Lync 2013 Hosting
Hi,
I want to host a lync 2013 server for my external clients and users. What would be the considerations, and requirements and server roles to host a server?
My requirement is Web scheduling, meetings. Sharing, Text chats only for external users.
Now we have a local domain testdomain.local using Active Directory.
One live domain which is mydomain.com
Please suggest me the solution for Lync 2013 Hosting for external users.
Thanks
yes as Thamara said you have to install the Edge Role in order to login Externally.
check this for installing Edge server
http://social.technet.microsoft.com/wiki/contents/articles/16931.installing-lync-2013-edge-server.aspx
http://www.orcsweb.com/blog/cory-granata/installing-lync-2013-edge-server/
For installing Reverse proxy
http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
http://jaapwesselius.com/2014/03/16/using-arr-for-reverse-proxy-with-lync-2013/
SAN
Certificate Requirements
check
for SAN certificate requirements for External access
https://technet.microsoft.com/en-us/library/gg398094.aspx
you required this names to be included in your san certificate
SN = sip.domain.com
SAN = meet.domain.com
SAN= admin.domain.com
SAN= dialin.domain.com
DNS
Records which needs to be created.
check
this for creating External DNS records.
https://technet.microsoft.com/en-us/library/gg398758.aspx
Check
this for adding Routable domain to Lync
http://blog.ucitsimple.com/2011/10/04/adding-new-sip-domains-to-lync/
For
detailed explanation check this great detailed blog how the Dns works for Internal domain and external domain. If your internal domain is different than external Domain
http://msunified.net/2013/08/07/lync-client-sign-in-and-dns-records-recommendations/
Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.
Similar Messages
-
Lync 2013 Hosting Pack v2 Skype integration
I have a Lync 2013 Hosting deployment. Hosting Pack v2 supports public IM with Skype, but in the guide the setup steps are missing. I configured the Federation
(federated provider ect.) like an on premise deployment and enabled Public IM connectivity on the Tenant:
Identity
: Global
AllowedDomains
: Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowList
BlockedDomains
AllowFederatedUsers : True
AllowPublicUsers
: True
SharedSipAddressSpace : False
When I add a skype user to my buddy list, I cannot see the presence and in the Lync Front End Logs I get the following failure that the domain is not part of the tenant allow list.
Message-Body: <reportError xmlns="http://schemas.microsoft.com/2006/09/sip/error-reporting"><error toUri="sip:***[email protected]"
callId="c46a551b0e28439482edd9f3cbbc4a78" fromTag="eeef2d866f" toTag="F89423B3CF5DDBEF396B7A8FD53211EF" contentType="application/sdp;call-type=im" responseCode="403" requestType="INVITE"><diagHeader>27000;reason="To-Uri
Domain is not in the sender-tenant allow list";source="FRONTEND.DOMAIN.COM";appName="OutgoingFederation";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="Yes";ConversationInitiatedBy="6";SourceNetwork="5";RemotePartyCanDoIM="Yes"</diagHeader><progressReports/></error></reportError>$$end_record
What can I do to enable public connectivity on the tenant without adding the skype Domain (could be any Live ID) to the tenant allow list?
GreetingsDid you provision Skype Federation for the specific domain?
https://pic.lync.com/provision
Download Provisioning Guide for Lync-Skype Connectivity
http://www.pro-lync.be/blogs/lync2013/archive/2013/05/31/download-provisioning-guide-for-lync-skype-connectivity.aspx
Howto enable audio between Lync & Skype (What the Skype provisioning guide
is not telling you)
http://www.pro-lync.be/blogs/lync2013/archive/2013/06/06/howto-enable-audio-between-lync-amp-skype-what-the-skype-provisioning-guide-is-not-telling-you.aspx
- Belgian Unified Communications Community : http://www.pro-lync.be - MCM/MVP/MCT -
Lync 2013 hosting pack - CU July 2013 Support
Does the Lync 2013 Hosting Pack support the cumulative update of July?
What are the known issues?My experience was running the LyncServerUpdateInstaller and run Install-CsDatabase on the servers. I haven't had it break mobility though.
With that in mind so far you only do that when you first install it because there hasn't been any further updates to Lync 2013 Hosting since it was released.
I have a ticket opened right now about the bad documentation on the deployment guide. My simple url wasn't working because the document says to provide -Tenant $GUID for the meeting URL but it didn't work 100%. However it worked sometimes!!
The Microsoft tech pointed me to a guys blog (yes thats right.. a non-microsoft blog) that shows to drop the -Tenant $GUID from the meeting URL but make sure you keep the -Tenant $GUID for the dialin url.
