Escolar Documentos
Profissional Documentos
Cultura Documentos
This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. Copyright 2012 Microsoft Corporation. All rights reserved.
Contents
Administrator Rights and Permissions Required for Setup and Administration............................1 Delegate Setup Permissions.................................................................................................... 3 Deploying Lync Server 2010 Enterprise Edition...........................................................................4 Preparing the Infrastructure and Systems................................................................................5 Set Up Hardware and the System Infrastructure...................................................................5 System Requirements for Enterprise Edition Servers...........................................................7 Install Operating Systems and Prerequisite Software on Servers.........................................7 Request Certificates in Advance (Optional).........................................................................10 Configure IIS....................................................................................................................... 11 IIS Configuration.............................................................................................................. 11 Re-Activate Server After Security Configuration Wizard Closes Ports in IIS....................13 Configure SQL Server for Lync Server 2010.......................................................................13 SQL Server Data and Log File Placement.......................................................................14 Configure SQL Server..................................................................................................... 18 Deployment Permissions for SQL Server........................................................................19 Database Installation Using Lync Server Management Shell..........................................21 Understanding Firewall Requirements for SQL Server....................................................24 Configure SQL Server Clustering....................................................................................25 Configure DNS Records for a Front End Pool.....................................................................28 DNS Requirements for Front End Pool............................................................................28 Configure DNS Host Records..........................................................................................33 Create and Verify DNS SRV Records..............................................................................33 Configure DNS for Load Balancing..................................................................................35 Defining the Topology in Topology Builder..............................................................................37 Topology Builder Installation Requirements........................................................................38 Administrator Rights and Permissions Required for Setup and Administration................38 Server and Tools Operating System Support...................................................................41 Administrative Tools Software Requirements..................................................................43 Requirements to Publish a Topology...............................................................................44 Install Lync Server Administrative Tools..............................................................................45 Defining and Configuring the Topology...............................................................................46 Define and Configure a Topology in Topology Builder.....................................................47 Define and Configure a Front End Pool...........................................................................51 Define a New A/V Conferencing Server...........................................................................64 Edit or Configure Simple URLs........................................................................................ 64 Edit Federation Route Settings........................................................................................ 71 Finalizing and Implementing the Topology Design.................................................................71 Verify the Topology Design.................................................................................................. 71 Requirements to Publish a Topology...................................................................................72 Publish the Topology........................................................................................................... 73 Setting Up Front End Servers and Front End Pools...............................................................80 Install the Local Configuration Store...................................................................................81
Install Front End Servers..................................................................................................... 82 Delegate Setup Permissions...............................................................................................82 Configure Certificates for Front End Servers......................................................................83 Start Services on Front End Servers.................................................................................101 Test the Pool Deployment................................................................................................. 101 Setting Up Kerberos Authentication......................................................................................103 Prerequisites for Enabling Kerberos Authentication..........................................................103 Create a Kerberos Authentication Account........................................................................104 Assign a Kerberos Authentication Account to a Site.........................................................106 Setting Up Kerberos Authentication Account Passwords..................................................107 Set a Kerberos Authentication Account Password on a Server.....................................107 Synchronize a Kerberos Authentication Account Password to IIS.................................108 Add Kerberos Authentication to Other Sites......................................................................109 Remove Kerberos Authentication from a Site...................................................................109 Testing and Reporting the Status and Assignment of Kerberos Authentication.................110 Test and Report Functional Readiness for Kerberos Authenticaion...............................110 Report Kerberos Account Assignments..........................................................................110 Adding Server Roles............................................................................................................. 111 Deploying a Stand-alone A/V Conferencing Server.................................................................112 Define the A/V Conferencing Server in Topology Builder......................................................112 Publish the Topology............................................................................................................. 114 Install the Local Configuration Store.....................................................................................121 Install Lync Server 2010 on the A/V Conferencing Server....................................................122 Configure Certificates for Stand-alone A/V Conferencing Servers.......................................123 Start Services on the A/V Conferencing Server....................................................................124 Configuring Dial-in Conferencing.............................................................................................125 Dial-in Conferencing Configuration Prerequisites and Permissions.....................................126 Deployment Process for Dial-In Conferencing......................................................................129 Configure Dial Plans for Dial-in Conferencing......................................................................134 Create a Dial Plan............................................................................................................. 134 Modify a Dial Plan............................................................................................................. 137 Defining Normalization Rules............................................................................................139 Create or Modify a Normalization Rule by Using Build a Normalization Rule................139 Create or Modify a Normalization Rule Manually...........................................................141 Ensure Dial Plans Have Assigned Regions..........................................................................142 (Optional) Verify PIN Policy Settings....................................................................................143 Modify the Default Dial-in Conferencing PIN Settings.......................................................144 Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users.............145 Configure Conferencing Policy for Dial-in.............................................................................146 Configure Dial-in Conferencing Access Numbers.................................................................147 Create or Modify a Dial-in Conferencing Access Number.................................................148 (Optional) Verify Dial-in Conferencing Settings....................................................................150 (Optional) Modify Key Mapping for DTMF Commands.........................................................150 (Optional) Enable and Disable Conference Join and Leave Announcements......................151 (Optional) Verify Dial-in Conferencing..................................................................................153 Deploy the Online Meeting Add-in for Microsoft Lync 2010..................................................153
Configure User Account Settings.......................................................................................... 153 (Optional) Welcome Users to Dial-in Conferencing..............................................................154
Setup.exe Executable that starts the installation of the Lync Server administrative tools.
Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in Active Directory Domain Services (AD DS). This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Tip: You can also delegate setup permissions to users or groups to whom you do not want to grant membership in the Domain Admins group. For details, see Granting Setup Permissions in the Deployment documentation.
Deploy.exe Called by setup.exe, deploy.exe is responsible for the deployment of the software components for the server roles.
Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine
hive. Membership in RtcUniversalReadOnlyAdmins group is necessary to read the Central Management store. Note: If you are running the Windows Vista operating system or Windows 7 operating system, you will be prompted by User Account Control (UAC) to proceed with installation. If you are logged on with a standard user account, you will need someone who is a member of the Local Administrators group to provide credentials when prompted for an account with permissions to install the software. Bootstrapper.exe Called by setup.exe, bootstrapper.exe is responsible for deployment and configuration of server roles. Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Member of the Local Administrators group on the computer from which the executable is run. The executable is manifested as requireAdministrator. Member of the Local Administrators group on the computer from which the executable is run to view the topology. Member of the RTCUniversalServerAdmins group to change configuration settings. Member of the RTCUniversalServerAdmins group and Domain Admins group, or member of the RTCUniversalServerAdmins group (only if the group has been granted delegate setup permissions), to publish the topology. For
OCSLogger.exe Administrative troubleshooting tool for capturing messages on server roles. TopologyBuilder.msc Wizard-driven user interface to create, view, adjust, and validate Lync Server topologies.
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Lync Server Executable Group Membership Required
details about delegating setup permissions to allow members of the RTCUniversalServerAdmins group to publish the topology without being members of the Domain Admins group, see Granting Setup Permissions in the Deployment documentation. AdminUIHost.exe Web-based graphical user Member of CsAdministrator group or member of interface for managing Lync Server. another role-based access control (RBAC) role to which the specific administrative task is assigned. Microsoft Lync Server 2010 Control Panel implements configuration changes by running Lync Server Management Shell cmdlets. For a list of predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation. PowerShell.exe with the Lync Server module loaded Command-line administrative tool with cmdlets specific to management of Lync Server. Member of CsAdministrator group or member of another RBAC role to which the specific cmdlet has been assigned. For a list of predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation. Or, member of one or more of the following groups, depending on the cmdlet: RTCUniversalServerAdmins RTCUniversalUserAdmins RTCUniversalReadOnlyAdmins
The group memberships in the preceding table represent the minimum memberships. Other memberships which will grant the permissions necessary to initiate the setup and deployment are possible, including membership in the Domain Admins group or Enterprise Admins group. See Also Install Lync Server Administrative Tools
CsTopology on servers running Lync Server by using the Grant-CsSetupPermission cmdlet and specifying an organizational unit (OU) where computer objects for the server running Lync Server are located. Note: Enable-CsTopology is the key cmdlet to allow the RTCUniversalServerAdmins group members to set up and deploy Lync Server. To add the ability to run Enable-CsTopology to the RTCUniversalServerAdmins group 1. Log on to a server as a member of the Domain Admins group for the domain on which the delegated user will run Enable-CsTopology. 2. Open the Lync Server Management Shell. The Lync Server Management Shell is automatically installed on each Front End Server or any computer where the Lync Server 2010 administrative tools have been installed. For details about the Lync Server Management Shell, see Lync Server Management Shell in the Operations documentation. 3. Run the following cmdlet from the Lync Server Management Shell: Grant-CsSetupPermission ComputerOU <DN of the OU> -Domain <Domain FQDN> In the following example, the OU is Lync Servers, which is in the contoso.com domain. Grant-CsSetupPermission ComputerOU OU=Lync Servers Domain contoso.com
Collocated Mediation Server and collocated A/V Conferencing Server on the Front End Servers A SQL Server-based Back End Server that also contains the Central Management store This documentation then describes how to add optional server roles and components to the initial Enterprise Edition deployment. These optional server roles and components include one or more Directors, a stand-alone A/V Conferencing Server, and a stand-alone Mediation Server. After deployment of your Front End pool, you can deploy other server roles and features, such as Edge Servers to support external user access.
In This Section
Preparing the Infrastructure and Systems Defining the Topology in Topology Builder Finalizing and Implementing the Topology Design Setting Up Front End Servers and Front End Pools Setting Up Kerberos Authentication Adding Server Roles
In This Section
Set Up Hardware and the System Infrastructure System Requirements for Enterprise Edition Servers Install Operating Systems and Prerequisite Software on Servers Request Certificates in Advance (Optional)
Install the hardware for each component in the topology design that you created and saved by using Topology Builder, including all required computers (servers running Lync Server 2010, database servers, servers running Internet Information Services (IIS), and reverse proxy servers, as appropriate), network adapters, hardware load balancers, and storage devices (such as file servers). For details about how to define a topology that specifies the components needed for your deployment, see Defining the Topology in Topology Builder. For details about hardware requirements for servers, see Supported Hardware in the Supportability documentation. Ensure that the networking infrastructure meets requirements. For details, see Network Infrastructure Requirements in the Planning documentation. Set up Active Directory Domain Services (AD DS). Setting up AD DS includes preparing AD DS and defining all components that you want to deploy in AD DS. For details about preparing AD DS, see Preparing Active Directory Domain Services for Lync Server 2010 in the Deployment documentation. Set up the required permissions for creating the file share. Permissions for use of file shares by Lync Server 2010 are automatically configured by Topology Builder when you publish your topology. However, the user account used to publish the topology must have full control (read/write/modify) on the file share in order for Topology Builder to configure the required permissions. To ensure that the file share can be managed properly during the Topology Builder publishing process, the user or domain group that the user is a member of should be made a member of the local Administrators group on the machine where the file share is located. In a multi-domain scenario, Domain A user or group should be made a member of the local Administrators group on the machine in Domain B where the file share will be located.
Warning: The file share for Lync Server 2010, Enterprise Edition cannot be located on the Front End Server. Install and set up the hardware load balancer for Web Services. With Domain Name System (DNS) load balancing deployed, you still need to also use hardware load balancers for these pools, but only for HTTP/HTTPS traffic. The hardware load balancer is used for HTTPS traffic from clients over ports 443 and 80. Although you still need hardware load balancers for these pools, their setup and administration will be primarily for HTTP/HTTPS traffic, which the administrators of the hardware load balancers are accustomed to. After you complete all of the preparation tasks as described in this topic, but prior to publishing the topology, you also need to: Install Operating Systems and Prerequisite Software on Servers Configure IIS Configure SQL Server for Lync Server 2010 Understanding Firewall Requirements for SQL Server Configure DNS Records for a Front End Pool
Install the operating system software on the Enterprise Edition Front End Server. Apply all updates in order to bring the operating system up to the latest update and required update level consistent with your organizations standards. Lync Server 2010 requires Microsoft .NET Framework 3.5 with SP1. You should also apply the update discussed in Microsoft Knowledge Base article 981575, A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServiceProvider class, at http://go.microsoft.com/fwlink/?LinkId=202909. Additional Software for Lync Server 2010 In addition to the updates required for the operating system, Lync Server 2010 requires operating system roles, features, and software to operate. For details about the additional software that must be installed prior to publishing your topology and installing Lync Server 2010, see Additional Software Requirements in the Planning documentation.
including Edge Servers and reverse proxy servers. For details about preparing servers to support external user access, see Preparing for Installation of Servers in the Perimeter Network in the Deploying Edge Servers documentation. Install Windows Operating Systems on Servers On each server that you are deploying, install the appropriate Windows operating system: Servers running Lync Server 2010. For details about the operating system requirements for servers running Lync Server 2010, see Server and Tools Operating System Support in the Supportability documentation. Database servers. For details about operating system requirements for database servers, including the back-end database, Archiving database, and Monitoring database, see the SQL Server documentation. For SQL Server 2005, see the SQL Server Books Online 2005 at http://go.microsoft.com/fwlink/?LinkID=202922. For SQL Server 2008, see the SQL Server 2008 Books Online at http://go.microsoft.com/fwlink/?LinkID=202921. For SQL Server 2008 R2, see the SQL Server 2008 R2 Books Online at http://go.microsoft.com/fwlink/? LinkId=218015. Install Windows Update on Servers Install the Windows Update required by Lync Server 2010 on each server: Windows Update for servers running Lync Server 2010. For details about the Windows Update required for servers running Lync Server 2010, see Additional Software Requirements in the Planning documentation. Database servers. For details about the Windows Update required for database servers, including the back-end database, Archiving database, and Monitoring database, see the SQL Server documentation. For SQL Server 2005, see the SQL Server Books Online 2005 at http://go.microsoft.com/fwlink/?LinkID=202922. For SQL Server 2008, see the SQL Server 2008 Books Online at http://go.microsoft.com/fwlink/?LinkID=202921. For SQL Server 2008 R2, see the SQL Server 2008 R2 Books Online at http://go.microsoft.com/fwlink/? LinkId=218015. Install Other Prerequisite Software on Servers Lync Server 2010 requires the installation of additional software on servers: Prerequisite software for servers running Lync Server 2010. The additional software prerequisites for servers running Lync Server depend on the server role being deployed. For details about the specific software requirements for each server, see Additional Software Requirements in the Planning documentation. Lync Server requires Microsoft .NET Framework 3.5 with SP1. You should apply the update discussed in the Microsoft Knowledge Base article 981575, A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServiceProvider class at http://go.microsoft.com/fwlink/?LinkId=202909. You should also apply the update discussed in the Microsoft Knowledge Base article 975954, FIX: When you run a .NET Framework 2.0based application, a System.AccessViolationException exception occurs, or a dead-lock occurs on two threads in an application domain at http://go.microsoft.com/fwlink/? LinkId=205337.
Prerequisite software for database servers. For details about the Windows Update required for database servers, including the back-end database, Archiving database, and Monitoring database, see the SQL Server 2008 documentation at http://go.microsoft.com/fwlink/?LinkId=202921 and SQL Server 2008 R2 documentation at http://go.microsoft.com/fwlink/?LinkId=218015. Note: Lync Server 2010 automatically installs SQL Server 2008 Express on each Standard Edition server and each Lync Server 2010 server on which the local configuration store is located. After deploying the servers, you can upgrade the RTC database on the Standard Edition server and the RTCLocal databases on other server roles to SQL Server 2008 R2 Express by running the SQL Server 2008 R2 Express setup wizard and selecting the upgrade option. Repeat this process for each RTC and RTCLocal database. Windows Media Format Runtime All Front End Servers and Standard Edition servers where conferencing will be deployed must have the Windows Media Format Runtime installed. The Windows Media Format Runtime is required to run the Windows Media Audio (.wma) files that the Call Park, Announcement, and Response Group applications play for announcements and music. We recommend that you install Windows Media Format Runtime before you install Lync Server 2010. If Lync Server 2010 does not find this software on the server, it will prompt you to install it, and then you must restart the server to complete installation. Important With the release of Windows Server 2008 R2 SP1, the name of the package that contains the Windows Media Format runtime has changed. The scripted methods in the Deployment Wizard for Lync 2010 Server do not yet reflect the updated package name. If you are deploying Lync Server to a computer running Windows Server 2008 R2 SP1, you must install the Windows Media Format runtime by using the command line cited below, and then restart the system to apply the change. If you use the Deployment Wizard prior to applying the runtime, the runtime will not install because the Deployment Wizard tries to apply the Windows Server 2008 or Windows Server 2008 R2 runtime, and fails because the package Deployment Wizard expects does not exist. The error may be missed because it is a subtle error. You resolve this issue by either applying the runtime prior to running the Deployment Wizard or after you run the Deployment Wizard. Restart the computer to complete the installation of the runtime. To install the Windows Media Format Runtime on servers running Windows Server 2008, use the following command: %systemroot%\system32\pkgmgr.exe /quiet /ip /m:%windir %\servicing\Packages\Microsoft-Windows-Media-FormatPackage~31bf3856ad364e35~amd64~~6.0.6001.18000.mum To install the Windows Media Format Runtime on servers running Windows Server 2008 R2, use the following command:
%systemroot%\system32\dism.exe /online /add-package /packagepath: %windir%\servicing\Packages\Microsoft-Windows-Media-FormatPackage~31bf3856ad364e35~amd64~~6.1.7600.16385.mum /ignorecheck To install the Windows Media Format Runtime on servers running Windows Server 2008 R2 SP1, use the following command: %systemroot%\system32\dism.exe /online /add-package /packagepath: %windir%\servicing\Packages\Microsoft-Windows-Media-FormatPackage~31bf3856ad364e35~amd64~~6.1.7601.17514.mum /ignorecheck Message Queuing. Message Queuing (also known as MSMQ) role components and Directory Service Integration should be installed on the Front End Server, and the Archiving Server if you plan to deploy the Lync Server 2010 Archiving Server roles. The Message Queuing components can be found in Server Manager or can be deployed by using servermanagercmd.exe . For details, see "Install Message Queuing" at http://go.microsoft.com/fwlink/?LinkId=205338. To install Message Queuing by using the Add-WindowsFeature Windows PowerShell cmdlet, do the following: a. On the Windows Server 2008 R2 x64 operating system, use Windows PowerShell 2.0. b. At the Windows PowerShell prompt, type: Import-Module servermanager, and then press Enter. c. Type: Add-WindowsFeature press Enter. MSMQ-Server, MSMQ-Directory, and then
10
This Deployment documentation provides procedures for using the Certificate Wizard to request certificates as part of the setup process, as described in the Configure Certificates for Front End Servers, Configuring Certificates for Standard Edition Servers, Configure Certificates for the Director, Configure Certificates for Stand-alone A/V Conferencing Servers, and Install the Files for Mediation Server sections of this Deployment documentation. If you request certificates in advance, you must modify the certificate deployment procedures in those sections as appropriate to importing and assigning the certificates instead of requesting them at the time of deployment.
