Is it possible Lync 2013 to be installed on a Domain Controller?

Similar Messages

• Prerequisite not satisfied: This product cannot be installed on a Domain controller.

  I have a English version of Lync Server... here is the translation
  Checking prerequisites for roles...
  Checking prerequisite SupportedOS...prerequisite satisfied.
  Checking prerequisite SupportedOSNoDC...prerequisite missing.
  Checking prerequisite NoUnsupportedSqlRtcLocal...prerequisite satisfied.
  Checking prerequisite NoUnsupportedSqlRtc...prerequisite satisfied.
  Checking prerequisite WMIEnabled...prerequisite satisfied.
  Checking prerequisite NoOtherVersionInstalled...prerequisite satisfied.
  Checking prerequisite PowerShell2...prerequisite satisfied
  Prerequisite not satisfied: This product cannot be installed on a Domain controller.

  Hi,
  Lync server cannot be installed on a domain controller.there is a workaround but not supported by Microsoft
  https://itbasedtelco.wordpress.com/2012/02/04/installing-lync-on-a-domain-controller/
  Kindly if my reply helped, check as a solution
  thank you

• Install Active Directory Domain Controller on Windows server 2008 enterprise, dont login on Sql Server 2008 R2

  I install Active Directory Domain Controller on Windows server 2008 enterprise and dont login on Sql Server 2008 R2. Before install ADDC, I have logon SQL Server 2008r2 Success, After when i install ADDC is don't logon on SQL Server 2008r2 -->not success.
  I have uninstalled ADDC but i still can't login on SQL server 2008r2.
  please help me. it  is very very disaster!
  I think is loss account SQL server 2008r2!

  Hello,
  I stronly recommend you post the detail error message to us while you try to connect to SQL Server instance, it's useful for us to do further investigation.
  Microsoft recommends that you do not install SQL Server 2008 R2 on a domain controller, there are some limitations:
  You cannot run SQL Server services on a domain controller under a local service account or a network service account.
  After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
  After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
  SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
  SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
  On Windows Server 2003, SQL Server services can run under a domain account or a local system account.
  So, I would suggest you try to open up Windows Services list and changed the account for SQL Server service.
  Regards,
  Elvis Long
  TechNet Community Support

• Lync 2013 certificate requirements for multiple SIP domains

  Hi All,
  I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
  around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
  appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
  Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
  Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
  Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
  Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
  Friendly URL option 3 from this page:
  http://technet.microsoft.com/en-us/library/gg398287.aspx
  Client auto-configuration:
  i.     
  Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
  ii.     
  Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
  iii.     
  Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
  HTTPS.
  If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
  How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
  Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
  to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
  Many thanks,

  Many thanks for the response.
  I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
  http://technet.microsoft.com/en-us/library/gg398287.aspx
  What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
  http://technet.microsoft.com/en-gb/library/hh690030.aspx
  Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
  to an address of director.contoso.net is not supported over HTTPS.
  In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
  rule for port 80 (HTTP).
  For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
  domain.”
  I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
  As per the below article:
  http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
  “The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field.  This is no longer a requirement (it was in OCS) as it is possible to
  create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net). 
  This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
  the same domain namespace.  Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
  ===================
  1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
  2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
  fall under the XXX umbrella but are very much run as individual entities.
  Question:
  Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
  Thanks.

• Lync 2013 federation failing for a specific domain

  Hello,
  We have recently migrated to Lync 2013 and noticed that one of the domains we federate with is unable to federate with us.
  we are getting the following error:
  Log Name:      Lync Server Source:        LS Protocol Stack  Event ID:      14428 Task Category: (1001)
  Level:         Error Keywords:      Classic User:          N/A Computer:      server.fqdn.com Description: TLS outgoing connection
  failures.
  Over the past 28 minutes, Lync Server has experienced TLS outgoing connection failures 4 time(s). The error code of the last failure is 0x80090325(SEC_E_UNTRUSTED_ROOT) while trying
  to connect to the server "sip.example.com" at address [10.10.10.10:5061], and the display name in the peer certificate is "Unavailable". Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to
  reach the peer server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is
  not trusted by the local machine. Resolution: Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check
  that all addresses returned by DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local
  machine.
  Thanks

  Thanks Michael.
  That worked for one of two issues I'm seeing, I did use the same steps for the second issue but it didn't seem to work, I have imported the CA of the domain we would like to federate with to the trusted root certification authorities and the intermediate
  certification authorities per the certificate issuer's website guidelines. I did learn that the federated partner is also using OCS 2007 R2, not sure if this may have to do with this.
  Over the past 30 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80072746 while trying to connect to
  the server "ocs.example.com" at address [10.10.10.10:5061], and the display name in the peer certificate is "ocs.example.com". Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer server. Target
  principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is not trusted by the local machine.
  Resolution: Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses returned by
  DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.

