Book Image

LYNC SERVER COOKBOOK

Book Image

LYNC SERVER COOKBOOK

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
LYNC SERVER COOKBOOK
Jan, 2015 | 392 pages
No titles found
Table of Contents (19 chapters)
Lync Server Cookbook
Lync Server Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Lync 2013 Security
Lync 2013 Security
Introduction
Controlling administrative rights with RBAC and custom cmdlets
Hardening Lync Servers
Hardening Lync databases
Enhancing conferencing security
Managing certificates for the authentication of desk-phones
Deploying a secure Lync Edge
Applying ethical walls for federation security
Using Application Request Routing to configure a reverse proxy for Lync Server 2013
2
Lync 2013 Authentication
Lync 2013 Authentication
Introduction
Configuring passive authentication for Lync
Enabling two-factor authentication
Adding the app password for mobile clients
Authenticating with online services using DirSync
Managing Windows Azure Directory for Lync Online
Configuring server-to-server authentication
Troubleshooting with client authentication logging
3
Lync Dial Plans and Voice Routing
Lync Dial Plans and Voice Routing
Introduction
Introducing dial plans and voice routing
Defining dial plans
Configuring PSTN usage – voice policy
Configuring PSTN usage – Location-Based Routing
Enabling routes
Validating trunks
Configuring load balancing, failover, and least cost routing
Controlling call forwarding
4
Lync 2013 Integration with Exchange
Lync 2013 Integration with Exchange
Introduction
Configuring the Unified Messaging integration
Configuring OAuth between Lync 2013 and Exchange 2013
Configuring Lync 2013 and Exchange 2013 as partner applications
Configuring Lync 2013 to use Exchange 2013 for archiving
Configuring Lync 2013 to use the Exchange 2013 Unified Contact Store
Integrating Lync 2013 with the Exchange 2013 Outlook Web App
5
Scripts and Tools for Lync
Scripts and Tools for Lync
Introduction
Installing Lync prerequisites and more – Set-Cs2013Features
Creating a fully functional voice configuration – Lync Dialing Rule Optimizer
Switching between multiple Lync identities with a click – Profiles for Lync (P4L)
Tracing made easier – Lync 2013 Centralized Logging Tool
Identifying recurrent issues – Lync Pilot Deployment Health Analysis
Managing phone numbers – Search-LineURI and Get-UnusedNumbers
Managing Call Pickup Groups – Lync2013CallPickupManager 1.01
6
Designing a Lync Solution – The Overlooked Aspects
Designing a Lync Solution – The Overlooked Aspects
Introduction
Meeting your users' expectations
User training
Gathering the users' requirements
Weighing up around Lync virtualization
Network readiness – introduction
Defining personas for the network
Defining sites for the network
Network readiness – reviewing and analyzing results
7
Lync 2013 in a Resource Forest
Lync 2013 in a Resource Forest
Introduction
Planning a resource forest
Using Exchange Online for a Lync resource forest
Configuring FIM in a Lync resource forest
Synchronizing forests with FIM
Deploying Azure Active Directory Synchronization services (AAD Sync) in a Lync resource forest
AAD Sync synchronization services and rules
8
Managing Lync 2013 Hybrid and Lync Online
Managing Lync 2013 Hybrid and Lync Online
Introducing Lync Online
Administering with the Lync Admin Center
Using Lync Online Remote PowerShell
Using Lync Online cmdlets
Introducing Lync in a hybrid scenario
Planning and configuring a hybrid deployment
Moving users to the cloud
Moving users back on-premises
Debugging Lync Online issues
9
Lync 2013 Monitoring and Reporting
Lync 2013 Monitoring and Reporting
Introduction
Installing Lync 2013 monitoring reports
Selecting the right kind of report
Call Diagnostic Reports
Media Quality Diagnostic Reports
Call Leg Media Quality Report
Lync 2013 with System Center 2012 R2 Operations Manager
Configuring a watcher node and synthetic transactions
10
Managing Lync 2013 Backup and Restore
Managing Lync 2013 Backup and Restore
Introduction
Topology information
Configuration information
User database
Persistent Chat database
The Location Information LIS database
The Response Group Services configuration
Certificates
Backend databases
Voice dial plans, policies, and settings
File services
Don't forget the infrastructure – the greater recovery plan
11
Controlling Your Network – A Quick Drill into QoS and CAC
Controlling Your Network – A Quick Drill into QoS and CAC
Introduction
Gathering data about your network
Creating network bandwidth policies
Adding networks to the topology
Creating region links and routes
Enabling CAC
Preparing servers and clients for DSCP tagging
Controlling/limiting the port ranges for traffic
Media bypass
12
Lync 2013 Debugging
Lync 2013 Debugging
Introduction
Using Snooper to examine log files
Investigating Call Flow with Snooper Flow Chart
Reviewing Lync information with OCSLogger
Tracing from a command line with OCSTracer
Customizing CLS scenarios using CLSController
Testing our setting with Best Practices Analyzer
Capturing network traffic with Wireshark
Troubleshooting clients with the Microsoft Lync Connectivity Analyzer
Verifying a deployment with the Microsoft Remote Connectivity Analyzer
Index
Index