Note: Lync Server 2010 includes support for SHA-256 certificates for connections from clients running the Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows 7 operating systems, and Microsoft Lync 2010 Phone Edition. To support external access using SHA-256, the external certificate is issued by a public CA using SHA-256.
Configure IIS
Configuring Internet Information Services (IIS) for Microsoft Lync Server 2010 involves installing the correct components to support the Web Services needed by Lync Server 2010. For details about installing IIS, see IIS Configuration. If you have a policy to run the Security Configuration Wizard on servers before putting them into service or as a typical part of your maintenance, see Re-Activate Server After Security Configuration Wizard Closes Ports in IIS for information about a side effect of running the wizard that will close ports on a Lync Server IIS configuration. See Also IIS Configuration Re-Activate Server After Security Configuration Wizard Closes Ports in IIS IIS Configuration To successfully complete this procedure, you should be logged on to the server minimally as a local administrator and a domain user. Before you configure and install the Front End Server for Microsoft Lync Server 2010, Standard Edition or the first Front End Server in a pool, you install and configure the server role and Web Services for Internet Information Services (IIS). Important: If your organization requires that you locate IIS and all Web Services on a drive other than the system drive, you can change the installation location path for the Lync Server files in the Setup dialog box when you initially install the Microsoft Lync Server 2010 Administrative tools. You install the Administrative tools before installing IIS. If you install the Setup files to this path, including OCSCore.msi, the rest of the Lync Server 2010 files will be deployed to this drive as well. For details, see Install Lync Server Administrative Tools. For details about how to relocate the INETPUB deployed by Windows Server Manager when installing IIS, see http://go.microsoft.com/fwlink/?LinkId=216888.
11
The following table indicates the required IIS 7.0 and 7.5 role services. IIS Role Services
Role Heading Role Service
Common HTTP features installed Common HTTP features installed Common HTTP features installed Application development Application development Application development Application development Health and diagnostics Health and diagnostics Health and diagnostics Security Security Security Security Performance Management Tools Management Tools
Static content Default document HTTP errors ASP.NET .NET extensibility Internet Server API (ISAPI) extensions ISAPI filters HTTP logging Logging tools Tracing Anonymous authentication (installed and enabled by default) Windows authentication Client Certificate Mapping authentication Request filtering Static content compression IIS Management Console IIS Management Scripts and Tools
You can install IIS 7.0 or 7.5 from Server Manager or by using the command line. Run the following command from the command line to install the IIS 7.0 or 7.5 role services: ServerManagerCmd.exe -Install Web-Server Web-Scripting-Tools WebWindows-Auth Web-Asp-Net Web-Log-Libraries Web-Http-Tracing Web-Stat-Compression Web-Default-Doc Web-ISAPI-Ext Web-ISAPI-Filter Web-Http-Errors Web-Http-Logging Web-Net-Ext Web-Client-Auth Web-Filtering Web-Mgmt-Console Or, on the Windows Server 2008 R2 x64 operating system, you can use Windows PowerShell 2.0. You must first import the ServerManager module, and then install the IIS 7.5 role and role services. Import-Module ServerManager
12
Add-WindowsFeature Web-Server, Web-Scripting-Tools, Web-Windows-Auth, Web-Asp-Net, Web-Log-Libraries, Web-Http-Tracing, Web-Stat-Compression, Web-Default-Doc, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Errors, WebHttp-Logging, Web-Net-Ext, Web-Client-Auth, Web-Filtering, Web-Mgmt-Console Note: Anonymous authentication is installed by default with the IIS server role. You can manage anonymous authentication after the installation of IIS. For details, see Enable Anonymous Authentication (IIS 7) at http://go.microsoft.com/fwlink/?LinkId=203935. See Also IIS Requirements for Front End Pools and Standard Edition Servers Re-Activate Server After Security Configuration Wizard Closes Ports in IIS Some Lync Server 2010 roles run Web Services on Internet Information Services (IIS) port 4443. Running the Lync Server Deployment Wizard, Bootstrapper.exe, or using the EnableCsComputer cmdlet creates an exception in the firewall and opens the port. If you then run the Windows Server 2008 or Windows Server 2008 R2 Security Configuration Wizard (or other hardening scripts), port 4443 will be blocked, and external clients will not be able to contact Web Services. To reopen the port you can either modify the firewall exception directly or re-activate the server. To re-activate the server by using the Deployment Wizard 1. On the Lync Server Deployment Wizard page, click Run next to Step 2: Setup or Remove Lync Server Components. 2. On Setup Lync Server components page, click Next. 3. On the Executing Commands page, when the task status is shown as completed, click Finish. Note: You can also use bootstrapper.exe or Enable-CsComputer to re-activate the server.
13
Edition server, install SQL Server 2008 with Service Pack (SP) 1 (required) or latest service pack (recommended), SQL Server 2008 R2, or SQL Server 2005 with SP3 (required) or latest service pack (recommended) on a dedicated computer that meets the hardware requirements. For details about hardware requirements, see Server Hardware Platforms in the Supportability documentation. Before you create the Front End pool, you must also configure Windows Firewall to allow Lync Server 2010 access to SQL Server 2005 and SQL Server 2008 over specific ports by defining ports for the server using SQL Server Configuration Manager and opening ports in Windows Firewall with Advanced Security. In This Section SQL Server Data and Log File Placement Configure SQL Server Deployment Permissions for SQL Server Database Installation Using Lync Server Management Shell Understanding Firewall Requirements for SQL Server Configure SQL Server Clustering
SQL Server Data and Log File Placement A critical exercise in the planning and deployment of Microsoft SQL Server 2005, Microsoft SQL Server 2008, or Microsoft SQL Server 2008 R2 for your Microsoft Lync Server 2010, Enterprise Edition is the placement of data and log files onto physical hard disks for performance. The most critical files for performance are the Rtcdyn log and the Rtc log. Placing these files on their own hard disk or redundant array of independent disks (RAID) set is the optimal scenario. The database files and what they are responsible for is detailed in the following table. Data and Log Files for Central Management Store
Central Management store database files Data file or log purpose
Xds.ldf Xds.mdf
Transaction log file for the Central Management store Maintains the configuration of the current Lync Server 2010 topology, as defined and published by Topology Builder Location Information service data file Transaction log for the Location Information service data file
Lis.mdf Lis.ldf
Data and Log files for User, Conferencing, and Address Book
Core Lync Server 2010 database files Data file or log purpose
Rtcdyn.mdf
14
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Core Lync Server 2010 database files Data file or log purpose
Rtcdyn.ldf Rtc.mdf
Transaction log for Rtcdyn data Persistent user data (for example, access control lists (ACLs), contacts, Standard Edition server or Enterprise Edition Front End pool, scheduled conferences) Transaction log for Rtc data Real-time communications (RTC) address book database is the SQL Server repository where Address Book service information is stored Transaction log for Address Book Service Real-time communications address book database is the SQL Server repository where Address Book service information is stored. (Secondary copy for performance) Transaction log for Address Book service
Rtc.ldf Rtcab.mdf
Rtcab.ldf Rtcab1.mdf
Rtcab1.ldf
Data and Log Files for Call Park and Response Group
Application database Data file or log purpose
Dynamic information database for the Call Park application Transaction log for Call Park application data file Lync Server Response Group service data file for the configuration of the services Transaction log file for the Response Group application configuration Response Group service data file for runtime operations Transaction log for the Response Group service runtime data file
LcsCdr.mdf
15
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Archiving and Monitoring database files Data file or log purpose
process of the Monitoring Server LcsCdr.ldf QoEMetrics.mdf QoEMetrics.ldf Lcslog.mdf Lcslog.ldf Transaction log for call detail recording (CDR) data Quality of Experience data file stored from the Monitoring Server Transaction log for Monitoring data Data file for the retention of instant messaging and conferencing data on an Archiving Server Transaction log for Archiving data
In this topic, references are made to disk and to RAID set. Note that in the configuration of SQL Server resources, referring to a disk means a single hardware device. A hard disk drive with two partitions, one holding log files and the other partition holding data files, is not the same as two disks, each dedicated to either log or data files. In reference to RAID sets, there are a number of different RAID technologies from various vendors. And, with the proliferation of storage area networks (SAN), RAID sets dedicated to a single system are rarer. You should consult with your RAID or SAN vendor to determine what the best configuration is for your disk layout when configuring for SQL Server performance with Lync Server 2010. Note also that not all disk drives are created equally; some perform better than others. Even drives from the same manufacturer can vary in performance because of rotational speed, hardware cache size, and other factors. It is advisable that you test your disks to determine the better performing disks, and then place the more critical and speed sensitive log and data files specifically, Rtcdyn log and Rtc log onto the better performing disks. Disk and Database File Distribution There are a number of potential solutions for the placement of the files. Each of the possible combinations has pros and cons. The optimal distribution requires six hard disks or distinct RAID sets. We recommend that the two most active files, the Rtcdyn log file and Rtc log file, should always be placed on their own disks or RAID set. Six-Disk Distribution The distribution scenario using six disks is typically only used in cases where you want to collocate the Archiving and Monitoring databases on the same SQL Server. This solution uses six physical disks or dedicated RAID sets. The distribution of the data and log files is shown in the following diagram. Advantages Very high performing, low latency, and little contention for disk I/O when compared to other solutions. Disadvantage More costly than other solutions. At minimum, you require six hard disks.
16
Five-Disk Distribution The five-disk distribution uses five disks or five RAID sets. The Rtcdyn and Rtc log files are separated onto their own disks. Archiving and Monitoring logs and data are placed onto their own disks, respectively. The remaining log files and data files are placed on the fifth disk. Advantages Provides good performance for the Rtcdyn and Rtc log files, while reducing the overall number of disks required. Disadvantages All other log files are located on a single disk, potentially causing I/O performance latency for other workloads. Impact is minimized if the Archiving Server, the Monitoring Server, or both are not deployed.
Four-Disk Distribution The four-disk distribution uses four disks or four RAID sets. This configuration is considered to be the best performing of the recommendations due to the low latency and low contention for disk I/O resources. The Rtcdyn and Rtc log files are separated onto their own disks. The remaining log files are placed on the third disk, while the data files are placed on the fourth. Advantages Provides good performance for the Rtcdyn and Rtc log files, while reducing the overall number of disks required. Disadvantages All other log files are located on a single disk, potentially causing I/O performance latency for other workloads. Impact is minimized if the Archiving Server, the Monitoring Server, or both are not deployed.
Three-Disk Distribution The Three Disk Distribution uses three disks or RAID sets. The Rtcdyn and Rtc log files are placed on drive one and drive two. The remaining log and data files are placed on disk three. Advantages Less costly than six and four disk solutions. Placing the Rtcdyn and Rtc log files on their own hard disks allows for good performance for the frequently updated transaction log files. Disadvantages All other log and data files are placed on the remaining disk. Increased potential for latency due to increased I/O of all other workloads on the single disk. If Monitoring and Archiving are not deployed, the impact is lessened, but performance impact is still a concern.
17
Two-Disk Distribution Two-disk distribution uses two hard disks or RAID sets. The Rtcdyn and Rtc log files are both placed on the first disk. All other log and data files are placed on the second hard disk. Advantages Lowering of cost is the primary advantage. Log and data files for other workloads on the second disk will lessen the overall impact on the Rtcdyn and Rtc log files. Disadvantages Combining the Rtcdyn and Rtc log files will begin to negatively impact performance.
Single-Disk Distribution The single-disk distribution uses a single hard disk or RAID set. The Rtcdyn and Rtc log files are placed on the single disk along with the other log and data files. Advantages significantly lower cost than other solutions. Small user numbers may be able to experience acceptable performance. Disadvantages Disk latency and disk loading from all workload logs and data files on the single disk will have an impact on performance. Deployment of Monitoring and Archiving roles will impact performance further.
Configure SQL Server SQL Server 2005 with Service Pack 3 (SP3) (required) or latest service pack (recommended), SQL Server 2008 with Service Pack 1 (SP1) (required) or latest service pack (recommended), and SQL Server 2008 R2 are supported for the Central Management store. For each database that you deploy, you can use a single SQL Server instance for all databases for your Microsoft Lync Server 2010 deployment that can be collocated on a database server, or you can use a dedicated SQL Server instance for each of these databases. For details about database collocation, see Supported Server Collocation in the Supportability documentation.
18
Note: Lync Server 2010 automatically installs SQL Server 2008 Express on each Standard Edition server and each Lync Server 2010 server on which the local configuration store is located. After deploying the servers, you can upgrade the RTC database on the Standard Edition server and the RTCLocal databases on other server roles to SQL Server 2008 R2 Express by running the SQL Server 2008 R2 Express setup wizard and selecting the upgrade option. Repeat this process for each RTC and RTCLocal database. Additionally, each SQL Server instance must be installed and available prior to completing the steps in Topology Builder that set up the databases, or manually creating the databases with Windows PowerShell cmdlets. If you intend to provide high availability for Microsoft Lync Server 2010, Enterprise Edition by using SQL Server failover clustering, see Configure SQL Server Clustering. For details about SQL Server supportability, see Set Up Hardware and the System Infrastructure. To install SQL Server 2008 SP1 1. See the SQL Server 2008 SP1 documentation at: http://go.microsoft.com/fwlink/? LinkId=202921. 2. Download SQL Server 2008 SP1 from the Microsoft Download Center at: http://go.microsoft.com/fwlink/?LinkID=202743. To install SQL Server 2008 R2 1. See the SQL Server 2008 R2 documentation at: http://go.microsoft.com/fwlink/? LinkId=218015. To install SQL Server 2005 SP3 1. See the SQL Server 2005 SP3 documentation at: http://go.microsoft.com/fwlink/? LinkId=202922. 2. Download SQL Server 2005 SP3 from the Microsoft Download Center at: http://go.microsoft.com/fwlink/?LinkID=202744.
Deployment Permissions for SQL Server Microsoft SQL Server 2005 and Microsoft SQL Server 2008 have specific requirements when installing and deploying Microsoft Lync Server 2010. Because Windows and SQL Server define their security differently, logging in as an administrator in the Active Directory domain does not implicitly grant permissions for SQL Server. You must also be a member of the sysadmin entity on the SQL Server-based server you are configuring. Permissions Required for Database and Lync Server Installation The following options detail three permissions and group membership associations for installation of Lync Server files and SQL Server databases. Choose the scenario that best meets the requirements of your organization.
19
Must be granted Must be a member of the membership of RTCUniversalServerAdmins sysadmins SQL group Server security group and member of the SQL Server local Administrators group SQL Server Must be a member of the sysadmin group RTCUniversalServerReadOnly member (or group equivalent) and member of the SQL Server local Administrators group SQL Server Lync Server administrator is administrator is member of member of RTCUniversalServerAdmins sysadmins group (or equivalent) and member of the SQL Server local Administrators group
Lync Server administrator has the proper permissions to install both Lync Server and SQL Server databases. SQL Server administrator has the proper permissions to install both Lync Server and SQL Server databases. The Lync Server administrator can install Lync Server, but cannot install the databases. The SQL Server administrator uses the Lync Server Management Shell and Windows PowerShell cmdlets provided by the Lync Server administrator to install the databases. The Lync Server Management Shell used by the SQL Server administrator is installed on the
20
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide SQL Server or Lync Server role Role-Typical SQL Server permissions and group membership Role-typical Lync Server permissions and group membership Permissions outcome
Front End Server. This eliminates the need to install the Lync Server administrative tools on the SQL Serverbased server.
