Lync 2013 Hosting

Similar Messages

• Lync 2013 Hosting Pack v2 Skype integration

  I have a Lync 2013 Hosting deployment. Hosting Pack v2 supports public IM with Skype, but in the guide the setup steps are missing. I configured the Federation
  (federated provider ect.) like an on premise deployment and enabled Public IM connectivity on the Tenant:
  Identity        
       : Global
  AllowedDomains       
  : Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowList
  BlockedDomains       
  AllowFederatedUsers   : True
  AllowPublicUsers     
  : True
  SharedSipAddressSpace : False
  When I add a skype user to my buddy list, I cannot see the presence and in the Lync Front End Logs I get the following failure that the domain is not part of the tenant allow list.
  Message-Body: <reportError xmlns="http://schemas.microsoft.com/2006/09/sip/error-reporting"><error toUri="sip:***[email protected]"
  callId="c46a551b0e28439482edd9f3cbbc4a78" fromTag="eeef2d866f" toTag="F89423B3CF5DDBEF396B7A8FD53211EF" contentType="application/sdp;call-type=im" responseCode="403" requestType="INVITE"><diagHeader>27000;reason="To-Uri
  Domain is not in the sender-tenant allow list";source="FRONTEND.DOMAIN.COM";appName="OutgoingFederation";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="Yes";ConversationInitiatedBy="6";SourceNetwork="5";RemotePartyCanDoIM="Yes"</diagHeader><progressReports/></error></reportError>$$end_record
  What can I do to enable public connectivity on the tenant without adding the skype Domain (could be any Live ID) to the tenant allow list?
  Greetings

  Did you provision Skype Federation for the specific domain?
  https://pic.lync.com/provision
  Download Provisioning Guide for Lync-Skype Connectivity
  http://www.pro-lync.be/blogs/lync2013/archive/2013/05/31/download-provisioning-guide-for-lync-skype-connectivity.aspx
  Howto enable audio between Lync & Skype (What the Skype provisioning guide
  is not telling you)
  http://www.pro-lync.be/blogs/lync2013/archive/2013/06/06/howto-enable-audio-between-lync-amp-skype-what-the-skype-provisioning-guide-is-not-telling-you.aspx
  - Belgian Unified Communications Community : http://www.pro-lync.be - MCM/MVP/MCT

• Lync 2013 hosting pack - CU July 2013 Support

  Does the Lync 2013 Hosting Pack support the cumulative update of July?
  What are the known issues?

  My experience was running the LyncServerUpdateInstaller and run Install-CsDatabase on the servers. I haven't had it break mobility though.
  With that in mind so far you only do that when you first install it because there hasn't been any further updates to Lync 2013 Hosting since it was released.
  I have a ticket opened right now about the bad documentation on the deployment guide. My simple url wasn't working because the document says to provide -Tenant $GUID for the meeting URL but it didn't work 100%. However it worked sometimes!!
  The Microsoft tech pointed me to a guys blog (yes thats right.. a non-microsoft blog) that shows to drop the -Tenant $GUID from the meeting URL but make sure you keep the -Tenant $GUID for the dialin url.
  I basically wined and told them I wanted the 100% right way to do it. I wanted them to tell me either the deployment guide was wrong or there was a bug. Two weeks and no reply yet and they just update to say "They are still looking into it"
  Not to mention when I opened the ticket they tried saying "Well this is still a new product". I said its been out for almost a freakin year and its not a NEW product.

• Lync 2013 Hosting Pack - cannot join external non federated meetings anonymously with desktop client

  Hello,
  I Have a setup of LHP 2013. We have been testing federation and connections to external on-premises meetings.
  Right now users with lync desktop client (2013 and patched) cannot connect to external 3rd party meetings without using the ?SL=1 and using the Wep App.
  Desktop Client gives error on log file:
  ms-user-logon-data: RemoteUser
  Authentication-Info: TLS-DSK qop="auth", opaque="58FBAFA0", srand="0B8651AD", snum="15", rspauth="b63e033e6376b48ec973718f7369e3b90b0d75ba", targetname="lyncfe2.hoster.fi", realm="SIP Communications
  Service", version=4
  Content-Length: 0
  Via: SIP/2.0/TLS 172.20.10.7:49680;received="public.ip";ms-received-port=55863;ms-received-cid=48400
  From: "cloud.testuser"<sip:[email protected]>;tag=8f59b0fb81;epid=c7d2e31185
  To: <sip:[email protected];gruu;opaque=app:conf:focus:id:5P20J0SK>;tag=C258840F87FD8713D4ADE01307F32C5B
  Call-ID: 386e091eb7794fb286b858984349fccd
  CSeq: 1 INVITE
  ms-diagnostics: 27000;reason="To-Uri Domain is not in the sender-tenant allow list";source="LYNCFE2.hoster.fi";appName="OutgoingFederation"
  Server: OutgoingFederation/5.0.0.0
  From some old post I have read that was a bug in Lync client that did not allow fail-back to anonymous login with non-federated lync organization, but this has been fixed long ago.
  If I do setup a federation beetween the organizations the meetings connect ok.
  Thanks for help!
  BR, Jouni 

