desmond lee senior consultant email/sip address: d.lee@winworkers.comd.lee@winworkers.com...

Desmond LeeSenior Consultantwww.leedesmond.comEmail/SIP Address: d.lee@winworkers.com

Deployment Best Practices

Rich, immersive, robust, scalable, secured comm-unications and collaborative platform administered through a single management infrastructureEmpower people to keep in touch in a single, unified client interface anytime and anywhere

Instant Message and PresenceA/V ConferencingDesktop / Application SharingWhiteboard and PollingFile TransferEnterprise VoiceFederation and integration with other products

Lync Server 2010Quick Overview

Agenda

Before You StartLync Concepts ExplainedOWA/Lync IntegrationVirtualizationClient-side Story

Agenda

Before You StartEnvironment ReadinessCollocation ScenariosField Notes

Software RequirementsLync Server Roles

Windows Server 2008 SP2Windows Server 2008 R2Windows Server 2008 R2 SP1PowerShell v2.0

SQL Server BackendSQL Server 2005 SP3SQL Server 2008 SP1SQL Server 2008 R2

Admin Tools & Core Components

Windows 7Vista SP2PowerShell v2.0SQL Server 2008 Management Studio Express

AD Forest/Domain LevelWindows Server 2003

nativeWindows Server 2008Windows Server 2008 R2Global Catalog per AD site

Note: All server components require 64-bits / x64 platform only

OS Component Prerequisites.NET Framework 3.5 SP1

An update for the .NET Framework 3.5 Service Pack 1 is available (KB959209)FIX: You cannot open an XPS document by using the Microsoft XPS Viewer on a Windows Vista x64 edition-based computer that has .NET Framework 3.5 SP1 installed (KB967190)A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServiceProvider class (KB981575)

IIS 7.x role servicesAnonymous Authentication (default)Static ContentDefault DocumentHTTP ErrorsASP.NET.NET ExtensibilityInternet Server API (ISAPI) ExtensionsISAPI FiltersHTTP LoggingLogging ToolsTracingClient Certificate Mapping AuthenticationWindows AuthenticationRequest FilteringStatic Content CompressionIIS Management Console /IIS Management Scripts and Tools

Note: All server components require 64-bits / x64 platform only

OS Component PrerequisitesOthers

Visual C++ 2008 Redistributable run-timeSQL 2005 Back Compatibility moduleRemote Server Administration Tools (RSAT)Silverlight 4Windows Media Format RuntimeWindows Firewall ON

Internal (Windows) PKI or public certificates

Monitoring/Archiving RolesSQL Server 2005 SP3

SQL Server 2008 SP1 or R2SQL Server Reporting ServicesSQL 2005/2008 Express EditionSQL Workgroup or Web EditionMessage Queuing (MSMQ)

Note: All server components require 64-bits / x64 platform only

• Message Queuing Server• Directory Service Integration

Security GroupsCSAdministratorRTCUniversalServerAdmins

Core*IM/PresenceA/V Conferencing ServerSQL Express database RTC instanceApplication Sharing

Can collocate withLync File share / storeMediation ServerMonitoring Server**Archiving Server**

Collocation not SupportedDirector

Lync Edge ServerReverse proxy (TMG)Exchange UM roleDomain controller

Supported Standalone / PoolMediation Server

Monitoring ServerArchiving ServerMonitoring/Archiving ServerLync Edge ServerDirector

Server CollocationStandard Edition

* required; cannot be separated ** test environment only

Core*IM/PresenceApplication Sharing

Can collocate withA/V Conferencing ServerMediation Server

Collocation not Supported Director

Lync Edge ServerReverse proxyExchange UM roleSQL Server database backendLync File share / store**Domain controller

Supported Standalone / PoolA/V Conferencing Server

Mediation ServerBE for FE + Monitoring + Archiving + separate database instance on BE (both Monitoring & Archiving)Monitoring/ArchivingLync Edge ServerDirector

Server CollocationEnterprise Edition

* required; cannot be separated ** DFS supported

Field NotesActive Directory

DNS / AD replicationRepadmin*AD Replication Monitor utility (Replmon.exe)** dcdiag / dnscmd / dnslintnetdiag / nltest / nslookup / pathping