Database Installation Using Lync Server Management Shell Separation of roles and responsibilities between server administrators and SQL Server administrators can result in delays in implementation. Microsoft Lync Server 2010 uses rolebased access control (RBAC) to mitigate these difficulties. In some instances, the SQL Server administrator must manage the installation of databases on the SQL Server-based server outside RBAC. The Lync Server Management Shell provides a way for the SQL Server administrator to run Windows PowerShell cmdlets designed to configure the databases with the correct data and log files. For details, see Deployment Permissions for SQL Server. Important: The following procedure assumes that at a minimum the Lync Server 2010 OCSCore.msi, SQL Server 2005 BC (SQLServer2005_BC.msi), and SQL Server Native Client (sqlncli.msi) are installed. The OCSCore.msi is located on the installation media in the \Setup\AMD64\Setup directory. SQLServer2005_BC.msi and sqlncli.msi are located in \Setup\amd64. Additionally, Active Directory preparation for Lync Server 2010 has been successfully completed. Install-CsDatabase is the Windows PowerShell cmdlet you use to install the databases. The Install-CsDatabase cmdlet has a large number of parameters, only a few of which are discussed here. For details about the possible parameters, see the Lync Server Management Shell documentation. Warning: To avoid performance and possible time-out issues, always use fully qualified domain names (FQDNs) when referring to SQL Server-based servers. Avoid using host nameonly references. For example, use sqlbe.contoso.net, but avoid using SQLBE. For installing databases, Install-CsDatabase uses three primary methods for placing the databases onto the prepared SQL Server-based server: Run Install-CsDatabase without DatabasePaths or UseDefaultSqlPath. The cmdlet uses a built in algorithm to determine the best placement for the log and data files. The algorithm only works for stand-alone SQL Server implementations and is not intended for use on SQL
21
Server clusters. SQL Server clusters should use either DatabasePaths to define the paths for log and data files, or UseDefaultSqlPath. Run Install-CsDatabase with the DatabasePaths parameter. The built-in algorithm to optimize log and data file locations is not used if the DatabasePaths parameter is defined. Using this parameter allows you to define the locations where log and data files will be deployed. This parameter can be used with SQL Server clusters. Run Install-CsDatabase with UseDefaultSqlPaths. This option does not use the built-in algorithm to optimize the log and data file locations. Log and data file are deployed according to the defaults set by the SQL Server administrator. These paths are typically set for the purpose of automatic administration of log and data files on the SQL Server in advance, and are not associated with the setup of Lync Server 2010. This parameter can be used with SQL Server clusters. To use Windows PowerShell cmdlets to configure the SQL Server Central Management store 1. On any computer, log on with administrative credentials for creating the databases on the SQL Server-based server. For details, see Deployment Permissions for SQL Server. 2. Open the Lync Server Management Shell. If you have not adjusted the execution policy for Windows PowerShell, you must adjust the policy to allow Windows PowerShell scripts to run. For details, see Examining the Execution Policy at http://go.microsoft.com/fwlink/?LinkId=203093. 3. Use the Install-CsDatabase cmdlet to install the Central Management store. Install-CsDatabase -CentralManagementDatabase SqlServerFqdn <fully qualified domain name of SQL Server> -SqlInstanceName <named instance> -DatabasePaths <logfile path>,<database file path> -Report <path to report file> Install-CsDatabase -CentralManagementDatabase SqlServerFqdn sqlbe.contoso.net -SqlInstanceName rtc -DatabasePaths C:\CSDBLogs,C:\CSDB-CMS Report C:\Logs\InstallDatabases.html Tip: The Report parameter is optional but is useful if you are documenting the installation process. 4. When the database installation completes, you can close Lync Server Management Shell or proceed to the installation of the Lync Server 2010 configured databases defined in Topology Builder. To use Windows PowerShell cmdlets to configure the SQL Server database and log locations 1. Install-CsDatabase DatabasePaths can use up to six path parameters, each defining the paths for the drives as defined in SQL Server Data and Log File Placement. By the logical rules of the database configuration in Lync Server 2010, drives are parsed
22
out into buckets of two, four, or six. Depending on your SQL Server configuration and the number of buckets, you will supply two paths, four paths, or six paths. If you have three drives, the log gets priority and the data files are distributed after. An example for a SQL Server-based server configured with six drives: Install-CsDatabase ConfiguredDatabases SqlServerFqdn sqlbe.contoso.net DatabasePaths D:\CSDynLogs,E:\CSRtcLogs,F:\MonCdrArcLogs,G:\MonCdrArchDa ta,H:\AbsAppLog,I:\DynRtcAbsAppData Report C:\Logs\InstallDatabases.html
2. When the database installation completes, you can close Lync Server Management Shell or proceed to the installation of the Lync Server 2010 configured databases defined in Topology Builder. To use Windows PowerShell cmdlets to configure the SQL Server topology configured databases 1. To install the Topology Builder configured databases for Lync Server 2010, the Lync Server administrator must publish the topology. For details, see Publish the Topology in the Deployment documentation. 2. On any computer, log on with administrative credentials for creating the databases on the SQL Server-based server. See the topic, Deployment Permissions for SQL Server. Important: To be able to configure the SQL Server-based databases, make sure the SQL Server administrator account used to run the steps described here is also a member of the sysadmins group (or equivalent) on the server running SQL Server and holding the Central Management Server role. This is especially important to check for any additional Lync Server pools which require SQL Server database installation or configuration. For example, if you are deploying a second pool (pool02) but the Central Management Server role is held by pool01. The SQL Server sysadmin group (or equivalent) must have permissions on both SQL Server-based databases. 3. Open Lync Server Management Shell, if its not already open. 4. Use the Install-CsDatabase cmdlet to install the Topology Builder configured databases. Install-CsDatabase -ConfiguredDatabases SqlServerFqdn <fully qualified domain name of SQL Server>
23
-DatabasePaths <logfile path>,<database file path> -Report <path to report file> Install-CsDatabase -ConfiguredDatabases SqlServerFqdn sqlbe.contoso.net Report C:\Logs\InstallDatabases.html Tip: The Report parameter is optional but is useful if you are documenting the installation process. 5. When the database installation completes, close Lync Server Management Shell. See Also Configure SQL Server Clustering Understanding Firewall Requirements for SQL Server For a Standard Edition deployment, firewall exceptions are created automatically during Microsoft Lync Server 2010 Setup. However, for Enterprise Edition deployments, you must configure the firewall exceptions manually on the Microsoft SQL Server Back End Server. The TCP/IP protocol allows for a given port to be used once for a given IP address. This means that for the SQL Server-based server you can assign the default database instance the default TCP port 1433. For any other instances you will need to use the SQL Server Configuration Manager to assign unique and unused ports. This topic covers: Requirements for a firewall exception when using the default instance Requirements for a firewall exception for the SQL Server Browser service Requirements for static listening ports when using named instances
Requirements for a Firewall Exception When Using the Default Instance If you are using the SQL Server default instance for any database when deploying Microsoft Lync Server 2010, the following firewall rule requirements are used to ensure communication from the Front End pool to the SQL Server default instance.
Protocol Port Direction
TCP
1433
Requirements for a Firewall Exception for the SQL Server Browser Service The SQL Server Browser service will locate database instances and communicate the port that the instance (named or default) is configured to use.
Protocol Port Direction
UDP
1434
Inbound
24
Requirements for Static Listening Ports When Using Named Instances When using named instances in the SQL Server configuration for databases supporting Lync Server 2010, you configure static ports by using SQL Server Configuration Manager. After the static ports have been assigned to each named instance, you create exceptions for each static port in the firewall.
Protocol Port Direction
TCP
Statically defined
Inbound
SQL Server 2005, SQL Server 2008, and SQL Server 2008 R2 documentation provides detailed guidance on how to configure firewall access for databases. For details about SQL Server 2005, see How to: Configure a Firewall for SQL Server Access at http://go.microsoft.com/fwlink/?LinkId=202625. For details about SQL Server 2008, see Configuring the Windows Firewall to Allow SQL Server Access at http://go.microsoft.com/fwlink/?LinkId=202628. For details about SQL Server 2008 R2, see Configuring the Windows Firewall to Allow SQL Server Access at http://go.microsoft.com/fwlink/?LinkId=218031. Configure SQL Server Clustering Microsoft Lync Server 2010 supports clustering for Microsoft SQL Server 2008, Microsoft SQL Server 2008 R2, and Microsoft SQL Server 2005 in an active/passive configuration. For details about SQL Server clustering, see Database Software and Clustering Support in the Supportability documentation. You should set up and configure the SQL Server cluster before you install and deploy the Enterprise Edition Front End Server and back-end database. For procedures to set up and install the clustering and SQL Server software, see SQL Server 2008 How to: Create a New SQL Server Failover Cluster (Setup) at http://go.microsoft.com/fwlink/?LinkId=202919. For procedures to set up and install the clustering and SQL Server software for SQL Server 2008 R2, see Getting Started with SQL Server 2008 R2 Failover Clustering at http://go.microsoft.com/fwlink/? LinkId=218032. For procedures to install and configure a cluster in SQL Server 2005, see How to Create a New SQL Server 2005 Failover Cluster (Setup) at http://go.microsoft.com/fwlink/? LinkId=202920. When you install SQL Server, you should install SQL Server Management Studio to manage the locations for database and log file locations. SQL Server Management Studio is installed as an optional component when you install SQL Server. Important: To install and deploy the databases on the SQL Server-based server, you must be a member of the SQL Server sysadmin group for the SQL Server-based server where you are installing the database files. If you are not a member of the SQL Server sysadmin group, you will need to request that you be added to the group until the database files are deployed. If you cannot be made a member of the sysadmin group, you should provide your SQL Server database administrator with the script to configure and deploy the
25
databases. For details about the proper user rights and permissions that you need to accomplish the procedures, see Deployment Permissions for SQL Server. To configure SQL Server clustering 1. After you have completed the installation and configuration of SQL Server clustering, you define the SQL Server store in Topology Builder by using the SQL Server instance virtual cluster name (as configured in the setup for SQL Server clustering) and the instance name of the SQL Server database. Different from a single SQL Server-based server, you will use the virtual node fully qualified domain name (FQDN) for a clustered SQL Server-based server. Note: The individual Windows Server cluster nodes do not have to be configured for Topology Builder. You will use only the virtual SQL Server cluster name. 2. If you are using Topology Builder to deploy your databases, you must be a member of the SQL Server sysadmin group. If you are a member of the SQL Server sysadmin group, but you do not have privileges in the domain (for example, a SQL Server database administrator role), then you have the rights to create the databases but not to read necessary information in Lync Server 2010. For details about the user rights and permissions necessary to deploying Lync Server 2010, see Deployment Permissions for SQL Server. 3. Ensure that the database folder and log files folder defaults are mapped correctly to the shared disks in the SQL Server cluster by using SQL Server Management Studio. This is a required procedure if you will create databases by using Topology Builder. Note: If you did not install SQL Server Management Studio, you can install it by rerunning the SQL Server installation, and then selecting the management tool as an added feature for the existing SQL Server deployment. 4. Install the databases for the SQL Server-based server by using either Topology Builder or Windows PowerShell cmdlets. To create databases by using Topology Builder 1. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. Warning: The following procedure assumes that you have defined and configured your topology in Topology Builder. For details about defining your topology, see Defining and Configuring the Topology. To use Topology Builder to publish the topology and configure the database, you must log on as a user with the correct user rights and group memberships. For details about the required rights and group memberships, see Deployment Permissions for SQL Server. 2. In Topology Builder, as you publish the topology, on the Create databases page,
26
click Advanced. 3. The Select Database File Location page has two options that determine how the database files will be deployed to the SQL Server cluster. Select one of the following: Automatically determine the database file location . This selection uses an algorithm to determine the database log and data file locations based on the drive configuration on the SQL Server-based server. The files will be distributed in such a way as to attempt to provide optimal performance. Use SQL Server instance defaults. Selecting this option will install the log and data files according to the SQL Server instance settings. After deployment of the database files to the SQL Server, your SQL Server database administrator may want to relocate the files to optimize performance for your particular SQL Server configuration requirements. 4. Complete the publishing of the topology and confirm that there were no errors during the operation. To use Windows PowerShell cmdlets to create SQL Server cluster databases 1. Open Lync Server Management Shell. Note: Production SQL Server clusters typically require that logs and data files be placed strategically for performance reasons. 2. Use the Install-CsDatabase cmdlet to install the Topology Builder configured databases. Do one of the following: Install the database files to the clustered SQL Server-based server and respect the definitions that you created in the topology document. The topology document defines the clustered SQL Server-based server instance, but you need to deploy database files to specific disk locations. Install-CsDatabase -ConfiguredDatabases SqlServerFqdn <fully qualified domain name of SQL Server cluster> -DatabasePaths <logfile path>,<database file path> -Report <path to report file> Install-CsDatabase -ConfiguredDatabases SqlServerFqdn sqlvirt.contoso.net -SqlInstanceName RTC -DatabasePaths g:\rtcdynlog,h:\rtclog,i:\dbs -Report C:\Reports\Install-SQL-Cluster-DBs.htm Alternatively, you can use the following command to allow the cmdlet to determine the optimal location for the log and data files, and to override the topology document to use a named instance on the clustered SQL Server-based server. Install-CsDatabase -ConfiguredDatabases SqlServerFqdn <fully qualified domain name of SQL Server cluster> -SqlInstanceName <named instance> -Report <path to report file>
27
Install-CsDatabase -ConfiguredDatabases SqlServerFqdn sqlvirt.contoso.net -SqlInstanceName RTC -Report C:\Reports\Install-SQL-Cluster-DBs.htm Tip: By omitting the DatabasePaths parameter, the cmdlet is allowed to determine the optimal placement of the log and data files on the named instance.
DNS Requirements for Front End Pool To successfully complete this procedure, you should be logged on to the server or domain minimally as a member of the Domain Admins group or a member of the DnsAdmins group. You need to configure the required Domain Name System (DNS) records prior to publishing your topology in Topology Builder. Additionally, some of the fully qualified domain names (FQDNs) used in the configuration of a Microsoft Lync Server 2010 deployment are logical and not physical server FQDNs, so additional DNS configuration is required prior to publishing. Warning: Lync Server 2010 does not support single-labeled domains. For example, a forest with a root domain named contoso.local is supported, but a root domain named local is not supported. For details, see Microsoft Knowledge Base article 300684, Information about configuring Windows for domains with single-label DNS names, at http://go.microsoft.com/fwlink/?LinkId=143752. Important: The name you specify must be identical to the computer name configured on the server. By default the computer name of a computer that is not joined to a domain is a short name, not an FQDN. Topology Builder uses FQDNs, not short names. So, you must configure a DNS suffix on the name of the computer to be deployed as an Edge Server that is not joined to a domain. Use only standard characters (including AZ, az, 09,
28
and hyphens) when assigning FQDNs of your servers running Lync Server, Edge Servers, and pools. Do not use Unicode characters or underscores. Nonstandard characters in an FQDN are often not supported by external DNS and public certification authorities (CAs) (when the FQDN must be assigned to the SN in the certificate). For details about adding a DNS suffix to a computer name, see Configure DNS Records for Edge Support. Prior to operating the topology after it has been deployed, you should ensure that the following Active Directory and DNS records are created (as your needs for specific features dictate): Each server role that will exist in the topology is published as an Active Directory object (Joining the computer to the domain will accomplish this). A DNS A Record exists for each server. A DNS SRV Record exists for each SIP domain if you plan to use automatic logon for clients in the form of _sipinternal_tls.<SIP domain>. If you will use manual configuration for clients, this record is not necessary. A DNS A Record for each configured simple URL, of which there are typically two: meet and dialin. Additionally, there is the admin simple URL which is a special URL for access to the Microsoft Lync Server 2010 Control Panel. The SQL Server-based computer must be domain joined, and reachable by the computer that Topology Builder is publishing from. The table follows the reference architectures presented in the Planning section. For details, see Topologies for External User Access in the Planning documentation. DNS Records Required for the Front End Pool
Location Type FQDN Maps to/Comments
A A A
Pool01 (DNS load balancing) Pool01 (DNS load balancing) Pool01 (virtual IP (VIP) of hardware load balancer) Pool01 Front End Server (NODE 1) Pool01 Front End Server (NODE 2) Pool01 (VIP) for client-toserver web traffic Pool01 Back End Server running Microsoft SQL Server 2008, Microsoft
A A A A
29
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Location Type FQDN Maps to/Comments
SQL Server 2008 R2, or Microsoft SQL Server 2005 Internal DNS A sip.contoso.com Required for Microsoft Lync 2010 Phone Edition, or automatic logon of clients without DNS SRV records, and for strict domain matching. Not required in all cases. Assumes a second SIP domain. Required for Microsoft Lync 2010 Phone Edition, automatic logon of clients without DNS SRV records, and for strict domain matching. Not required in all cases. Simple URL for dial-in conferencing published internally Front End Server (or Director, if installed) responds to simple URL queries Simple URL for conferences published internally Front End Server (or Director, if installed) responds to simple URL queries Optional record, simple URL for Microsoft Lync Server 2010 Control Panel published internally - Front End Server (or Director, if installed) responds to simple URL queries. Host name only (no
Internal DNS
sip.fabrikam.com
Internal DNS
dialin.contoso.com
Internal DNS
meet.contoso.com
Internal DNS
admin.contoso.com admin
30
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Location Type FQDN Maps to/Comments
domain name) is recommended. Note: VIP = virtual IP address for hardware load balancer
31
Internal DNS
SRV
_sipinternaltls._tcp.contoso.com
pool01.contoso.com
5061
Required for automatic configuration of Lync 2010 clients to work internally Required for automatic configuration of Lync 2010 clients to work internally Network Time Protocol (NTP) source required for Microsoft Lync 2010 Phone Edition-based devices. Internally, this should point to the domain controller. If the domain controller is not defined, it will try to use the NTP server time.windows.com
Internal DNS
SRV
_sipinternaltls._tcp.fabrikam.com
pool01.fabrikam.com
5061
Internal DNS
SRV
_ntp._udp.contoso.com
dc01.contoso.com
123
32
Configure DNS Host Records To successfully complete this procedure, you should be logged on to the server or domain at minimum as a member of the Domain Admins group or a member of the DnsAdmins group. To configure DNS Host A records 1. On the Domain Name System (DNS) server, click Start, click Administrative Tools, and then click DNS. 2. In the console tree for your domain, expand Forward Lookup Zones, and then rightclick the domain in which Microsoft Lync Server 2010 will be installed. 3. Click New Host (A or AAAA). 4. Click Name, type the host name for the pool (the domain name is assumed from the zone that the record is defined in and does not need to be entered as part of the A record). 5. Click IP Address, type the virtual IP (VIP) of the load balancer for the Front End pool. Important: In deployments that use a Director pool, the host (A) records for the simple URLs should point to the VIP of the Director load balancer. Note: If you deploy only one Enterprise Edition server or Director that is connected to the topology without a load balancer, or if you deploy a Standard Edition server, type the IP address of the Enterprise Edition server, Standard Edition server, or Director. A load balancer is required if you deploy more than one Enterprise Edition server or Director in a pool. Load balancers are not used with Standard Edition servers. 6. Click Add Host, and then click OK. 7. To create an additional A record, repeat steps 4 and 5. 8. When you are finished creating all the A records that you need, click Done.
Create and Verify DNS SRV Records To successfully complete this procedure, you should be logged on to the server or domain minimally as a member of the Domain Admins group or a member of the DnsAdmins group. This topic describes how to configure the Domain Name System (DNS) records that you are required to create in Microsoft Lync Server 2010 deployments, and those required for automatic client sign in. When you create a Front End pool, Setup creates Active Directory objects and settings for the pool, including the pool fully qualified domain name (FQDN). Similar objects and settings are created for a Standard Edition server. For clients to be able to connect to the pool or Standard Edition server, the FQDN of the pool or Standard Edition server must be registered in DNS. You must create DNS SRV records in your internal DNS for every SIP domain. This procedure assumes that your internal DNS has zones for your SIP user domains.