  Hi Johan,
  Lync client in test has been fully updated.
  I Think I found what was causing this. In my tests, I added and removed domains from allowed and blocked domains list, in tenant config.
  First after tenant organization has been provisioned the AllowedDomains looks like this:
  Get-CsTenantFederationConfiguration -Tenant 10828ff2-165d-440f-9c00-6ce374ff0c6d
  Identity              : Global
  AllowedDomains        : Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowAllKnownDomains
  BlockedDomains        : {}
  AllowFederatedUsers   : True
  AllowPublicUsers      : True
  SharedSipAddressSpace : False
  And joining to non-federated meetings works correctly.
  After fiddling with the allowed and blocked domains settings (adding and removing domains) settings look like this:
  Identity              : Global
  AllowedDomains        : Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowList
  BlockedDomains        : {}
  AllowFederatedUsers   : True
  AllowPublicUsers      : True
  SharedSipAddressSpace : False
  When I check what the "AllowList" keeps in, it is empty as it should:
  $tenant = Get-CsTenant | Where-Object {$_.Name -eq "tenantname"}
  $x = Get-CsTenantFederationConfiguration -Tenant $tenant.TenantId
  $x.AllowedDomains
  AllowedDomain : {}
  If I set the AllowedDomain backup to original form meeting connections begin to work.
  $all = New-CsEdgeAllowAllKnownDomains
  Set-CsTenantFederationConfiguration -Tenant 10828ff2-165d-440f-9c00-6ce374ff0c6d -AllowedDomains $all
  But now im just not very sure how I should setup the federation settings as per tenant/ExternalAccesspolicy/AccessEdgeConfiguration.. hmm..
  BR, Jouni

• Lync 2013 Hosting pack tenant meet url returns 404

  Hi all,
  I have a 2 problems in the Hosting pack:
  1. Meet urls are correctly generated for tenants (IE https://meet.hoster.com/tenantdomain/user/confID) but they return a 404 when browsing to the meeting from a browser
  2. Office web apps presentations just never work. It just says that it cannot connect to the presentation server.
  For problem 1, what I tried was:
  1. Set Set-Cssimpleconfiguration -UseBackendDatabase $True -Tenant <TenantID>
  2. Tried repairing the IIS Rewrite module as per http://social.technet.microsoft.com/Forums/lync/en-US/e1fbdaa9-0961-4171-ab51-91b8d37432de/action?threadDisplayName=lync-meetings-not-available-404-for-every-url
  3. Made sure all my domain maps are correct
  4. All certs seem 100% fine.
  What is weird is:
  https://dialin.hoster.com/dialin - works
  https://meet.hoster.com/meet - works (Default cannot join the meeting page)
  https://meet.hoster.com/tenantdomain/tenantuser/confid - Does not work
  Any help will be greatly appreciated.
  \\Tjopsta// http://www.tjopsta.net

  Hi,
  For first question, try the following steps:
  Remove IIS URL Rewrite Module 2 in Control Panel.
  Run Step 2: Setup or Remove Lync Server Components with Lync Server Deployment Wizard.
  For second question, check if you can access Office Web Apps Server discovery URL via browser.
  Check if you associate Office Web Apps Server with Front End pool.
  Regards,
  Lisa Zheng
  Lisa Zheng
  TechNet Community Support