Pending Changes / RebootGroup Policy Object (GPO)Software Update – SCCM, WSUS, etc.Hardware changesSysprep OOBE “Generalize” (duplicate SID)

* Windows Server 2008 or newer ** Windows Server 2003 Support Tools

Multi-DomainRun Install-CsAdServerSchema and Enable-CsAdForest before preparing sub/domain(s)Run Enable-CsAdDomain in every domain where users will be Lync-enabledLync FE Pool not required in child domain (deploy and home in root domain)Keep default Lync universal security groups in Users OU

Field NotesActive Directory

Environment Readiness CheckGet-CsAdServerSchema #SCHEMA_VERSION_STATE_CURRENTGet-CsAdForest #LC_FORESTSETTINGS_STATE_READYGet-CsAdDomain #LC_DOMAINSETTINGS_STATE_READY

Execute in Lync Server Management ShellCheck / Load Lync PowerShell Module

Get-ModuleModuleType Name ExportedCommands---------- ---- ----------------Manifest Lync {Clear-CsDeviceUpdateFile, Get-CsCertif...Import-Module Lync

Active Directory Domain Services Reference (Lync)http://technet.microsoft.com/en-us/library/gg398379.aspx

Field NotesActive Directory

Lync à la Communicator Web Access (CWA)Lync Web AppLync Web Attendee ConsoleOutlook Web App (Exchange Server 2010 / SP1)CWA can register and work against Lync Server 2010 FE (without R2 pool)

Prepare AD Schema with OCS 2007 R2 media prior to that for LyncDeploy Lync FE pool and prepare CWA serverCreate OCS 2007 R2 Virtual Web Server (internal/external)Install OCS WMI Backwards Compatibility tool (ocswmibc.msi)Merge-CSLegacyTopology and publish topologyLegacy components appear under BackCompatSite node in TB(Get-CSTrustedApplication)

Field NotesWindows Server 2008 R2 SP1

Windows Server 2008 R2 SP1 Update No known issues updating Windows Server 2008 R2 RTM to SP1 running LyncDynamic memory in Hyper-V R2 not validated with Lync Server 2010 workloads

Server Virtualization in Microsoft Lync Server 2010http://go.microsoft.com/fwlink/?linkid=211394

Windows Media Format RuntimeRequired to deploy Lync conferencing featuresMust install from command prompt via dism.exe before running Lync setupLync Server 2010 Setup or Remove Lync Components fails on Windows Server 2008 R2 SP1http://support.microsoft.com/kb/2522454

Field NotesCertificates Request & Assignment

Field NotesCertificates Request & Assignment

Field NotesSQL Database

Run “Prepare single Standard Edition Server”If rolling out Lync SE as the first pool in the deployment*Not essential for subsequent SE poolsEnterprise Edition Pool needs full backend SQL instance deployed*

* Central Management Store (CMS) to hold topology document

Field NotesSQL Database

SqlExpressRtc Failed InstallationChecking prerequisite SqlExpressRtc...Installation result: -2068578304Error: Prerequisite installation failed: SqlExpressRtcDetailsType: PrereqInstallFailedStack Trace in Microsoft.Rtc.Internal.Tools.Bootstrapper.BootstrapperTask.AddMsiPrereq(String prereqName)in Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog[T](Action`1 action, T arg)

Field NotesSQL Database

SqlExpressRtc Failed InstallationComplete any pending reboot on machineConflict with existing SQL Express installationSQLEXPR_x64.exe /Q /HIDECONSOLE /ACTION=Install /FEATURES=SQLEngine,Tools /INSTANCENAME=RTC /TCPENABLED=1 /SQLSVCACCOUNT="NT AUTHORITY\NetworkService" /SQLSYSADMINACCOUNTS="Builtin\Administrators" /BROWSERSVCSTARTUPTYPE="Automatic" /AGTSVCACCOUNT="NT AUTHORITY\NetworkService" /SQLSVCSTARTUPTYPE=Automatic

How to troubleshoot SQL Server 2008 Setup issueshttp://support.microsoft.com/kb/955396