33
To configure a DNS SRV record 1. On the DNS server, click Start, click Administrative Tools, and then click DNS. 2. In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which Lync Server 2010 will be installed. 3. Click Other New Records. 4. In Select a resource record type, click Service Location (SRV), and then click Create Record. 5. Click Service, and then type _sipinternaltls. 6. Click Protocol, and then type _tcp. 7. Click Port Number, and then type 5061. 8. Click Host offering this service, and then type the FQDN of the pool or Standard Edition server. 9. Click OK, and then click Done. To verify the creation of a DNS SRV record 1. Log on to a client computer in the domain with an account that is a member of the Authenticated Users group or has equivalent permissions. 2. Click Start, and then click Run. 3. In the Open box, type cmd, and then click OK. 4. At the command prompt, type nslookup, and then press ENTER. 5. Type set type=srv, and then press ENTER. 6. Type _sipinternaltls._tcp.contoso.com, and then press ENTER. The output displayed for the Transport Layer Security (TLS) record is as follows: Server: <dns server>.contoso.com Address: <IP address of DNS server> Non-authoritative answer: _sipinternaltls._tcp.contoso.com SRV service location: priority weight port =0 =0 = 5061
svr hostname = poolname.contoso.com (or Standard Edition server A record) poolname.contoso.com internet address = <virtual IP Address of the load balancer> or <IP address of a single Enterprise Edition server for pools with only one Enterprise Edition server> or <IP address of the Standard Edition server > 7. When you are finished, at the command prompt, type exit, and then press ENTER. To verify that the FQDN of the Front End pool or Standard Edition server can be resolved 1. Log on to a client computer in the domain.
34
2. Click Start, and then click Run. 3. In the Open box, type cmd, and then click OK. 4. At the command prompt, type nslookup<FQDN of the Front End pool> or <FQDN of the Standard Edition server>, and then press ENTER. 5. Verify that you receive a reply that resolves to the appropriate IP address for the FQDN.
Configure DNS for Load Balancing To successfully complete this procedure, you should be logged on to the server or domain minimally as a member of the Domain Admins group or a member of the DnsAdmins group. Domain Name System (DNS) Load Balancing balances the network traffic that is unique to Microsoft Lync Server 2010, such as SIP traffic and media traffic. DNS load balancing is supported for Front End pools, Edge pools, Director pools, and stand-alone Mediation pools. A pool that is configured to use DNS load balancing must have two fully qualified domain names (FQDNs) defined: the regular pool FQDN that is used by DNS load balancing (for example, pool1.contoso.com) and that resolves to the physical IPs of the servers in the pool, and another FQDN for the pools Web Services (for example, web1.contoso.net), which resolves to the virtual IP address of the pool. For details about DNS Load Balancing, see DNS Load Balancing in the Planning documentation. Before you can use DNS load balancing, you must: 1. Override the internal Web Services pool FQDN. 2. Create DNS A host records to resolve the pool FQDN to the IP addresses of all the servers in the pool. 3. Enable IP Address randomization or, for Windows Server DNS, enable round robin. To enable round robin for Windows Server 1. Click Start, click All Programs, click Administrative Tools, and then click DNS. 2. Expand DNS, right-click the DNS server you want to configure, and then click Properties. 3. Click the Advanced tab, select Enable round robin and Enable netmask ordering, and then click OK.
35
To override internal Web services FQDN 1. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. 2. From the console tree, expand the Enterprise Edition Front End pools node. 3. Right-click the pool, click Edit Properties, and then click Web Services. 4. Below Internal web services, select the Override FQDN check box. 5. Type the pool FQDN that resolves to the physical IP addresses of the servers in the pool. 6. Below External web services, type the external pool FQDN that resolves to the virtual IP addresses of the pool, and then click OK. 7. From the console tree, click Lync Server 2010 , and then in the Actions pane, click Publish Topology. To create DNS Host (A) Records for all internal pool servers 1. Click Start, click All Programs, click Administrative Tools, and then click DNS.
36
2. In DNS Manager, click the DNS Server that manages your records to expand it. 3. Click Forward Lookup Zones to expand it. 4. Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA). 5. In the Name box, type the name of the host record (the domain name will be automatically appended). 6. In the IP Address box, type the IP address of the individual Front End Server and then select Create associated pointer (PTR) record or Allow any authenticated user to update DNS records with the same owner name, if applicable. 7. Continue creating records for all member Front End Servers that will participate in DNS Load Balancing. For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create the following DNS entries:
FQDN Type Data
For details about creating DNS Host (A) records, see Configure DNS Host Records. See Also DNS Load Balancing
In This Section
Topology Builder Installation Requirements
37
Install Lync Server Administrative Tools Defining and Configuring the Topology
See Also Preparing the Infrastructure and Systems Finalizing and Implementing the Topology Design
Administrator Rights and Permissions Required for Setup and Administration Setup and deployment of Microsoft Lync Server 2010 requires that the person installing and deploying the software be a member of local or domain-level groups. Administrative tools for Lync Server 2010 can require additional permissions. Group Membership Requirements The following table summarizes the group or groups that a person should belong to in order to successfully install, manage, and troubleshoot Lync Server 2010.
Lync Server Executable Group Membership Required
Setup.exe Executable that starts the installation of the Lync Server administrative tools.
Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in Active Directory Domain Services (AD DS). This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Tip: You can also delegate setup permissions to users or groups to whom you do not want to grant membership in
38
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Lync Server Executable Group Membership Required
the Domain Admins group. For details, see Granting Setup Permissions in the Deployment documentation. Deploy.exe Called by setup.exe, deploy.exe is responsible for the deployment of the software components for the server roles. Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Membership in RtcUniversalReadOnlyAdmins group is necessary to read the Central Management store. Note: If you are running the Windows Vista operating system or Windows 7 operating system, you will be prompted by User Account Control (UAC) to proceed with installation. If you are logged on with a standard user account, you will need someone who is a member of the Local Administrators group to provide credentials when prompted for an account with permissions to install the software. Bootstrapper.exe Called by setup.exe, bootstrapper.exe is responsible for deployment and configuration of server roles. Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Member of the Local Administrators group on
OCSLogger.exe Administrative
39
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Lync Server Executable Group Membership Required
troubleshooting tool for capturing messages on server roles. TopologyBuilder.msc Wizard-driven user interface to create, view, adjust, and validate Lync Server topologies.
the computer from which the executable is run. The executable is manifested as requireAdministrator. Member of the Local Administrators group on the computer from which the executable is run to view the topology. Member of the RTCUniversalServerAdmins group to change configuration settings. Member of the RTCUniversalServerAdmins group and Domain Admins group, or member of the RTCUniversalServerAdmins group (only if the group has been granted delegate setup permissions), to publish the topology. For details about delegating setup permissions to allow members of the RTCUniversalServerAdmins group to publish the topology without being members of the Domain Admins group, see Granting Setup Permissions in the Deployment documentation.
AdminUIHost.exe Web-based graphical user Member of CsAdministrator group or member of interface for managing Lync Server. another role-based access control (RBAC) role to which the specific administrative task is assigned. Microsoft Lync Server 2010 Control Panel implements configuration changes by running Lync Server Management Shell cmdlets. For a list of predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation. PowerShell.exe with the Lync Server module loaded Command-line administrative tool with cmdlets specific to management of Lync Server. Member of CsAdministrator group or member of another RBAC role to which the specific cmdlet has been assigned. For a list of predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation. Or, member of one or more of the following groups, depending on the cmdlet: RTCUniversalServerAdmins RTCUniversalUserAdmins RTCUniversalReadOnlyAdmins
40
The group memberships in the preceding table represent the minimum memberships. Other memberships which will grant the permissions necessary to initiate the setup and deployment are possible, including membership in the Domain Admins group or Enterprise Admins group. See Also Install Lync Server Administrative Tools Server and Tools Operating System Support All server roles support the same Windows Server operating systems. The required operating system support for other server roles, such as database servers, depends on what software you install on those servers. Microsoft Lync Server 2010 communications software administrative tools are installed by default on the server running Lync Server 2010, but you can install administrative tools separately on other computers running Windows operating systems. For example, you can use a client computer running Windows 7 as an administrative console for planning purposes. Important: Lync Server 2010 is available only in 64-bit, which requires 64-bit hardware and 64-bit editions of Windows Server. Lync Server 2010 is not available in a 32-bit version. This means that all server roles and computers running Lync Server administrative tools run a 64-bit edition operating system. Operating Systems for Server Roles Microsoft Lync Server 2010 supports the 64-bit editions of the following operating systems: The Windows Server 2008 R2 Standard operating system (required) or latest service pack (recommended) The Windows Server 2008 R2 Enterprise operating system (required) or latest service pack (recommended) The Windows Server 2008 R2 Datacenter operating system (required) or latest service pack (recommended) The Windows Server 2008 Standard operating system with Service Pack 2 (SP2) (required) or latest service pack (recommended) The Windows Server 2008 Enterprise operating system with SP2 (required) or latest service pack (recommended) The Windows Server 2008 Datacenter operating system with SP2 (required) or latest service pack (recommended) Notes: If you have an existing server running Windows Server 2008 with Service Pack 1 (SP1), you must upgrade it to either Windows Server 2008 SP2 (or latest service pack), or Windows Server 2008 R2 (or latest service pack) before deploying Lync Server 2010. To deploy Lync Server 2010 on a computer that is running either the Windows Server 2008 R2 Datacenter operating system or the Windows Server 2008 Datacenter operating system with Service Pack 2 (SP2) and that is configured for multiple processor groups (dynamic hardware partitioning), you must upgrade Microsoft SQL Server 2008 Express database software, which is
41
installed by default when you install Lync Server 2010, to Microsoft SQL Server 2008 R2 Express. The SQL instance name is RTC for a Standard Edition server back-end database and RTCLocal for the local configuration store (on each server role). A server running Lync Server 2010 Standard Edition has both SQL instances, and each needs to be upgraded separately. Lync Server 2010 is not supported on the following operating systems: The Server Core installation option of Windows Server 2008 R2 or Windows Server 2008 The Windows Web Server 2008 R2 operating system or the Windows Web Server 2008 operating system Windows Server 2008 R2 HPC Edition or Windows Server 2008 HPC Edition Operating Systems for Other Servers Operating system support for servers other than those on which you deploy Lync Server 2010 server roles is dependent on the software you plan to install on those servers. For details about requirements for Back End Servers and other database servers, see Database Software and Clustering Support. For details about requirements for reverse proxy servers (for edge deployment), see Internet Information Services (IIS) Support. For details about other software requirements, including infrastructure and virtualization support, see the other topics in the Server Software and Infrastructure Support section. Additional Operating Systems for Administrative Tools Lync Server 2010 supports installation of the administrative tools, which includes the Topology Builder, on computers running any of the 64-bit editions of the operating systems supported for deployment of server roles (as described in the previous section). Additionally, you can install administrative tools on the 64-bit editions of the following operating systems: The Windows 7 operating system (required) or latest service pack (recommended) The Windows Vista operating system with SP2 (required) or latest service pack (recommended) Operating System for the Planning Tool Lync Server 2010 supports installation of the Planning Tool on computers running any of the following operating systems: The 32-bit version of Windows 7 operating system (required) or latest service pack (recommended) The 64-bit version of Windows 7 operating system (required) or latest service pack (recommended) using the WOW64 x86 emulator The 32-bit edition of Windows Vista with SP2 operating system (required) or latest service pack (recommended) The 64-bit edition of Windows Vista with SP2 operating system (required) or latest service pack (recommended) using the WOW64 x86 emulator The 32-bit edition of Windows XP with SP3 operating system (required) or latest service pack (recommended) The 64-bit edition of Windows XP with SP3 operating system (required) or latest service pack (recommended) using WOW64 x86
42
The 32-bit edition of Windows Server 2008 operating system (required) or latest service pack (recommended) The 64-bit edition of Windows Server 2008 operating system (required) or latest service pack (recommended) using WOW64 x86 The 64-bit edition of Windows Server 2008 R2 operating system (required) or latest service pack (recommended) using WOW64 x86 Administrative Tools Software Requirements This topic describes the software required to install and use Microsoft Lync Server 2010 administrative tools in addition to the operating system requirements. Microsoft .NET Framework 3.5 with Service Pack 1 (SP1) The 64-bit edition of Microsoft .NET Framework 3.5 with SP1 is required for Microsoft Lync Server 2010. Setup prompts you to install this prerequisite and it automatically installs it if it is not already installed on the computer. .NET Framework 4.0 can be installed on the same computer as well, but does not take the place of .NET Framework 3.5 with SP1, which is the required version for Lync Server 2010. After installing the .NET Framework 3.5 SP1 package, you should immediately install the following updates: Microsoft Knowledge Base article 959209, An update for the .NET Framework Service Pack 1 is available, at http://go.microsoft.com/fwlink/?linkid=197396, which addresses a set of known application compatibility issues. Microsoft Knowledge Base article 967190, Update for .NET Framework 3.5 SP1 (KB967190), at http://go.microsoft.com/fwlink/?linkid=197397, which addresses a file association issue for XPS document types. Microsoft Knowledge Base article 981575, A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServiceProvider class, at http://go.microsoft.com/fwlink/?linkid=202909. Microsoft Knowledge Base article 974954, FIX: When you run a .NET Framework 2.0based application, a System.AccessViolationException occurs, or a dead-lock occurs on two threads in an application domain, at http://go.microsoft.com/fwlink/?linkid=205337. Windows Installer Version 4.5 Microsoft Lync Server 2010 uses Windows Installer technology to install, uninstall, and maintain various server roles. Windows Installer version 4.5 is available as a redistributable component for the Windows Server operating system. Download Windows Installer 4.5 from the Microsoft Download Center at http://go.microsoft.com/fwlink/?linkid=197395. Windows PowerShell 2.0 Windows PowerShell 2.0 command-line interface is automatically installed with the Windows Server 2008 R2 operating system and the Windows 7 operating system. On servers running the Windows Server 2008 SP2 operating system or Windows Vista operating system with Service Pack 2 (SP2), you must install Windows PowerShell 2.0 manually. Before doing so, you must remove any previous versions of Windows PowerShell from the computer.
43
To install Windows PowerShell 2.0, see the Microsoft Knowledge Base article 968929, Windows Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0), at http://go.microsoft.com/fwlink/?linkid=197390. Microsoft Silverlight 4 browser plug-in Microsoft Lync Server 2010 Control Panel is a web-based tool and requires that you install Microsoft Silverlight 4 browser plug-in version 4.0.50524.0 or the latest version. When you start Lync Server 2010 Control Panel, if this software is not installed or if an earlier version earlier than 4.0.50524.0 is installed, Lync Server Control Panel prompts you to install the required version. See Also Server and Tools Operating System Support Administrative Tools Infrastructure Requirements Administrator Rights and Permissions Required for Setup and Administration Requirements to Publish a Topology This topic describes the infrastructure and software requirements that are specific to publishing a topology, whether by using Topology Builder or the Lync Server Management Shell command-line interface. These requirements are in addition to the general operating system, software, and permissions requirements applicable to all Microsoft Lync Server 2010 administrative tools. Ensure that you satisfy all administrative tools requirements before you publish a topology. You must run Topology Builder on a computer that is joined to the same domain or forest of the Lync Server 2010 deployment you are creating so that Active Directory Domain Services (AD DS) preparation steps are already completed, enabling you to use the administrative tools on that computer to successfully publish your topology. Note: For details about preparing AD DS, see Preparing Active Directory Domain Services for Lync Server 2010 in the Deployment documentation. The computers defined in the topology must be joined to the domain, except for Edge Servers, and in AD DS. However, the computers do not need to be online when you publish the topology. The file share for the pool must be created and available to remote users. In order to publish an Enterprise Edition Front End pool, the SQL Server-based Back End Server must be joined to the domain in which you are deploying the servers, online, and configured with the appropriate firewall rules to make it available to remote users. For details about specifying firewall exceptions, see Understanding Firewall Requirements for SQL Server. For other details about configuring SQL Server, see Configure SQL Server for Lync Server 2010. Note: Standard Edition server has a collocated database that will accept the published configuration. You must first run the Prepare first Standard Edition server setup task in the Lync Server Deployment Wizard.
44
If you run Topology Builder on a computer where you plan to later install Lync Server, then you must install the Microsoft SQL Server 2005 backward compatibility components by running the first setup task in the Lync Server Deployment Wizard before you publish the topology. For details, see Install the Local Configuration Store or Install the Standard Edition Local Configuration Store. Note: You do not need the Microsoft SQL Server 2005 backward compatibility components to publish the topology if you run Topology Builder on a dedicated administrative console or if you run Topology Builder on a computer where Lync Server is already installed. (Lync Server setup automatically installs the backward compatibility components along with other component files required by Lync Server.) See Also Publish the Topology Administrative Tools Software Requirements Server and Tools Operating System Support Administrator Rights and Permissions Required for Setup and Administration Delegate Setup Permissions
45
To install the Lync Server 2010 administrative tools 1. Log on as a local administrator (minimum requirement) to the computer where you want to install the administrative tools. If you are logged on as an a standard user on the Windows Vista or Windows 7 operating systems, and User Account Control (UAC) is enabled, you will be prompted for the local administrator or a domain equivalent user name and password. 2. Locate the installation media on your computer, and then double-click \Setup\amd64\Setup.exe. 3. If you are prompted to install the Microsoft Visual C++ 2008 distributable, click Yes. 4. On the Microsoft Lync Server 2010 Installation Location page, click OK. Change this path to another location or drive if you need to have the files installed to another location. Important: If your organization requires that you locate Internet Information Services (IIS) and all Web Services on a drive other than the system drive, you can change the installation location path for the Lync Server files in the Setup dialog box. If you install the Setup files to this path, including OCSCore.msi, the rest of the Lync Server 2010 files will be deployed to this drive too. 5. On the End User License Agreement page, review the license terms, click I accept, and then click OK. This step is required before you can continue. 6. On the Microsoft Lync Server 2010 Deployment Wizard page, click Install Topology Builder. 7. When the installation successfully completes, click Exit. See Also Lync Server Administrative Tools Open Lync Server Administrative Tools
If you have already defined a topology and have established the Central Management store, you should choose to download a topology from an existing deployment. Topology Builder will read the database and retrieve the current definition. If you have an existing Central Management store, you should always choose this option.
46
If you have not established a Central Management store and want to edit a previously saved configuration, you should choose to open the topology from a local file. The file that you will open would be the configuration file that was saved in a previous session. You can use this option to edit the previously saved topology. Warning: If you already have a published topology, you should not load a local configuration file. You should choose to download the topology from an existing deployment. Choose to create a new topology, if you want to create a new Topology Builder configuration. A previously saved design is not overwritten unless you choose to save it as the same file that you created in an earlier design session. In each of these options, you will be prompted for a location to store the Topology Builder configuration file. The location for the file could be a local location, a shared location on an established file share, or removable media. In This Section Define and Configure a Topology in Topology Builder Define and Configure a Front End Pool Define a New A/V Conferencing Server Edit or Configure Simple URLs
Define and Configure a Topology in Topology Builder Running Topology Builder to define a new topology or to modify an existing topology does not require membership in a local administrator or privileged domain group. Topology Builder guides you through the steps necessary to define your topology for an Enterprise Edition Front End pool or a Standard Edition Front End Server, based on your configuration requirements. You must use Topology Builder to complete and publish the topology before you can install Microsoft Lync Server 2010 on servers. The following procedure includes the steps required to define a new topology. To define a topology 1. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. 2. In Topology Builder, select New Topology. You are prompted for a location and file name for saving the topology. Give the topology file a meaningful name and accept the default extension of .tbxml. Click OK.
