New Blog - Office 365 Lync Online and Exchange Online

As of a few weeks ago I decided to start yet another blog on Office 365 topics. Some topics will intaily have some topics from this blog but will surround the tasks needed or information indended for Office 365.

Reasoning behind this is I have been working alot with Office 365 over the last 12 months (more then Lync Deployments) and feel I should share some deployment senerios, gotch-ya's and guids.

You can read this Office 365 blog at http://lyncmeonline.blogspot.ca/


On a side note, I will be adding more articles to this blog ( I haven't forgotten about it!!) But sadly my project focus has not been with Lync lately. So I will be making a best effort to update this blog more frequently.

IIS ARR and Lync Server 2013 Reverse Proxy Setup

During a conversation about TMG now being discontinued I was pointed into the direction of using IIS ARR (Application Request Routing) as a reverse proxy for Lync 2013. After some quick digging the use of IIS ARR is a supported method as per the Microsoft Technet article http://technet.microsoft.com/en-us/library/gg398069.aspx.

NOTE: I have also been told by other consultants that they have configured and used IIS ARR with Lync 2010 and is fully supported. Mentioned in the "Information" section of this article  http://technet.microsoft.com/en-us/library/gg398069.aspx

The configuration of IIS ARR for Lync 2013 was very straight forward.

IIS ARR is supported on Windows Server 2008, 2008 R2 and Server 2012. For this post I will be using Server 2012.


As like TMG you will need to configure 2 Network Adapters. One will be for external communication with a default gateway to accept requests from the Internet, and the second adepter will be for communication to your Lync 2013 environment.

Also do not join your IIS ARR server to your domain

 

After your networking is configured, and confirmed you can browse the Internet and still ping your internal Lync 2013 environment, install IIS (Web Server) on your ARR server. Which can be done either by PowerShell or using Server Manager.

Next, Export your public Lync 2013 certificate and import it into your IIS ARR server

Next we will bind our imported certificate to port 443 in IIS.

Next we will install the Web Platform Components for downloading and installing IIS ARR

Internet Explorer will open, and click the green button on the right that says "Free Download"

Download and Install the Web Platform Installer 4.5

Once installed, you will be presented with the WebPI 4.5 Application window, here you can search for KB2589179" which will display the Application Request Routing 2.5. Select and click Add then Install.

After installation we can start the configuration of IIS to support Lync 2013. First close IIS Manager and reopen, you will now notice "Server Farms" option under Sites.

Right click on Server Farms, and select Create Server Farm...

Name your Server Farm (I used the External FQDN of my Lync web service)

Next specify the FQDN of your Enterprise Pool or Standard Edition Lync Server. Also drop down "Advanced Settings..." and change the default ports to 8080 and 4443 (which are our External Web Service ports). And click Finish

After clicking Finish you will be prompted to create the Rewrite Rules, click Yes.

Now your server farm is created with either your Enterprise Pool or Standard Edition Server defined. Next we will make some configuration changes to the Server Farm

Under Caching, disable the disk cache.

Specifically for Lync External web services, under Proxy, change the time-out to 200 seconds. This prevents the Lync Web App from experiencing disconnecting and reconnecting unexpectedly.

Under Routing Rules, disable the SSL offloading option.

Now we are going to configure the URL Rewrite rules. This is similar to what TMG did in rewriting the external meet/dialin/ext urls internally to your Lync Front End Servers.

Click the Root (Server Name) in IIS, and in the IIS settings click "URL Rewrite"

You will see 2 Rewrite rules already created, double click on the ARR_Name_loadbalance_SSL Rule.

The following changes need to be made.

The Pattern needs to be changed to (.*), Using: changed to Regular Expression and Action Properties changed from http:// to https://

Apply your Rewrite rule changes, and test. Now you should be able to open https://meet.domain.com externally (or by HOST record change meet/dialin/ext to external IP of IIS Server) and get to your Lync 2013 external services.

Notice the ping to the external (10.180.213.200) IP Address as shown above, and that I cannot even ping the Standard Edition Front End Server.

Thank you for reading.

Lync 2013 Standard Edition Pool Pairing Failed - "Cannot find any suitable disks for database files"

During a deployment I configured Pool Pairing for 2 Standard Edition Front-Ends. One of the Standard Edition servers was the primary pool for all users, with another Standard Edition server in the DR site.