I basically wined and told them I wanted the 100% right way to do it. I wanted them to tell me either the deployment guide was wrong or there was a bug. Two weeks and no reply yet and they just update to say "They are still looking into it"
Not to mention when I opened the ticket they tried saying "Well this is still a new product". I said its been out for almost a freakin year and its not a NEW product. -
Lync 2013 Hosting Pack - cannot join external non federated meetings anonymously with desktop client
Hello,
I Have a setup of LHP 2013. We have been testing federation and connections to external on-premises meetings.
Right now users with lync desktop client (2013 and patched) cannot connect to external 3rd party meetings without using the ?SL=1 and using the Wep App.
Desktop Client gives error on log file:
ms-user-logon-data: RemoteUser
Authentication-Info: TLS-DSK qop="auth", opaque="58FBAFA0", srand="0B8651AD", snum="15", rspauth="b63e033e6376b48ec973718f7369e3b90b0d75ba", targetname="lyncfe2.hoster.fi", realm="SIP Communications
Service", version=4
Content-Length: 0
Via: SIP/2.0/TLS 172.20.10.7:49680;received="public.ip";ms-received-port=55863;ms-received-cid=48400
From: "cloud.testuser"<sip:[email protected]>;tag=8f59b0fb81;epid=c7d2e31185
To: <sip:[email protected];gruu;opaque=app:conf:focus:id:5P20J0SK>;tag=C258840F87FD8713D4ADE01307F32C5B
Call-ID: 386e091eb7794fb286b858984349fccd
CSeq: 1 INVITE
ms-diagnostics: 27000;reason="To-Uri Domain is not in the sender-tenant allow list";source="LYNCFE2.hoster.fi";appName="OutgoingFederation"
Server: OutgoingFederation/5.0.0.0
From some old post I have read that was a bug in Lync client that did not allow fail-back to anonymous login with non-federated lync organization, but this has been fixed long ago.
If I do setup a federation beetween the organizations the meetings connect ok.
Thanks for help!
BR, JouniHi Johan,
Lync client in test has been fully updated.
I Think I found what was causing this. In my tests, I added and removed domains from allowed and blocked domains list, in tenant config.
First after tenant organization has been provisioned the AllowedDomains looks like this:
Get-CsTenantFederationConfiguration -Tenant 10828ff2-165d-440f-9c00-6ce374ff0c6d
Identity : Global
AllowedDomains : Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowAllKnownDomains
BlockedDomains : {}
AllowFederatedUsers : True
AllowPublicUsers : True
SharedSipAddressSpace : False
And joining to non-federated meetings works correctly.
After fiddling with the allowed and blocked domains settings (adding and removing domains) settings look like this:
Identity : Global
AllowedDomains : Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowList
BlockedDomains : {}
AllowFederatedUsers : True
AllowPublicUsers : True
SharedSipAddressSpace : False
When I check what the "AllowList" keeps in, it is empty as it should:
$tenant = Get-CsTenant | Where-Object {$_.Name -eq "tenantname"}
$x = Get-CsTenantFederationConfiguration -Tenant $tenant.TenantId
$x.AllowedDomains
AllowedDomain : {}
If I set the AllowedDomain backup to original form meeting connections begin to work.
$all = New-CsEdgeAllowAllKnownDomains
Set-CsTenantFederationConfiguration -Tenant 10828ff2-165d-440f-9c00-6ce374ff0c6d -AllowedDomains $all
But now im just not very sure how I should setup the federation settings as per tenant/ExternalAccesspolicy/AccessEdgeConfiguration.. hmm..
BR, Jouni -
Lync 2013 Hosting pack tenant meet url returns 404
Hi all,
I have a 2 problems in the Hosting pack:
1. Meet urls are correctly generated for tenants (IE https://meet.hoster.com/tenantdomain/user/confID) but they return a 404 when browsing to the meeting from a browser
2. Office web apps presentations just never work. It just says that it cannot connect to the presentation server.
For problem 1, what I tried was:
1. Set Set-Cssimpleconfiguration -UseBackendDatabase $True -Tenant <TenantID>
2. Tried repairing the IIS Rewrite module as per http://social.technet.microsoft.com/Forums/lync/en-US/e1fbdaa9-0961-4171-ab51-91b8d37432de/action?threadDisplayName=lync-meetings-not-available-404-for-every-url
3. Made sure all my domain maps are correct
4. All certs seem 100% fine.
What is weird is:
https://dialin.hoster.com/dialin - works
https://meet.hoster.com/meet - works (Default cannot join the meeting page)
https://meet.hoster.com/tenantdomain/tenantuser/confid - Does not work
Any help will be greatly appreciated.