47
3. Navigate to the location where you want to save the new topology XML file, enter a name for the file, and then click Save. 4. On the Define the primary domain page, enter the name of the primary SIP domain for your organization, and then click Next.
48
5. On the Specify additional supported domains page, enter the names of additional domains, if any, and then click Next.
49
6. On the Define the first site page, enter a name and a description for the first site, and then click Next.
50
7. On the Specify site details page, enter the location information for the site, and then click Next. 8. On the New topology was successfully defined page, ensure the Open the New Front End Wizard when this wizard closes check box is selected, and then click Finish. After youve defined and saved the topology, use the New Front End Wizard to define a Front End pool or Standard Edition server for your site. For details, see Define and Configure a Front End Pool for Enterprise Edition, or see Define and Configure a Standard Edition Server for a Standard Edition server.
Define and Configure a Front End Pool This procedure does not require membership in a local administrator or privileged domain group. You should log on to a computer as a standard user. After you have defined your topology, use the following procedure to define a Front End pool for your site. For details about defining the topology, see Define and Configure a Topology in Topology Builder.
51
To define a Front End pool 1. In the Define New Front End Pool Wizard, on the Define the New Front End pool page, click Next. 2. On the Define the Front End pool FQDN page, enter a fully qualified domain name (FQDN) for the pool you are creating, click Enterprise Edition Front End Pool, and then click Next.
3. On the Define the computers in this pool page, enter a computer FQDN for the first Front End Server in the pool, and then click Add. Repeat this step for any additional computers (up to ten) that you want to add to the pool, and then click Next.
52
4. On the Select features page, select the check boxes for the features that you want on this Front End pool. For example, if you are deploying only instant messaging (IM) and presence features, you would select the Conferencing check box to allow multiparty IM, but would not select the Dial-in (PSTN) conferencing, Enterprise Voice, or Call Admission Control check boxes, because they represent voice, video, and collaborative conferencing features. Conferencing This selection enables a rich set of features including: Instant messaging (IM) with more than two parties in an IM session
Conferencing, which includes document collaboration, application sharing, and desktop sharing A/V conferencing, which enables users to have real-time audio/video (A/V) conferences without the need for external services such as the Live Meeting service or a third-party audio bridge Dial-in (PSTN) conferencing - Allows users to join the audio portion of a Lync Server 2010 conference by using a public switched telephone network (PSTN) phone without requiring an audio conferencing provider. Enterprise Voice - Enterprise Voice is the Voice over IP (VoIP) solution in Lync Server 2010 that allows users to make and receive phone calls. You would deploy
53
this feature if you plan to use Lync Server 2010 for voice calls, voice mail, and other functions that use a hardware device or a software client. Call admission control (CAC) CAC determines, based on available network bandwidth, whether to allow real-time communications sessions such as voice or video calls to be established. If you have deployed only IM and presence, CAC is not needed because neither of these two features uses CAC. Note: If you would like to enable CAC in your deployment, it is required that you enable CAC in exactly one pool per central site. CAC is recommended if you are deploying voice features or A/V conferencing. The following table shows the available features (top) and the functions offered to users (left). The selections in the table are what you should select to enable those features for your organization.
Conferencing Dial-In Conferencing Enterprise Voice Call Admission Control
X X
X X X X X
54
5. On the Select collocated server roles page, you can choose between collocating the A/V Conferencing service and the Mediation Server on the Front End Server or to deploy one or both as stand-alone servers. Note: If you did not select Conferencing on the Select features page, Collocate A/V Conferencing service will not be selected and will be unavailable. Conferencing is required to collocate the A/V Conferencing Server on the pool. If you plan to home less than 10,000 users on the pool, and if A/V Conferencing is not a mission critical function for your organization, we recommend collocating the A/V Conferencing service on the pool. If your requirements are greater than the 10,000 users or if you have mission critical requirements for A/V Conferencing, you can deploy standalone A/V Conferencing Servers or a pool of A/V Conferencing Servers associated with this Front End Server. Like the A/V Conferencing service, you can collocate the Mediation Server on the Front End pool. If you intend to collocate the A/V Conferencing service or the Mediation Server on the Enterprise Edition Front End pool, ensure the check boxes are selected. The server roles will be deployed on the pool servers.
55
If you intend to deploy the A/V Conferencing service or the Mediation Server as stand-alone servers, clear the appropriate check box. You will deploy one or both of these servers in a separate deployment step after the Front End Server is completely deployed. Note: We recommend that you collocate the Mediation Server if possible. For details about support for collocated or stand-alone Mediation Servers, see Components and Topologies for Mediation Server in the Planning documentation.
6. The Associate server roles with this Front End pool page allows you to define and associate server roles with the Front End pool. The three roles that are available are: Enable Archiving defines and associates the Archiving Server that collects and stores messages incoming and outgoing from the organization. For example, you must monitor communications for regulatory compliance or quality assurance. Enable Monitoring defines and associates the Monitoring Server that collects information in the form of call detail records (CDRs) and call error records (CERs). In addition, the Monitoring Server collects data on the quality of network media for Enterprise Voice and A/V conferencing.
56
Enable an Edge Server pool defines and associates a single Edge Server or a pool of Edge Servers. An Edge Server facilitates communication and collaboration between users inside the organization and people outside the organization, including federated users. There are two possible scenarios that you can use to deploy and associate the server roles: For scenario one, you are defining a new topology for a new installation. You can approach the installation in one of two ways: Leave all check boxes clear and proceed with defining the topology. After you have published, configured, and tested the Front End and Back End Server roles, you can run Topology Builder again to add the role servers to the topology. This strategy will allow you to test the Front End pool and SQL Server-based server without additional complications from additional roles. After you have completed your initial testing, you can run Topology Builder again to select the roles you need to deploy. Select roles that you need to install, and then set up the hardware to accommodate the selected roles. For scenario two, you have an existing deployment and your infrastructure is ready for new roles or you need to associate existing roles with a new Front End Server: In this case, you will select the roles that you intend to deploy or associate with the new Front End Server. In either case, you will proceed with the definition of the roles, set up any needed hardware, and proceed with the installation.
57
7. On the Define the SQL store page, do one of the following: To use an existing SQL Server store that has already been defined in your topology, select Use a previously defined SQL store. To define a new SQL Server instance to store pool information, select Define a new SQL store, specify the SQL Server FQDN, and then do the following: To specify the name of a SQL Server instance, select Named Instance, and then specify the name of the instance. To use the default instance, click Default instance.
58
8. On the Define the file share page, do one of the following: To use a file share that has already been defined in your topology, select Use a previously defined file share. To define a new file share, select Define a new file share, in the File Server FQDN box, enter the FQDN of the existing file server where the file share is to reside, and then enter a name for the file share in the File Share box. Important: The file share for Lync Server 2010 cannot be located on the Front End Server. Note that in this example, the file share has been located on the SQL Serverbased Back End Server. This might not be an optimal location for your organizations requirements, and a file server might be a better choice. You can define the file share without the file share having been created. You will need to create the file share in the location you define before you publish the topology.
59
9. On the Specify the Web Services URL page, do one or both of the following: Note: The base URL is the Web Services identity for the URL, minus the https://. For example, if the full URL for the Web Services of the pool is https://pool01.contoso.net, the base URL is pool01.contoso.net. a. If you are configuring DNS load balancing, select the Override internal Web Services pool FQDN check box, enter the internal base URL (which must be different from the pool FQDN and could be, for example, internal-<your base URL>) in Internal Base URL. b. Optionally enter the external base URL in External Base URL. You would enter the external base URL to differentiate it from your internal domain naming. For example, your internal domain is contoso.net, but your external domain name is contoso.com. You would define the URL using the contoso.com domain name. This is also important in the case of a reverse proxy. The external base URL domain name would be the same as the domain name of the FQDN of the reverse proxy. Instant messaging and presence does require HTTP access to the Front End pool. Note: To use DNS load balancing, you must create the appropriate DNS records. For
60
10. If you chose to deploy a stand-alone A/V Conferencing Server, Topology Builder will branch out to request information to configure the A/V Conferencing Server. See the topic Define a New A/V Conferencing Server, to complete the definition of the A/V Conferencing Server. 11. On the Specify PSTN gateways page, if you chose the A/V Conferencing option on the Select Features page and then selected Dial-in (PSTN) conferencing, define your planned PSTN gateways, and then click Finish to complete. Important: PSTN gateways need to be configured for Enterprise Voice or for Dial-In Conferencing. You can configure these later, but full functionality will be limited until the PSTN gateways are defined and configured. If you did not select Conferencing, then select Dial-in (PSTN) conferencing on the Select features page. You will not be presented with the page to Specify PSTN gateways.
61
12. To define a New IP/PSTN Gateway, click New next to The following gateways are associated with this mediation server. 13. In the Gateway FQDN or IP Address, type the FQDN or the IP address of the new gateway. 14. Confirm or modify the Listening port for IP/PSTN Gateway. The default is Port 5067. 15. For SIP Transport Protocol, select TCP or TLS, based on what your infrastructure and PSTN gateway requirements are. Note: Not all PSTN gateways support Transport Layer Security (TLS). Check your gateways documentation or contact the vendor to confirm what is supported. Transmission Control Protocol (TCP) is available, but TLS is the default setting, and is recommended for its ability to encrypt the traffic from gateway to Mediation Server.
62
16. Click OK on the New IP/PSTN Gateway dialog box. The PSTN gateway is now listed as associated with the Mediation Server. 17. Follow the preceding steps to associate additional PSTN gateways with the Mediation Server. 18. If you have previously defined PSTN gateways, they will be listed in the The following gateways are not associated with any Mediation Server list. Click Add to associate them with this Mediation Server. Note: You can associate more than one PSTN gateway with a Mediation Server. However, you can associate any given PSTN gateway with only one Mediation Server. 19. Click Next. If you defined other role servers on the Associate server roles with this Front End pool page, separate role configuration wizard pages will open to allow you to configure the server roles. Deploying Archiving Deploying Monitoring Deploying Edge Servers 20. If you did not select additional server roles to configure and deploy, or when you have
63
Define a New A/V Conferencing Server This topic provides guidance on how to define a new A/V Conferencing Server when you have selected a stand-alone A/V Conferencing Server as an option in Topology Builder. This is not guidance for defining an A/V Conferencing Server after you have completed your Topology Builder design. For details, see Define the A/V Conferencing Server in Topology Builder. To define a new A/V Conferencing Server 1. On the Define the new A/V Conferencing Server page in Topology Builder, click New. Important: Ensure that you consider carefully whether to configure a single A/V Conferencing Server or a pool. See the topic Planning for Conferencing for detailed planning guidance. To define a single A/V Conferencing Server 1. On the Define the A/V Conferencing pool FQDN page in Topology Builder, if you are defining a single server pool, click Single computer pool, specify the A/V Conferencing FQDN, and then click Next. 2. On the Define the new A/V Conferencing Server page, click Finish. To define a pool of A/V Conferencing Servers 1. On the Define the A/V Conferencing pool FQDN page Topology Builder, if you are defining a pool of servers, click Multiple computer pool, specify the Pool FQDN, and then click Next. 2. On the Define the computers in this pool page, enter the Computer FQDN for each computer in the pool, and click Add after each entry. 3. On the Define the new A/V Conferencing Server page Topology Builder, click Finish.
Edit or Configure Simple URLs This procedure does not require membership in a local administrator or privileged domain group. You should log on to a computer as a standard user. Microsoft Lync Server 2010 uses simple URLs to direct internal and external calls to services on the Front End Server or on the Director, if one has been deployed. The three simple URLs that can be created are: Meet Connects users to the conferencing services Dialin Provides access for users to use dial-in conferencing
64
Admin Optional URL that connects a user, typically an administrator for the Lync Server 2010 system, to Microsoft Lync Server 2010 Control Panel. There are options to the format that you can define simple URLs. For details about these options, see DNS Requirements for Simple URLs in the Planning documentation. A brief summary of the three simple URL formats discussed are shown for reference here:
Simple URL Examples
Meet Meet Meet Dial-in Dial-in Dial-in Admin Admin Admin Admin
https://meet.contoso.com https://lync.contoso.com/Meet https://lync.contoso.com/contosoSIPdomain/Meet https://dialin.contoso.com https://lync.contoso.com/Dialin https://lync.contoso.com/contosoSIPdomain/Dialin https://admin https://admin.contoso.com https://lync.contoso.com/Admin https://lync.contoso.com/contosoSIPdomain/Admin
By default, simple URLs will be configured in the form of (for example, the dial-in simple URL): https://dialin.<SIP Domain> Warning: Simple URLs can contain only English alphanumeric characters (including AZ, az, 09, and hyphens (-)). Do not use Unicode characters or underscores. Nonstandard characters in an FQDN are often not supported by external DNS and public certification authorities (CAs). To configure simple URLs 1. In Topology Builder, right-click the Lync Server 2010 node, and then click Edit Properties.
65
2. In the Simple URLs pane, select either Phone access URLs: (Dial-in) or Meeting URLs: (Meet) to edit. And then click Edit URL.
66
3. Update the URL to the value you want, and then click OK to save the edited URL. The example shown here has modified the Dial-in URL to https://pool01.contoso.net/dialin.
67
4. Edit the Meet URL by using the same steps, if necessary. To define the optional Admin simple URL 1. In Topology Builder, right-click the Lync Server 2010 node, and then click Edit Properties.
68
2. In the Administrative access URL box, enter the simple URL you want for administrative access to Lync Server 2010 Control Panel, and then click OK. Tip: We recommend using the simplest possible URL for the Admin URL. The simplest option is https://admin.
69
Important: If you change a simple URL after initial deployment, you must be aware of what changes impact your Domain Name System (DNS) records and certificates for simple URLs. If the change impacts the base of a simple URL, then you must change the DNS records and certificates as well. For example, changing from https://lync.contoso.com/Meet to https://meet.contoso.com changes the base URL from lync.contoso.com to meet.contoso.com, so you would need to change the DNS records and certificates to refer to meet.contoso.com. If you changed the simple URL from https://lync.contoso.com/Meet to https://lync.contoso.com/Meetings, the base URL of lync.contoso.com stays the same, so no DNS or certificate changes are needed. Whenever you change a simple URL name, however, you must run the Enable-CsComputer on each Director and Front End Server to register the change. See Also Planning for Simple URLs
70
Edit Federation Route Settings To set a site federation route assignment, you must first have federation enabled on the Edge Server or Edge Server pool. If federation is not enabled on the Edge Server or pool, the federation route assignment settings for the site will not be available for modification. If the federation setting at the Edge Server or pool has been configured, you select Enable at the site level. You then select an Edge or a Director from the drop-down to set as the federation route. To do this, do the following: 1. Select the site to change. 2. Right-click the site name. 3. Click Edit Properties. 4. Select Enable for the federation route. 5. Select the the Edge Server or Edge Server pools in the drop down. Important This global setting will affect all sites. Be sure that the setting that you are configuring at this site is appropriate for all sites. Note that a local definition for the federation route takes precedent over the global setting. If you have multiple sites with Edge Servers or Edge Server pools deployed with the intent purpose of providing service for that site, you can define a SIP federation at the site level. If you prefer to use the Lync Server Management Shell, see the FederationRoute cmdlet parameter in Set-CsSite.
In This Section
Verify the Topology Design Publish the Topology
71
3. In Central Management Server, select the pool that will host the Central Management Server. Click OK. To verify the topology prior to publication 1. Check that all simple URLs are configured correctly. 2. Confirm that the SQL Server-based server is online and available to the computer where Topology Builder is installed, including any necessary firewall rules. 3. Confirm that the file share is available and has the proper permissions defined. 4. Confirm that the correct server roles that meet the deployment requirements are defined in the topology. 5. Verify that the servers exist in Active Directory Domain Services (AD DS). This will happen automatically if you have joined the servers to the domain. When you have verified the topology and there are no validation errors, you should be ready to publish the topology. If there are validation errors, you must correct these before you can publish the topology. For details about publishing your topology, see Publish the Topology.
72
Note: Standard Edition server has a collocated database that will accept the published configuration. You must first run the Prepare first Standard Edition server setup task in the Lync Server Deployment Wizard. If you run Topology Builder on a computer where you plan to later install Lync Server, then you must install the Microsoft SQL Server 2005 backward compatibility components by running the first setup task in the Lync Server Deployment Wizard before you publish the topology. For details, see Install the Local Configuration Store or Install the Standard Edition Local Configuration Store. Note: You do not need the Microsoft SQL Server 2005 backward compatibility components to publish the topology if you run Topology Builder on a dedicated administrative console or if you run Topology Builder on a computer where Lync Server is already installed. (Lync Server setup automatically installs the backward compatibility components along with other component files required by Lync Server.) See Also Publish the Topology Administrative Tools Software Requirements Server and Tools Operating System Support Administrator Rights and Permissions Required for Setup and Administration Delegate Setup Permissions
73
To publish a topology 1. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. 2. Select to open the topology from a local file. If you are on the computer where you defined the topology, this will be in the location where you saved it in earlier steps. Typically, this will be the Documents folder of the user who configured the topology. 3. Right-click the Lync Server 2010 node, and then click Publish Topology.
74
5. On the Create databases page, select the databases you want to publish. Note: If you dont have the appropriate rights to create the databases, you can clear the check boxes next to those databases, and someone with appropriate rights can later create the databases. For details, see Deployment Permissions for SQL Server.
75
6. Optionally click Advanced. The Advanced SQL Server data file placement options allow you to select between the following options: Automatically determine database file location This option will determine the best operational performance based on the disk configuration on your SQL Server-based server by distributing the log and data files to the best location. Use SQL Server instance defaults This option puts log and data files onto the SQL Server-based server by using the instance settings. This option does not use the operational functionality of the SQL Server-based server to determine optimal locations for logs and data. The SQL Server administrator would typically move the log and data files to locations that are appropriate for the SQL Server-based server and organization management procedures. Click OK, and then click Next.
