Tuesday 28 February 2012

Lync Logging View Message Body

Here is a reg edit you can perform to see the message body in the Lync Logging tool. I used this to help troubleshoot the Mobility and the IMM Filter

HKeyLocalMachine\System\CurrentControllSet\Services\RtcSrv\Parameters
Create a Dword Value of "EnableLoggingAllMessageBodies" set to value of 1

Note: requires restart of Lync services to initialize
CAUTION:  You will want to revert this setting after troubleshooting is complete, its purpose is to include the message body payload in logging, this could be construed as a security privacy concern.

Saturday 25 February 2012

Lync client February 2012 hotfix KB Released

The KB article is available here: http://support.microsoft.com/kb/2669896/en-us
It's not a public download and can only be obtained through Microsoft Support to fix specific issues.

Issue that this update fixes

This update package also fixes the issue that are documented in the following Microsoft Knowledge Base (KB) article:
  • 2665270  The "Lync New Online Meeting" button in Outlook does not work in a Lync Server 2010 environment.
Consider the following scenario:
  • You use Microsoft Office Outlook 2007 and Lync 2010 in a Lync Server 2010 environment.
  • An administrator installs the update that is mentioned in Microsoft Knowledge Base (KB) article 2514980 in the Lync Server 2010 environment. 
  • You install the update that is mentioned in KB article 2514982 on the Lync 2010 client.
  • You open Outlook 2007, and then click the Lync New Online Meeting button in Calendar View.
In this scenario, the Lync Online Meeting invitation does not open. Additionally, Outlook 2007 stops responding, and then restarts.

Monday 20 February 2012

Lync Web Scheduler - Minor Issue

The Microsoft Lync Web Scheduler has been available for a while ( April 2011). Its a fantastic tool for people on the go to schedule meetings.

I found a bug in this Web App back in May 2011 that does not allow you to schedule any meetings if your Lync Server is set with the date format DD/ MM/ YY.

You will receive "The meeting information could not be saved. Please try again."

Before making any changes, please backup the file you are about to edit.

Go to C:\Program Files\Microsoft Lync Server 2010\Web Components\Web Scheduler\Int\Scripts\common.js

and change $$("meetingTime").innerHTML = FormatDate(start, "DD, MM dd, yy", "mm/dd/yy") + (splitStart[4] ? " " + splitStart[4] : "") + (splitStart[5] ? " " + splitStart[5] : "");
to

$$("meetingTime").innerHTML = start;

Lync Holiday Set Editior

While looking for ways to make creating Holiday Sets not so boring, i came across this fantastic application. All you need to do is type in your holidays start and end times, and there you have your holiday sets. I have created a whole year's worth of holidays (and in Canada its alot). in under 20 min.

http://waveformation.com/holidayseteditor/

Parked calls drop after 30 seconds

Dropped parked calls are due to a RTCP timeout.
Open Lync Powershell to view Trunk configuration
Get-CsTrunkConfiguration
SipResponseCodeTranslationRulesList : {}
Description                         :
ConcentratedTopology                : False
EnableBypass                        : False
EnableMobileTrunkSupport            : False
EnableReferSupport                  : False
EnableSessionTimer                  : True
EnableSignalBoost                   : False
MaxEarlyDialogs                     : 20
RemovePlusFromUri                   : False
RTCPActiveCalls                     : True
RTCPCallsOnHold                     : True
SRTPMode                            : Optional
EnablePIDFLOSupport                 : False
to resolve the timeout, open Lync Powershell and enter
Set-CsTrunkConfiguration –Identity <TrunkName> –RTCPActiveCalls $false –RTCPCallsOnHold $false
SipResponseCodeTranslationRulesList : {}
Description                         :
ConcentratedTopology                : False
EnableBypass                        : False
EnableMobileTrunkSupport            : False
EnableReferSupport                  : False
EnableSessionTimer                  : True
EnableSignalBoost                   : False
MaxEarlyDialogs                     : 20
RemovePlusFromUri                   : False
RTCPActiveCalls                     : False
RTCPCallsOnHold                     : False

SRTPMode                            : Optional
EnablePIDFLOSupport                 : False

Wait for Topology replication and test call park.

Turn off 2nd incoming call alert - Call Waiting in Lync

The setting is held in the current windows sound scheme, which is held in the registry under HKCU:\AppEvents\Schemes\Apps\Communicator
 
When the Data field is full it plays that sound. If no sound is set the Data field is empty.
Once you know this you can use GPO to change the registry setting, or use PowerShell to script the change.
To list the current settings:

Get-itemproperty -Path "HKCU:\AppEvents\Schemes\Apps\Communicator\Communicator_secondcall\.Current”

To remove this value, so that no sound is played.

Clear-Itemproperty -Path "HKCU:\AppEvents\Schemes\Apps\Communicator\Communicator_secondcall\.Curent\" -name "(Default)"

Once that command has run the setting will be blank, and no sound will be played.

