Thursday, 7 May 2015

Lync 2013 to Skype for Business In-Place Upgrade Detailed Steps

The process of the Skype for Business In-Place upgrade is a fantastic and quick"er" way of updating to the latest Skype for Business Edition. This post will show detailed how-to on upgrading an Enterprise Pool from Lync 2013 to Skype for Business Server. The process is similar for upgrading Standard Edition Pools and the same principals and concepts apply.

The LAB I am performing this update to is as followed:

  • 3 Lync 2013 Front End Servers in a pool called lspool01.lmlab-a.com
  • 1 SQL 2012 Back-end
  • 1 File Share located on Domain Controller
  • 15,000 users provisioned on this LAB Lync 2013 pool



After the upgrade the pool will be running Skype for Business Server 2015 running on the same SQL 2012 back-end. In a later post I will document on setting up an Always ON SQL 2014 cluster, but for this post will be a single back end server.

NOTE: As documented in this article https://technet.microsoft.com/en-us/library/dn951388.aspx Windows Server 2008 R2 is no longer recommended to use with Skype for Business Server due to changes and limitations with Server 2008 R2 and Windows Fabric. All 3 of these Front End Servers are running Server 2012 R2.

Testing Purpose: This guide is helpful for upgrading your Lync 2013 pool to Skype for Business Server 2015 using the In-Place Upgrade feature. Before running through these steps in your production environment, test it!. Confirm your topology, servers and services are functional and error free before upgrading.

Production Notice: For anyone doing an In-Place Upgrade in their production environment note that doing this process without moving users to a secondary pool will disrupt users until the upgrade process is complete on ALL front-end servers. It is recommended to either move all your users to a secondary pool before upgrading the primary pool, or schedule a maintenance window.

Also depending on the O/S Lync 2013 is running on, you will need to install these following hot-fix's. If not you will run into issues during the upgrade process. The corresponding hot-fix must be installed on every Lync front-end server you are upgrading.
  • Server 2008 R2 - KB 2533623 needs to be installed. Get it here.
  • Server 2012 - KB 2858668 needs to be installed. Get it here.
  • Server 2012 R2 - KB 2928006 needs to be installed. Get it here.
Also here is a list of other requirements and recommendations prior to doing an In-Place Upgrade:
  • Lync Servers must be patched! visit this link for the latest Lync 2013 CU patches - https://support.microsoft.com/en-us/kb/2809243
  • All local instances of SQL on Front-End/Edge Servers need to be 2012 SP1+
  • Uninstall LRS Admin tool from Lync Server 2013 before running In-Place Upgrade
  • Upgrade the topology from the inside to the outside. (pools, edge servers, CMS pool)
  • If you use Kerberos authentication for Web Services, you must reassign Kerberos accounts and reset the password after the In-Place Upgrade is complete
  • SBA/SBS must be removed from the pool that you are wanting to upgrade. After the update the SBA/SBS can be added back
The process of an In-Place Upgrade must be done from another computer that's joined to the same Active Directory Domain that Lync 2013 is installed in, but cannot have the Lync 2013 Administrative Tools installed. You can use a management PC for this, or another non-Lync server.

STEP 1: Install Administrator Tools and download topology
  1. From your Management PC/Server Install the Skype for Business Administrator Tools. 
  2. From the installation media run setup from Volume\Setup\AMD64\setup.exe
  3. On the deployment wizard, install Administrator tools

NOTE: Notice in the screen shot below that Prepare Active Directory is already "Complete". This is because at time of RTM of Skype for Business Server there are NO Active Directory Updates. Continue with clicking Install Administrative Tools.



NOTE: When Installing the Core Components you should connect to the internet and check for updates, this will confirm you are always using the latest CU updates available.


Continue with the installation of the Administrative Tools.




     4.   From the Start screen, open Skype for Business Server Topology Builder
     5.   Click Download topology from existing deployment



After downloading the topology, confirm that all the pools, services are correctly displayed. As mentioned above we will be updating lspool01.lmlab-a.com which has 3 front-end servers.



STEP 2: Upgrade and publish topology using Topology Builder

Upgrading the pool in the topology is very simple, this is achieved by right clicking the pool name and select Upgrade to Skype for Business Server 2015...