• Lync 2013 Multitenant hosting meeting URL

  I have a Lync 2013 multitenant hosting environment. Lync Meeting Add-in for Microsoft Outlook 2013 closes itself a split second after it opens, no 
  error, no pop-up, and no message to say what’s going on. Yet within the Lync client, I can still start an ad-hoc meeting (“Meet Now”), But the 
  Meeting Entry Info URL looks like this conf:sip:bongani@......... Instead of a norma https link. I also have the event below on the Lync server event 
  viewer. but the meeting URL are configured in the format https://meet.hosterdomain.co.za/tenantdomain.co.za
  Event ID 32148 – LS User Service
  A user tried to create a conference with no Simple URL of type Meet available. This configuration will not work for scheduled conferences. Ad-hoc 
  conferences may be created but join functionality will be impaired.
  And if I do a Set-CsSimpleUrlConfiguration -UseBackEndDatabase $false as recommended. I get the following when I run enable-cscomputer.
  WARNING: No patterns found. Skipping rewrite rules creation for Meet simple URLs.
  WARNING: No patterns found. Skipping rewrite rule creation for dial-in conferencing.
  WARNING: No patterns found. Skipping rewrite rule creation for Web Scheduler.
  WARNING: No patterns found. Skipping rewrite rule creation for dial-in conferencing.
  WARNING: No patterns found. Skipping rewrite rule creation for Web Scheduler.
  WARNING: "Enable-CsComputer" processing has completed with warnings. "5" warnings were recorded during this run.
  WARNING: Detailed results can be found at "C:\Users\xxx\AppData\Local\Temp\Enable-CsComputer-26374787-f6b5-4a07-b8f4-7bd819d3ffc3.html".
  I tried following http://www.lyncexch.co.uk/lync-2013-hosting-pack-tenant-meet-dialin-urls/ but the URL doesnt change.
  Not sure if all these are related or what needs to be corrected please assist.

  For Event ID 32148 – LS User Service, you can refer below links
  http://www.lyncexch.co.uk/lync-2013-hosting-pack-tenant-meet-dialin-urls/
  http://www.lyncexch.co.uk/2014/02/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Lync 2013 multitenant hosting pack and lync 2010 on-prem - coexistence options, alternative migration scenarios

  In post http://social.technet.microsoft.com/Forums/lync/en-US/8a22eed7-cc63-4f9e-b422-3c5a57fb32b0/lync-2013-multitenant-pack-and-lync-2010?forum=lyncdeploy , which was already answered, the answer is no, you cannot migrate from 2010 on-prem. to lync 2013
  hosted pack.
  Trying to get my head around #1 -why, and #2 -what other alternatives are available.
  Lisa answered that there can only be 1 CMS per forest.  Is it one CMS per forest, or
  one CMS per front end pool in a forest? Meaning you can have different CMS pools. If that were true, we could migrate users to a different front end pool in a coexistence scenario between 2010 on-prem to 2013 hosted pack.
  Has anyone done this? 
  This is tough. I guess a cutover then from 2010 to 2013 multitenant hosted pack would be what?
  1. Uninstall 2010, decommission users, decom environment/servers.
  2. Fresh install in same AD environment of 2013 hosted pack.
  That's tough for our users to make such a transition and have potentially days of downtime.
  Is there no other way to do this?
  Josh

  It is one CMS per forest.
  There is no official guide to move from Microsoft Lync Server to Microsoft Lync Server Multitenant Hosting Pack.
  This topic has been discussed several times before:
  http://social.technet.microsoft.com/Forums/lync/en-US/9d438b55-ec53-478a-9247-6d355abedb78/started-installing-lync-2010-enterprise-discovered-multitenant-hosting-pack-do-i-need-to-uninstall?forum=ocsplanningdeployment
  http://social.technet.microsoft.com/Forums/lync/en-US/ad0b77ca-d47e-457b-8f77-33f84409a119/schema-update-lync-hosting-pack?forum=ocsplanningdeployment
  Lisa Zheng
  TechNet Community Support

• Lync 2013 certificate requirements for multiple SIP domains

  Hi All,
  I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
  around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
  appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
  Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
  Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
  Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
  Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
  Friendly URL option 3 from this page:
  http://technet.microsoft.com/en-us/library/gg398287.aspx
  Client auto-configuration:
  i.     
  Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
  ii.     
  Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
  iii.     
  Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
  HTTPS.
  If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
  How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
  Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
  to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
  Many thanks,

  Many thanks for the response.
  I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
  http://technet.microsoft.com/en-us/library/gg398287.aspx
  What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
  http://technet.microsoft.com/en-gb/library/hh690030.aspx
  Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
  to an address of director.contoso.net is not supported over HTTPS.
  In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
  rule for port 80 (HTTP).
  For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
  domain.”
  I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
  As per the below article:
  http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
  “The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field.  This is no longer a requirement (it was in OCS) as it is possible to
  create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net). 
  This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
  the same domain namespace.  Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
  ===================
  1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
  2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
  fall under the XXX umbrella but are very much run as individual entities.
  Question:
  Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
  Thanks.