Managing certificates for the authentication of desk-phones

Lync Phone Edition uses digital certificates during the log-on phase to initialize the connection with the Lync Server. The next step for the logon with a desk phone will be to verify the user with a password (or PIN) authentication. In our deployment, we usually have certificates that come from more than one Certification Authority (CA), including internal and third-party CAs. The scenario becomes increasingly complex if we are going to use a CA for Exchange Server that is different from the one we used for our Lync Server certificate. Lync Phone Edition usually has a limited number of embedded root CA certificates that are already trusted. The list is available in the Trusted Authorities Cache paragraph in the TechNet post, Certificates for Lync Phone Edition found at http://technet.microsoft.com/en-us/library/gg398270(v=ocs.14).aspx. We have to work with the Certificate Provisioning Service to deploy additional root CA certificates.

Getting ready

We will use a Lync Standard Edition certificate issued from an internal CA as an example. Kevin Peters did a good job explaining the process for Lync Server 2010 at http://ocsguy.com/2012/05/19/lync-phone-edition-connection-to-microsoft-exchange-is-unavailable/. We have to follow the same steps for Lync Server 2013.

How to do it...

  1. Open MMC, navigate to Add or Remove Snap-ins, and add Certificates.

  2. Select Computer Account and go to Local Computer, and then click on Finish.

  3. Navigate to Certificates (Local Computer) | Personal | Certificates and select the server certificate.

  4. Go to Certification Path and select the root CA, as shown in the following screenshot:

  5. Select the Details tab and go to Thumbprint. Copy the thumbprint value (Ctrl + C).

  6. Paste the value in the notepad, remove the empty spaces, and copy the new value.

  7. Launch the Lync Management Shell and type $cert = New-CsWebTrustedCACertificate -Thumbprint "‎Thumbprint" -CAStore TrustedRootCA.

    The thumbprint is the value we copied at step 6. For example, consider the following:

    $cert = New-CsWebTrustedCACertificate -Thumbprint "7a06f5b75287f17d4596118418b77004b4cd4d92" -CAStore TrustedRootCA

  8. Type the following cmdlet:

    Set-CsWebServiceConfiguration -TrustedCACerts @{Add=$cert}

  9. Use the following cmdlet to verify that the thumbprint has been added to the TrustedCACerts parameter:

    Get-CSWebServiceConfiguration

  10. Repeat the preceding steps for all the intermediate and root CA required in our deployment.

How it works...

The desk-phones configuration works on the parameters received from the Dynamic Host Configuration Protocol (DHCP) server. In particular, options 43 and 120 define the path to the Certificate Provisioning Service on the Lync Server. The steps in this recipe are also required to enable the desk phone to open the necessary URI.

Note

For a deep dive into desk-phone configuration, a blog post from Jeff Schertz is definitely a must read. The Configuring Lync Server for Phone Edition Devices post found at http://blog.schertz.name/2010/12/configuring-lync-server-for-phone-edition-devices/ contains a complete overview of the parameters required to make Lync desk phones work in a smooth manner.

Previous Section
End of Section 7
Next Section