\\Tjopsta// http://www.tjopsta.netHi,
For first question, try the following steps:
Remove IIS URL Rewrite Module 2 in Control Panel.
Run Step 2: Setup or Remove Lync Server Components with Lync Server Deployment Wizard.
For second question, check if you can access Office Web Apps Server discovery URL via browser.
Check if you associate Office Web Apps Server with Front End pool.
Regards,
Lisa Zheng
Lisa Zheng
TechNet Community Support -
Lync 2013 Multitenant hosting meeting URL
I have a Lync 2013 multitenant hosting environment. Lync Meeting Add-in for Microsoft Outlook 2013 closes itself a split second after it opens, no
error, no pop-up, and no message to say what’s going on. Yet within the Lync client, I can still start an ad-hoc meeting (“Meet Now”), But the
Meeting Entry Info URL looks like this conf:sip:bongani@......... Instead of a norma https link. I also have the event below on the Lync server event
viewer. but the meeting URL are configured in the format https://meet.hosterdomain.co.za/tenantdomain.co.za
Event ID 32148 – LS User Service
A user tried to create a conference with no Simple URL of type Meet available. This configuration will not work for scheduled conferences. Ad-hoc
conferences may be created but join functionality will be impaired.
And if I do a Set-CsSimpleUrlConfiguration -UseBackEndDatabase $false as recommended. I get the following when I run enable-cscomputer.
WARNING: No patterns found. Skipping rewrite rules creation for Meet simple URLs.
WARNING: No patterns found. Skipping rewrite rule creation for dial-in conferencing.
WARNING: No patterns found. Skipping rewrite rule creation for Web Scheduler.
WARNING: No patterns found. Skipping rewrite rule creation for dial-in conferencing.
WARNING: No patterns found. Skipping rewrite rule creation for Web Scheduler.
WARNING: "Enable-CsComputer" processing has completed with warnings. "5" warnings were recorded during this run.
WARNING: Detailed results can be found at "C:\Users\xxx\AppData\Local\Temp\Enable-CsComputer-26374787-f6b5-4a07-b8f4-7bd819d3ffc3.html".
I tried following http://www.lyncexch.co.uk/lync-2013-hosting-pack-tenant-meet-dialin-urls/ but the URL doesnt change.
Not sure if all these are related or what needs to be corrected please assist.For Event ID 32148 – LS User Service, you can refer below links
http://www.lyncexch.co.uk/lync-2013-hosting-pack-tenant-meet-dialin-urls/
http://www.lyncexch.co.uk/2014/02/
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical | Twitter:
Mai Ali -
In post http://social.technet.microsoft.com/Forums/lync/en-US/8a22eed7-cc63-4f9e-b422-3c5a57fb32b0/lync-2013-multitenant-pack-and-lync-2010?forum=lyncdeploy , which was already answered, the answer is no, you cannot migrate from 2010 on-prem. to lync 2013
hosted pack.
Trying to get my head around #1 -why, and #2 -what other alternatives are available.
Lisa answered that there can only be 1 CMS per forest. Is it one CMS per forest, or
one CMS per front end pool in a forest? Meaning you can have different CMS pools. If that were true, we could migrate users to a different front end pool in a coexistence scenario between 2010 on-prem to 2013 hosted pack.
Has anyone done this?
This is tough. I guess a cutover then from 2010 to 2013 multitenant hosted pack would be what?
1. Uninstall 2010, decommission users, decom environment/servers.
2. Fresh install in same AD environment of 2013 hosted pack.
That's tough for our users to make such a transition and have potentially days of downtime.
Is there no other way to do this?
JoshIt is one CMS per forest.
There is no official guide to move from Microsoft Lync Server to Microsoft Lync Server Multitenant Hosting Pack.
This topic has been discussed several times before:
http://social.technet.microsoft.com/Forums/lync/en-US/9d438b55-ec53-478a-9247-6d355abedb78/started-installing-lync-2010-enterprise-discovered-multitenant-hosting-pack-do-i-need-to-uninstall?forum=ocsplanningdeployment
http://social.technet.microsoft.com/Forums/lync/en-US/ad0b77ca-d47e-457b-8f77-33f84409a119/schema-update-lync-hosting-pack?forum=ocsplanningdeployment
Lisa Zheng
TechNet Community Support -
Lync 2013 certificate requirements for multiple SIP domains
Hi All,
I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
Friendly URL option 3 from this page:
http://technet.microsoft.com/en-us/library/gg398287.aspx
Client auto-configuration:
i.
Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
ii.
Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
iii.
Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
HTTPS.
If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
Many thanks,Many thanks for the response.
I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
http://technet.microsoft.com/en-us/library/gg398287.aspx
What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
http://technet.microsoft.com/en-gb/library/hh690030.aspx
Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
to an address of director.contoso.net is not supported over HTTPS.
In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
rule for port 80 (HTTP).
For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
domain.”
I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
As per the below article:
http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
“The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field. This is no longer a requirement (it was in OCS) as it is possible to
create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net).
This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
the same domain namespace. Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
===================
1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
fall under the XXX umbrella but are very much run as individual entities.
Question:
Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
Thanks. -
Exchange AA transfer to extension to Lync 2013
I'm having issues getting the Exchange AA to transfer to extensions when using key mapping. Basically you can say a person's name and it will transfer to their extension just fine but not with the key mapping.
We are using Exchange 2010 SP3 RU4 with Lync 2013 Hosting Pack.
I found the issue but not sure how to go about resolving it.
Lync User: [email protected]
Lync Extension: +15554443333;ext=151
Exchange Extension: 151
Dial plan in Lync 2013 will convert 3-digit numbers to: +15554443333;ext=$1 for these users
Each company has their own dial plan. This particular dial plan in Lync translates the 3-digit to the full number. The problem is the transfer from Exchange AA to Lync doesn't seem to use the user's dial plan. I also cannot put a translation on the Exchange
side to do this type of format: +15554443333;ext=$1
It looks like with the key mapping it is trying to transfer to this:
REFER-TO: <sip:151;[email protected];user=phone>
P-ASSERTED-IDENTITY: <sip:[email protected]>
But of course that doesn't exist. The SIP for this user is sip:[email protected]
I ran the Lync Debugging utility and saw this:
ms-diagnostics: 14011;reason="Called Number translated";source="LYNCFE0101.COMPSYSCLOUD.COM";RuleName="Keep All";CalledNumber="151";TranslatedNumber="151";appName="TranslationService"
Start-Line: SIP/2.0 403 Forbidden
From: <sip:[email protected];user=phone>;epid=786443AA96;tag=61bfdb74d3
To: <sip:151;[email protected];user=phone>;tag=7C193436618B4C0FD1DD5B0D9EA788A5
Call-ID: d71f8c3b-0b1e-45c5-b917-0bb71ab9e240
CSeq: 16062 INVITE
Via: SIP/2.0/TLS 10.1.15.6:50244;branch=z9hG4bKf79f7414;ms-received-port=50244;ms-received-cid=BC2600
Content-Length: 0
ms-diagnostics: 12004;reason="The user is not authorized to call the specified number or none of the
routes have a valid gateway configured.";source="LYNCFE0101.DOMAIN.COM";appName="OutboundRouting"
To: <sip:151;[email protected];user=phone>;tag=4FFA2DD9248FE7799456F95533983128
Call-ID: 92f65e8040e1453e85a09ef45bc27c18
CSeq: 16063 SERVICE
Via: SIP/2.0/TLS 10.1.15.1:61309;branch=z9hG4bK957FF7E7.C2D462B71F179899;branched=FALSE;ms-received-port=61309;ms-received-cid=AFA00
Via: SIP/2.0/TLS 10.1.15.6:50244;branch=z9hG4bK488849d7;ms-received-port=50244;ms-received-cid=BC2600
Content-Length: 0
ms-diagnostics: 1003;reason="User does not exist";destination="151;[email protected]";source="sip.domain.com"
ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=edge.domain.com;ms-source-verified-user=verifiedHi,
You need create a UM auto-attendant for each Lync Server dial plan with the following command:
New-umautoattendant -name <auto attendant name> -umdialplan < name of dial plan created in step 1> -PilotIdentifierList <auto attendant phone number in E.164 format> -SpeechEnabled $true -Status
Enabled
You can refer to the link of “Configure Unified Messaging on Microsoft Exchange”:
http://technet.microsoft.com/en-us/library/gg398129.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
No coexistence, Totally decom Lync 2010, then install Lync 2013
I have went through decomming Lync 2010 Enterprise on prem with the desire to go to Lync 2013 Hosted Multi-Tenancy, using the same domain.
So, as you can imagine doing this in a test env. (mirroring the prod env.) I have uninstalled Lync 2010, followed all best practices, made sure ADSI ref. were gone to Lync 2010 (to my knowledge).