76
7. On the Select Central Management Server page, select a Front End pool.
77
8. Optionally click Advanced. The Advanced SQL Server data file placement options allow you to select between the following options: Automatically determine database file location This option will determine the best operational performance based on the disk configuration on your SQL Server-based server by distributing the log and data files to the best location. Use SQL Server instance defaults This option puts log and data files onto the SQL Server-based server by using the instance settings. This option does not use the operational functionality of the SQL Server-based server to determine optimal locations for logs and data. The SQL Server administrator would typically move the log and data files to locations that are appropriate for the SQL Server-based server and organization management procedures. Click OK.
78
79
10. When the publish process has completed, click Finish. When the topology has been published successfully, you can begin installing a local replica of the Central Management store on each server running Lync Server 2010 in your topology. We recommend that you begin with the first Front End pool. See Also Setting Up Front End Servers and Front End Pools Setting Up Standard Edition Server
80
Note: Before you can set up server roles, you must have successfully published a topology. For details about publishing a topology, see Finalizing and Implementing the Topology Design.
In This Section
Install the Local Configuration Store Install Front End Servers Delegate Setup Permissions Configure Certificates for Front End Servers Start Services on Front End Servers Test the Pool Deployment
81
click Run. 7. On the Local Server Configuration page, ensure that the Retrieve configuration automatically from the Central Management Store option is selected, and then click Next. 8. When the local server configuration installation is complete, click Finish.
82
RTCUniversalServerAdmins group to run the Enable-CsTopology Windows PowerShell cmdlet on servers running Lync Server 2010. By default, members of the RTCUniversalServerAdmins group do not have the ability to run this cmdlet. You grant permissions to run EnableCsTopology on servers running Lync Server by using the Grant-CsSetupPermission cmdlet and specifying an organizational unit (OU) where computer objects for the server running Lync Server are located. Note: Enable-CsTopology is the key cmdlet to allow the RTCUniversalServerAdmins group members to set up and deploy Lync Server. To add the ability to run Enable-CsTopology to the RTCUniversalServerAdmins group 1. Log on to a server as a member of the Domain Admins group for the domain on which the delegated user will run Enable-CsTopology. 2. Open the Lync Server Management Shell. The Lync Server Management Shell is automatically installed on each Front End Server or any computer where the Lync Server 2010 administrative tools have been installed. For details about the Lync Server Management Shell, see Lync Server Management Shell in the Operations documentation. 3. Run the following cmdlet from the Lync Server Management Shell: Grant-CsSetupPermission ComputerOU <DN of the OU> -Domain <Domain FQDN> In the following example, the OU is Lync Servers, which is in the contoso.com domain. Grant-CsSetupPermission ComputerOU OU=Lync Servers Domain contoso.com
83
Note: Lync Server 2010 includes support for SHA-256 certificates for connections from clients running the Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows 7 operating systems, in addition to Lync 2010 Phone Edition. To support external access using SHA-256, the external certificate is issued by a public CA using SHA-256. Each Front End Server requires up to three certificates, a default certificate, a web internal certificate, and a web external certificate. However, it is possible to request and assign a single default certificate with appropriate subject alternative name entries. For details about the certificate requirements, see Certificate Requirements for Internal Servers. Use the following procedure to request, assign, and install the Front End Server certificates. Repeat the procedure for each Front End Server. Note: In the default configuration process, there is only one certificate requested. The certificate that is received is then assigned to the Front End Server. The certificate will be assigned to Front End Server roles, and also to the web services hosted on the Front End Server.
Important: The following procedure describes how to configure certificates from an internal enterprise PKI deployed by your organization and with offline request processing. For information about obtaining certificates from a public CA, see Certificate Requirements for Internal Servers in the Planning documentation. Also, this procedure describes how to request, assign, and install certificates during set up of the Front End Server. If you requested certificates in advance, as described in the Request Certificates in Advance (Optional) section of this Deployment documentation, or you do not use an internal enterprise PKI deployed in your organization to obtain certificates, you must modify this procedure as appropriate. To configure certificates for a Front End Server 1. In the Lync Server Deployment Wizard, click Run next to Step 3: Request, Install or Assign Certificates.
84
3. On the Certificate Request page, click Next. 4. On the Delayed or Immediate Requests page, you can accept the default Send the request immediately to an online certification authority option by clicking Next. The
85
internal CA with automatic online enrollment must be available if you select this option. If you choose the option to delay the request, you will be prompted for a name and location to save the certificate request file. The certificate request must be presented and processed by a CA either inside your organization, or by a public CA. You will then need to import the certificate response and assign it to the proper certificate role.
5. On the Choose a certificate Authority (CA) page, select the Select a CA from the list detected in your environment option, and then select a known (through registration in Active Directory Domain Services (AD DS)) CA from the list. Or, select the Specify another certification authority option, enter the name of another CA in the box, and then click Next.
86
6. On the Certificate Authority Account page, you are prompted for credentials to request and process the certificate request at the CA. You should have determined if a user name and password is necessary to request a certificate in advance. Your CA administrator will have the required information and may have to assist you in this step. If you need to supply alternate credentials, select the check box, provide a user name and password in the text boxes, and then click Next.
87
7. On the Specify Alternate Certificate Template page, to use the default Web Server template, click Next. Note: If your organization has created a template for use as an alternative for the default Web server CA template, select the check box, and then enter the name of the alternate template. You will need the template name as defined by the CA administrator.
88
8. On the Name and Security Settings page, specify a Friendly Name that should allow you to identify the certificate and purpose. If you leave it blank, a name will be generated automatically. Set the Bit length of the key, or accept the default of 2048 bits. Select the Mark the certificates private key as exportable if you determine that the certificate and private key needs to be moved or copied to other systems, and then click Next. Note: Lync Server 2010 has minimal requirements for an exportable private key. One such place is on the Edge Servers in a pool, where the Media Relay Authentication Service uses copies of the certificate, rather than individual certificates for each instance in the pool.
89
9. On the Organization Information page, optionally provide organization information, and then click Next. 10. On the Geographical Information page, optionally provide geographical information, and then click Next. 11. On the Subject Name / Subject Alternate Names page, review the subject alternative names that will be added, and then click Next.
90
12. On the SIP Domain setting page, select the SIP Domain, and then click Next.
91
13. On the Configure Additional Subject Alternate Names page, add any additional required subject alternative names, including any that might be required for additional SIP domains in the future, and then click Next.
92
14. On the Certificate Request Summary page, review the information in the summary. If the information is correct, click Next. If you need to correct or modify a setting, click Back to the proper page to make the correction or modification.
93
94
16. On the Online Certificate Request Status page, review the information returned. You should note that the certificate was issued and installed into the local certificate store. If it is reported as having been issued and installed, but is not valid, ensure that the CA root certificate has been installed in the servers Trusted Root CA store. Refer to your CA documentation on how to retrieve a Trusted Root CA certificate. If you need to view the retrieved certificate, click View Certificate Details. By default, the check box for Assign the certificate to Lync Server certificate usages is checked. If you want to manually assign the certificate, clear the check box, and then click Finish.
95
17. If you cleared the check box for Assign the certificate to Lync Server certificate usages on the previous page, you will be presented with the Certificate Assignment page. Click Next.
96
18. On the Certificate Store page, select the certificate that you requested. If you want to view the certificate, click View Certificate Details, and then click Next to continue. Note: If the Online Certificate Request Status page reported an issue with the certificate, such as the certificate not being valid, viewing the actual certificate can assist in resolving the issue. Two specific issues that can cause a certificate to not be valid is the previously mentioned missing Trusted Root CA certificate, and a missing private key that is associated with the certificate. Refer to your CA documentation to resolve these two issues.
97
19. On the Certificate Assignment Summary page, review the information presented to ensure that this is the certificate that should be assigned, and then click Next.
98
20. On the Executing Commands page, review the output of the command. Click View Log if you want to review the assignment process or if there was an error or warning issued. When you are finished with your review, click Finish.
99
21. On the Certificate Wizard page, verify that the Status of the certificate is Assigned, and then click Close.
100
To test the pool deployment 1. Use Active Directory Computers and Users to add the Active Directory user object of the administrator role for the Microsoft Lync Server 2010 deployment (on which Lync Server 2010 Control Panel is installed) to the CSAdministrator group. Important: If you do not add the appropriate users and groups to the CsAdministors group, you will receive an error when opening Lync Server Control Panel, which states that Unauthorized: Access is denied due to a role-based access control (RBAC) authorization failure. 2. If the user object is currently logged on, log off and then log on again to register the new group assignment.
101
Note: The user account cannot be the local administrator of any server running Lync Server 2010. 3. Use the administrative account to log on to the computer where Lync Server Control Panel is installed. 4. Start Lync Server Control Panel, and then provide credentials, if prompted. Lync Server Control Panel displays deployment information. 5. In the left navigation bar, click Topology, and then confirm that the service status shows a computer with a green arrow and that a green check mark for replication status is next to each Lync Server server role that has been deployed and brought online.
6. In the left navigation bar, click Users, and then click Enable users.
7. On the New Lync Server User page, click Add. 8. To define search parameters for the objects you want to find, on the Select from Active Directory page, you can select Search, and then optionally click Add Filter. You can also select LDAP search and enter an LDAP expression to filter or limit the objects that will be returned. After you have decided on your Search options, clink Find. 9. In the Search results pane, select all the objects for this search session, and then 102
In This Section
Prerequisites for Enabling Kerberos Authentication Create a Kerberos Authentication Account Assign a Kerberos Authentication Account to a Site Setting Up Kerberos Authentication Account Passwords Add Kerberos Authentication to Other Sites Remove Kerberos Authentication from a Site Testing and Reporting the Status and Assignment of Kerberos Authentication
Servers and roles that require Web Services have been defined and deployed, including Front End Servers, Standard Edition servers, and Directors. Internet Information Services (IIS) is configured and deployed with the recommended role services to support Web Services in Lync Server 2010. After the prerequisites have been met, you should be ready to create one or more accounts for Web Services to use for Kerberos authentication for your deployment. At a minimum, you need to
103
create one Kerberos authentication account for each deployment. However, you can create an account for each site to provide local Kerberos authentication at the site. You can only specify one Kerberos authentication account per site.
104
feature installed. 2. As a member of the Domain Admins group, log on to a computer in the domain running Lync Server 2010 or on to a computer where the administrative tools are installed. 3. Click Start, click Administrative Tools, run Active Directory User and Computers. 4. In Active Directory Users and Computers, create the user account in the appropriate organizational unit (OU) or the Users container. 5. To access the Security tab of the user account, in Active Directory User and Computers, click View, then click Advanced Features. Advanced Features should now have a check mark to indicate that it is selected. 6. In the organizational unit or Users container, right-click the user account that you created, and select Properties. Select the Security tab. On the Security tab, click Advanced. 7. On the Advanced Security Settings tab for the selected user account, click Add. On the Select User, Computer Service Account, or Group dialog, type RTCUniversalServerAdmins in Enter the object name to select. Click Check Names. If successful, click OK. 8. Select the Object tab on the Permission Entry dialog of the user account. Click the dropdown Apply to and select This object only. 9. In the Permissions selection pane, select the following permissions:
Permission Allow or Deny Inheritance Apply to
This object only This object only This object only This object only
10. Click OK three times to close out of the dialogs. Close and exit Active Directory Users and Computers. 11. Click Start, click Administrative Tools, run ADSI Edit. 12. Right-click ADSI Edit, select Connect To, and select Select a well known Naming Context. Select Default naming context from the list. Click OK. 13. In the organizational unit or container where the user object is located, right-click the user object and select Properties. 14. On the Attribute Editor tab, locate the attribute userAccountControl, then click Edit. 15. The Integer Attribute Editor displays the integer value of the userAccountControl. Change the value to 69664. The integer value shown sets the flags for PASSWD_NOTREQD, WORKSTATION_TRUST_ACCOUNT, and
105
DONT_EXPIRE_PASSWD. 16. Click OK to commit the change to the attribute. Close ADSI Edit.
106
Set a Kerberos Authentication Account Password on a Server To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group. You must set up a password on the Kerberos account for each site that has Front End Servers, Standard Edition servers, and Directors. You can set up the password by running the SetCsKerberosAccountPassword Windows PowerShell cmdlet on one server in the site (for example, one Front End Server). For each site, you must run the SetCsKerberosAccountPassword cmdlet. The cmdlet configures Internet Information Services (IIS) for the Web Services service, and then sets the password on the computer account in Active Directory Domain Services (AD DS). An alternate method, based on which parameter is used with the cmdlet, configures IIS on one server while using another server that has been configured as the source of the Kerberos account password. When you use the Set-CsKerberosAccountPassword cmdlet to set a password, Kerberos sets the password to a randomly generated string. This cmdlet contacts all IIS instances in all Lync Server 2010 central sites to which this account is assigned. To set a password for a Kerberos authentication account 1. Log on to any domain computer with Lync Server Management Shell installed as a member of the RTCUniversalServerAdmins group. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. From the command line, run the following two commands: Set-CsKerberosAccountPassword UserAccount Domain\UserAccount For example: Set-CsKerberosAccountPassword UserAccount contoso\KerbAuth
107
Note: You must specify the UserAccount parameter by using the Domain\User format. The User@Domain.extension format is not supported for referencing the computer objects created for Kerberos authentication purposes. Important: After making any changes to Kerberos authentication, such as adding an account or removing an account, you must run Enable-CsTopology from the Lync Server Management Shell command prompt.
Synchronize a Kerberos Authentication Account Password to IIS To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group. In a site, Front End Servers, Standard Edition servers, and Directors can use a Kerberos authentication account for purposes of authenticating requests to the Web Services service. This procedure locates each server running Web Services in a site that has been assigned a Kerberos account and updates the Internet Information Services (IIS) configuration settings to use the Kerberos account. For details, see Set a Kerberos Authentication Account Password on a Server. To set and configure a Kerberos authentication account password 1. Log on to a source computer (such as fe01.contoso.com) as a member of RTCUniversalServerAdmins group. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. From the Lync Server Management Shell command line, run the following two commands: Set-CsKerberosAccountPassword FromComputer SourceComputer ToComputer DestinationComputer For example: Set-CsKerberosAccountPassword FromComputer fe01.contoso.com ToComputer dir01.contoso.com Important: The name of the source computer and destination computer must be a fully qualified domain (FQDN) name of the server. You cannot use the pool FQDN unless the pool name is the same as the name of the computer that you are using as a source computer or destination computer. Important: After making any changes to Kerberos authentication, such as adding an account or removing an account, you must run Enable-CsTopology from the Lync Server Management Shell command prompt.
108
109
Test and Report Functional Readiness for Kerberos Authenticaion To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group. You can use the Test-CsKerberosAccountAssignment Windows PowerShell cmdlet to test and report the functional readiness of a site assignment for Kerberos authentication. This command queries the site specified in the required Identity parameter. The optional Report parameter causes the cmdlet to write an HTML report to C:\Logs on the computer on which the command is run. The optional Verbose parameter reports activity information to the screen. To test and report functional readiness for Kerberos authentication for a site 1. As a member of the RTCUniversalServerAdmins group, log on to a computer in the domain running Lync Server 2010 or on to the computer where the administrative tools are installed. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. From the command line, run the following command: Test-CsKerberosAccountAssignment Identity site:SiteName Report c:\logs\FileName.htm -Verbose For example: Test-CsKerberosAccountAssignment Identity site:Redmond Report c:\logs\KerberosReport.htm -Verbose
Report Kerberos Account Assignments To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group. You can use the Get-CsKerberosAccountAssignment cmdlet to query information about the Kerberos authentication account assignments and report information about the current assignments in your deployment.
110
To query Kerberos authentication account assignments for a site 1. As a member of the RTCUniversalServerAdmins group, log on to a computer in the domain running Lync Server 2010 or on to a computer where the administrative tools are installed. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. From the command line, run one of the following commands: To query all Kerberos authentication account assignments in your organization and return assignment information about each of them, run the cmdlet without any parameters: Get-CsKerberosAccountAssignment To query all Kerberos authentication account assignments in your deployment and return site assignment information about each of them, run the cmdlet with the Identity parameter: Get-CsKerberosAccountAssignment Identity site:SiteName For example: Get-CsKerberosAccountAssignment Identity site:Redmond To query all Kerberos authentication account assignments in a single site and return assignment information about each of them, run the cmdlet with the Filter parameter: Get-CsKerberosAccountAssignment Filter SiteName For example: Get-CsKerberosAccountAssignment Filter *Redmond Note: Specifying *SiteName for the Filter parameter returns information about all sites that contain the specified site name anywhere in the site identifier (for example, all sites that contain the string Redmond in the site identifier).
111
In This Section
Define the Director Deploying a Stand-alone A/V Conferencing Server Deploying Edge Servers Deploying Enterprise Voice Configuring Dial-in Conferencing Configuring Call Park Deploying Monitoring Deploying Archiving Configuring Response Group
Additionally, for details about the deployment of your client software and devices that can be used with Lync Server 2010, see Deploying Clients and Devices.
In This Section
Define the A/V Conferencing Server in Topology Builder Publish the Topology Install the Local Configuration Store Install Lync Server 2010 on the A/V Conferencing Server Configure Certificates for Stand-alone A/V Conferencing Servers Start Services on the A/V Conferencing Server
112
about hardware requirements, see Server Hardware Platforms. For details about software prerequisites and requirements, see Additional Software Requirements. You cannot convert an A/V Conferencing single computer pool to a multiple computer pool. If you later decide that your organization needs a pool with multiple computers, you must delete the single computer pool, and then add the multiple computer pool. If you plan to implement an A/V Conferencing multiple computer pool in the future, select Multiple computer pool. Even though a pool is defined as two or more computers that are load balanced, you can create a single computer pool and create a pool fully qualified domain name (FQDN) for the single computer. When you are ready to add more computers to the pool later, you must rerun Topology Builder to define the new pool member, publish the new topology, and then set up the new A/V Conferencing pool member through the Lync Server Deployment Wizard. A/V Conferencing Server pools are unique in that they do not need load balancers to create a pool. A/V Conferencing pools load balance internally and do not need additional hardware. To define a stand-alone A/V Conferencing Server with a single computer pool 1. Log on to the computer where Topology Builder is installed. 2. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. 3. On the Welcome page, click Download Topology from existing deployment, and then click OK. 4. In the Save Topology As dialog box, choose a location, give the file an appropriate name, accept the default extension of .tbxml, and then click Save. 5. Expand the Server Role tree view, right-click A/V Conferencing pools, and then click New A/V Conferencing Pool.
