Here is a reg edit you can perform to see the message body in the Lync Logging tool. I used this to help troubleshoot the Mobility and the IMM Filter
HKeyLocalMachine\System\CurrentControllSet\Services\RtcSrv\Parameters Create a Dword Value of "EnableLoggingAllMessageBodies" set to value of 1
Note: requires restart of Lync services to initialize
CAUTION: You will want to revert this setting after troubleshooting is complete, its purpose is to include the message body payload in logging, this could be construed as a security privacy concern.
The KB article is available here: http://support.microsoft.com/kb/2669896/en-us It's not a public download and can only be obtained through Microsoft Support to fix specific issues.
Issue that this update fixes
This update package also fixes the issue that are documented in the following Microsoft Knowledge Base (KB) article:
2665270 The "Lync New Online Meeting" button in Outlook does not work in a Lync Server 2010 environment.
Consider the following scenario:
You use Microsoft Office Outlook 2007 and Lync 2010 in a Lync Server 2010 environment.
An administrator installs the update that is mentioned in Microsoft Knowledge Base (KB) article 2514980 in the Lync Server 2010 environment.
You install the update that is mentioned in KB article 2514982 on the Lync 2010 client.
You open Outlook 2007, and then click the Lync New Online Meeting button in Calendar View.
In this scenario, the Lync Online Meeting invitation does not open. Additionally, Outlook 2007 stops responding, and then restarts.
The Microsoft Lync Web Scheduler has been available for a while ( April 2011). Its a fantastic tool for people on the go to schedule meetings.
I found a bug in this Web App back in May 2011 that does not allow you to schedule any meetings if your Lync Server is set with the date format DD/ MM/ YY.
You will receive "The meeting information could not be saved. Please try again."
Before making any changes, please backup the file you are about to edit.
Go to C:\Program Files\Microsoft Lync Server 2010\Web Components\Web Scheduler\Int\Scripts\common.js
and change $$("meetingTime").innerHTML = FormatDate(start, "DD, MM dd, yy", "mm/dd/yy") + (splitStart[4] ? " " + splitStart[4] : "") + (splitStart[5] ? " " + splitStart[5] : "");
to
While looking for ways to make creating Holiday Sets not so boring, i came across this fantastic application. All you need to do is type in your holidays start and end times, and there you have your holiday sets. I have created a whole year's worth of holidays (and in Canada its alot). in under 20 min.
The setting is held in the current windows sound scheme, which is held in the registry under HKCU:\AppEvents\Schemes\Apps\Communicator
When the Data field is full it plays that sound. If no sound is set the Data field is empty.
Once you know this you can use GPO to change the registry setting, or use PowerShell to script the change.
To list the current settings:
Once that command has run the setting will be blank, and no sound will be played.
The same principle applies for changing any of the other Lync sound settings.
Note: It my reset if the user changes the sound theme (as users can have different application sounds in each theme. If you want it to apply to all themes you should blank out the setting for all themes, not just .Current
Here is another Fortigate topic i see alot regarding getting Fortigate units to work correctly with Lync and SIP Trunking. We use alot of Fortigate's at Rolling Thunder and in order to use them with Lync alot of time was spent getting them working with SIP.
There was a bug in earlier versions of the FortiOS software regarding SIP/Lync that was resolved in 4.0 MR3 Patch 3. So make sure your fortigate is updated. Firmware images can be found at http://support.fortinet.com/ with a valid login and support contract.
Once your fortigate is updated to MR3 Patch3 or above. you will also need to configure your fortigate in Interface Mode. this will allow you to use all 4-6-8 interfaces independently. this becomes useful for creating separate networks within the fortigate ie (SIP Trunking, Lync, Development, Internal network etc....)
This can be found by going to System -> Network -> Interfaces, then clicking switch mode at the top. And choosing Interface Mode
Note: you cannot have anything set on the fortigate for this, all rules need to be deleted before you are able to switch the interface mode. This process is usually performed on Fortigate's right out of the box.
First thing, choose an interface you wish to use for the SIP Trunk. I picked Interface 6. but makes no difference.
Also i configured the interface with a /30 subnet (Point-to-Point) which will allow me only the Fortigate interface and Lync on this interface.
On your Lync server, configure your PSTN/Mediation Interface with the IP Information you configured for your Fortigate Interface.
Note: Also set your interface metric. This will allow the Lync server to always use this interface when making outbound calls. If this is not set it will automatically select the interface, if it selects the wrong one, your calls will fail!
In Topology Builder, set your Primary IP Address and PSTN Address. Once set, Publish your Topology.
By this point, you should already have placed your ITSPs Gateway into your Topology and assigned it to your mediation server. Use the ports and protocol given to you by your provider. We use ThinkTel they use TCP on port 5060.
Back to your Fortigate, here you will create your policies for inbound and outbound rules.