• Lync 2013 on a single lable root domain

  Hello All
  my enviroemnt is in a child root let say its "contoso.local" the root is .local and the child is contoso.local , with this configuration can I install lync 2013? if not is there any workaround other than rename my domain? your help is much
  appreciated.
  THX

  Hi Mado,
  Unfortunately, installing Lync in a Forest with a single label root domain is not supported;
  "Lync Server does not support single-labeled domains. For example, a forest with a root domain named
  contoso.local is supported, but a root domain named
  local is not supported. For details, see Microsoft Knowledge Base article 300684, “Information about configuring Windows for domains with single-label DNS names,” at
  http://go.microsoft.com/fwlink/p/?linkId=143752."
  This is not to say it would not work, but I would never put this into a production environment based on Microsofts stance on this.
  Kind regards
  Ben

• Understanding Lync 2013 Deployment for Single forest multiple domain Infrastructure

  Hello Everyone,
  I have an issue in understanding a deployment scenario of Lync 2013 Enterprise edition.
  We have a single forest multiple domain infra. 
  My My question here is, while AD prep, do we need to run Domainprep on every domain in the forest. 
  Thanks!
  Thank You!!! BR, Ammi.

  Hi Ammi,
  To prepare Active Directory Domain Services for your Lync Server 2013 deployment, you must perform three steps in a specific sequence.
  1.
   Preparing the Active Directory schema in Lync Server 2013
  Extends the Active Directory schema by adding new classes and attributes that are used by Lync Server.
  Run once for each forest in your deployment where Lync Server will be deployed.
  2. Preparing the forest for Lync Server 2013
  Creates global settings and universal groups that are used by Lync Server.
  Run once for each forest in your deployment where Lync Server will be deployed.
  3. Preparing domains for Lync Server 2013
  Adds permissions on objects to be used by members of universal groups.
  Run once per user domain or server domain.
  Hope it can be helpful.
  Best regards,
  Eric

• Anyone have Contract Manager v13 installed on a domain controller?

  Hello Everyone
  I have a client who says that the primavera reseller told him it was ok to install CM13 on his Domain controller w2k3 r2, which hosts other databases such as quickbooks and instances of IIS.
  Has anyone ever installed in a situation like this, concurrently with other Dbs and Web servers running?
  I understand that the app server and web server is usually 2 separate machines as well, but with previous versions of CM, you were able to install both on one machine. And those machines were dedicated to CM.
  A quick one line response on if your server/serves are dedicated for CM would be great!
  Any other information would be a great help as well!
  Thanks
  Dennis
  Edited by: user12514167 on Jan 26, 2010 12:20 PM
  Edited by: user12514167 on Jan 26, 2010 12:25 PM
  Edited by: user9054083 on Jan 27, 2010 8:13 AM

  Technically its not impossible. :) one line! :]
  Tough I would never install CM on DC, basically I would avoid anything that would make the crash of DC more probable.
  CM service will take 500-800MB of the RAM, takes a huge peek on CPU while deployment, after that is basically not that troublesome,
  Database (SQL or oracle) needs it own memory and CPU.
  I'm not sure if want your DC with other services to be overloaded.
  IIS - they need to know that if any of the apps they use on IIS is using port 80 they will not be able to use CM service on port 80 as well.
  With the prices of hardware vs prices of CM licenses I would ask a loud - why do you want all in one machine?