The same principle applies for changing any of the other Lync sound settings.
Note: It my reset if the user changes the sound theme (as users can have different application sounds in each theme. If you want it to apply to all themes you should blank out the setting for all themes, not just .Current

Saturday 18 February 2012

Configure Fortigate with SIP Trunking for Lync

Here is another Fortigate topic i see alot regarding getting Fortigate units to work correctly with Lync and SIP Trunking. We use alot of Fortigate's at Rolling Thunder and in order to use them with Lync alot of time was spent getting them working with SIP.

There was a bug in earlier versions of the FortiOS software regarding SIP/Lync that was resolved in 4.0 MR3 Patch 3. So make sure your fortigate is updated. Firmware images can be found at http://support.fortinet.com/ with a valid login and support contract.

Once your fortigate is updated to MR3 Patch3 or above. you will also need to configure your fortigate in Interface Mode. this will allow you to use all 4-6-8 interfaces independently. this becomes useful for creating separate networks within the fortigate ie (SIP Trunking, Lync, Development, Internal network etc....)


This can be found by going to System -> Network -> Interfaces, then clicking switch mode at the top. And choosing Interface Mode

Switch Mode Internal=INT1/INT2/INT3/INT4/INT5/INT6
Interface Mode Internal1=INT1, Internal2=INT2, Internal3=INT3, Internal4=INT4, Internal5=INT5, Internal6=INT6

Note: you cannot have anything set on the fortigate for this, all rules need to be deleted before you are able to switch the interface mode. This process is usually performed on Fortigate's right out of the box.

First thing, choose an interface you wish to use for the SIP Trunk. I picked Interface 6. but makes no difference.


Also i configured the interface with a /30 subnet (Point-to-Point) which will allow me only the Fortigate interface and Lync on this interface.

On your Lync server, configure your PSTN/Mediation Interface with the IP Information you configured for your Fortigate Interface.



Note: Also set your interface metric. This will allow the Lync server to always use this interface when making outbound calls. If this is not set it will automatically select the interface, if it selects the wrong one, your calls will fail!

In Topology Builder, set your Primary IP Address and PSTN Address. Once set, Publish your Topology.




By this point, you should already have placed your ITSPs Gateway into your Topology and assigned it to your mediation server. Use the ports and protocol given to you by your provider. We use ThinkTel they use TCP on port 5060.

Back to your Fortigate, here you will create your policies for inbound and outbound rules.
Create a new Virtual IP




Create a new VIP




External IP Address will be the one you plan to give to your SIP Trunking Provider. Again I use different IP Address then the one on all my other Interfaces. for Lync I usually request a /29 from the ISP.  Which gives you 6 usable IP Address (1 for SIP Trunk, 1 for meet/dialin, 3 for Lync Edge (sip,av,webconf) and the 6th for the end users to use for NATing out to the Internet. )

Next create you custom Services for your Signaling and Media ports.



Also create a New Address entry for your Mediation PSTN IP Address.



Once you have all that complete, its time for the CLI!!

the below you can copy and paste right into the CLI of your Fortigate.

You will need to disable ALG, and also add 2 entries in the sip session-helper, one for TCP and one for UDP.


config sys session-helper
edit 0
set name sip
set port 5060
set protocol 17
end

And one for TCP
config sys session-helper
edit 0
set name sip
set port 5060
set protocol 6
end

Then create a new Voip UTM Profile (lync)
edit "lync"
set comment "lync voip profile"
config sip
set register-rate 1000
set invite-rate 1000
set log-violations enable
set preserve-override enable
end
config sccp
set log-call-summary enable
set log-violations enable
end



Once the above session-helper and Voip Profile are created, now we can create our Firewall Policies.

First we will create from Internal -> WAN1 so for all outbound calls/signaling. Notice how I did NOT enable UTM. the UTM Voip policy will only be applied from WAN1-> Internal









once you have created both firewall policies, go to your Lync Server and open Internet Explorer and type http://whatismyip.com/. this should display the IP Address you used when creating your VIP above. if it does not, check to make sure you selected your 10.200.200.2 Interface with a metric of 1.

That is all, now you should be able to make and receive calls to Lync via SIP Trunking and your Fortigate.



Happy Calling!!!




Configure Lync Web Services with a Fortigate

I have had alot of requests by other partners and Lync integrators on how to configure a Fortigate for use with Lync. Microsoft recommends to use a reverse proxy like TMG when publishing Lync web services. I have used Fortigate devices for this in multiple deployments with no issues. If you haven't read the Lync Open Interoperability Program (OIP) list you can read on it here http://technet.microsoft.com/en-us/lync/gg131938
.
Lets get started on the setup.

Lync uses port 8080 and 4443 for external web services, all we need to do is do a port forward on the Fortigate.

For this we are going to create a new "Virtual IP"

Create New VIP



The External IP Address will be the public IP Address you plan to use to publish your Lync web services on the Internet.
The Internal IP Address will be the internal IP Address of your Lync Front End Server

As a best practice for myself I create another VIP for port 80/8080. so if any user just types dialin.domain.com they will be automatically redirected to the https.