• Exchange AA transfer to extension to Lync 2013

  I'm having issues getting the Exchange AA to transfer to extensions when using key mapping. Basically you can say a person's name and it will transfer to their extension just fine but not with the key mapping.
  We are using Exchange 2010 SP3 RU4 with Lync 2013 Hosting Pack.
  I found the issue but not sure how to go about resolving it.
  Lync User: [email protected]
  Lync Extension: +15554443333;ext=151
  Exchange Extension: 151
  Dial plan in Lync 2013 will convert 3-digit numbers to: +15554443333;ext=$1 for these users
  Each company has their own dial plan. This particular dial plan in Lync translates the 3-digit to the full number. The problem is the transfer from Exchange AA to Lync doesn't seem to use the user's dial plan. I also cannot put a translation on the Exchange
  side to do this type of format: +15554443333;ext=$1
  It looks like with the key mapping it is trying to transfer to this:
  REFER-TO: <sip:151;[email protected];user=phone>
  P-ASSERTED-IDENTITY: <sip:[email protected]>
  But of course that doesn't exist. The SIP for this user is sip:[email protected]
  I ran the Lync Debugging utility and saw this:
  ms-diagnostics: 14011;reason="Called Number translated";source="LYNCFE0101.COMPSYSCLOUD.COM";RuleName="Keep All";CalledNumber="151";TranslatedNumber="151";appName="TranslationService"
  Start-Line: SIP/2.0 403 Forbidden
  From: <sip:[email protected];user=phone>;epid=786443AA96;tag=61bfdb74d3
  To: <sip:151;[email protected];user=phone>;tag=7C193436618B4C0FD1DD5B0D9EA788A5
  Call-ID: d71f8c3b-0b1e-45c5-b917-0bb71ab9e240
  CSeq: 16062 INVITE
  Via: SIP/2.0/TLS 10.1.15.6:50244;branch=z9hG4bKf79f7414;ms-received-port=50244;ms-received-cid=BC2600
  Content-Length: 0
  ms-diagnostics: 12004;reason="The user is not authorized to call the specified number or none of the
  routes have a valid gateway configured.";source="LYNCFE0101.DOMAIN.COM";appName="OutboundRouting"
  To: <sip:151;[email protected];user=phone>;tag=4FFA2DD9248FE7799456F95533983128
  Call-ID: 92f65e8040e1453e85a09ef45bc27c18
  CSeq: 16063 SERVICE
  Via: SIP/2.0/TLS 10.1.15.1:61309;branch=z9hG4bK957FF7E7.C2D462B71F179899;branched=FALSE;ms-received-port=61309;ms-received-cid=AFA00
  Via: SIP/2.0/TLS 10.1.15.6:50244;branch=z9hG4bK488849d7;ms-received-port=50244;ms-received-cid=BC2600
  Content-Length: 0
  ms-diagnostics: 1003;reason="User does not exist";destination="151;[email protected]";source="sip.domain.com"
  ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=edge.domain.com;ms-source-verified-user=verified

  Hi,
  You need create a UM auto-attendant for each Lync Server dial plan with the following command:
  New-umautoattendant -name <auto attendant name> -umdialplan < name of dial plan created in step 1> -PilotIdentifierList <auto attendant phone number in E.164 format> -SpeechEnabled $true -Status
  Enabled
  You can refer to the link of “Configure Unified Messaging on Microsoft Exchange”:
  http://technet.microsoft.com/en-us/library/gg398129.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• No coexistence, Totally decom Lync 2010, then install Lync 2013

  I have went through decomming Lync 2010 Enterprise on prem with the desire to go to Lync 2013 Hosted Multi-Tenancy, using the same domain.
  So, as you can imagine doing this in a test env. (mirroring the prod env.) I have uninstalled Lync 2010, followed all best practices, made sure ADSI ref. were gone to Lync 2010 (to my knowledge).
  Now that I have uninstalled the last Lync 2010 boxes, Installed Lync 2013 on the first frontend server, fired up the setup and went through the topology builder wizards, and after filling out Edge server pools, etc, I have a topology showing Lync 2010 and
  2013. Is that correct? This is my first time installing 2013 Lync. Is Lync 2010 supposed to be showing in the topology? 
  Maybe this is normal for 2013, maybe this doesnt matter for me to continue. I'd just like to cleanly get rid of any 2013 references or leftovers. 
  Josh