• DPM 2010 agent install on W2k8 Domain Controller issue

  Hey guys, so I'm having a problem getting DPM 2010 agents on my Windows 2008 domain controllers. For some reason the agent will not communicate with the dpm server after running the attach process. The process I go through to install (which is
  working in my Dev environment) is
  1) (on DC) Run manual agent install by running agent.exe file from ProtectionAgents folder on DPM server
  2) (on DC) Run the setdpmserver command line to specify the DPM server
  3) (on specified DPM server) Run Agent attach sequence from Agent tabs in DPM console which says successful, but when you return to agents view under "unprotected computers" I see error.
  I've verified the tests that other users have posted on this forum including
  PING, DCOM permissions, verifying that inbound rules are setup, tested SMB, tested RPC, and also uninstalled and reinstalled the agent. Any ideas where to search next?

  I checked the MSDPMCurr.errlog, but I'm not exactly sure how to look for the failures that relate to the DC. When I search for the netbios name of the DC, I can see failures, but I also see identical failures under other server names as well. Is there anything
  specifically I should be looking for?
  I am requesting turning off the integrated firewall for testing as well and am awaiting an answer.
  I am attaching part of the log I was looking at.
  tance.cs(253)   NORMAL </TECommand>' Error CmdProcAccessDenied
  0BE8 10E4 06/14 18:00:03.425 07 AMUtil_expanded.cs(3474)  BF90214B-F6C3-40B9-B53E-C6DC0A0235DF WARNING CheckTimeoutMessage: code[0x00000101], detailedCode[0x80070005], errMgs[Access is denied (0x80070005)]
  0BE8 10E4 06/14 18:00:03.425 07 AMUtil_expanded.cs(3474)  BF90214B-F6C3-40B9-B53E-C6DC0A0235DF WARNING [<?xml version="1.0" encoding="utf-16"?>
  0BE8 10E4 06/14 18:00:03.425 07 AMUtil_expanded.cs(3474)  BF90214B-F6C3-40B9-B53E-C6DC0A0235DF WARNING <Status xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema" StatusCode="-2147024891" Reason="Timeout" CommandInstanceID="cb3dbc9c-b7fe-4df0-8dcd-c93baacae403" CommandID="GetProperties" GuidWorkItem="bf90214b-f6c3-40b9-b53e-c6dc0a0235df"
  TETaskInstanceID="bf90214b-f6c3-40b9-b53e-c6dc0a0235df" xmlns="http://schemas.microsoft.com/2003/dls/StatusMessages.xsd">
  0BE8 10E4 06/14 18:00:03.425 07 AMUtil_expanded.cs(3474)  BF90214B-F6C3-40B9-B53E-C6DC0A0235DF WARNING   <ErrorInfo ErrorCode="257" DetailedCode="-2147024891" DetailedSource="2" ExceptionDetails="" xmlns="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd">
  0BE8 10E4 06/14 18:00:03.425 07 AMUtil_expanded.cs(3474)  BF90214B-F6C3-40B9-B53E-C6DC0A0235DF WARNING     <Parameter Name="servername" Value="la-exchmbclu02.caa.com" />
  0BE8 10E4 06/14 18:00:03.425 07 AMUtil_expanded.cs(3474)  BF90214B-F6C3-40B9-B53E-C6DC0A0235DF WARNING   </ErrorInfo>
  0BE8 10E4 06/14 18:00:03.425 07 AMUtil_expanded.cs(3474)  BF90214B-F6C3-40B9-B53E-C6DC0A0235DF WARNING </Status>].
  0BE8 1194 06/14 18:00:03.426 04 cmdproc.cpp(2017) [000000001A62B200] C79F322F-BCB7-40BE-92D2-03D6E85EAAA5 WARNING Failed: Hr: = [0x80070005] : F: lVal : hr
  0BE8 1194 06/14 18:00:03.426 04 cmdproc.cpp(1816) [000000001A62B200] C79F322F-BCB7-40BE-92D2-03D6E85EAAA5 WARNING Failed: Hr: = [0x80070005] : C: lVal : hr
  0BE8 1194 06/14 18:00:03.426 04 cmdproc.cpp(2242) [000000001A62B200] C79F322F-BCB7-40BE-92D2-03D6E85EAAA5 WARNING Failed: Hr: = [0x80070005] : F: lVal : CreateInstance( strCmdTarget, clsidTarget, hrDLS, (IUnknown
  **)&pAgentCommand, (pCommand->GetSenderToken() == 0), pCommand->IsNonDomainAgent(), fIsNonADMachine, cmdTargetIP )
  0BE8 1194 06/14 18:00:03.426 04 cmdproc.cpp(2482) [000000001A62B200] C79F322F-BCB7-40BE-92D2-03D6E85EAAA5 WARNING CCommandProcessor::SendOutboundCommand this:[000000001A62B200], ServerName: dc2-01.domain.com
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL Task: Received tiemout message from CmdProc '<?xml version="1.0" encoding="utf-16"?>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL <TECommand xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns="http://schemas.microsoft.com/2003/dls/Commands.xsd">
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL   <Command xmlns="http://schemas.microsoft.com/2003/dls/GenericCommand.xsd">
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL     <CommandInstanceID>80be8b52-30e1-4d12-bb3f-65c50676ffce</CommandInstanceID>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL     <AgentTypeID>da6aa17a-d61c-4e9c-8cea-db25dea52a95</AgentTypeID>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL     <WorkItemID>c79f322f-bcb7-40be-92d2-03d6e85eaaa5</WorkItemID>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL     <TETaskInstanceID>c79f322f-bcb7-40be-92d2-03d6e85eaaa5</TETaskInstanceID>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL     <ServerIdFilter>00000000-0000-0000-0000-000000000000</ServerIdFilter>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL     <VerbIndexFilter>45</VerbIndexFilter>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL     <DatasourceIndexFilter>0</DatasourceIndexFilter>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL   </Command>
  0BE8 1170 06/14 18:00:03.426 01 TaskInstance.cs(253)   NORMAL   <GetProperties />