Once you have your 2 VIPs created now to publish them in the Fortigate Policy.




Create New.



Source Interface: WAN1 or WAN2 depending on which interface you are using to publish Lync.
Destination Interface: Depending on how you have your Fortigate configured. if its in Interface mode you will only have "Internal". If in "Switch" mode you will have Internal1-> 4-6
Destination Address: choose both your VIPs you created above.
Service: as for the service, alot of people choose HTTP and HTTPS, but there is no need to as you already selected your forwarding ports when you created the VIPs. so choose ANY

Once you have applied your firewall policy, try it out!

http://dialin.domain.com/, http://meet.domain.com/

Also confirm you have created public DNS entries for dialin and meet to point to the public IP Address you used in your VIPs.

Thursday 16 February 2012

Failed to return unique result adding phone number to user or response group

When trying to add a Line URI or sip phone number to a response group.
Check for stale records in Active Directory
run command from Lync PowerShell Module
Get-CsApplicationEndpoint
And check for messages in "Yellow"
WARNING: "RegistrarPool" with identity "594603069" assigned to
"sip:1905555555@sipdomain.com" has been removed from configuration store.

Below that showed the following


Identity : CN={5bf72950-f903-4177-8887-3635a433618f},CN=Applicati
on Contacts,CN=RTC Service,CN=Services,CN=Configuratio
n,DC=Domain,DC=local
RegistrarPool : 594603069
HomeServer : CN=Lc Services\0ADEL:c5c61b5f-19a0-49a0-9aa3-e6841778f
1d1,CN=Deleted Objects,CN=Configuration,DC=Domain,DC
=local
OwnerUrn : urn:application:RGS
SipAddress :sip:1905555555@sipdomain.com
DisplayName : Company Name
DisplayNumber : +19055555555
PrimaryLanguage : 0
SecondaryLanguages : {}
EnterpriseVoiceEnabled : True
Enabled : True


Locate the Identity in Active Directory using ADSIEdit

And Delete the "CN" located at the end of the Identity String  ie. "CN={5bf72950-f903-4177-8887-3635a433618f}"

And try and add your Line URI or Response Group SIP Address.

Lync Custom Presence status

You can set several statuses such as a custom presence as appear offline, this is a well-known status in the Public IM world such as MSN Messenger.

Note: I have tried using custom presense as stated by others by using the local computer for the presence xml, this poses an issue with some company's that want full control over the presence.xml file. which localizing it to a webserver makes it very easy for changes to the document.

 
Appear Offline
Appear Offline is well known in some Public IM networks, in OCS 2007 and OCS 2007 R2 you can set the Appear Offline by a group policy for all users or by user through the registry.
With Lync this setting cannot be activated through a group policy or a registry setting, but this is set within the Clientpolicy. To enable this feature you can issue the following command from the Lync management shell:
Get-CsClientPolicy | Set-CsClientPolicy –EnableAppearOffline:$true

This command will modify the default client policy, if a user signs off and on the status can be set.

Custom Precense
It is also possible to create up to four custom presences. This can be done through a custom xml file.
What we need to have is a custom xml file.

<?xml version="1.0" encoding="utf-8"?>
<customStates>
  <customState ID="1" availability="Online">
    <activity LCID="1033">Working From Home</activity>
  </customState>
  <customState
    ID="2" availability="busy">
    <activity LCID="1033">Server Install/Development</activity>
  </customState>
  <customState ID="3"
    availability="busy">
    <activity LCID="1033">Onsite at Clients</activity>
  </customState>
  <customState ID="4"
    availability="busy">
    <activity LCID="1033">Meeting with Client - Urgent Interuptions Only</activity>
  </customState>
</customStates>


After creating your .xml file you will also need a .reg (registry file) to merge onto each computer using the custom presence state. the reg file is as followed;

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Communicator]
@=""
"CustomStateURL"="https://fqdn/Presence.xml"
"EnableSIPHighSecurityMode"=dword:00000000


LCID stands for Location ID, you can refer here for a full list.
Issue the following command to enable the Custom Presence:
Get-CsClientPolicy | Set-CsClientPolicy–CustomStateURL “https://fqdn/customstates.xml”
Install .reg file on client computer, when the user signs out and in, the custom Presence can be set

Troubleshooting:

Make sure you can easly view the customstates.xml file from a web browser both internally and externally, if you cant, confirm correct DNS settings for your webserver.

Also make note in the above example there is no "away" custom status. This is not available in custom presence.
I have decided to start yet another Lync/UC Blog, but with most blogs i notice alot of the fine grind material is missing. I will use this blog to really help with the day to day administration of Lync 2010 and the other types of components that surround it such as Load Balencers, Certificates, Hardware etc...

I hope you all enjoy it, and alot of great content to come in the next week, I have collected alot of information over the year deploying Lync, and have decided not to keep it to my self :)

Happy reading.

Tim