Now notice that the pool has moved from being a Lync 2013 pool to a Skype for Business Server 2015 pool. We can now go ahead and publish the topology. 



    Before proceeding with upgrading your front-end servers, confirm successful replication to all servers in your topology. Also confirm all services are running via the Lync Control Panel. Notice in the screen shot below, the "upgraded" pool shows a version of Unknown.



    STEP 3: Upgrade Front-End Servers to Skype for Business

    Before starting the upgrade process of your Enterprise Edition Pool you must disable the running services on all front-end servers in the pool. If you have more then 1 pool you can move your users to the secondary pool while you upgrade the primary.

    Next run the following command in Lync PowerShell that will be upgraded.

    Disable-CsComputer -Scorch

    The above command will disable all the Lync 2013 services running on the front-end server. The -scorch switch will uninstall all the Lync 2013 services from the front-end server.

    Remember to run this on every front-end server in the pool.


    In the Services manager confirm that all the services are in a Disabled state and are not running.



    Start the setup from your first front end server, check for updates to confirm the latest patches will be installed at the time of upgrade.



    NOTE: As the In-Place Upgrade beings readiness checks will be performed. As I mentioned above to install the prerequisite hot fixes for each Server O/S version. If you do not, you will receive an error like this one.


    Also another common error during the upgrade will indicate that there are still services running in the pool that you are trying to upgrade. You MUST run the Disable-CsComputer -Scorch command on ALL front-end servers in the pool.



    As the upgrade wizard progresses through the process, you can see below the status of the upgrade. Also if you run into any issues during the upgrade process, you can close the upgrade wizard, fix the issue and resume the wizard and will pick back up from where it left off.

    The upgrade wizard might require you to reboot the server while uninstalling the roles. Once you reboot and log back in the Skype for Business upgrade wizard will reopen automatically and continue with the process.



    Once the upgrade is complete, the wizard will confirming that installation completed successfully.



    At this point the first front end server has Skype for Business Server 2015 installed with all the same configuration and components as the when this server was a front-end in Lync 2013. All the new services are installed as shown below. Notice that the services have not yet been started. In Skype for Business Server 2015 a new command for starting the entire pool will be run after ALL front-end servers in this pool have been upgraded.




    STEP 4: Update Back-end Databases

    After the upgrade process is complete, we need to upgrade the back-end SQL databases for the Enterprise Edition Pool. This is all done from PowerShell.

    Depending on your scenario run only ONE of the below commands:

    If this is an Enterprise Edition back-end and there are no collocated databases on this server
    Install-CsDatabase -Update -ConfiguredDatabases -SqlFqdn "sqlbackend.domain.com"

    If this is an Enterprise Edition back-end and there are collocated databases on this server (Archiving/Monitoring)
    Install-CsDatabase -Update -ConfiguredDatabases -SqlFqdn "sqlbackend.domain.com" -ExcludeCollocatedStores

    If this is a Standard Edition Server
    Install-CsDatabase -Update -LocalDatabases





    STEP 5: Start new Skype for Business Pool and Verify

    After all the front end servers in the pool have been upgraded using the same process as described in this article and the back-end database has been upgraded, it is time to start the pool by running one single command.

    Open the Skype for Business Server Management Shell and type - Start-CsPool -PoolFqdn "poolname.domain.com"

    Depending on the size of your front-end pool, and the number of routing groups within the front-end pool the start-up can take some time.



    Once the command has completed, login to the Skype for Business Control Panel, click Topology and confirm that all services have started and replication is successful. Also login as a user that is homed on the Skype for Business pool and verify functionality.



    I hope this upgrade how-to assists you in getting your environment moved to Skype for Business from Lync 2013. Over the next few weeks I will be posting more Skype for Business transition articles including SQL 2014 AlwaysOn.


    Thursday, 23 April 2015

    Skype for Business Server 2015 Protocol Workloads Poster and TechNet Library NOW AVAILABLE

    Microsoft has published both the Technet Library Documentation and the Workloads Poster for Skype for Business


    The TechNet Library can be found here - https://technet.microsoft.com/en-us/library/gg398616.aspx


    The Protocol Workloads can be download from here: PDF Version or Visio Version


    Keep and eye out for information and lab builds of Skype for Business including migrations from Lync 2010/2013 just after release day of Skype for Business Server.