Now that I have uninstalled the last Lync 2010 boxes, Installed Lync 2013 on the first frontend server, fired up the setup and went through the topology builder wizards, and after filling out Edge server pools, etc, I have a topology showing Lync 2010 and
2013. Is that correct? This is my first time installing 2013 Lync. Is Lync 2010 supposed to be showing in the topology?
Maybe this is normal for 2013, maybe this doesnt matter for me to continue. I'd just like to cleanly get rid of any 2013 references or leftovers.
JoshHi,
Agree with Anthony and Rodolfo.
Here is Lync server 2013 topology (I didn't deploy Lync server 2010):
What's more, please check if you remove all Lync server 2010 information from AD.
If you meet error about remanent Lync information in AD, you can refer to the link of "Remove Lync from Active Directory":
http://blog.armgasys.com/?p=320
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Issues with Hosted Exchange, UM and Lync 2013.
Hello everyone!
I am trying to deploy UM with Office 365 Hosted Exchange. We are using one Lync 2013 Standard Edition FE and have deployed one edge server. We have set up our firewall to host the Reverse Proxy.
We do not use wildcard certs. External DNS resolves the _sipfederation and sip._tls SRV records to the external face of the edge server. The edge server functions as it should for remote users and mobility.
I have tried to follow these instructions to the letter three times over to no avail.
http://y0av.me/2014/01/07/lyncum365/
Neither Snooper or Event Viewer show any particular issue, though when I try to dial out to voice mail I will get one to two rings and then 5 seconds of silence a fast busy, and finally "Call Unsuccessful".
When checking the firewall logs I notice a seemingly random 10.x.x.x address being sent to the firewall by the external leg of the edge server. Wireshark captures it as STUN packets on port 3478 being sent to port 3478. These are being dropped by our firewall.
I believe them to be RTP packets but I do not know if this is normal behavior. Has anyone any ideas?My mistake. Here is the snooper result.
TL_INFO(TF_PROTOCOL) [edge\edge]0C4C.05E4::06/18/2014-15:43:34.153.0000000C (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265)) [3770767507]
Trace-Correlation-Id: 3770767507
Instance-Id: 2E5A
Direction: incoming;source="external edge";destination="internal edge"
Peer: exap.um.outlook.com:5061
Message-Type: response
Start-Line: SIP/2.0 488 Compression algorithm refused
From: sip:sip.domain.net;tag=08FB9ED133BA396696FE6546EA6F3031
To: sip:exap.um.outlook.com;tag=B8FFE4E9267ED6ECB78ADCC60126B53F
Call-ID: 66602CE1F9980BFA94AD
CSeq: 1 NEGOTIATE
Via: SIP/2.0/TLS 10.11.11.23:50752;branch=z9hG4bK2132316E.5B3AF52DE2753A36;branched=FALSE;received=207.46.5.9;ms-received-port=50752;ms-received-cid=60172700
Content-Length: 0
Server: RTC/5.0
TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000D (SIPStack,NegotiateLogic::SetCompressionType:NegotiateLogic.cpp(2701)) [559249495]( 00000079B1274FB8 ) Compression type is now CompOff
TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000E (SIPStack,NegotiateLogic::ProcessCompressionResponse:NegotiateLogic.cpp(2217)) [559249495]( 00000079B1274FB8 ) Peer refused [488] our request for compression
TL_INFO(TF_NETWORK) [edge\edge]0C4C.05E4: :06/18/2014-15:43:34.153.0000000F (SIPStack,NegotiateLogic::AdvanceOutboundNegotiation:NegotiateLogic.cpp(910)) [559249495]( 00000079B1274FB8 ) Outbound negotiation sequence is complete
$$end_record
And finally..