  Hi,
  Agree with Anthony and Rodolfo.
  Here is Lync server 2013 topology (I didn't deploy Lync server 2010):
  What's more, please check if you remove all Lync server 2010 information from AD.
  If you meet error about remanent Lync information in AD, you can refer to the link of "Remove Lync from Active Directory":
  http://blog.armgasys.com/?p=320
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Issues with Hosted Exchange, UM and Lync 2013.

  Hello everyone!
  I am trying to deploy UM with Office 365 Hosted Exchange. We are using one Lync 2013 Standard Edition FE and have deployed one edge server. We have set up our firewall to host the Reverse Proxy.
  We do not use wildcard certs. External DNS resolves the _sipfederation and sip._tls SRV records to the external face of the edge server. The edge server functions as it should for remote users and mobility.
  I have tried to follow these instructions to the letter three times over to no avail.
  http://y0av.me/2014/01/07/lyncum365/
  Neither Snooper or Event Viewer show any particular issue, though when I try to dial out to voice mail I will get one to two rings and then 5 seconds of silence a fast busy, and finally "Call Unsuccessful".
  When checking the firewall logs I notice a seemingly random 10.x.x.x address being sent to the firewall by the external leg of the edge server. Wireshark captures it as STUN packets on port 3478 being sent to port 3478. These are being dropped by our firewall.
  I believe them to be RTP packets but I do not know if this is normal behavior. Has anyone any ideas?