Field NotesSQL Database

No NTFS compression volumesSQL server / cluster

1 SQL BE can only map to 1 Lync Enterprise FE Pool*OCS and Lync can use the same SQL BE (default 1433 dynamic/static port conflict)**

Database Re-locationStop all Lync ServicesDetach SQL databasesMove files (*.mdf, *.ldf)Re-attach SQL databasesStart stopped Lync Services

* even with distinct SQL instances ** existing OCS db will be dropped if new instance is not created for Lync

Field NotesSQL Server 2008 R2

Supported databasesLync Server Front-EndMonitoring and Archiving

Database Software and Clustering Support (Lync)*http://technet.microsoft.com/en-us/library/gg398990.aspx

Not supportedGroup Chat databases

* may not be updated yet to reflect latest Microsoft supportability stance

Agenda

Lync Concepts Explained

Central Management StoreDeployment ModelConfiguration settings v.s. Policy

Central Management StoreCentral Management Database

Stores Topology, Policies and Configuration data as XML documentsOne single master CMD (xds) per deployment(RTC instance)

ReplicaEach Lync Server maintains a copy (replica xds) of the master CMD (local SQL Express instance RTCLOCAL)Continues to function without access to the master CMD

Central Management ServiceRuns on one Front-End pool per deploymentReplicates changes of policies/configuration toall topology nodes (including Edge via HTTPS)

Deployment ModelGlobal deployment is a collection of SitesSites are made of Pools or ServicesPools host users & services (such as IM/Presence, conferencing, VoIP)Policy Resolution Order: User > Pool > Site > Global

Pools

Sites

Global Microsoft

Zurich

Wallisellen Enge

Redmond

Bellevue

Configuration Settings vs. PoliciesConfiguration Settings

Refer to data or information that Lync Server depends on to operate and function properly in the environmentStored in the Central Management Store (CMS)Applied at the global, site or service scopeAll services or computers are subjected to the same settings without exception.For example, each and every Address Book server in a pool (service scope) must synchronize with Active Directory at the same defined frequency.

Configuration Settings vs. PoliciesPolicies

Deployed to manage behaviors and privileges associated with Cs-enabled usersA policy can be applied at the global, site, service or per-user scopeIf a “setting” can be applied to a user, then it is classified as a policy, as configuration settings cannot be applied to individual users by definition.For example, executives in an organization can be exempted from a global conferencing policy that limits the number of participants by having their own “executive policy” at the per-user scopeContinues to function without access to the master CMD

Field NotesCentral Management Store

“Local machine is not present in the local configuration store”

Use FQDN to describe machine name*Check CMS replication status

Get-CsConfigurationStoreLocation #server.domain.com\RTCRemove-CsConfigurationStoreLocation #removes entry in ADSet-CsConfigurationStoreLocation -SqlServerFqdn <Lync FE FQDN>

-SqlInstanceName RTC # or publish topology in TBGet-CsManagementStoreReplicationStatus

UpToDate : FalseReplicaFqdn : <Lync FE FQDN>LastStatusReport : 29.04.2011 19:19:12LastUpdateCreation : 29.04.2011 19:19:09ProductVersion : 4.0.7577.0

Invoke-CsManagementStoreReplication -Verbose* no single labelled name even for workgroup computers

Field NotesCentral Management Store

1 FE servers in the pool is designated as the active masterWrites occur on the active master where changes are propagated to replicasFind out which Front-End server is the active master

Get-CsManagementStoreReplicationStatus –CentralManagementStoreStatusLastUpdatedOn : 30.04.2011 15:13:27ActiveMasterFqdn : lyncFE.swissitpro.chActiveMasterLastHeartBeat : 02.05.2011 00:03:55ActiveFileTransferAgentFqdn : lyncFE.swissitpro.chActiveFileTransferAgentLastHeartBeat : 02.05.2011 00:03:55ActiveReplicas : {lyncFE.swissitpro.ch}DeletedReplicas { }

Field NotesCentral Management Store

-ReplicaFqdn targets specific replicaGet-CsManagementStoreReplicationStatusInvoke-CsManagementStoreReplication

ResiliencyDeploy Lync Enterprise Front-End PoolBackup CMS regularly: Export-CsConfiguration -Filename <file.zip>File Storage Supporthttp://technet.microsoft.com/en-us/library/gg399073.aspx

