Hello all,

I am absolutely no OCS/Lync expert. That said, I have a lot of experience with all kinds of set-ups of all other MS products, and have also setup a Lync 2010 en Lync 2013 environment. But only for internal clients.

I am now in the process of setting up external client connection. So no fancy things like Federation or web-based connections.

What I'd like to have is something like a process flow diagram of the traffic that is needed to make this work.

Why is it not enough to open the FW and NAT port 5061 traffic to the Edge server and port 443 traffic to port 4443 of the FE pool?

I'm trying all day setting up a simple environment, but can't get it to work and all "documentation" just seem to contradict eachother and as such is not very helpful.

Can some please explain the traffic flow and help me in the correct direction?

BTW I do not want to use a Reverse Proxy for this environment, but I am using a rather sophisticated FW, which also NAT's the inbound traffic.

Thanks for your replies.

Regards,

Stephan van der Plas

PS: The output of the lync connectivity test:

You know you're an engineer when you have no life and can prove it mathematically

i was having problem with lync mobility service only so i have uninstalled Lync web components and mobility service , and re-ran the step 2 of Lync Deployment wizard .. i found Lync web components are back in control panel but not Mobility service... and when i ran test cmdlets is showing LS Mobility Service is missing.. 

I try install lync 2013 Ent:

1. Publish topology complete with error database create (sql server name not available, fogot fqdn)

2. I can't delete topolody "Cannot publish topology changes. Conference directories still exist on a pool that would be deleted. Remove the conference directories before continuing." And I can't remove conference because I not install Lync :)

3. I add cname to dns. Try install database from topology builder - complete with error for database rtcxds, rtcab, qoemetrics - " sql error code = 539, error message = Schema changed after the target table was created. Rerun the Select Into query."

4. I try second run "Install database" error - "Database rtcxds could not be updated because it requires major upgrade from version 0 to version 15. Due to schema changes this database cannot be re-used. It must be dropped and a new one created.  Database rtcab could not be updated because it requires major upgrade from version 0 to version 62. Due to schema changes this database cannot be re-used. It must be dropped and a new one created. Database QoEMetrics could not be updated because it requires major upgrade from version 0 to version 62. Due to schema changes this database cannot be re-used. It must be dropped and a new one created."

5. I try remove database rtcxds, rtcab, qoemetrics and run "Install database" - " sql error code = 539, error message = Schema changed after the target table was created. Rerun the Select Into query."

How I can fix this error?

Hi Everyone. I have recently tried to get external access working for LYNC 2013 but with no luck "we are having trouble connecting to the server ..."

i have 1x FE 1xedge 1x Office webapp server I have the following dns entries

A sip.domain.com 115.122.5.79 mapped to 10.0.0.1 (access edge service) 0n 443

A webcon.domain.com 115.122.5.80 mapped to 10.0.0.2 (webcon edge service) on 443

A av.domain.com 115.122.5.81 mapped to 10.0.0.3 (av edge service) on 443

SRV _sip.tls.ggs.vic.edu.au sip.domain.com

SRV _sipfederationtls._tcp.domain.com sip.domain.com

i have the public certificate installed on the edge Internally when i connect it works fine with auto config or if i manually enter the name of the FE server xxx-lync.domain.com

I currently do have a reverse proxy setup, but have not configured the web listners for these dns external entries i have created

meet.domain .com 115.122.5.82 will map to RP

A dialin.domain .com 115.122.5.82 will map to RP

A lyncdiscover.domain.com 115.122.5.82 will map to RP

A lync.domain .com 115.122.5.82 will map to RP

A Webapp.domain .com 115.122.5.82 will map to RP

my internal edge server fqdn is xxx-lyncedge.domain.com I do believe i have all the firewall rules in place

1. should Lync messenger work as it is without the RP setup ?

2. what external server name should i be entering, i imagine it was sip.domain.com which maps to my access interface!

3.Has anyone got some good troubleshooting steps

Q. I am puzzled by all the different and partially misleading info about LYNC certs that are required.

This is the scenario:

Single Lync STD Server (lyncsrv.abc.local);

Single Edge(LyncEdge);

TMG for publishing.