  My mistake. Here is the snooper result.
  TL_INFO(TF_PROTOCOL) [edge\edge]0C4C.05E4::06/18/2014-15:43:34.153.0000000C (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265)) [3770767507]
  Trace-Correlation-Id: 3770767507
  Instance-Id: 2E5A
  Direction: incoming;source="external edge";destination="internal edge"
  Peer: exap.um.outlook.com:5061
  Message-Type: response
  Start-Line: SIP/2.0 488 Compression algorithm refused
  From: sip:sip.domain.net;tag=08FB9ED133BA396696FE6546EA6F3031
  To: sip:exap.um.outlook.com;tag=B8FFE4E9267ED6ECB78ADCC60126B53F
  Call-ID: 66602CE1F9980BFA94AD
  CSeq: 1 NEGOTIATE
  Via: SIP/2.0/TLS 10.11.11.23:50752;branch=z9hG4bK2132316E.5B3AF52DE2753A36;branched=FALSE;received=207.46.5.9;ms-received-port=50752;ms-received-cid=60172700
  Content-Length: 0
  Server: RTC/5.0
  TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000D (SIPStack,NegotiateLogic::SetCompressionType:NegotiateLogic.cpp(2701)) [559249495]( 00000079B1274FB8 ) Compression type is now CompOff
  TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000E (SIPStack,NegotiateLogic::ProcessCompressionResponse:NegotiateLogic.cpp(2217)) [559249495]( 00000079B1274FB8 ) Peer refused [488] our request for compression
  TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000F (SIPStack,NegotiateLogic::AdvanceOutboundNegotiation:NegotiateLogic.cpp(910)) [559249495]( 00000079B1274FB8 ) Outbound negotiation sequence is complete
  $$end_record
  And finally..
  TL_INFO(TF_PROTOCOL) [edge\edge0C4C.05E4::06/18/2014-15:43:49.379.0000002E (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265)) [962697980]
  Trace-Correlation-Id: 962697980
  Instance-Id: 2E61
  Direction: incoming;source="internal edge";destination="external edge"
  Peer: fe1.domain.net:61254
  Message-Type: request
  Start-Line: BYE sip:uminternal.um.prod.outlook.com:5066;transport=Tls;ms-fe=CO1PR02MB111.namprd02.prod.outlook.com SIP/2.0
  From: <sip:[email protected]>;tag=b736386270;epid=9bcee72318
  To: <sip:[email protected];opaque=app:voicemail>;tag=eced411395;epid=07C3F2A933
  Call-ID: 4266a095bdef8280d67c7e7df58446fc
  CSeq: 2 BYE
  Via: SIP/2.0/TLS 10.10.10.25:61254;branch=z9hG4bKC848F11A.A88BCA6858661A50;branched=FALSE
  Via: SIP/2.0/TLS 10.10.10.125:49156;ms-received-port=49156;ms-received-cid=401200
  Route: <sip:edge.domain.net:5061;transport=tls;opaque=state:Si;lr>
  Route: <sip:exap.um.outlook.com:5061;transport=tls;epid=07C3F2A933;lr;ms-key-info=AAEAARc45bIQE6UJAYvPAR8eV4QTvCH3EE2Kxtie7I2PMCSj-2aArKHP8dStYlJe-9jphIkz_mDEkCD_v8hY-mghQEHD6-F12E7E14YG-TJ2gEcQE0Bx2r_rDB3LrzRZzgQ0WVvxreLPWGI80elWF-xfbc_X3JE8mOR2OB9KQM8-e9WOjfq2kj6CnDGeL0yzgz4OB8zm-ao03Yo4gMZ-BpwaxC3BNuvvVDJo9wqrYftq_Z3MIVewWrqcDt5Td4vxCsMiXdwEqtEIRKVvQoqboleBJAyQl-C3qGgfEoSkUnApFuTSnQYRa4kbZ1iPaACpdKT-VTQGjc9HXfps48YJCsIXW0Ab_NSM2uvhUyw900men1ukXSmoZoWZbwqe5siuWVUcFoQl1h1Jcy4lCyZUfDZoqPzDioLqTk9iUmS8fa-PAJjsq72yGjVB_y1aJSxtHVsw7MiDqOGOPqT3dmF-sINkeyuokCy8UCf_cQHmEHwVzZLUJqaVccr3QNCLsBzhcWSypnC60ZZphOKuwl6RvUXWICPf0ubLTL2ppC3tWEgFdUUWOPVd84uGlMcqRLKGb1qrmpj8Nu6Lte7t5n2pMEBCfgAe79t4GO0C5KScdKT_XBM1iIBRXdNkPKHfSgC-wPQgRikdw7vRD-hOWlN5Lay7-zkQ4Ag6rauszFTAwbft99OieAOxKIsgYcxXxcG6;ms-route-sig=fiEMuzbN4_PyEz_I5gG3g8FtqNAonwgZCoRnOq-ByfYEtywTZp-Hk_eAAA>
  Max-Forwards: 69
  Content-Length: 0
  ms-client-diagnostics: 22; reason="Call failed to establish due to a media connectivity failure when both endpoints are internal";CallerMediaDebug="audio:ICEWarn=0x40003a0,LocalSite=10.10.10.125:6735,LocalMR=10.11.11.23:51430,RemoteSite=10.27.46.15:5286,RemoteMR=207.46.5.80:54106,PortRange=1025:65000,LocalMRTCPPort=51430,RemoteMRTCPPort=54106,LocalLocation=2,RemoteLocation=2,FederationType=0"
  $$end_record

• Lync 2013 Multi-tenant Hosting Pack third-party solutions available for features listed as "Via Thirdparty"

  Hi,
  Who are all the third party vendors that can integrate with Lync 2013 Multi-tenant hosting pack V2  features that are supported Via 3rd party.
  1) Call park
  2) Outgoing DID manipulation
  3) E-911
  3) Dialplans & Policies
  4) Support for Analog devices (e.g. FAX)
  5) Response groups
  6) Network QoS - DSCP
  7) Phone number management
  8) IM/P & Voice with Skype. 
  9)Inteoperability with on-premises video conferencing systems
  Regards,
  SR

  Hi,
  Base on my understanding, as it is the Mutli-Tenant environment, in internal DNS server, there is no need to add the DNS A record
  lyncdiscoverinternal. However, you can try to add the DNS record in internal DNS server to test the issue as well.
  Also, please make sure you have updated both Lync Server 2013 and Exchange 2013 to the latest version. If not, update it and then test again.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync 2013 Server / Roles & Components