After enabling Pool Pairing in the Topology

And confirming the 1:1 Pool Pair.

We publish the Topology. We immediately received the following error.

Back into the topology builder to try and reinstall the failed database configuration.

Instead of clicking next to "Automatically determine database file location" click Advanced

And select "Use SQL Server instance defaults". When configuring a Standard Edition Front-End server SQL instance defaults are using when the databases are installed. Why the install database was failing using automatic detection settings. We couldn't find an appropriate answer and are still investigating.

UPDATE: After some additional investgation found that the Standard Edition Servers had aprox 65GB disk space free. As per the Microsoft KB Article

http://support.microsoft.com/kb/2816266

Installing a Lync Database will fail if the server has less then 72GB Free disk space.

After selecting "Use Default instance defaults" click OK, then next to proceed with the database installation. And Success!

After installing the database on the backup pool, continued steps configuring Pool Pairing continued.

 

Lync Online Certificate Update - June 1st 2013

This has been a crazy/busy start to the 2013 year. I do apologies to everyone that reads my blog I have had 0 time to post any migration articles. But will try to get back into it very shortly.

But here is an interesting article that was I was pointed to by some folks at Microsoft here in Canada.

My team and I have been doing alot of work with Office 365 Wave 15. Migrations, co-existence, hybrid with Lync on-premises. And was advised that Lync Online is going to be changing their certificates as of June 1st 2013.

I wont post about the changes, as they can be found here,

http://blogs.technet.com/b/nexthop/archive/2013/05/13/action-needed-lync-online-certificate-update.aspx


Long story short from the article, you will need to download the Baltimore Root certificate if you do not use Windows Update on a regular biases, or you have security policies in place that do not allow for all trusted root certificate authority certificates to be stored on your servers.

You can download the root certificate here.

https://cacert.omniroot.com/bc2025.crt

NOTE: This root certificate will need to be installed on every server that will come in contact with Lync Online.

Steps to install

Step 1: Download and Save the crt file above.

Step 2: Install Certificate into Trusted Root Certificate Store

Open, MMC (Start -> Run, type mmc)

Add the Certificates Snap in

 Select "Computer" in the manage certificates window.

Select Local Computer, then click Finish

Once the Certificates Snap-in is loaded, expand Certificates (Local Computer), Trusted Root Certification Authorities then Certificates. Right click Certificates, All Tasks and Import.

Click Next, Browse to the file that you downloaded above.

Click Next and Finish, you should receive a message that the import was successful.

To confirm check the list of root certificates to see if Baltimore CyberTrust Root is installed.

And there we have it. If you do not download specific updates, or have company regulations against storing specific certificates, this certificate needs to be installed by June 1st 2013 or any federation/hybrid/co-existence you have with Lync Online will stop working.

Thank you for reading, I hope I can start writing my co-existence articles very soon.

Coexistence Between Lync 2010 and Lync 2013 Pools Part 1

With a lot of the new features in Lync 2013 , a lot of company's will be wanting to migrate from Lync Server 2010 to 2013. The below guide will co-exist a current Lync Server 2010 topology (csfe.lyncmeblog.local) with Lync Server 2013 (ls13pool.lyncmeblog.com).

The deployment steps are the same as my Lync Server 2013 Preview Deployment Guide, but there are screen shots but a lot of the steps are missing up to the co-existence.

The following assumptions are made:

You currently have Lync Server 2010 running and functioning including a healthy CMS and all DNS records are created.

You have installed all required prerequisites on your "Lync Server 2013" Server including PowerShell 3.0, ASP .NET 4.5 which I outlined in my Lync Server 2013 Preview Deployment Guide.

NOTE: Some of the screen shots reflect the "Preview" edition. I started writing this post using Preview before my lab died. When I reinstalled Lync in my new lab I used the RTM copy of Lync 2013. But the process outlined in this guide are the same as using RTM through out the deployment.

Step 1: Prepare Active Directory for Lync Server 2013

Step 2: Install Administrative Tools which includes the Lync 2013 Topology Builder.

 

Step 3: Open the new Lync Server 2013 Topology Builder, and Download the existing topology. This will download your current Lync Server 2010 topology so we can start to add our new pools.