    Skype Client UI in Skype for Business

    Skype for Business will still remain “lync.exe” from an executable perspective and maintain the same major version number as Lync 2013. 

    Can I mix and match Lync 2013 and Skype for Business Clients
    Yes you can, Lync 2013 clients will work on Skype for Business Server, and Skype for Business Client will work on Lync 2013 Server. 

    Client Platform
    Server Platform
    Client UI



    Lync 2010
    Lync Server 2013
    Lync 2010
    Lync 2010
    Skype for Business Server
    Lync 2010
    Lync 2013
    Lync Server 2013
    Lync 2013
    Lync 2013 (no S4B update)
    Skype for Business Server
    Lync 2013
    Lync 2013 (S4B update)
    Skype for Business Server
    Skype for Business
    Lync 2013 (S4B update & EnableSkypeUI=FALSE)
    Skype for Business Server
    Lync 2013
    Lync 2013 (S4B update & EnableSkypeUI=TRUE)
    Skype for Business Server
    Skype for Business
    Lync 2013 (S4B update & EnableSkypeUI=NULL)
    Skype for Business Server
    Skype for Business
    Skype for Business
    Skype for Business Server
    Skype for Business
    Skype for Business (EnableSkypeUI=FALSE)
    Skype for Business Server
    Lync 2013
    Skype for Business (EnableSkypeUI=TRUE)
    Skype for Business Server
    Skype for Business
    Skype for Business (EnableSkypeUI=NULL)
    Skype for Business Server
    Skype for Business

    In order to control the Skype for Business/Lync 2013 User Interface, it must be enabled via Client Policy. As customers have been requesting this update, I suggest creating a new user based client policy and add some test users to the policy so they can evaluate before providing to the remaining organization.

    To create a new Client Policy:
                 New-CsClientPolicy - PolicyName SkypeUIClient - EnableSkypeUI $true

    To enable users for this newly created policy:
              Grant-CsClientPolicy -PolicyName SkypeUIClient -Identity "user@company.com"




    Friday, 5 September 2014

    Lync 2013 conferences when using Outlook/Join Launcher with Lync 2010 Coexistence

    During the coexistence period between Lync 2010 and Lync 2013 an error occurs when a Lync user tries to join a Lync 2013 hosted conference.


    Also on the Lync 2013 Server a Lync Event error LS User Services 30988 is logged.


    This is resolved by editing the Web.config files in Lync 2010 and Lync 2013 adding the following key:
    1. <add key="disableConferenceKeyVerification" value="true" />
    2.  <add key="disableRedirectionToHomePool" value="false" />
    that key needs to be added to the following files on the Lync 2010/2013 Front-End Servers:

    C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Int\web.config
    C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\web.config

    After applying the change and perform IISRESET, the Lync 2010 and 2013 servers.



    Tuesday, 4 February 2014

    Lync 2013 Resource Forest FIM Syncronization Guide

    When company's buy other companies one of the big challenges from an IT side is managing multiple environments. In most cases a two-way trust is configured between both forests and most times it stay's this way until something like "Hey we want Lync" comes around.

    In these kind of environments putting Lync Server into a resource forest makes the most sense. We can synchronize users from both forests into contact objects, and makes adding additional environments (more company purchase's) much more simplified.

    In this post I am going to be going over how we can leverage FIM (Forefront Identity Manager) to synchronize user forest information into contact objects in the Lync resource forest. This method is recommended when you have multiple user forests and a ton (100s. 1000s, 10,000s) of users.

    Guide Topology Overview

    NOTE: The purpose of this Guide is to demonstrate the configuration of FIM for the use of user synchronization using Lync Server 2013 in a multiple forest configuration. It does not provide best practices on SQL, Windows or Lync configuration(s) or sizing.

    The Forefront Identity Manager Server in this post will be running Windows Server 2008 R2 SP1. Also note that SQL is required for FIM, I installed SQL 2008 R2 on the FIM Server and will leverage that.