  Lync
  2013 Server / Roles & Components 
  Front End
  User authentication and registration
  Presence information and contact card exchange
  Address book services and distribution list expansion
  IM functionality, including multiparty IM conferences
  Web conferencing, PSTN Dial-in conferencing and A/V conferencing (if deployed)
  Application hosting, for both applications included with Lync Server (for example, Conferencing Attendant and Response Group application), and third-party applications
  Primary store for user and conference data.  Information about each user is replicated among Front End Servers in the pool
  Optionally, Monitoring, to collect usage information in the form of call detail records (CDRs) and call error records (CERs). This information provides metrics about the quality of the media (audio and video) traversing your network for both Enterprise
  Voice calls and A/V conferences.
  Web components to supported web-based tasks such as web scheduler and join launcher.
  One Front End pool runs the Central Management Server DB, which manages and deploys basic configuration data to all servers running Lync
  Optionally, Archiving, to archive IM communications and meeting content for compliance reasons.
  Optionally, if Persistent chat is enabled, Persistent Chat Web Services for Chat Room Management and Persistent Chat Web Services for File Upload/Download.
  Back End
  Database server running Microsoft SQL Server
  Provide the DB services for the Front End pool
  Acts as backup store for the pool’s user and conference data
  Primary stores for other DB’s like Response Group
  High Availability for the BE DB is provided via SQL Mirroring
  Optional Witness to enable automatic failover for BE
  SQL Sever 2008 R2 or higher required for SQL Mirroring
  Edge Server
  Enable users to communicate and collaborate with users outside the organization’s firewall
  Comprises four separate server roles
  Access Edge – Acts as a secure proxy for all remote Lync signaling traffic
  Remote Access
  Federation
  Public IM Connectivity (PIC)
  Web Conferencing Edge – Enable remote users to participate in Web conferences with internal or remote workers
  A/V Edge – Responsible for secure relay of A/V media among internal, external, and federated contacts
  XMPP Gateway – Allows IM/P with XMPP federated contacts
  Reverse Proxy
  Simple URL Publishing – Required for users to join Lync meetings
  Web Conferencing Content – Users download meeting content (PowerPoint, Whiteboard, and Poll data) via Lync Web Services when in meeting
  Address Book & Distribution List Expansion – Required for users to download Lync Address Book and perform DL expansion
  User Certificates – Provides client certificate authentication via Lync Web Services
  Device Updates – Provides software updates to Lync IP endpoints
  Mobility – Provides connectivity for mobile clients via Lync Web Services
  Mediation Server
  Translates signaling and media between Lync Server and PSTN, IP-PBX, or SIP Trunk
  Can be co-located on Front End or separated as stand-alone Server dependent on call volume
  Role facilitates dial-in conferencing
  Capacity
  Co-located = 150 Concurrent Calls
  Standalone =  1100 Concurrent Calls
  Persistent Chat
  Enable users to participate in multiparty, topic-based conversations that persist over time
  Pchat Front End server role runs persistent chat service
  Pchat Back End server stores chat content and compliance events
  Geographic DR is provided via stretched pool and SQL log shipping to replicate DB info
  150k provisioned users / 80k concurrent users
  Archiving
  Uses SQL Server 2008 R2 or SQL Server 2012 for DB
  Capable of archiving the following:   
  Peer-to-peer IM
  Multiparty IM
  Web Conferences, including uploaded content and events
  A/V for peer-to-peer IM and web conferences
  Web conferencing annotations and polls
  Monitoring
  Agent that runs on each Front End Server that collects and manages information from the Front End and Mediation Servers
  Stored on SQL Server DB
  Leverages SQL Server Reporting Services for creation of reports related to call quality and metrics
  Office Web Apps Server
  External server leveraged for rendering PowerPoint slides within the Lync client and Lync Web App
  Typically leveraged within SharePoint deployments to deliver browser-based versions of Microsoft Office applications
  System Center Ops Mgr
  Health configuration in Lync Server 2013 is built around System Center Operations Manager and the use of Lync Server Management Packs. These Management Packs include a number of new features and enhancements, including:
  Feature
  Description
  Synthetic Transactions
  Windows PowerShell cmdlets that can be run from various locations to ensure that end user scenarios such as sign-in, presence, IM, and conferencing are readily available to end users.
  Call Reliability Alerts
  Database queries for Call Detail Records (CDR). These records are written by Front End Servers to reflect whether end users were able to connect to a call or why a call was terminated. These queries result in alerts that indicate when a wide range of end
  users are experiencing connectivity issues for peer-to-peer calls or basic conferencing functionality.
  Media Quality Alerts
  Database queries that look at Quality of Experience (QoE) reports published by clients at the end of each call. These queries result in alerts that pinpoint scenarios where users are likely to be experiencing poor media quality during calls and conferences.
  The data is built upon key metrics such as packet latency and loss, metrics that are known to directly contribute to call quality.
  Component Health
  Individual server components raise alerts by using event logs and performance counters. These alerts indicate failure conditions that can severely impact one or more end user scenarios. These alerts can also indicate a variety of other failure conditions,
  including services not running, high failure rates, high message latency, or connectivity issues.
  Dependency Health
  Failures can occur for a variety of external reasons. The management packs now monitor and collect data for some of the critical external dependencies that might indicate severe issues, including IIS availability, CPU and memory usage of servers and processes,
  and disk metrics.
  Exchange UM
  http://www.contactcenterarchitects.com/lync-2013-server-roles-components/