• Lync 2013 standard deployment: Exchange 2010 Sharepoint 2010 and outlook 2007 collaboration

  HI
  I have Exchange 2010 and sharepoint 2010 with all our user using outlook 2007. what options do I have for collaborations between these systems if I was to install Lync 2013. I have seen posts that mention that you cannot use outlook 2007 and lync 2013 and
  that you would be better off installing the lync 2010 client?
  1. would we be covered from a licensing point of view if we had bought lync 2013 cals but install the lync 2010 software on desktops?
  2. what Cals do we require for presence to be available in SharePoint we currently have standard sharepoint cals?
  3. what new features will we loose if we install 2010 lync software.
  4. if our mobile users use the 2013 lync software will these be able to communicate with the 2010 users?
  thanks
  J

  Hi,
  If you use Lync 2013 client with Outlook, multiple functions will not be achieved, such as: customize Outlook meeting invitations (add logo, help URL, disclaimer, footer text), in Outlook, configure meeting option to mute attendee audio and video by default,
  presence status in the Microsoft Outlook To and Cc fields, and so on. As Lync 2013 is the part of Office 2013, the best choice is using Outlook 2013.
  More details:
  https://technet.microsoft.com/en-us/library/gg412817.aspx
  For the CAL requirement, you can refer to following link:
  Lync Licensing Guide
  You can refer to the link below of “What’s new for clients in Lync Server 2013” to understand the new features for Lync 2013:
  https://technet.microsoft.com/en-us/library/jj204933.aspx
  If you use Lync 2013 mobile clients, you can communicate with 2010 users with no possible.
  Best Regards,
  Eason Huang
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Eason Huang
  TechNet Community Support

• Lync 2013 client is deployed but user accounts are not migrated from OCS to Lync 2013 Server - how to open Lync meetings automatically in the Lync Web Plug-in

  We have in our enterprise the following scenario:
  1 - Lync 2013 client is installed
  2 - User accounts are not migrated to Lync 2013 Server, users are using Office Communicator as their main tool
  3 - Users receive Lync 2013 meeting requests but when try to access them, Lync 2013 client launches and shows error. Users will need to open the browser and paste the URL to the address bar but this still open
  4 - We cannot use the workaround of adding "?SL=1" to the Lync 2013 meeting URL as the user base is large and manual workaround is not accepted
  5 - Question: is there any automated way, via egistry key or GPO setting, so that users temporarily (until their accounts are migrated to Lync 2013 server) can bypass Lync 2013 client completely and automatically open all Lync 2013 meetings
  on the browser, using Lync Web Plug-in?