As you can see the new topology builder spread's out both deployments into 3 separate categories (Lync Server 2010, Lync Server 2013 and Shared Components).

 

Step 4: For this guide I will be creating a Lync Server 2013 Standard Edition Pool, But the same concept applies for creating a Enterprise Pool.

 

For this guide I will be only be enabling Enterprise Voice as I had to scrap my Web Apps Server for my Lync Server 2010 server. But in my last guide noted above I did deploy a Web Apps server for conferencing.

 

Defile your existing file store on Lync Server 2010.

 

Now publish your topology.

 

 

After you published your topology, go back to the deployment wizard and select "Setup Lync Server Components.

Next request your certificates for your server default, internal and external web services.

 

 

Next request your Lync Server 2013 Preview OAuth certificate, and publish.

Start Lync Services.

Confirm the services started.

Now here is where I slow down this guide and start the co-existence and migration steps.

Once the Lync Server 2013 Preview services are started, you need to run the following command
PS: > Update-CsAdminRole

This command updates RBAC settings in the current Lync Server 2010 Topology to insure Lync Server 2013 Preview PowerShell and Control Panel works correctly.

 

Also note that since we now have Lync Server 2013 installed in the existing Lync Server 2010 environment, we can no longer use the Lync Server 2010 Topology Builder. All new Topology tasks will be performed using the new  Lync Server 2013 Topology Builder.

 

 

 

Now we have basic coexistence between Lync 2010 and Lync 2013,

 

 

Moving users between Lync 2010 and 2013 pools

 

 

Moving users between pools is a fairly simple process, but confirming all features will be available to all users for a seamless migration is sometimes not so simple. I have outlined below a list of "features" and how we can confirm they are functional for users in both pools/editions.

 

 

Moving users can be done either via the Control Panel or PowerShell.

 



 Lync 2013 Control Panel

 

Lync 2013 Management Shell

 

 

When testing Lync 2010 and 2013 coexistence I always create test users before my pilot migration to confirm Conferencing, Voice, Monitoring, IM/Presence and Mobility.

 

Simple URLs

 

During coexistence simple URLs can continue to point to your Lync 2010 pool until all users have been migrated to 2013 and your ready to decommission your Lync 2010 pool.

 

 Below I have illustrated moving my user account (tday@lyncmeblog.com) from Lync 2010 Pool (csfe.lyncmeblog.local) to Lync 2013 Pool (ls13pool.lyncmeblog.com) and using the same meeting URL (https://meet.lyncmeblog.com) to join an online meeting. At first the connection always goes to the Lync 2010 front-end as that's where I have the meet URL pointing too, but once I move the user to Lync 2013 the Join Launcher will redirect to the new pool.

 

 

Move User to Lync 2010 Pool

 

 

Launch meeting URL

 

 

Move User to Lync 2013 Pool

 

 

Launch meeting URL

 

 

 

 

So when migrating your users from Lync 2010 and Lync 2013, there is a very seamless integration between both editions. The dial in URL works a little differently. While the dialin.domain.com URL is pointing to your Lync 2010 Pool, all your 2010 and 2013 users will use the 2010 dial in page. When the user is on a 2013 pool and logs into the 2010 dial in page, no "2013" redirection will occur. They can use the Assigned Conference Information URL to use to login to their 2013 Lync Web App.

 

If you wish to move your dial in page to point to your Lync 2013 Pool you can do so at anytime. The 2013 dial in page will authenticate 2010 Pool users the same way.

 

But during co-existence leave your meet.domain.com page pointing at your 2010 Pool while users are still homed on 2010.

 

 

 

 

 

 

 

IM/Presence

 

There is no real process for IM co-existence between both 2010 and 2013 versions. Just move one of your test users to your 2013 pool and send an IM to a user still on the 2010 Pool. Below I have sent a message between pools, and captured the logging data in Snooper just so we can see the connection between the pools being made.

 

 

 



 

 

 Also started a conference with 2 users homed on both editions and started program sharing.

 

 

 

This is part 1 of a 2 part co-existence guide.

 

The next part will go into voice coexistence. Also we will be moving the CMS from Lync 2010 to Lync 2013.

 

I hope you enjoyed this guide, and please leave your comments.