6. On the Define the A/V Conferencing pool FQDN page, select Single computer pool, enter the FQDN, and then click Next. 7. On the Associate Front End pools page, select the Front End pool that you want to associate with the new A/V Conferencing Server, and then click Finish.
113
To define a stand-alone A/V Conferencing Server with a multiple computer pool 1. Log on to the computer where Topology Builder is installed. 2. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. 3. On the Welcome page, click Download Topology from existing deployment, and then click OK. 4. In the Save Topology As dialog box, choose a location, give the file an appropriate name, accept the default extension of .tbxml, and then click Save. 5. Expand the Server Role tree view, right-click A/V Conferencing pools, and then click New A/V Conferencing Pool. 6. On the Define the A/V Conferencing pool FQDN page, select Multiple computer pool, enter the Pool FQDN, and then click Next. 7. On the Define the computers in this pool page, enter the FQDN of a computer to add to the pool, and then click Add. Perform this step for each computer you want to add to the pool, and then click Next. 8. On the Associate Front End pools page, select the Front End pool that you want to associate with the new A/V Conferencing Server, and then click Finish.
114
Server 2010 deployment. It also validates the data to ensure configuration consistency. All changes to this configuration data happen at the Central Management store, eliminating out-ofsync issues. Read-only copies of the data are replicated to all servers in the topology, including Edge Servers. Note: For Enterprise Edition only: In order to publish the topology, the SQL Server-based Back End Server must be online and accessible with firewall exceptions in place. For details about specifying firewall exceptions, see Understanding Firewall Requirements for SQL Server. For details about configuring SQL Server, see Configure SQL Server for Lync Server 2010. To publish a topology 1. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. 2. Select to open the topology from a local file. If you are on the computer where you defined the topology, this will be in the location where you saved it in earlier steps. Typically, this will be the Documents folder of the user who configured the topology. 3. Right-click the Lync Server 2010 node, and then click Publish Topology.
115
5. On the Create databases page, select the databases you want to publish. Note: If you dont have the appropriate rights to create the databases, you can clear the check boxes next to those databases, and someone with appropriate rights can later create the databases. For details, see Deployment Permissions for SQL Server.
116
6. Optionally click Advanced. The Advanced SQL Server data file placement options allow you to select between the following options: Automatically determine database file location This option will determine the best operational performance based on the disk configuration on your SQL Server-based server by distributing the log and data files to the best location. Use SQL Server instance defaults This option puts log and data files onto the SQL Server-based server by using the instance settings. This option does not use the operational functionality of the SQL Server-based server to determine optimal locations for logs and data. The SQL Server administrator would typically move the log and data files to locations that are appropriate for the SQL Server-based server and organization management procedures. Click OK, and then click Next.
117
7. On the Select Central Management Server page, select a Front End pool.
118
8. Optionally click Advanced. The Advanced SQL Server data file placement options allow you to select between the following options: Automatically determine database file location This option will determine the best operational performance based on the disk configuration on your SQL Server-based server by distributing the log and data files to the best location. Use SQL Server instance defaults This option puts log and data files onto the SQL Server-based server by using the instance settings. This option does not use the operational functionality of the SQL Server-based server to determine optimal locations for logs and data. The SQL Server administrator would typically move the log and data files to locations that are appropriate for the SQL Server-based server and organization management procedures. Click OK.
119
120
10. When the publish process has completed, click Finish. When the topology has been published successfully, you can begin installing a local replica of the Central Management store on each server running Lync Server 2010 in your topology. We recommend that you begin with the first Front End pool. See Also Setting Up Front End Servers and Front End Pools Setting Up Standard Edition Server
121
Important: If this is the first time that you have run Microsoft Lync Server 2010 setup on this server, you will be prompted for a drive and path to install Lync Server 2010. If your organization requires that you locate Internet Information Services (IIS) and all Web Services on a drive other than the system drive, you can change the installation location path for the Lync Server files in the Setup dialog box. If you install the Setup files to this path, including OCSCore.msi, the rest of the Lync Server 2010 files will be deployed to this drive as well. To install the Local Configuration store 1. From the installation media, browse to \setup\amd64\Setup.exe, and then click OK. 2. If you are prompted to install the Microsoft Visual C++ 2008 distributable, click Yes. 3. On the Lync Server 2010 Installation Location page, click OK. 4. On the End User License Agreement page, review the license terms, select I accept the terms in the license agreement, and then click OK. This step is required before you can continue. 5. On the Deployment Wizard page, click Install or Update Lync Server System. 6. On the Lync Server 2010 page, next to Step1: Install Local Configuration Store, click Run. 7. On the Local Server Configuration page, ensure that the Retrieve configuration automatically from the Central Management Store option is selected, and then click Next. 8. When the local server configuration installation is complete, click Finish.
122
123
10. In the Key bit length list, click the key bit length, and then click Next. 11. On the Organization Information page, optionally specify organization information, and then click Next. 12. On the Geographical Information page, optionally specify geographical information, and then click Next. 13. On the Subject Name / Subject Alternative Names page, review the subject name and subject alternative names to ensure that you have the proper server fully qualified domain names (FQDNs) listed, and then click Next. Note: There are no required entries for A/V Conferencing Servers. 14. On the SIP Domain setting page, select Configured SIP Domains for all SIP domains in your deployment, and then click Next. 15. On the Configure Additional Subject Alternative Names page, add any additional required subject alternative names, and then click Next. 16. On the Certificate Request Summary page, click Next. 17. On the Executing Commands page, click Next. 18. On the Online Certificate Request Status page, click Finish. 19. On the Certificate Assignment page, click Next. 20. On the Certificate Assignment Summary page, click Next. 21. On the Executing Commands page, click Finish. 22. On the Certificate Wizard page, click Close.
124
server. 4. On the Executing Commands page, after all services have started successfully, click Finish. Important: The command to start the services on the server is a best effort method to report that the services have in fact started. It might not reflect the actual state of the service. We recommend that you use the optional step in the Deployment Wizard following Step 4 to open the Microsoft Management Console (MMC) and confirm that the services have started successfully. If any Lync Server service has not started, you can right-click that service in the MMC, and then select Start.
In This Section
Dial-in Conferencing Configuration Prerequisites and Permissions Deployment Process for Dial-In Conferencing Configure Dial Plans for Dial-in Conferencing Ensure Dial Plans Have Assigned Regions (Optional) Verify PIN Policy Settings Configure Conferencing Policy for Dial-in Configure Dial-in Conferencing Access Numbers (Optional) Verify Dial-in Conferencing Settings (Optional) Modify Key Mapping for DTMF Commands (Optional) Enable and Disable Conference Join and Leave Announcements (Optional) Verify Dial-in Conferencing Deploy the Online Meeting Add-in for Microsoft Lync 2010 Configure User Account Settings (Optional) Welcome Users to Dial-in Conferencing
Related Sections
Deploying Lync Server 2010 Enterprise Edition Deploying Lync Server 2010 Enterprise Edition
125
You deploy these components when you use the Lync Server 2010, Planning Tool and Topology Builder to define and publish your topology and then deploy a Front End pool or a Standard Edition server. If you are deploying Enterprise Voice, you should deploy it before you configure dial-in conferencing. If you are not deploying Enterprise Voice, you can deploy a Mediation Server and a public switched telephone network (PSTN) gateway when you deploy your Front End pool or Standard Edition server. Note: If you are upgrading from Office Communications Server 2007 R2 to Lync Server 2010, deploy dial-in conferencing in every pool that you plan to use to host Lync Server 2010 conferences. For details about migrating dial-in conferencing, see Migration from Office Communications Server 2007 R2 to Lync Server 2010. This section assumes that you have done the following: Applied at least Cumulative Update 5 (CU5) to your Office Communications Server 2007 R2 environment, if you are migrating to Lync Server 2010. For the most up-to-date information about Office Communications Server 2007 R2 updates, see "Updates Resource Center for Office Communications Server 2007 R2 and Clients" at http://go.microsoft.com/fwlink/?LinkId=199488. Used the Planning Tool and Topology Builder to design and configure your topology. While specifying the Conferencing workload, you selected the dial-in conferencing option. For details about defining your topology, see Defining the Topology in Topology Builder in the Deployment documentation. Published your topology, and set up the Front End pool or Standard Edition server. For details about publishing the topology and installing Lync Server 2010, see Deploying Lync Server 2010 Enterprise Edition in the Deployment documentation.
126
Note: When you install your published topology, the Dial-in Conferencing Settings webpage is installed on the Front End Server or Standard Edition server as part of Web Services. Important: If you change the path for the File Store in Topology Builder after you deploy Lync Server 2010, you need to restart the Conferencing Attendant and Conferencing Announcement applications to use the new path. Deployed Enterprise Voice. If you are not deploying Enterprise Voice, you either collocated a Mediation Server on the Enterprise Edition Front End Server or the Standard Edition server, or you deployed a stand-alone Mediation Server, and you deployed a PSTN gateway. For details about deploying Enterprise Voice, see Deploying Enterprise Voice in the Deployment documentation. For details about installing a stand-alone Mediation Server and PSTN gateway, see Deploying Mediation Servers and Defining Peers in the Deployment documentation. The following flowchart shows the steps that you must perform before you can configure dial-in conferencing and the steps that you perform to configure dial-in conferencing.
127
128
You use these administrative tools to configure dial-in conferencing settings, and the dial plans, policies, and other settings that dial-in conferencing requires. Configuring dial-in conferencing requires any of the following administrative roles, depending on the task: CsVoiceAdministrator This administrator role can create, configure, and manage voice-related settings and policies. CsUserAdministrator This administrator role can enable and disable users for Lync Server and assign existing policies, such as conferencing policies and PIN policies, to users. CsAdministrator This administrator role can perform all of the tasks of CsVoiceAdministrator and CsUserAdministrator. See Also Dial-In Conferencing in Lync Server 2010 Deploying Lync Server 2010 Enterprise Edition Deploying Enterprise Voice
1. Run the Planning Tool to configure your topology, and export the topology into Topology Builder.
Deploying
129
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Phase Steps Permissions Deployment documentatio n
the Conferencin g workload, including a Mediation Server and PSTN gateway, and deploy the Front End pool or Standard Edition server.
While configuring the topology, select the dial-in conferencing option. 2. Publish the topology and deploy the Front End pool or Standard Edition server. 3. If necessary, create a standalone Mediation Server and associate it with a PSTN gateway. Note: This step is required only if you do not deploy Enterprise Voice and do not collocate the Mediation Server with the Enterprise Edition Front End Server or Standard Edition server. If you deploy Enterprise Voice, you install and configure Mediation Servers and PSTN gateways as part of the Enterprise Voice deployment. If you collocate the Mediation Server, you install and configure the Mediation Server as part of the Front End pool or Standard Edition server deployment. A dial plan is a set of phone number normalization rules that translate phone numbers dialed from a specific location to a single standard (E.164) format for purposes of phone authorization and call routing. The same phone number dialed from different locations can, based on the respective dial plans, resolve to different E.164 numbers, as appropriate to each location. If you deploy Enterprise Voice, you set up dial plans as part of
Administrator
Lync Server 2010 To create a standalone Mediation Server pool: Deploying Mediation Servers and Defining Peers
130
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Phase Steps Permissions Deployment documentatio n
that deployment, and you need to ensure that the dial plans also accommodate dial-in conferencing. If you do not deploy Enterprise Voice, you need to set up dial plans for dial-in conferencing. Use the Microsoft Lync Server 2010 Control Panel or Lync Server Management Shell to set up dial plans as follows: 1. Create one or more dial plans for routing dial-in access phone numbers. 2. Assign a default dial plan to each pool. Set the Dial-in conferencing region to the geographic location to which the dial plan applies. The region associates the dial plan with dial-in access numbers. Ensure that dial plans are assigned regions (Optional) Verify or modify user personal identification number (PIN) requirement s. Configure conferencin g policy to support dialRun the Get-CsDialPlan and SetCsDialPlan cmdlets to ensure that all dial plans have a region assigned. RTCUniversalServerAd mins CsVoiceAdministrator CsServerAdministrator CsAdministrator Use Lync Server 2010 Control Panel or Lync Server Management Shell to view or modify the Conferencing PIN Policy. You can specify minimum PIN length, maximum number of logon attempts, PIN expiration, and whether common patterns are allowable. RTCUniversalServerAd mins CsServerAdministrator CsAdministrator (Optional) Verify PIN Policy Settings Ensure Dial Plans Have Assigned Regions
Use Lync Server 2010 Control Panel or RTCUniversalServerAd Lync Server Management Shell to mins configure Conferencing Policy settings. CsServerAdministrator Specify whether: CsAdministrator
131
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Phase Steps Permissions Deployment documentatio n
in conferencin g.
PSTN conference dial-in is enabled. Users can invite anonymous participants. Unauthenticated users can join a conference by using dial-out phoning. With dial-out phoning, the conference server calls the user, and the user answers the phone to join the conference.
Use Lync Server 2010 Control Panel or Lync Server Management Shell to set up dial-in access numbers that users call to dial in to a conference, and specify the regions that associate the access number with the appropriate dial plans. The first three access numbers for the region specified by the organizer's dial plan are included in the conference invitation. All access numbers are available on the Dial-in Conferencing Settings webpage. Note: After you create dial-in access numbers, you can use the SetCsDialInConferencingAccess Number cmdlet to modify the display name of the Active Directory contact objects so that users can more easily identify the correct access number.
Use the GetCsDialinConferencingAccessNumber cmdlet to search for dial plans that have a dial-in conferencing region that is not used by any access number and for access numbers that have no region assigned.
132
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Phase Steps Permissions Deployment documentatio n
Use the SetCsDialinConferencingDtmfConfigurati on cmdlet to modify the keys used for dual-tone multifrequency (DTMF) commands, which participants can use to control conference settings (such as mute and unmute or lock and unlock).
(Optional) Modify conference join and leave announcem ent behavior (Optional) Verify dial-in conferencin g Deploy Online Meeting Add-in for Microsoft Lync 2010 Configure user account settings (Optional) Welcome users to dial-in conferencin g and set the initial
Use the SetRTCUniversalServerAd CsDialinConferencingConfiguration to mins change how announcements work when CsServerAdministrator participants join and leave conferences. CsAdministrator
(Optional) Enable and Disable Conference Join and Leave Announceme nts (Optional) Verify Dial-in Conferencing
Use the Test-CsDialInConferencing cmdlet to test that the access numbers for the specified pool work correctly.
Deploy the Online Meeting Add-in for Microsoft Lync 2010 so that users can schedule conferences that support dialin conferencing. The Online Meeting Add-in for Microsoft Lync 2010 is installed automatically when you install Microsoft Lync 2010 Use Lync Server 2010 Control Panel or Lync Server Management Shell to configure the telephony Line URI as a unique, normalized phone number (for example, tel:+14255550200). Use the SetCsPinSendCAWelcomeMail script to set users' initial PINs and send a welcome email that contains the initial PIN and a link to the Dial-in Conferencing Settings webpage.
Administrators
Deploy the Online Meeting Addin for Microsoft Lync 2010 Configure User Account Settings
133
Microsoft Lync Server 2010 Enterprise Edition Deployment Guide Phase Steps Permissions Deployment documentatio n
PIN
In This Section
Create a Dial Plan Modify a Dial Plan Defining Normalization Rules
134
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Dial Plan. 4. On the Dial Plan page, click New and select a scope for the dial plan: Site dial plan applies to an entire site, except any users or groups that are assigned to a user dial plan. If you select Site for a dial plans scope, you must choose the site from the Select a Site dialog box. If a dial plan has already been created for a site, the site does not appear in the Select a Site dialog box. Pool dial plan can apply to a public switched telephone network (PSTN) gateway or a Registrar. If you select Pool for a dial plans scope, choose the PSTN gateway or Registrar from the Select a Service dialog box. If a dial plan has already been created for a service (PSTN gateway or Registrar), the service does not appear in the list. User dial plan can be applied to specified users or groups.
Note: After you select the dial plan scope, it cannot be changed. 5. If you are creating a user dial plan, enter a descriptive name in the Name field on the New Dial Plan dialog box. After this name is saved, it cannot be changed. Notes: For site dial plans, the Name field is prepopulated with the site name and cannot be changed. For pool dial plans, the Name field is prepopulated with the PSTN gateway or Registrar name and cannot be changed. 6. The Simple name field is prepopulated with the same name that appears in the Name field. You can optionally edit this field to specify a more descriptive name that reflects the site, service, or user to which the dial plan applies. Important The Simple name must be unique among all dial plans within the Lync Server deployment. It cannot exceed 256 Unicode characters, each of which can be an alphabetic or numeric character, a hyphen (-), a period (.), a plus sign (+), or an underscore (_). Spaces are not allowed in the Simple name. 7. (Optional) In the Description field, you can type additional descriptive information about the dial plan. 8. (Optional) If you want to use this dial plan as a region for dial-in access numbers, specify a Dial-in conferencing region. If you do not want to use this dial plan for dial-in access numbers, leave this field empty. Note: Dial-in conferencing regions are required to associate dial-in conferencing access numbers with one or more dial plans.
135
9. (Optional) In the External access prefix field, specify a value only if users need to dial one or more additional leading digits (for example, 9) to get an external line. You can type in a prefix value of up to four characters (#, *, and 0-9). Note: If you specify an external access prefix, you do not need to create a new normalization rule to accommodate the prefix. 10. Associate and configure normalization rules for the dial plan as follows: To choose one or more rules from a list of all normalization rules available in your Enterprise Voice deployment, click Select. In Select Normalization Rules, highlight the rules you want to associate with the dial plan and then click OK. To define a new normalization rule and associate it with the dial plan, click New. For details about defining a new rule, see Defining Normalization Rules. To edit a normalization rule that is already associated with the dial plan, highlight the rule name and click Show details. For details about editing the rule, see Defining Normalization Rules. To copy an existing normalization rule to use as a starting point for defining a new rule, highlight the rule name and click Copy, and then click Paste. For details about editing the copy, see Defining Normalization Rules. To remove a normalization rule from the dial plan, highlight the rule name and click Remove. Note: Each dial plan must have at least one associated normalization rule. For information about how to determine all of the normalization rules a dial plan requires, see Dial Plans and Normalization Rules in the Planning documentation. 11. Verify that the dial plans normalization rules are arranged in the correct order. To change a rules position in the list, highlight the rule name and then click the up or down arrow. Important Lync Server traverses the normalization rule list from the top down and uses the first rule that matches the dialed number. If you configure a dial plan so that a dialed number can match more than one normalization rule, make sure the more restrictive rules are sorted above the less restrictive ones. The default Prefix All normalization rule ^(\d{11})$ matches any 11-digit number. For example, if you add a normalization rule that matches 11-digit numbers that start with 1425, make sure that Prefix All is sorted below the more restrictive ^(1425\d{7})$ rule. 12. (Optional) Enter a number to test the dial plan and then click Go. The test results are displayed under Enter a number to test. Note: You can save a dial plan that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing.
