyncOnline to Lync OnPrem (Lync 2013). I have a customer where we are about to move upto 15000 users.

Hi,

We have a Lync environment running and we can federate just fine with external parties. I'm currently setting up a brand new Lync environment in a new Active Directory forest on the same hardware platform. On this new environment, I can also federate with external parties, but not with the Lync users on the current environment. The edge servers external NICs are on the same subnet, the internal NIC and the front end servers are on a different subnet.

This is what happens:

• When sending a message from domain A to domain B, I can receive it, but when replying it takes a long time to eventually show an error message that the server is not responding
• When sending a message from domain B to domain A, I can receive it, but when replying I immediately get reference error ID 504 (Source ID 239)

Can I find a log somewhere to find out what's wrong here?

Hi.

I have difficulties to create or modify groups, queues or workflows with no descriptions.

In the web interface, I can set whatever I want as a description for these objects, including empty description, but when I try to do the same using the powershell commands, I have errors.

For example, I first create a queue with the following command :

New-CsRgsQueue -Name 'MyName' -Parent 'service:ApplicationServer:LYNC2013Finale.ciscoad.lab' -Description $Null

I then change the description with the following commands :

$KURMI_GETQUEUE = Get-CsRgsQueue -Identity 'service:ApplicationServer:LYNC2013Finale.ciscoad.lab/ba74e783-71b6-4952-ade7-4afbf2599653';
$KURMI_GETQUEUE.Description = 'MyDescription';
Set-CsRgsQueue -Instance $KURMI_GETQUEUE;

Once again, it works correctly, but if I try later to empty the description I have an error :

$KURMI_GETQUEUE = Get-CsRgsQueue -Identity 'service:ApplicationServer:LYNC2013Finale.ciscoad.lab/ba74e783-71b6-4952-ade7-4afbf2599653';
$KURMI_GETQUEUE.Description = $Null;
Set-CsRgsQueue -Instance $KURMI_GETQUEUE;

The error (SetValueInvocationException) tells me that the minimal length of description is 1.

Il also tried to use the '' value, but the error is the same.

How can I empty a description ?

Hi,

I recently posted a similar topic on the forum (Lync Edge 2013 Certificate Assign). The issue was related to certificate assignation. I solved it, but I needed later to change my certification authority, and so change the certificate assigned to the public Edge interface. Trying this, I encountered a new (different) problem with my new certificate, so I am back here to try to find a solution.

As said, I am trying to assign a Certificate to my Lync 2013 Edge Server on the Internet edge.  This certificate is signed by a recognized authority (Comodo).

Whenever I imported the certificate in the store via the Lync wizard and proceed on to the Assign Certificate step, the Certificate that i have imported does not appear in the List of certificates on the Lync deployment tool interface, so that I cannot assign it to the External Edge interface.

I tried to import it with Digicert (which allow me to solve my previous importation problem, but not this time...) with no more result.  I tried to import it from cer format, or crt format, results are the same.

I launched the MMC on the computer and add the Computer Certificate Snap-In. If I look at the certificate icon, I see the little key in the icon, so it sounds like I have the private key available.

Any help would be greatly appreciated!

Thank you very much for your help.

EDIT: when running the digicert tool "Test Key", the result is the following : " the private key was successfully tested" and "revocation check for certificate chain failed". Does it give any clue ?

We are setting up a multi tenant Lync environment. At the moment it has just been built as an Enterprise deployment without the multitenant scripts applied.

our primary domain that the lync and certificates have been created on is for example xxx.com

we have a reverse proxy running on port 80 that is forwarding requests for lyncdiscover.xxx.com to the front-end pool on the external ws url port 8080.

the microsoft remote connectivity tester passes and clients can connect.

we are now trying a client domain yyy.com.

We have setup a cname DNS record lyncdiscover.yyy.com that points to lyncdiscover.xxx.com. 

We have verified that you can access http://lyncdiscover.yyy.com and it returns the xml response structure as normal.

When trying to connect, the clients cannot find the lync server and the remote connectivity tester reports: "Autodiscover failed"

Any ideas?

Dear All,

I have query regarding the SQL server requirement for Lync 2013 enterprise,when there is a co-existence or migration from lync 2010 to 2013, it it possible to use the same Lync 2010 enterprise  sql server with different instance name or we have to create a new sql server for lync 2013, please advice me.