Lync Backup/RestoreLync Backup Instructionshttp://blogs.technet.com/b/uc_mess/archive/2011/03/17/lync_2d00_server_2d00_2010_2d00_backup_2d00_instructions.aspx

Agenda

Outlook Web App and Lync Server 2010 Integration

Pre-requisitesExchange Server 2010 SP1Download and Install components on CAS

Microsoft Office Communications Server 2007 R2 Web Service Providerhttp://www.microsoft.com/downloads/en/details.aspx?familyid=CA107AB1-63C8-4C6A-816D-17961393D2B8&displaylang=en

Unified Communications Managed API 2.0 Redist (64 Bit) Hotfix KB 2501720 *http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1F565A42-71D2-4FBD-8AE0-4B179E8F02AB

CWAOWASSP.msi (v3.5.6907.57 or higher)OCS 2007 R2 Web Service Provider Hotfix KB 981256http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45C94403-39FA-44D3-BE23-07F25A2D25C7

CWAOWASSP.msp (v3.5.6907.202)* version 3.5.6907.215 or later

Integration WalkthroughGet-CsSite #retrieves site ID N

New-CsTrustedApplicationPool-Identity <E14 CAS FQDN>-Registrar <Lync FE FQDN> -Site N-RequiresReplication $false-ThrottleAsServer $true-TreatAsAuthenticated $true

Get-CsTrustedApplicationPoolGet-CsTrustedApplicationComputer

Integration WalkthroughNew-CsTrustedApplication*

-ApplicationId SITPUGExchangeOWA #choose a suitable name

-TrustedApplicationPoolFqdn <E14 CAS FQDN>-Port nnnn #unique in trusted app

pool

Enable-CsTopology -v

Get-ExchangeCertificate #pick entry with service IIS

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled:$true -InstantMessagingCertificateThumbprint <thumbprint>-InstantMessagingServerName <Lync FE FQDN>

iisreset* creation of a Trusted Application is needed if Exchange Server 2010 SP1 CAS role is not collocated on same server as the UM role

Integration Outcome

Field NotesOWA & Lync Server 2010 Integration

“Instant Messaging isn’t available right now. The Contact List will appear when the service becomes available”

Get-CsManagementStoreReplicationStatus #look for UpToDate = TrueInvoke-CsManagementStoreReplication -Verbose

Field NotesOWA & Lync Server 2010 Integration

“Instant Messaging isn’t available right now. The Contact List will appear when the service becomes available”

Verify that CN in certificate issued to IIS service on CAS matches <E14 CAS FQDN> in New-CsTrustedApplicationPool and New-CsTrustedApplicationOutlook Anywhere maybreak (RPC over HTTP)

Agenda

VirtualizationServer VirtualizationClient Virtualization

Workloads / ModalitiesIM/PresenceA/V ConferencingApplication SharingEnterprise Voice (Mediation Server)Supports up to 2000 users per virtualized SE with 100 concurrent A/V conference users

Server RolesLync Edge Server*Monitoring Server*Archiving Server*Director (must be physical)

Server VirtualizationStandard Edition

* must be on a different physical host machine than the one hosting the SE server

Hardware Requirements CPU 2.26GHz or higher with

at least 4 cores per VM running a Lync Server roleRAM of 16 GB+ per VMSAS Drive of 500 GB+2 x 1 Gbps NIC adapters

NotePhysical host virtualization platform = Hyper-V R2 or VMware ESX 4.xLync VMs must run Windows Server 2008 R2Must apply KB981836 on physical Hyper-V R2 host and all VMs

Server VirtualizationStandard Edition

Workloads / ModalitiesIM/PresenceA/V ConferencingApplication SharingEnterprise Voice (Mediation Server)Supports up to 5000 users per virtualized EE FE Server with 125 concurrent A/V conference users

Server RolesFrond End ServerA/V Conferencing ServerDirectorLync Edge Server*Monitoring ServerArchiving ServerMediation ServerSQL Backend Database

Server VirtualizationEnterprise Edition

* must be on a different physical host machine than the one hosting the other Lync server roles