TL_INFO(TF_PROTOCOL) [edge\edge0C4C.05E4::06/18/2014-15:43:49.379.0000002E (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265)) [962697980]
Trace-Correlation-Id: 962697980
Instance-Id: 2E61
Direction: incoming;source="internal edge";destination="external edge"
Peer: fe1.domain.net:61254
Message-Type: request
Start-Line: BYE sip:uminternal.um.prod.outlook.com:5066;transport=Tls;ms-fe=CO1PR02MB111.namprd02.prod.outlook.com SIP/2.0
From: <sip:[email protected]>;tag=b736386270;epid=9bcee72318
To: <sip:[email protected];opaque=app:voicemail>;tag=eced411395;epid=07C3F2A933
Call-ID: 4266a095bdef8280d67c7e7df58446fc
CSeq: 2 BYE
Via: SIP/2.0/TLS 10.10.10.25:61254;branch=z9hG4bKC848F11A.A88BCA6858661A50;branched=FALSE
Via: SIP/2.0/TLS 10.10.10.125:49156;ms-received-port=49156;ms-received-cid=401200
Route: <sip:edge.domain.net:5061;transport=tls;opaque=state:Si;lr>
Route: <sip:exap.um.outlook.com:5061;transport=tls;epid=07C3F2A933;lr;ms-key-info=AAEAARc45bIQE6UJAYvPAR8eV4QTvCH3EE2Kxtie7I2PMCSj-2aArKHP8dStYlJe-9jphIkz_mDEkCD_v8hY-mghQEHD6-F12E7E14YG-TJ2gEcQE0Bx2r_rDB3LrzRZzgQ0WVvxreLPWGI80elWF-xfbc_X3JE8mOR2OB9KQM8-e9WOjfq2kj6CnDGeL0yzgz4OB8zm-ao03Yo4gMZ-BpwaxC3BNuvvVDJo9wqrYftq_Z3MIVewWrqcDt5Td4vxCsMiXdwEqtEIRKVvQoqboleBJAyQl-C3qGgfEoSkUnApFuTSnQYRa4kbZ1iPaACpdKT-VTQGjc9HXfps48YJCsIXW0Ab_NSM2uvhUyw900men1ukXSmoZoWZbwqe5siuWVUcFoQl1h1Jcy4lCyZUfDZoqPzDioLqTk9iUmS8fa-PAJjsq72yGjVB_y1aJSxtHVsw7MiDqOGOPqT3dmF-sINkeyuokCy8UCf_cQHmEHwVzZLUJqaVccr3QNCLsBzhcWSypnC60ZZphOKuwl6RvUXWICPf0ubLTL2ppC3tWEgFdUUWOPVd84uGlMcqRLKGb1qrmpj8Nu6Lte7t5n2pMEBCfgAe79t4GO0C5KScdKT_XBM1iIBRXdNkPKHfSgC-wPQgRikdw7vRD-hOWlN5Lay7-zkQ4Ag6rauszFTAwbft99OieAOxKIsgYcxXxcG6;ms-route-sig=fiEMuzbN4_PyEz_I5gG3g8FtqNAonwgZCoRnOq-ByfYEtywTZp-Hk_eAAA>
Max-Forwards: 69
Content-Length: 0
ms-client-diagnostics: 22; reason="Call failed to establish due to a media connectivity failure when both endpoints are internal";CallerMediaDebug="audio:ICEWarn=0x40003a0,LocalSite=10.10.10.125:6735,LocalMR=10.11.11.23:51430,RemoteSite=10.27.46.15:5286,RemoteMR=207.46.5.80:54106,PortRange=1025:65000,LocalMRTCPPort=51430,RemoteMRTCPPort=54106,LocalLocation=2,RemoteLocation=2,FederationType=0"
$$end_record -
Hi,
Who are all the third party vendors that can integrate with Lync 2013 Multi-tenant hosting pack V2 features that are supported Via 3rd party.
1) Call park
2) Outgoing DID manipulation
3) E-911
3) Dialplans & Policies
4) Support for Analog devices (e.g. FAX)
5) Response groups
6) Network QoS - DSCP
7) Phone number management
8) IM/P & Voice with Skype.
9)Inteoperability with on-premises video conferencing systems
Regards,
SRHi,
Base on my understanding, as it is the Mutli-Tenant environment, in internal DNS server, there is no need to add the DNS A record
lyncdiscoverinternal. However, you can try to add the DNS record in internal DNS server to test the issue as well.
Also, please make sure you have updated both Lync Server 2013 and Exchange 2013 to the latest version. If not, update it and then test again.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Lync 2013 Server / Roles & Components
Lync
2013 Server / Roles & Components
Front End
User authentication and registration
Presence information and contact card exchange
Address book services and distribution list expansion
IM functionality, including multiparty IM conferences
Web conferencing, PSTN Dial-in conferencing and A/V conferencing (if deployed)
Application hosting, for both applications included with Lync Server (for example, Conferencing Attendant and Response Group application), and third-party applications
Primary store for user and conference data. Information about each user is replicated among Front End Servers in the pool
Optionally, Monitoring, to collect usage information in the form of call detail records (CDRs) and call error records (CERs). This information provides metrics about the quality of the media (audio and video) traversing your network for both Enterprise
Voice calls and A/V conferences.
Web components to supported web-based tasks such as web scheduler and join launcher.
One Front End pool runs the Central Management Server DB, which manages and deploys basic configuration data to all servers running Lync
Optionally, Archiving, to archive IM communications and meeting content for compliance reasons.