    I have 3 forests total

    LMLAB-A.COM = User Forest
    LMLAB-B.COM = User Forest
    LYNCMEBLOG.COM = Resource Forest (Lync 2013 Standard Edition)

    More information on creating trusts (http://technet.microsoft.com/en-us/library/cc816590(v=ws.10).aspx)

    Forefront Identity Manager prerequisites

    Windows Server 2008 R2 SP1
    SQL Server 2008+ (To install the FIM DB)
    .NET FrameWork 4.5 (This is required to run the Lync FIM extensions)



    Step 1: Forefront Identity Manager 2010 R2 Installation

    Insert/Mount the FIM installation media, and open the FIMSplash.htm file and click "Install Synchronization Service"



    Once the installer launches, click Next and accept the terms.



    Specify your SQL Server and Instance name.


    Click Next until installation begins, and wait for completion.



    Step 2: Import LcsSync Folder into FIM Server

    Download the Lync Server 2013 ResourceKit Install it into the default directory. Once the Resource Kit is installed go to %Program Files%\Microsoft Lync Server 2013\ResKit\LcsSync folder and copy all contents into the %Program Files%\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions folder on the FIM Server.



    Edit the lcscfg.xml file as shown below. NOTE: The “lcsma name” you choose here must be used when importing the Central Forest MA into FIM as demonstrated in Step 5.


    Step 3: Extend Metaverse Shchema for Lync Attributes

    Next, we need to extend the metaverse schema so the Lync Server attributes can be synchronized.

    Open the “Synchronization Service Manager”, Click Metaverse Designer, at the top click Actions and “Import Metaverse Schema”. Select the Lcsmvschema.xml from the %drive letter%:\Program Files\Microsoft Identity Integration Server\Extensions\ folder where you imported the LcsSync files.





    Next, click Tools -> Options, Select “Enable metaverse rules extension”, then click Browse. In the list of files, select lcssync.dll
     
    Next select “Enable Provisioning Rules Extension”. Then click OK to close the Options window.


    Step 4: Configure Object Deletion Rule
    If a user object is deleted in a user forest, the corresponding contact object that is used by Lync Server in the recourse forest must also be deleted, a big reason why this is a favourable configuration in large organizations.

    In the Synchronization Service Manager, click Metaverse Designer. Under the Object types right click person, on the right hand side in the Actions menu click "Configure Object Deletion Rule"


    In the Configure Object Deletion Rule dialog box, click Rules Extension, then click OK.

    Step 5: Create Lync Resource Forest Management Agent

    Now we are ready to create the Management Agents that will synchronize the objects from the LMLAB-A forest to the Lync resource forest LYNCMEBLOG.COM

    Click Management Agents at the top, which should bring you at a blank management agent screen. At the top click Actions, Import Management Agent.


    Make your way to the extensions folder where you copied the LcsSync directory (%drive letter%:\Program Files\Microsoft Identity Integration Server\Extensions\) and import the "lcscentralforestma.xml" file and click Ok.

    A new window will open "Create Management Agent" with a default name "Lcs Central Forest". This name must be the lcsma name  you specified in Step 2.


    Once you click Next, you will see the connect to Active Directory screen. Replace all the FABRIKAM information with your Lync resource forest information, and click Next.


    On the next screen is where we match the imported template partition with our partition of our Lync resource forest. Click the FRABIKAM partition on the left, then click your root partition from the left and click Match.



    Next, click Deselect for the other partitions in the list. Until you deselect everything you will not be able to click Ok at the bottom. then click Ok.


    Next window will allow you to specify a specific domain controller and OU level filtering.

    To select the OU you wish to put your synchronized contact objects click Containers


    In the select containers window select the OU you wish to have your synced objects reside. then click OK.

    At this point we are done with the configuration of the Management Agent, the rest has already been configured by Microsoft, you can click Next and accept all the defaults to the end, and click Finish.

    Notice on the bottom screen (Configure Extensions) the Rules extension name has already been populated to lcssync.dll which we defined in Step 3.



    Step 6: Create User Forest Management Agent

    This step of creating the User Forest MA is the same at the previous step, except we are just defining our User Forest (LMLAB-A.COM) instead of our Lync Forest (LYNCMEBLOG.COM)


    This time we will select "lcsuserforestma.xml", then click Open.


    For the name of the Management Agent can be anything, it does not tie into any other configuration. But I will advise to keep the names as the forest. Only because once you start adding more User Forest Management Agents, it starts to get confusing if you don't have a common naming convention.