Thanks and regards,

sarma kumar

I recently cut over from lync 2010 with an apache reverse proxy to a lync2013 deployment using microsoft ARR as the reverse proxy.

Last night i cut over to the new ARR reverse proxy but our lync 2013 mobility tests didnt go well. I also cant get the DIALIN.CONTOSO.COM page to show up externally. Only the https://MEET.CONTOSTO.COM site shows up properly from an external browser. I have a feeling that the lync ARR server is only handling meet.contoso.com for some reason, although i followed the LYNC setup guides exactly. Please see the screenshots of my setup. Does anyone have an idea of why everything might be taken over by the MEET.CONTOSO.COM Server Farm in ARR?

As you can see, the lyncdiscover.contoso.com server farm has no hits.

When I fire up the lync mobility app, the MEET.CONTOSO.COM server farm in ARR receives the hits. (and failures)

I followed the configuration exactly, here are my rewrite rules:

Any Ideas?

Hi,

I want to install a trial of  Lync server and when I install it says I need to prepare Active Directory

I only want to test Lync but I do not want to make unnecessary permanant changes to Active Directory.

Should I proceed with preparing Active Directory? What happens to active directory if I later uninstall the Lync server? 

Thank you.

http://peteroy.blogspot.com/

This is just planning for a future.

How do we configure DNS records?  Right now we have Lync Online and we are going to add Lync Enterprise Pool on Premises.

Now our DNS records are:

Internally:

A -> sip.domain.com -> CNAME -> sipdir.online.lync.com

SRV -> _sipfederationtls._tcp.domain.com -> [100][1][5061]sipfed.online.lync.com

SRV -> _sipinternaltls._tcp.domain.com -> [100][1][5061]sipdir.online.lync.com

SRV -> _sip._tls.domain.com -> [100][1][443]sipdir.online.lync.com

Externally:

SRV -> _sipfederationtls._tcp.domain.com -> [100][1][5061]sipfed.online.lync.com

SRV -> _sip._tls.domain.com -> [100][1][443]sipdir.online.lync.com

We will have Edge server with ONE public IP address. How should I change this configuration? I think it will be like this:

Internally:

A -> sip.domain.com -> A -> IP address of Lync Pool

SRV -> _sipfederationtls._tcp.domain.com -> [100][1][443]sip.domain.com

SRV -> _sipinternaltls._tcp.domain.com -> [100][1][443]sip.domain.com

SRV -> _sip._tls.domain.com -> [100][1][443]sip.domain.com

Externally:

A -> sip.domain.com -> A -> Public IP address of Edge Server

SRV -> _sipfederationtls._tcp.domain.com -> [100][1][5061]sip.domain.com

SRV -> _sip._tls.domain.com -> [100][1][5061]sip.domain.com

Is this correct? Can you please confirm?

Thank you.

Thank you. Eric.

Using the PowerShell command below to request a certificate for webconf.domain.com on the Edge. There are at least a dozen "types" I can specify. I was thinking WebServicesExternal but maybe AccessEdgeExternal?? Not sure what to use or if it even makes a difference.

Request-CsCertificate -New –Type WebServicesExternal -ComputerFqdn "edgeserver.domain.com" -FriendlyName "Web Conferencing" –Organization etc......-PrivateKeyExportable $True –DomainName webconf.domain.com –output c:\webconf.txt

Hi,

Trying to understand what is the best way to route the Lync online user traffic from corporate LAN to Lync online server and to users connected on Internet.

I see that suggested methods are route it via firewall or proxy

Challenges I see with firewall method are: Routing issue from certain subnets and risk of opening up so many ports for so many subnets.

In Proxy method I foresee performance issue.

Is there any other better method to achieve this?

Can we do something better using dedicated F5 big IP for Lync traffic alone? Is this supported?

Also is it mandatory to open up 50-60K port to have p2p call? Can’t it happen via Lync online edge server?

Please share your thoughts.

We use Lync 2013 on prim with 3 Lync pool in three different sites with total user base of 30k. Each site has dedicated internet connectivity.

Regards

Praveen R

Hello,

Need some guideline.