External users (non domain devices iPhones, Andorid, Blackberrys.....) need to have access to Lync.

Internal CA exists (W2k8R2 Ent)

Internal AD name "ABC.local"; External (public) domain name "ABC.com"; Sip name "sip.ABC.com"; meet.abc.com, dialin.abc.com, webconf.abc.com, av.abc.com, Admin.ABC.local....

I need to prepare the cert-reg files so I need to know How many certs should I request (from internal CA and from Public CA), which one goes where, for which LYNC server adapter/role, and what is the finite list of names that should be included in each of the certs ?? I plan on requesting separate single name certs for EDGE.

"LYNCServer" - Standard Lync 2013 Server

- certificate from internal CA - names to be included

- cettificate from external CA - names to be included

"LYNCEdge"

- certificate from internal CA - names to be included

- cettificate from external CA - names to be included

"TMG Listener"

- ?? Same from "LYNCServer" for publishing the simple URL's (I suppose) ??

- ?? Same from "EDGE" for publishing A/V, Webconf ... ??

THNX !!!

Alexs

Hello,

We have recently deployed Lync 2013 as a migration from 2010, something our users have noticed what looks like a change in the response group behavior.

When an incoming call comes in you see the usual toast with the caller ID in it as you did in 2010, BUT once the call connects the caller ID appears to be replaced by the name of the server that is currently running the response group service.

Has anybody noticed this? is it something that can be changed as my agents don't care about what server they are connected to they would rather have the caller ID so they can write it down etc...

Thanks

James

Hi,

So we have Lync 2010 working perfectly and 2013 side by side in the production environment but still in testing.

On first launch of the 2013 client, we get this prompt:

Entering some credentials or even cancelling seems to work sometimes and everything is fine after that, but we'd like this not to happen for every user on first launch if we can avoid it.

The person who started setting up Lync 2013 is no longer with us, I'm assuming its something in TMG that needs updating, but with all the Lync rules we have, I'm not sure what.

It seems that everything is working, but I have many errors in Event Log.

************************************************************************

Storage Service had an EWS Autodiscovery failure.

UnsupportedStoreException: code=ErrorIncorrectExchangeServerVersion, reason=GetUserSettings failed,smtpAddress=username@domain.com, Autodiscover Uri=https://autodiscover.domain.com/autodiscover/autodiscover.svc, Autodiscover WebProxy=<NULL> ---> Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The remote server returned an error: (401) Unauthorized. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse()
   at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverRequest.InternalExecute()
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverRequest.InternalExecute()
   at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.InternalGetUserSettings(List`1 smtpAddresses, List`1 settings, Nullable`1 requestedVersion, Uri& autodiscoverUrl)
   at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetSettings[TGetSettingsResponseCollection,TSettingName](List`1 identities, List`1 settings, Nullable`1 requestedVersion, GetSettingsMethod`2 getSettingsMethod, Func`1 getDomainMethod)
   at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(List`1 smtpAddresses, List`1 settings)
   at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.InternalGetSoapUserSettings(String smtpAddress, List`1 requestedSettings)
   at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(String userSmtpAddress, UserSettingName[] userSettingNames)
   at Microsoft.Rtc.Internal.Storage.Exchange.ExchangeContext.SendGetUserSettingsRequest(StoreContext ctx, String smtpAddress)
   --- End of inner exception stack trace ---
   at Microsoft.Rtc.Internal.Storage.Exchange.ExchangeContext.SendGetUserSettingsRequest(StoreContext ctx, String smtpAddress)
   at Microsoft.Rtc.Internal.Storage.Exchange.ExchangeContext.GetUserEwsSettings(StoreContext ctx, String smtpAddress, CacheMode cacheMode)

Cause: Autodiscovery Uri was not correctly configured or unreachable, that there is a problem with the Proxy, or other errors.
Resolution:
Check event details.  Check autodiscovery Uri is properly configured and reachable. Check that proxy setting is properly configured and reachable.  Validate Lync to Exchange Autodiscovery configuration by following the trouble shooting guide. If problem persists, notify your organization's support team with the event details.