  Thanks for the response,
  First, I should have mentioned clearly that users have Office Communicator 2007 client and Lync 2013 client installed in their machines. Their accounts are not migrated yet to Lync 2013 server.
  Second, we are using IE9 and IE10. The issue is that users CAN join Lync 2013 meetings with their browsers but have to paste the URL manually to browser and add "?SL=1" otherwise, if they just click at the "Join Online Meeting" or "Join
  Lync Meeting" URL it launches Lync 2013 client which shows error because is not configured yet, as they are using OCS client and migrating slowly to Lync 2013 server.
  Is there a Group Policy setting or a registry key from Microsoft that can be turned on to these users machines and make will all Lync meeting requests to be opened in IE browser instead of Lync 2013 client. We need a way to ignore
  Lync 2013 client until user accounts are migrated to Lync 2013 Server. Manually typing URLs is not an option in a big organization, can't explain thousands of users of different levels what to do.
  We are regretting the decision not to separate Lync 2013 from Office 2013 package we deployed recently. If Lync 2013 is uninstalled then all Lync meeting requests are opened in browser without an issue.

• Lync 2013 "Setup can't find or validate an installation file...."

  Enterprise client installation.
  We're running Windows 7 32bit SP2, Office 2010 32bit SP2.
  Attempting to run the install for Lync 2013 (32-bit) on a test system and get the following warning immediately:
  "Setup can't find or validate an installation file.  Please try installing Office from your installation source, or if you installed from a downloaded package, please re-download and re-install....."
  The source Lync 2013 file is direct from MVLS.
  Any reason why this install from MVLS refuses to run from the source?  Obviously, Lync 2013 wasn't included with Office 2010, so re-installing Office won't resolve this issue.
  Any help is appreciated.

  Hi,
  It may also cause by the issue of the conflict with other software, please use clean boot to test the issue. In this mode install Lync 2013 file again.
  You can refer to the link of “How to perform a clean boot in Windows”:
  http://support.microsoft.com/kb/929135
  If the issue persists, please also try to download Lync 2013 file and install again.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync 2013 Multi Tenant - SIP/2.0 401 Unauthorized

  New Lync 2013 Multi Tenant install. Can provision users in the Primary OU. Users in primary OU login without error.
  Users provisioned in a sub OU can not login to Lync. Provisioning process completes successfully.
  Client prompts for password. Attempts login and fails with:
  You didn't get signed in. It might be your sign-in address or logon credentials. (SIP address and UPN are identical)
  FE logging:
  SIP/2.0 401 Unauthorized
  TL_INFO(TF_PROTOCOL) [0]128C.2E1C::04/15/2014-22:28:42.421.00004ea3 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265))[212989229] $$begin_recordTrace-Correlation-Id: 212989229
  Instance-Id:
  3A4
  Direction:
  outgoing;source="local"
  Peer:
  edge1.domain.corp:56094
  Message-Type:
  response
  Start-Line:
  SIP/2.0 401 Unauthorized
  From:
  <sip:[email protected]>;tag=57e75cd85f;epid=f7a8f50c07
  To:
  <sip:[email protected]>;tag=10A7EC7396D5F1EDCEA8D35A0C49F3CB
  Call-ID:
  8654248b0dd64d519f42617b862e75bc
  CSeq:
  2 REGISTER
  Via:
  SIP/2.0/TLS 10.200.10.210:56094;branch=z9hG4bK4B6654F6.FADCC8B2E74B96BA;branched=FALSE;ms-received-port=56094;ms-received-cid=20C00
  Via:
  SIP/2.0/TLS 172.16.232.59:60361;received=10.200.250.206;ms-received-port=43233;ms-received-cid=1E9D00
  Content-Length:
  0
  Failed to validate user credentials
  $$end_record
  TL_ERROR(TF_SECURITY) [0]128C.2E1C::04/15/2014-22:28:42.468.0000542a (SIPStack,SIPAdminLog::WriteSecurityEvent:SIPAdminLog.cpp(319))[212989229] $$begin_recordText: Failed to validate user credentials
  Result-Code:
  0x8009030c SEC_E_LOGON_DENIED
  Source:
  edge1.domain.internal:56094
  SIP-Start-Line:
  REGISTER sip:domain.com SIP/2.0
  SIP-Call-ID:
  8654248b0dd64d519f42617b862e75bc
  SIP-CSeq:
  3 REGISTER
  Data:
  gssapi-data="NTLMSSP\x00\x03\x00\x00\x00\x18\x00\x18\x00\xB4\x00\x00\x00D\x01D\x01\xCC\x00\x00\x00 \x00 \x00X\x00\x00\x000\x000\x00x\x00\x00\x00\x0C\x00\x0C\x00\xA8\x00\x00\x00\x10\x00\x10\x00\x10\x02\x00\x00U\x82\x90b\x06\x03\x80%\x00\x00\x00\x0FQ\xC8@\x1E\x1F\xD2\xF9w\x0C!\xF8Y\x84\x84\x06PM\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00A\x00c\x00c\x00o\x00u\x00n\x00t\x00r\x00i\x00c\x00h\x00.\x00l\x00i\x00b\x00e\x00r\x00t\x00y\x00@\x00h\x00o\x00t\x00m\x00a\x00i\x00l\x00.\x00c\x00o\x00m\x00L\x00A\x00P\x00T\x00O\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+\xD8\x1CE\xFB\\x9E7\xACbc\x17e\xDE\xAC\xFD\x01\x01\x00\x00\x00\x00\x00\x00R\n\x0E\xFAX\xCF\x01\xF2h\xA4\xBE\x8B\xC3w=\x00\x00\x00\x00\x02\x00\x06\x00P\x00P\x00C\x00\x01\x00\x1A\x00P\x00P\x00C\x001\x00L\x00Y\x00N\x00C\x00F\x00E\x000\x000\x001\x00\x04\x00\x10\x00p\x00p\x00c\x00.\x00c\x00o\x00r\x00p\x00\x03\x00,\x00P\x00P\x00C\x001\x00L\x00Y\x00N\x00C\x00F\x00E\x000\x000\x001\x00.\x00p\x00p\x00"
  $$end_record