  Hi,
  Thank you for sharing the information. It is useful for others who not understand Lync Server Roles and Components. You time and effort are appreciated.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Office web Apps server Lync 2013 Certificate

  Hi,
   I'll be installing Office web app (OWA) server with Lync 2013 std edition. External users access is disabled but federation is enabled, mean OWA will be exposed to internet as wabweb.contoso.com, the interal host name of OWA server is owa.contoso.local
  Does the certificate on the on OWA server need to have owa.contoso.local and certificate principle name and wabweb.contoso.com as SAN? or only owa.contoso.local is enough?

  It really depends on how you publish the server to the internet. You have some options. If you are publishing this via a reverse proxy, internally you would have a private cert with .local on it and the public name on the reverse proxy.  If you are
  punching a firewall hole/NAT directly to the server your best option is to use a public cert on that server directly.
  That all said, personally I like to make both the internal and external farm URL the same, and use a public cert on the server (if no reverse proxy is in play).  So I would actually enter the OWAS Farm as wabweb.contoso.com in topology builder, than
  when creating the farm via PowerShell make that both the internal and external URL and get a certificate with a single name on it of wabweb.contoso.com.
  Richard
  Richard Brynteson, Lync MVP | http://masteringlync.com | http://lyncvalidator.com

• Lync 2013 Enterprise load balancing on the front end and edge pool

  Hi,
  I am setting up a Lync 2013 Enterprise deployment consisting of a Front End pool (x2 FE servers) and an Edge pool (x2 Edge servers).  I'm seeing some conflicting advice regarding load balancing using hardware or DNS for the front end and the edge.
  On the front end I have 2 internal DNS records 'lyncfepool1.contoso.local' each of which map to one of the IPs of the FE servers.  I've used my details to populate the Detailed Design Planner excel spreadsheet and am told that I require a HLB to load
  balance my front end pool.  I'm aware of the need to load balance HTTPS traffic internally (which will be done by TMG) however other traffic to the front end (SIP, etc) can be balanced by DNS only, and not require a HLB?
  Can someone clarify the front end requirement?
  Also - looking now at the edge pool - this site again have two edge servers in a pool.  We are using a total of six private IP addresses, two per edge service (2 x av.contoso.com, 2 x sip.contoso.com and 2 x webcon.contoso.com).  These will be
  NAT'ed by the external firewall and directed to the respective external (DMZ) IP addresses on the Edge servers on port 443.  I know this isn't true roundrobin due to the intelligence of the Lync client when connecting (in that the Lync client will connect
  to one of the public IPs and if it can't connect, it will know to connect to the other service IP), however I want to clarify this set up, particularly the need to direct the external public IP traffic at the DMZ Edge IP specified in the topology builder.
  I've attached a basic diagram of the external/DMZ/Edge side which hopefully helps with this question
  Persevere, Persevere, Per..

  That is because you will always need HLB for a front-end server since it hosts the Lync webservices which use HTTP/HTTPS traffic.
  The description on the calculation tool also describes this correctly:
  Supports Standard and Enterprise pools (up to 12 nodes), with pure device-based load balancing or a combination of DNS load balancing and device-based load balancing (for
  Lync web services)
  You can use either Hardware or DNS loadbalancing for SIP traffic only, but you will always need a HLB for the webservices.  Both are applicable for the Front-End so you have either
  full HLB for both SIP and HTTP(S) traffic
  DNS LB for SIP traffic and HLB for HTTP(S) traffic
  Hope this is more clear :-)
  Lync Server MVP | MCITP Lync Server 2010 | If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.