***************************************************************************************

Not sure why it is trying to use https://autodiscover.domain.com/autodiscover/autodiscover.svc. Is this correct?  I thought it should behttps://lyncdiscover.domain.com/autodiscover/autodiscover.svc orhttps://lyncweb.domain.com/autodiscover/autodiscover.svc.

If I run Get-CsService -WebServer | fl  autodiscover*, I receive the following output:

AutodiscoverServiceExternalUri : https://lyncweb.domain.com/Autodiscover/AutodiscoverService.svc/root
AutodiscoverServiceInternalUri : https://lyncpool.domain.local/Autodiscover/AutodiscoverService.svc/root

As I said, everything looks good and working. Anyone has any ideas what that is?

Thank you.

Thank you. Eric.

hi everyone,

I have 2 pools with 2 FEs on each pool but on the same domain. Do I have to add the simple urls for all the FEs on the topology ? 

and would it be ok to use DNS load balancing in case of 2 different geographical locations and also for local locations? 

Thanks

Mohammed JH

Hi,

Any step by step guide to mirror the CMS Databases when moving the same from lync 2010 to 2013?

Regards,

Irfan

Irfan Goolab SALES ENGINEER (Microsoft UC) MCP, MCSA, MCTS, MCITP, MCT

In an office of 5 people is it possible to have a main DID number and users just have a three digit extension defined in Lync and the outbound caller ID is the main DID number?

We currently have a SIP trunk with the main DID number already but we are trying to limit the need for more DID numbers.

If this is possible could someone please list a page describing the procedure?

Thanks

I am half way done with a 2013 migration, going from Enterprise to Standard, and I just read that it is not recommended to have collocated mediation server if you use a sip trunk. Can anyone tell me why this is?

BTW, this is a very small deployment (70-100 users) on a physical server with plenty of horsepower and we also plan to add a second physical server, at some point, mostly for fail-over.\

I really don't want to have an "unsupported" configuration.....

Hello all

My question is regarding what names will I  need in my cert based on the sip domains and Lync 2013 features that I will support in my environment. Also I have a split DNS environment for all sip domains. Based on using split DNS is it better to purchase a cert from a 3rd party CA for all sip domains, or use an internal CA for the internal names, and a public CA for the external names?  Below are the Lync 2013 features that I need to support for internal and external users. All users are running the Lync 2013 client. Thank you very much for any help and guidance on this!

• automatic sign in
• Mobile access
• Web conferencing (with anonymous access for guest's, and to support all features regarding web conferencing)
• Autodiscover
• reverse proxy

Below is the list of the sip domains that I will need to support

• contoso.com
• abc.com
• nbc.com
• cbs.com

Bulls on Parade

I have Implemented Lync 2013 server in the resource forest topology model ....

1) We have used the concept of linkedmailbox , AD account Disabled and SIP attributes are populated using SID mapping during migration.

2) Once the account is created in the source forest  disable linked mailbox account is created in the AD
After all these action,  login to the Lync client works and other Lync features are also works fine , except the address book generation ( GAL search).

Lync client can able to dowload the Galcontacts.db from server and daily delta file to its location.
When we search the migrated SIP users the contact does not show up in the lync client.

But if you create local SIP account enabled  ( with out resouce forest model concept) , the contact will show up in the Lync client GAL.
I opened the GALcontact.db and verified the GAL address is not properly generated for the migrated users ....(ex ranganatha.lokeshapp.xyz.com )
It means the Lync Server is not fetching the correct GAL information from the Active directory.

Can you please let me know if you have faced such issues is resouce forest model topology.

Are any suggestion to fix this issue to generated the address for Lync migrated users.

Hello all,

I am trying to access my internal web scheduler, but I am receiving the attached issue.

What can I do?

Can you have multiple Lync environments in one domain?

Like a two seperate enterprise pools?

I am upgrading from Lync 2010 to Lync 2013 and I'm working on moving the Central Management Server to the 2013 Standard Front End server in order to decommission our 2010 Standard Front End.