Hardware Requirements CPU 2.26GHz or higher with

at least 4 cores per VM running a Lync Server roleRAM of 16 GB+ per VMSAS Drive of 500 GB+2 x 1 Gbps NIC adapters

NotePhysical host virtualization platform = Hyper-V R2 or VMware ESX 4.xLync VMs must run Windows Server 2008 R2Must apply KB981836 on physical Hyper-V R2 host and all VMs[optional] SCVMM andSCOM with Lync ServerManagement Pack

Server VirtualizationEnterprise Edition

Field NotesServer Virtualization

Run only on supported physical host virtualization platformApply recommended hotfixes/patches on Hyper-V R2 host and guest VMsUpdate Hyper-V R2 Integration Services to match version on hypervisor hostUse synthetic network adapterDedicated 1Gbps network link for Live MigrationLync Best Practice Analyzer / Planning Tool

Session VirtualizationAka “Full Desktop Remoting” or “Application Remoting”Remote Desktop Services (RDS)Citrix XenApp

Virtual Desktop InfrastructureAka “Full Desktop

Remoting”RDS-VDI*Citrix XenDesktop

Client VirtualizationAt a Glance

* Microsoft VDI Standard Suite, Microsoft VDI Premium Suite

Application VirtualizationAka “Application Streaming”Microsoft App-VCitrix XenApp

Supported ClientsLync 2010Lync 2010 Group Chat

Unsupported ClientsLync 2010 AttendeeLync 2010 Attendee ConsoleLync Web App

Client VirtualizationSupport Statement

Vendor SupportMicrosoft

Remote Desktop Services 6.1.x (RDP 7.1) on Windows Server 2008 R2App-V 4.6.1053

CitrixXenDesktop 4.0.4522.0 (Provisioning Server 5.1 SP2)XenApp 6.0.0.0 on Windows Server 2008 R2

Note: Alll Lync clients are supported on each vendor’s virtualization environment except Lync 2010 Group Chat which is not supported using App-V and XenApp

Client VirtualizationModalities Support – Lync 2010 Client

Virtualized Environment

Audio Video Recording

Desktop/ App / White-board Sharing

Power-Point Sharing

Full Desktop Remoting

Yes* No No Yes Yes

Application Remoting

No No No No (WB sharing supported)

No

Application Streaming

Yes Yes Yes Yes Yes

* only through pairing of desk phones running Lync 2010 Phone Edition with USBR

Agenda

Client-side StoryLync Client UpdateUnified Store / EWSMobile devices

Lync Client Update

No Updates FoundGA on Windows Update / WSUS expected May 2011

Unified StoreExchange Web Services

Unified StoreExchange Web Services

Fixes Issues in Lync 2010 ClientExchange connectivity (infamous red bang message)Empty, stale partial conversation and phone historyPartial or missing contactsCannot share desktop, application, whiteboard or polling

Unified StoreExchange Web Services – Reverse Proxy (TMG)

www.testocsconnectivity.comrecite.microsoft.comwww.testexchangeconnectivity.com

Unified StoreExchange Web Services – Certificate

Mobile DevicesToday and Beyond

Fuze MessengerFree 3rd party product (FuzeBox)Integrated access to common IM solutions in one single clientCWA or BlackBerry Enterprise Server 5.0 SP3 not essentialIM/Presence, Contact SearchSupports iPhone and Blackberry

Mobile DevicesToday and Beyond

Lync Mobile LP clientFree Microsoft product (unsupported)Require Lync LP Server application backendIM/Presence, Lync audio calls, Contact SearchSupports Windows Phone 7

Private CloudSystem Center Server Platform

Design, Configure & Deploy

Data Protection & Recovery

Virtualize, Deploy & Manage

Monitor & Manage Service End to End

IT Service Management

Q&A

References

Visit www.microsoft.com/lync for more Lync Server 2010 product informationFind additional Lync Server 2010 content in the Technical Library, weekly technical articles at NextHop, Lync PowerShell and followDrRez on TwitterView related Unified Communications (UNC) Content at TechEd OnlineTechNet Lync / OCS Community Forum (English, Deutsch)MVP and IT community blogs, RSS feeds

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.