Create a new Virtual IP
Create a new VIP
External IP Address will be the one you plan to give to your SIP Trunking Provider. Again I use different IP Address then the one on all my other Interfaces. for Lync I usually request a /29 from the ISP. Which gives you 6 usable IP Address (1 for SIP Trunk, 1 for meet/dialin, 3 for Lync Edge (sip,av,webconf) and the 6th for the end users to use for NATing out to the Internet. )
Next create you custom Services for your Signaling and Media ports.
Also create a New Address entry for your Mediation PSTN IP Address.
Once you have all that complete, its time for the CLI!!
the below you can copy and paste right into the CLI of your Fortigate.
You will need to disable ALG, and also add 2 entries in the sip session-helper, one for TCP and one for UDP.
config sys session-helper
edit 0
set name sip
set port 5060
set protocol 17
end
And one for TCP
config sys session-helper
edit 0
set name sip
set port 5060
set protocol 6
end
Then create a new Voip UTM Profile (lync)
edit "lync"
set comment "lync voip profile"
config sip
set register-rate 1000
set invite-rate 1000
set log-violations enable
set preserve-override enable
end
config sccp
set log-call-summary enable
set log-violations enable
end
Once the above session-helper and Voip Profile are created, now we can create our Firewall Policies.
First we will create from Internal -> WAN1 so for all outbound calls/signaling. Notice how I did NOT enable UTM. the UTM Voip policy will only be applied from WAN1-> Internal
once you have created both firewall policies, go to your Lync Server and open Internet Explorer and type http://whatismyip.com/. this should display the IP Address you used when creating your VIP above. if it does not, check to make sure you selected your 10.200.200.2 Interface with a metric of 1.
That is all, now you should be able to make and receive calls to Lync via SIP Trunking and your Fortigate.
I have had alot of requests by other partners and Lync integrators on how to configure a Fortigate for use with Lync. Microsoft recommends to use a reverse proxy like TMG when publishing Lync web services. I have used Fortigate devices for this in multiple deployments with no issues. If you haven't read the Lync Open Interoperability Program (OIP) list you can read on it here http://technet.microsoft.com/en-us/lync/gg131938 .
Lets get started on the setup.
Lync uses port 8080 and 4443 for external web services, all we need to do is do a port forward on the Fortigate.
For this we are going to create a new "Virtual IP"
Create New VIP
The External IP Address will be the public IP Address you plan to use to publish your Lync web services on the Internet.
The Internal IP Address will be the internal IP Address of your Lync Front End Server
As a best practice for myself I create another VIP for port 80/8080. so if any user just types dialin.domain.com they will be automatically redirected to the https.
Once you have your 2 VIPs created now to publish them in the Fortigate Policy.
Create New.
Source Interface: WAN1 or WAN2 depending on which interface you are using to publish Lync. Destination Interface: Depending on how you have your Fortigate configured. if its in Interface mode you will only have "Internal". If in "Switch" mode you will have Internal1-> 4-6 Destination Address: choose both your VIPs you created above. Service: as for the service, alot of people choose HTTP and HTTPS, but there is no need to as you already selected your forwarding ports when you created the VIPs. so choose ANY
Once you have applied your firewall policy, try it out!
You can set several statuses such as a custom presence as appear offline, this is a well-known status in the Public IM world such as MSN Messenger.
Note: I have tried using custom presense as stated by others by using the local computer for the presence xml, this poses an issue with some company's that want full control over the presence.xml file. which localizing it to a webserver makes it very easy for changes to the document.
Appear Offline
Appear Offline is well known in some Public IM networks, in OCS 2007 and OCS 2007 R2 you can set the Appear Offline by a group policy for all users or by user through the registry.
With Lync this setting cannot be activated through a group policy or a registry setting, but this is set within the Clientpolicy. To enable this feature you can issue the following command from the Lync management shell: Get-CsClientPolicy | Set-CsClientPolicy –EnableAppearOffline:$true
This command will modify the default client policy, if a user signs off and on the status can be set.
Custom Precense
It is also possible to create up to four custom presences. This can be done through a custom xml file. What we need to have is a custom xml file.
After creating your .xml file you will also need a .reg (registry file) to merge onto each computer using the custom presence state. the reg file is as followed;
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Communicator] @="" "CustomStateURL"="https://fqdn/Presence.xml" "EnableSIPHighSecurityMode"=dword:00000000
LCID stands for Location ID, you can refer here for a full list. Issue the following command to enable the Custom Presence: Get-CsClientPolicy | Set-CsClientPolicy–CustomStateURL “https://fqdn/customstates.xml”
Install .reg file on client computer, when the user signs out and in, the custom Presence can be set
Troubleshooting:
Make sure you can easly view the customstates.xml file from a web browser both internally and externally, if you cant, confirm correct DNS settings for your webserver.
Also make note in the above example there is no "away" custom status. This is not available in custom presence.
I have decided to start yet another Lync/UC Blog, but with most blogs i notice alot of the fine grind material is missing. I will use this blog to really help with the day to day administration of Lync 2010 and the other types of components that surround it such as Load Balencers, Certificates, Hardware etc...
I hope you all enjoy it, and alot of great content to come in the next week, I have collected alot of information over the year deploying Lync, and have decided not to keep it to my self :)