  Hi,
  Please double check the port between FE server and Edge server.
  Please also check if you add the SAN of sub domain in the Edge external certificate with the help of the link below:
  http://technet.microsoft.com/en-us/library/gg398409.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync 2013 IM from full Lync client to Apple Iphone 4S

  Hi,
  We are running Lync 2013 and Lync 2010 in coexistence. When sending an IM from a fully Lync client (Lync 2013 homed user) to an Apple Iphone 4S with the latest Lync 2013 mobile app installed and the user chooses not to read the notification or misses it
  an error is shown on the senders Lync window - is this by design or an error?
  This message may not have been sent to Lyncuser1 because the   server timed out.
   On the server monitoring reports the following events are logged for client and server:
  24116; Component="RTCC/5.0.0.0_UCWA/5.0.0.0 iPadLync/5.4.1485.0000 (iPad iPhone
  OS 7.0.3)"; Reason="The request was rejected because the application did not
  respond to the incoming call and it was not the preferred endpoint."; 
  1
  13004
   FEservbeer.domain.com.net
  InboundRouting
  13004; reason="Request was
  proxied to one or more registered endpoints"; source="FEserver.domain.com";
  Count="2"; appName="InboundRouting"
  Please advise f this is something we should be concerned about as the message does get received by the iphone user but the sender gets a message that indicates it may not have reached the iphone user.
  Cheers
  D

  Hi,
  Did the issue happen both clients internal the company or external the company?
  Please check if the both of the tested users could see the presence of each other normally.
  Please try to log off Lync Mobile client and then log back on again to test the issue again.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync 2013 and SSL with edge

  Dear All,
  It is always come to be a confusing, about certificate when it comes to lync 2013 and edge. suppose i have domain abc.com and i have to plan to add additional sip domain like xyz.com, abc.com, dfg.com etc. and my default domain would be abc.com so my naming
  option would be like this meet.abc.com/sipdomain/meet. I am little confuse how this is teckle in frontend and edge role. Do i have to get new request in edge or have to just import certificate generated in frontend and import into edge. 

  Thanks Eric and Thamara,
  So for internal CA, which means i have to install active directory certiificate and no need to buy certificate from public authority. and  which include following entries on first front end server admin.defaultsipdomain.com, dialin.defaultsipdomain,
   lyncdiscoverinternal.defaultsipdomain,  lyncdiscover.defaultsipdomain.com
  Or i should i get it from public authority and add all edge and front end requirement and reverse proxy in ucc certificate  and use same to import into front end and edge and reverse proxy.