Everything went smoothly up to the point of actually running the Move-csManagementServer. The command failed (as I later discovered) because I did not have enough free space on the 2013 Front End. I fixed the problem, but when I try to rerun Move-csManagementServer, this is what I get:

PS C:\Users\nwofford> move-csmanagementserver

Confirm
This cmdlet moves Central Management Server to the pool that contains this computer.

 Current State:
  Central Management Server Pool: "Lync.domain.local"
  Central Management File Store: "\\Lync.domain.local\Share"
  Central Management Store: "Lync.domain.local\rtc"
  Central Management Store SCP: "ak.domain.local\rtc"

 Proposed State:
  Central Management Server Pool: "Lync.domain.local"
  Central Management File Store: "\\Lync.domain.local\Share"
  Central Management Store: "Lync.domain.local\rtc"
  Central Management Store SCP: "Lync.domain.local\rtc"


Do you want to move the Central Management Server, Central Management Store, and File Store in the current topology and assign permissions for computers in Active Directory? (Note: Please read the help provided for this cmdlet using the Get-Help cmdlet before you proceed.) [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

WARNING: move-csmanagementserver failed.
WARNING: Detailed results can be found at "C:\Users\nwofford\AppData\Local\Temp\move-csmanagementserver-b9eb8ec4-c425-4f4d-a074-1ce78fb8150a.html". 

move-csmanagementserver : Central Management service is already installed on pool "Lync.domain.local".
At line:1 char:1
+ move-csmanagementserver
+ ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Move-CsManagementServer], Exce
   ption
    + FullyQualifiedErrorId : Move not supported.,Microsoft.Rtc.Management.Dep
   loyment.MoveCms.MoveCmsCmdlet

If I try to go back to the original 2010 server to roll back the changes, it gives a similar error:

Move-CsManagementServer : Central Management Server cannot be moved to pool "ak.domain.local" because this move does not change the current Central Management Store location "ak.domain.local\rtc". Note: The Central Management Store is collocated with the User Store after a successful move.

I seem to be caught in limbo where I can't get either server to force the changes through. Is there another way to get the CMS moved over?

worked through migration to the point of phase 8 of moving the CMS to the new pool:

move seems to be sucessful except that an error happened:

move-csmanagementserver : Central Management service is already installed on pool "Lync2.domain.local".

same issue as http://social.technet.microsoft.com/Forums/en-US/lyncdeploy/thread/0c36ae30-384f-4f3c-8991-05925ba85b34

Hello all

My Lync 2013 environment will consist of the bellow servers. I will be supporting all client features of Lync 2013 except for EV. Internally I  have a split DNS environment configured for all domains that will be using Lync, the domain names are below. My question is regarding Certs. Bellow is a list of the certs I put together based off of what I understand from reading TechNet. Please let me know if I am headed in the correct direction with this?

Thank you very much!

Lync 2013 Servers

• 1 enterprise FE
• 1 EDGE
• 1 Proxy

Domains

• abc.com
• nbc.com
• cbs.com

For Lync 2013 SE server.

Certificate type= Default

SN= lyncPool.abc.com

SAN= lyncPool.abc.com

SAN=EE01.abc.com

SAN=sip.abc.com (to support multiple sip domains requires addition SAN for each domain

certificate Type= Web Internal

SN=LyncPoolinternal.abc.com

SAN=LyncPoolinternal.abc.com

SAN=*.abc.com (to support multiple domains requires *.domainname.com)

Certificate Type= Web External

SN=LyncPoolExternal.abc.com

SAN=*.abc.com (to support multiple domains requires *.domainname.com)

Lync Edge Server

Edge internal interface:

SN=LSEdge.internal.com

Edge external interface:

SN=AccessEdge.abc.com

SAN=AccessEdge.abc.com

SAN= (all supported SIP domains. i.e. sip.abc.com, sip.nbc.com, sip.cbs.com

SAN=webconference.abc.com

SAN=xmpp.abc.com ( required to federate with Google or Skype)

SAN=*.abc.com  (required to federate with Google or Skype)

For Reverse proxy server

SN=published external FQDN (LyncPoolExternal.abc.com)

SAN=published external FQDN (LyncPoolExternal.abc.com)

SAN=*.abc.com

SAN=*.cbs.com

SAN=*.nbc.com

Bulls on Parade