    Next window we will enter in our User Forest Active Directory information, then click Next.


    The same can be done on the next window for Partition Matching. Match your existing root partition with the one already defined for NWTraders as we did in step 5. Then deselect the other partitions in the list so we can click OK.



    This next step is an important one, this is where you will select the OU(s) where your current enabled users reside. Click Containers and select all the OU(s) that contain users that you wish to Lync enable.




    Once you have selected all the OU(s) you wish to synchronize, click OK to close the container selection window, then click Next on the directory partitions window. 

    Again at this point everything else is preconfigured, we can click Next all the way to the end, then click Finish.


    ERROR: While clicking next through the "Configure Attribute Flow" you might receive an error 

    'msExchUserHoldPolicies' of 'inetOrgPerson' is no longer available.

    In order to get past this you will need to remove the attribute flow for msExchUserHoldPolicies

    Expand "Object Type: inetOrgPerson, select msExchangeUserHoldPolicies and click Delete at the bottom.


    And do the same for Object Type: user, select msExchangeUserHoldPolicies and click Delete at the bottom.


    Now you can click Next to the end, then click Finish.

    In the Management Agent window you will now see your Lync Forest Agent and your User Forest Agent(s). I went ahead and added LMLAB-B.COM but the process is the exact same for adding multiple User Forest Agents as defined in Step 6.


    Step 7: Importing, Synchronizing and Provisioning

    Here is a quick drill down of the Import, Synchronization and Provisioning in Step 7

    #1 Lync Forest - Right click Lync Forest Management Agent, Click Run -> Full Import
    #2 User Forest - Right click User Forest Management Agent, Click Run -> Full Import
    #3 Lync Forest - Right click Lync Forest Management Agent, Click Run -> Full Sync
    #4 User Forest - Right click User Forest Management Agent, Click Run -> Full Sync
    #5 Lync Forest - Right click Lync Forest Management Agent, Click Run -> Export

    This is the last step in synchronizing your user objects to the Lync Forest.


    NOTE: During the import, synchronize and provisioning I am starting with the Lync Forest first, this is a requirement. If you do this in any other order the objects will not synchronize and provision correctly.

    If we look at the Lync Resource Active Directory Users and Computers, and go to our OU that we specified in step 5 we have no users in that OU.



    First we need to run a full import from the Lync resource forest and the user forest into the FIM connector space.

    In the FIM Synchronization Service Manager, Management Agents, right click the Lync forest Management Agent and click Run...


    In the Run Management Agent window, click Full Import then OK.



    It should only take a few seconds to run, Refresh the agent by hitting F5, once its complete you will see to the left of the Management Agent the State of Idle. You will also see in the bottom left corder the Synchronization Statistics which will now have some values including Adds.



    If you click Adds in the Synchronization Statistics box, you will see that the Distinguished Name of the OU you selected in step 5 has been added.



    Next we will follow the same process for the User Forest Management Agent. right click the user forest Management Agent and click Run...


    In the Run Management Agent window, click Full Import then OK.



    It should only take a few seconds to run, Refresh the agent by hitting F5, once its complete you will see to the left of the Management Agent the State of Idle. You will also see in the bottom left corder the Synchronization Statistics which will now have some values including Adds.


    If you click Adds in the Synchronization Statistics box, you will see the same user forest Distinguished Name's of the container and OUs that you specified. But now we also see the users that where in those OU(s).


    Next we need to Synchronize the Metaverse with the data that was captured during the full import.

    Right click your Lync forest Management Agent, and click Run...


     In the Run Management Agent window click Full Sync, and click OK.


    Follow the same process but not on the User Forest Management Agent.


    In the Run Management Agent window click Full Sync, and click OK.


    And lastly we need to provision the Lync Resource Forest.

    Right click your Lync forest Management Agent, and click Run...


    n the Run Management Agent window click Export, and click OK.


    In the Management Agents window in the bottom left corner "Export Statitics" click on Adds. Here you should see all the users that were in your User OU(s)

    You can also confirm by looking in Active Directory Users and Computers in your Resource Forest OU you selected in step 5 and see the contact objects for your synchronized users.




    Now our users from our user forest are synchronized as contact objects in the Lync 2013 resource forest. You can go ahead and enable these objects in Lync and test sign in.