136
13. Click OK. 14. On the Dial Plan page, click Commit, and then click Commit all. Note: Any time you create a dial plan, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Modify a Dial Plan Defining Normalization Rules Publish Pending Changes to the Voice Routing Configuration
137
Note: Dial-in conferencing regions are required to associate dial-in conferencing access numbers with one or more dial plans. 8. (Optional) In the External access prefix field, specify a value only if users need to dial one or more additional leading digits to get an external line (for example, 9). You can type in a prefix value of up to four characters (that is, #, *, and 0-9). Note: If you specify an external access prefix, you do not need to create a new normalization rule to accommodate the prefix. 9. Associate and configure normalization rules for the dial plan: To choose one or more rules from a list of all normalization rules available in your Enterprise Voice deployment, click Select. In the Select Normalization Rules dialog box, highlight the rules that you want to associate with the dial plan and then click OK. To define a new normalization rule and associate it with the dial plan, click New. For details about defining a new rule, see Defining Normalization Rules. To edit a normalization rule that is already associated with the dial plan, highlight the rule name and click Show details. For details about editing the rule, see Defining Normalization Rules. To copy an existing normalization rule to use as a starting point for defining a new rule, highlight the rule name and click Copy, and then click Paste. For details about editing the copy, see Defining Normalization Rules. To remove a normalization rule from the dial plan, highlight the rule name and click Remove. Note: Each dial plan must have at least one associated normalization rule. For details about how to determine all of the normalization rules a dial plan requires, see Dial Plans and Normalization Rules in the Planning documentation. 10. Verify that the dial plans normalization rules are arranged in the correct order. To change a rules position in the list, highlight the rule name and then click the up or down arrow. Important Lync Server traverses the normalization rule list from the top down and uses the first rule that matches the dialed number. If you configure a dial plan so that a dialed number can match more than one normalization rule, make sure the more restrictive rules are sorted above the less restrictive ones. The default Prefix All normalization rule ^(\d{11})$ matches any 11-digit number. If, for example, you add a normalization rule that matches 11-digit numbers that start with 1425, make sure that Prefix All is sorted below the more restrictive ^(1425\d{7})$ rule. 11. (Optional) Enter a number to test the dial plan and then click Go. The test results are displayed under Enter a number to test. 138
See Also Create a Dial Plan Defining Normalization Rules Publish Pending Changes to the Voice Routing Configuration
In This Section Create or Modify a Normalization Rule by Using Build a Normalization Rule Create or Modify a Normalization Rule Manually
See Also Create a Dial Plan Modify a Dial Plan Create or Modify a Normalization Rule by Using Build a Normalization Rule Complete the following steps if you want to create or modify a normalization rule by using Build a Normalization Rule in Microsoft Lync Server 2010 Control Panel. Alternatively, if you want to create or modify a normalization rule manually, see Create or Modify a Normalization Rule Manually. To define a rule by using Build a Normalization Rule 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. (Optional) Follow the steps in Create a Dial Plan through step 11 or Modify a Dial Plan through step 10.
139
4. In New Normalization Rule or Edit Normalization Rule, type a name that describes the number pattern being normalized in Name (for example, 5DigitExtension). 5. (Optional) In Description, type a description of the normalization rule (for example, "Translates 5-digit extensions"). 6. In Build a Normalization Rule, enter values in the following fields: Starting digits (Optional) Specify the leading digits of dialed numbers you want the pattern to match. For example, type 425 if you want the pattern to match dialed numbers beginning with 425. Length Specify the number of digits in the matching pattern and select whether you want the pattern to match this length exactly, match dialed numbers that are at least this length, or match dialed numbers of any length. Digits to remove (Optional) Specify the number of starting digits to be removed from dialed numbers you want the pattern to match. Digits to add (Optional) Specify digits to be added to dialed numbers you want the pattern to match. The values you enter in these fields are reflected in Pattern to match and Translation rule. For example, if you leave Starting digits empty, type 7 into the Length field and select Exactly, and specify 0 in Digits to remove, the resulting regular expression in the Pattern to match is: ^(\d{7})$ 7. In Translation rule, specify a pattern for the format of translated E.164 phone numbers as follows: A value that represents the number of digits specified in the matching pattern. For example, if the matching pattern is ^(\d{7})$ then $1 in the translation rule represents 7-digit dialed numbers. (Optional) Type a value into the Digits to add field to specify digits to be prepended to the translated number, for example +1425. For example, if Pattern to match contains ^(\d{7})$ as the pattern for dialed numbers and Translation rule contains +1425$1 as the pattern for E.164 phone numbers, the rule normalizes 5550100 to +14255550100. 8. (Optional) If the normalization rule results in a phone number that is internal to your organization, select Internal extension. 9. (Optional) Enter a number to test the normalization rule and then click Go. The test results are displayed under Enter a number to test. Note: You can save a normalization rule that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 10. Click OK to save the normalization rule. 11. Click OK to save the dial plan. 12. On the Dial Plan page, click Commit, and then click Commit all.
140
Note: Any time you create or change a normalization rule, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create or Modify a Normalization Rule Manually Create a Dial Plan Modify a Dial Plan Test Voice Routing Publish Pending Changes to the Voice Routing Configuration Create or Modify a Normalization Rule Manually Complete the following steps if you want to create or modify a normalization rule manually. If you want to create or modify a normalization rule by using Build a Normalization Rule in Microsoft Lync Server 2010 Control Panel, see Create or Modify a Normalization Rule by Using Build a Normalization Rule.
To define a normalization rule manually 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. (Optional) Follow the steps in Create a Dial Plan or Modify a Dial Plan. 4. In New Normalization Rule or Edit Normalization Rule, type a name that describes the number pattern being normalized in Name (for example, name the normalization rule 5DigitExtension). 5. (Optional) In Description field, type a description of the normalization rule (for example, "Translates 5-digit extensions"). 6. In Build a Normalization Rule, click Edit. 7. Enter the following in Type a Regular Expression: In Match this pattern, specify the pattern that you want to use to match the dialed phone number. In Translation rule, specify a pattern for the format of translated E.164 phone numbers. For example, if you enter ^(\d{7})$ in Match this pattern and +1425$1 in Translation rule, the rule normalizes 5550100 to +14255550100. 8. (Optional) If the normalization rule results in a phone number that is internal to your
141
organization, select Internal extension. 9. (Optional) Enter a number to test the normalization rule and then click Go. The test results are displayed under Enter a number to test. Note: You can save a normalization rule that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 10. Click OK to save the normalization rule. 11. Click OK to save the dial plan. 12. On the Dial Plan page, click Commit, and then click Commit all. Note: Any time you create or change a normalization rule, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create or Modify a Normalization Rule by Using Build a Normalization Rule Create a Dial Plan Modify a Dial Plan Test Voice Routing Publish Pending Changes to the Voice Routing Configuration
142
3. Run the following at the command prompt: Get-CsDialPlan [-Identity <Identifier of the dial plans to be retrieved>] For example: Get-CsDialPlan In this example, all the dial plans configured for your organization are returned. 4. Review the returned dial plans to identify any that are missing the dial-in conferencing region. For details, see the Lync Server Management Shell documentation. To set the region property for a dial plan 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the Cs-VoiceAdministrator, Cs-ServerAdministrator, or CsAdministrator role. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. For any dial plans that are missing the dial-in conferencing region, run: Set-CsDialPlan [Identity <Identity of the dial plan to be modified>] -DialinConferencingRegion "<new region>" For example: Set-CsDialPlan Identity Redmond DialinConferencingRegion "US West Coast" In this example, the dial plan with the Identity of Redmond is modified to set the DialinConferencingRegion property to "US West Coast". For details, see the Lync Server Management Shell documentation.
In This Section
Modify the Default Dial-in Conferencing PIN Settings Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users
143
144
Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users
Follow these steps to create or modify a user-level or a site-level dial-in conferencing personal identification number (PIN) policy. For details about how to change the global PIN policy, see Modify the Default Dial-in Conferencing PIN Settings. To create a user or site PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click PIN Policy. 4. On the PIN Policy page, click New, and then do one of the following: To create a user-level policy, click User policy. In New PIN Policy, in Name, type a name that describes the policy. To create a site-level policy, click Site policy. In the Select a Site search field, type all or part of the name of the site for which you want to create a policy. In the list of sites, click the site you want, and then click OK. 5. In the Description field, type a description of the PIN policy. 6. In the Minimum PIN length field, type or select the minimum PIN length that you want to allow. The default minimum length is five digits. 7. To be able to specify the maximum number of logon attempts before a user is locked out, select the Specify maximum logon attempts check box. If you do not select this option, the maximum number of allowed attempts is automatically determined based on the PIN length. By default, the maximum number of attempts is automatically determined. 8. If you selected the Specify maximum logon attempts check box, in Maximum logon attempts, type or select the maximum number of logon attempts that you want to allow. 9. To have PINs expire, select the Enable PIN expiration check box. If you do not select this option, PINs will never expire. By default, PINs never expire. 10. If you selected the Enable PIN expiration check box, in PIN expires after (days), type or select the number of days after which PINs expire. 11. In PIN history count, type the number of PINs that a user must create before the user can reuse a PIN. By default, users can reuse their PINs. 12. To allow common patterns of digits in PINs, such as sequential numbers and repetitive sets of numbers, select the Allow common patterns check box. If you do not select this option, only complex patterns of digits are allowed. By default, only complex patterns of digits are allowed.
145
Important: We recommend that you do not allow common patterns. 13. Click Commit. To change a user or site PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click PIN Policy. 4. On the PIN Policy page, click the PIN policy that you want to change, click Edit, and then click Show details. 5. In Edit PIN Policy, modify any of the policy settings (except for the policy name, which cannot be modified). 6. Click Commit.
146
To modify the conferencing policy for dial-in 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the Cs-ServerAdministrator or CsAdministrator role. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing. 4. On the Conferencing Policy tab, double-click a conferencing policy name to open the Edit Conferencing Policy dialog box. 5. Verify that the fields for dial-in conferencing are appropriate for your organization, and modify the settings if necessary. 6. Click Commit.
In This Section
Create or Modify a Dial-in Conferencing Access Number See Also Planning for Dial-In Conferencing Configure Dial Plans for Dial-in Conferencing
147
148
number. 8. In SIP URI, do the following: In the text box, type a unique SIP URI for this dial-in conferencing access number. This SIP URI is displayed in various locations including, but not limited to, call notification messages and previous versions of Communicator clients. Note: The same SIP URI cannot be reused by another dial-in conferencing access number. The SIP URI cannot be modified after the access number is created. The only way to change the SIP URI is to delete and recreate the access number. In the drop-down list box, click the domain of the Conferencing Attendant application that supports this dial-in access number. 9. In Pool, click the pool that is running the instance of Conferencing Attendant that supports this dial-in access number. Note: If you need to change the pool after you create the access number, you must use the Move-CsApplicationEndpoint cmdlet or delete and recreate the access number. 10. In Primary language, click the language in which prompts are played for this dial-in access number. Note: The primary language is the language that the Conferencing Attendant uses to answer the call. Supported languages are displayed alongside each access phone number on the Dial-in Conferencing Settings webpage. 11. (Optional) In Secondary languages (maximum of four), click Add, select one or more additional languages that you want to support for callers to this dial-in access number, and then click OK. Note: You can choose up to four secondary languages for each dial-in access number. Users can select a secondary language before entering the conference ID when they dial in to a conference. 12. To add a region for the dial-in access number, under Associated regions, click Add, click one or more regions that are associated with the dial plans for this dial-in access number, and then click OK. 13. To delete a region from the dial-in access number, under Associated regions, click the region you want to delete, and then click Remove. 14. Click Commit.
149
150
as a member of the Cs-ServerAdministrator or CsAdministrator role. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. Run the following at the command prompt: Get-CsDialinConferencingDtmfConfiguration This cmdlet returns the DTMF settings used for dial-in conferencing. 4. Run the following cmdlet and specify the key to be pressed for each option that you want to change: Note: Set-CsDialinConferencingDtmfConfiguration [-Identity <global or site collection to be changed>] ` [-AdmitAll <default key is 8>] [-AudienceMuteCommand <default key is 4>] ` [-CommandCharacter <* (default) | #>] [EnableDisableAnnouncementsCommand <default key is 9>] ` [-HelpCommand <default key is 1>] [-LockUnlockConferenceCommand <default key is 7>] ` [-MuteUnmuteCommand <default key is 6>][-PrivateRollCallCommand <default key is 3>] This cmdlet modifies the DTMF settings used for dial-in conferencing. For example: Set-CsDialinConferencingDtmfConfiguration -EnableDisableAnnouncementsCommand 4 AudienceMuteCommand 9 This example swaps the key that is pressed to enable or disable announcements and the key that is pressed to mute and unmute all participants. Because no Identity is specified, these changes apply to the global DTMF settings. 5. (Optional) To create additional sets of DTMF commands for specific sites, use the New-CsDialinConferencingDtmfConfiguration cmdlet with a site identity. When you create new DTMF settings for sites, the site settings take precedence over the global settings. For details, see Lync Server Management Shell documentation or Lync Server Management Shell command-line Help.
151
To modify the conference join and leave announcement behavior 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the Cs-ServerAdministrator or CsAdministrator role. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. Run the following at the command prompt: Get-CsDialinConferencingConfiguration This cmdlet retrieves information about whether participants are required to record their name when joining a conference and how Lync Server responds when participants join or leave a dial-in conference. 4. Run the following at the command prompt: Set-CsDialinConferencingConfiguration Identity <identity of dial-in conferencing settings to be modified> ` [-EnableNameRecording <$true | $false>] ` [-EntryExitAnnouncementsEnabledByDefault <$true | $false>] ` [-EntryExitAnnouncementsType <UseNames | ToneOnly] EnableNameRecording Determines whether anonymous participants are asked to record their name before entering the conference. The default value is "$true," which means that anonymous participants are prompted to state their name when joining a conference. (Authenticated participants do not record their name because their display name is used instead.) EntryExitAnnouncementsEnabledByDefault Indicates whether announcements are turned on or off by default. The default value is "$false," which means that by default there are no announcements when participants join or leave a conference. The meeting organizer can override this setting when scheduling a meeting. EntryExitAnnouncementsType Indicates the action taken whenever a participant joins or leaves a conference for which announcements are enabled. The default value is "UseNames," which means there is an announcement similar to the following: "Ken Myer has joined the conference" when announcements are turned on. You can configure these settings at the global scope or at the site scope. Settings configured at the site scope take precedence over settings configured at the global scope. For example: Set-CsDialinConferencingConfiguration Identity site:Redmond ` -EnableNameRecording $false ` -EntryExitAnnouncementsEnabledByDefault $true ` -EntryExitAnnouncementsType ToneOnly In this example, settings are configured at the site scope for Redmond. Announcements are turned on, but participants are not prompted to say their name when they join a conference. A tone is played when participants enter or leave a conference.
152
153
The procedure in this topic describes how to assign a Line URI for a single user account. If you need to assign a Line URI for multiple user accounts, you can create a script that uses the SetCsUser cmdlet. For details about using a sample script to assign Line URI to multiple user accounts, see "Assign Line URIs to Multiple Users" at http://go.microsoft.com/fwlink/? LinkId=196945. To configure user account settings 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the Cs-UserAdministrator or CsAdministrator role. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. In the search field, type the name of the user you want to configure for dial-in conferencing or click Add filter to specify search fields, and then click Find. 5. Double-click the user name to open the Edit Lync Server User dialog box. 6. Under Telephony, in the Line URI field, type a unique, normalized phone number (for example, tel:+14255550200). Note: You can specify Line URI only if Telephony is set to PC-to-PC only, Enterprise Voice, or Remote call control. 7. Click Commit.
154
To set an initial PIN and send welcome email 1. Log on as a member of the RTCUniversalServerAdmins group. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. Run the following at the command prompt: Set-CsPinSendCAWelcomeMail -UserUri <user identifier> ` -From <email address of sender> [-Subject <subject for email message>] ` [-UserEmailAddress <destination email address>] ` [-Cc <email address of recipients who receive copy of email>] ` [-Bcc <email address of recipients who receive blind copies>] ` [-TemplatePath <path for email template>] ` [-SmtpServer] <SMTP server name>] ` [-BodyAsPlainText] [-UseSsl]` [-Pin <new numeric PIN>] [-Force] ` [-Credential <SMTP server credentials used to send email with the specified From address>] SmtpServer By default, the script uses the value of the reserved environment variable $PSEmailServer for this parameter. If the $PSEmailServer variable is not set, you must specify this parameter. Credential By default, the script uses the credentials of the current user. If the current user does not have permission to send email on behalf of the specified From address, you must specify this parameter. As a general rule, specify this parameter if you do not specify your email address as the From address. For example: Set-CsPinSendCAWelcomeMail -UserUri "bob@contoso.com" ` -From "marco@contoso.com" This example creates a new PIN and then sends a welcome email from Marco to Bob. It uses the email text from the default template and creates the email message in HTML format. The default Subject is "Welcome to Dial In Conferencing". Another example: Set-CsPinSendCAWelcomeMail -UserUri "bob@contoso.com" ` -From "marco@contoso.com" -Subject "Your new dial-in conferencing PIN" ` -Pin "383042650" -Force ` -Credential Admin@contoso.com -UseSsl This example forces a new PIN with a value of "383042650" for Bob, even though Bob had an existing PIN, and then sends a welcome email from Marco to Bob. Because the Credential parameter is specified, the person running the command is prompted to enter a password. The email is sent by using the Secure Sockets Layer (SSL).
155
156