Optionally, if Persistent chat is enabled, Persistent Chat Web Services for Chat Room Management and Persistent Chat Web Services for File Upload/Download.
Back End
Database server running Microsoft SQL Server
Provide the DB services for the Front End pool
Acts as backup store for the pool’s user and conference data
Primary stores for other DB’s like Response Group
High Availability for the BE DB is provided via SQL Mirroring
Optional Witness to enable automatic failover for BE
SQL Sever 2008 R2 or higher required for SQL Mirroring
Edge Server
Enable users to communicate and collaborate with users outside the organization’s firewall
Comprises four separate server roles
Access Edge – Acts as a secure proxy for all remote Lync signaling traffic
Remote Access
Federation
Public IM Connectivity (PIC)
Web Conferencing Edge – Enable remote users to participate in Web conferences with internal or remote workers
A/V Edge – Responsible for secure relay of A/V media among internal, external, and federated contacts
XMPP Gateway – Allows IM/P with XMPP federated contacts
Reverse Proxy
Simple URL Publishing – Required for users to join Lync meetings
Web Conferencing Content – Users download meeting content (PowerPoint, Whiteboard, and Poll data) via Lync Web Services when in meeting
Address Book & Distribution List Expansion – Required for users to download Lync Address Book and perform DL expansion
User Certificates – Provides client certificate authentication via Lync Web Services
Device Updates – Provides software updates to Lync IP endpoints
Mobility – Provides connectivity for mobile clients via Lync Web Services
Mediation Server
Translates signaling and media between Lync Server and PSTN, IP-PBX, or SIP Trunk
Can be co-located on Front End or separated as stand-alone Server dependent on call volume
Role facilitates dial-in conferencing
Capacity
Co-located = 150 Concurrent Calls
Standalone = 1100 Concurrent Calls
Persistent Chat
Enable users to participate in multiparty, topic-based conversations that persist over time
Pchat Front End server role runs persistent chat service
Pchat Back End server stores chat content and compliance events
Geographic DR is provided via stretched pool and SQL log shipping to replicate DB info
150k provisioned users / 80k concurrent users
Archiving
Uses SQL Server 2008 R2 or SQL Server 2012 for DB
Capable of archiving the following:
Peer-to-peer IM
Multiparty IM
Web Conferences, including uploaded content and events
A/V for peer-to-peer IM and web conferences
Web conferencing annotations and polls
Monitoring
Agent that runs on each Front End Server that collects and manages information from the Front End and Mediation Servers
Stored on SQL Server DB
Leverages SQL Server Reporting Services for creation of reports related to call quality and metrics
Office Web Apps Server
External server leveraged for rendering PowerPoint slides within the Lync client and Lync Web App
Typically leveraged within SharePoint deployments to deliver browser-based versions of Microsoft Office applications
System Center Ops Mgr
Health configuration in Lync Server 2013 is built around System Center Operations Manager and the use of Lync Server Management Packs. These Management Packs include a number of new features and enhancements, including:
Feature
Description
Synthetic Transactions
Windows PowerShell cmdlets that can be run from various locations to ensure that end user scenarios such as sign-in, presence, IM, and conferencing are readily available to end users.
Call Reliability Alerts
Database queries for Call Detail Records (CDR). These records are written by Front End Servers to reflect whether end users were able to connect to a call or why a call was terminated. These queries result in alerts that indicate when a wide range of end
users are experiencing connectivity issues for peer-to-peer calls or basic conferencing functionality.
Media Quality Alerts
Database queries that look at Quality of Experience (QoE) reports published by clients at the end of each call. These queries result in alerts that pinpoint scenarios where users are likely to be experiencing poor media quality during calls and conferences.
The data is built upon key metrics such as packet latency and loss, metrics that are known to directly contribute to call quality.
Component Health
Individual server components raise alerts by using event logs and performance counters. These alerts indicate failure conditions that can severely impact one or more end user scenarios. These alerts can also indicate a variety of other failure conditions,
including services not running, high failure rates, high message latency, or connectivity issues.
Dependency Health
Failures can occur for a variety of external reasons. The management packs now monitor and collect data for some of the critical external dependencies that might indicate severe issues, including IIS availability, CPU and memory usage of servers and processes,
and disk metrics.