We currently have 2000 users using Lync 2013 through office 365. lyncdiscover and sip alias are pointing to webdir.online.lync.com and sipdir.online.lync.com

We are planning deploy Lync 2013 enterprise on-premise for the rest of the users, and after a period of time moving the 2000 users back to on-premise. So, we will be hybrid for a while.

Need help on the deployment steps and especially, please clarify how we create DNS records, like lyncdiscover etc. in order not to interrupt the current users during and after the implementation.

Thanks in advance

Jim

I have successfully published the topology. but after that when i try to install local update it gives the above mentioned error. its urgent. please help me.

Ali Usman

We have lync 2013 and are setting it up internally. We'd like all simple urls to be lync.domainname.com (/meet, /dialin, etc) and have it work on our single domain with multiple email address and allow all meeting creations out of outlook to be in this link format so that external people (non domain) will get to our meetings as well through the same link. lync.domainname.com is what we purchased the https cert on as well. And we've redirected the lync.domainname.com to the lync server internally at lyncserver.home.domainname.com. My understanding is that each email address domainname is a SIP address. I can't get it to work.

We have an exchange server setup and our home domain at the fully qualified domain home.domainname.com. Those users then map to exchange where the users have emails that use different address addresses but they all map to user@home.domainname.com. For instance, user1@domainnameB.com, user2@domainnameC.com etc. can be reached at those addresses or user1@home.domainname.com, user2@home.domainname.com. It also happens that some of these users email address are at user@domainname.com.

When they log into their computers using their home\user AD accounts and open outlook their exchange default email comes up at the top of outlook correctly as user1@domainnameB.com and not user1@home.domainname.com. Makes sense.

Likewise, we'd like when their Lync clients start that they'd autoload to user1@domainnameB.com etc.

We cannot get the settings right in out Topology or our DNS that would make this happen.

My understanding is that we'd set our front end server FQDN to the FQDN of the server, in our case, lyncserver.home.domainname.com, and then our External Web Services to domainname.com.

Then from their it gets extremely merky. I could write out the ways we've tried, but this woudl keep on for a while.

Wondering from start to finish of the deploy how to do it.  Maybe if someone could relate the steps in the following to my domain/domainname scenario that'd be great.  Thanks in advance.

http://www.gecko-studio.co.uk/installing-lync-2013-standard-edition-on-windows-server-2012-r2/

trying to setup across forest migration with lync and getting the above error.

First let me say I have an OCS 2007 R1 / Exchange 2010 SP2 env up and running right now.  Our AD domain is say domain.com.  All of our SMTP addresses in exchange were domain.com and our sip was sip.domain.com. Everything was working great.
We then changed our Primary SMTP addresses to newdomain.org and the only thing we did for OCS was set a group policy "disable email comparison check, enabled"

So let me break this down a little easier.  If you look in the outlook address book for anyone you get the following:
SIP: user1@domain.com
SMTP: user1@newdomain.org -this is primary smtp
smtp: user1@domain.com
smtp: alias@domain.com

So far in the above scenaro in OCS 2007 R1 with a sip domain of only sip.domain.com and a GPO of disable email comparision check, everything works OK from what I can see. Presence, etc.  People have to log in to OCS using onlyname@domain.com which works.

Now moving to Lync 2013:
I'm going to spin up a clean Lync 2013 environment, this will be net new and no user migrations.  My question is do I just do the same as above or do I need to do some other steps, add another sip domain, etc?  We do have an internal dns zone now for newdomain.org.

So for Lync 2013 do I do the following:
SIP domain: sip.domain.com
CNAME: AutoDiscoverInternal.domain.com
In order for lync clients to connect to the pool, they would have to enter in their email address asuser@domain.com.  If they try using their primary smtp address ofuser@newdomain.org it wont work.  What if I add in the newdomain.org zone an A record for newdomain.org pointing back to domain.com?  I'm thinking that may fix the autodiscover issue for sign in but what about presence???  I don't know if I need to add another SIP domain of sip.newdomain.org?
I just want to make sure presence is working across Exchange and users don't experience any pop up cert issues.  I'm assuming if I add the Autodiscoverinternal.newdomain.org to our cert that would avoid that issue as well.

Please help.  Not sure exactly what I need to create a new environement so users won't have any pop ups or presence issues between outlook.