Exchange UM
http://www.contactcenterarchitects.com/lync-2013-server-roles-components/Hi,
Thank you for sharing the information. It is useful for others who not understand Lync Server Roles and Components. You time and effort are appreciated.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Office web Apps server Lync 2013 Certificate
Hi,
I'll be installing Office web app (OWA) server with Lync 2013 std edition. External users access is disabled but federation is enabled, mean OWA will be exposed to internet as wabweb.contoso.com, the interal host name of OWA server is owa.contoso.local
Does the certificate on the on OWA server need to have owa.contoso.local and certificate principle name and wabweb.contoso.com as SAN? or only owa.contoso.local is enough?It really depends on how you publish the server to the internet. You have some options. If you are publishing this via a reverse proxy, internally you would have a private cert with .local on it and the public name on the reverse proxy. If you are
punching a firewall hole/NAT directly to the server your best option is to use a public cert on that server directly.
That all said, personally I like to make both the internal and external farm URL the same, and use a public cert on the server (if no reverse proxy is in play). So I would actually enter the OWAS Farm as wabweb.contoso.com in topology builder, than
when creating the farm via PowerShell make that both the internal and external URL and get a certificate with a single name on it of wabweb.contoso.com.
Richard
Richard Brynteson, Lync MVP | http://masteringlync.com | http://lyncvalidator.com -
Lync 2013 Enterprise load balancing on the front end and edge pool
Hi,
I am setting up a Lync 2013 Enterprise deployment consisting of a Front End pool (x2 FE servers) and an Edge pool (x2 Edge servers). I'm seeing some conflicting advice regarding load balancing using hardware or DNS for the front end and the edge.
On the front end I have 2 internal DNS records 'lyncfepool1.contoso.local' each of which map to one of the IPs of the FE servers. I've used my details to populate the Detailed Design Planner excel spreadsheet and am told that I require a HLB to load
balance my front end pool. I'm aware of the need to load balance HTTPS traffic internally (which will be done by TMG) however other traffic to the front end (SIP, etc) can be balanced by DNS only, and not require a HLB?
Can someone clarify the front end requirement?
Also - looking now at the edge pool - this site again have two edge servers in a pool. We are using a total of six private IP addresses, two per edge service (2 x av.contoso.com, 2 x sip.contoso.com and 2 x webcon.contoso.com). These will be
NAT'ed by the external firewall and directed to the respective external (DMZ) IP addresses on the Edge servers on port 443. I know this isn't true roundrobin due to the intelligence of the Lync client when connecting (in that the Lync client will connect
to one of the public IPs and if it can't connect, it will know to connect to the other service IP), however I want to clarify this set up, particularly the need to direct the external public IP traffic at the DMZ Edge IP specified in the topology builder.
I've attached a basic diagram of the external/DMZ/Edge side which hopefully helps with this question
Persevere, Persevere, Per..That is because you will always need HLB for a front-end server since it hosts the Lync webservices which use HTTP/HTTPS traffic.
The description on the calculation tool also describes this correctly:
Supports Standard and Enterprise pools (up to 12 nodes), with pure device-based load balancing or a combination of DNS load balancing and device-based load balancing (for
Lync web services)
You can use either Hardware or DNS loadbalancing for SIP traffic only, but you will always need a HLB for the webservices. Both are applicable for the Front-End so you have either
full HLB for both SIP and HTTP(S) traffic
DNS LB for SIP traffic and HLB for HTTP(S) traffic
Hope this is more clear :-)
Lync Server MVP | MCITP Lync Server 2010 | If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.
Maybe you are looking for
-
Can Adobe Media Encoder CC batch watermark & convert AVCHD
Im a videographer and i own a Youtube channel where i upload videos from dance competions. Some of thes comeptitions can have anything upto 80+ 1v1 "dance off" type competitions. I film using a NEX - VG30 which films in AVCHD. What i need is a progra
-
How to save plain text attachments
I often get email with plain text attachments (e.g., source code). Mail tries to be smart and displays the attachments in the body of the mail. But I wold like to save them as usual. I can't even control-click on them Does anyone have an idea what I
-
Internet signal booster? Is there one available?
Hi, I had to relocate my router to a different location to ensure a strong wireless Internet signal for the desktop computers. However, when I go outside, my signal is too weak for my macbook to connect. Can anyone recommend a signal booster I can ge
-
Number of elements in an array
Hi, I have been trying looking for a simple function to get number of elements is an array. Have gone though older posts but could not find answer to it. The function should work for following examples: char* name = "nInstruments" float state[] = {1.
-
Hi, We are using EP6.0 on WebAS 6.40 (on Solaris). Due to some security reasons, we do not want to expose our portal server to web. Instead we want to have one seperate web server (Apache web server) to sit in front of the portal server. This web ser