Saturday, May 14, 2011

Enterprise Voice – Lync 2010 (one of many to come)

Now that I have my simple lab deployment wrapped up, including SIP Trunk from Broadvox connected via Mediant 800 MSBG (the new Audiocodes series gateways with SBC), it is time to make the best of the fact I have a single DID but several users EV enabled. My MP-124 is connected to the home POTS.

My goal is:
  1. I want my users to dial each other with 4 digit extension only.
  2. All users to receive inbound and make outbound calls to PSTN.
  3. I want to present the “Company number” as Caller ID to the dialed party
The 4 digit extension task could be handled at least two different ways. It depends of what we have to work with:
  1. Have I had DID for each user; I would assign individual number to each one. Because they (DID’s) typically come in blocks, for example, from NPANXX5000 to NPANXX5099 ,I would have a normalization rule for “If the number is exactly 4 digit long, prepend +1NPANXX”. The final result will be +1NPANXXdddd i.e. E.164 and the call will be routed to the user with this LineURI.
  2. The second scenario is what I will attempt to achieve here. My users will have LineURI in format +1NPANXXdddd;ext=dddd and the normalization rile will be ““If the number is exactly 4 digit long, prepend +1NPANXXddd;ext=”.
I just created three users; all in Organizational Unit named “UserAccounts”,

…and will enable them for Lync at once by executing: “Get-CsAdUser -OU "ou=UserAccounts,dc=lynclog,dc=com" | Enable-CsUser -RegistrarPool "" -SipAddressType SamAccountName  -SipDomain” in Lync Management Shell.

***Note that here I am using “Get-CsAdUser” cmdlet because the tree users are not Lync enabled yet.

Next, I will enable all three for Enterprise Voice at once: “Get-CsUser -OU "ou=UserAccounts,dc=lynclog,dc=com" | Set-CsUser -EnterpriseVoiceEnabled $True”

Now my three users are EV enabled

…but the LineURI parameter is not yet set, which mean the user CAN make an outbound calls, but CANNOT receive calls from PSTN.

I will set LineURI for my two of the users via Powershell: Set-CsUser -Identity "LYNCLOG\tu1" -LineURI “TEL:+14785554000;ext=5001” and Set-CsUser -Identity "LYNCLOG\tu2" -LineURI TEL:+14785554000;ext=5002”

…and the third via Control Panel.

There is something else I must do – populate the Telephone Number field in Active Directory user’s account. This is because the Address Book will use this field to present the phone number to other users in the company and (possibly) federated partners.

Lync does not utilize ABServer.exe as OCS did. However, I can still use it to check how (if at all) the number would be normalized. First, let’s dump the generic rules and see what is in it.

All right, the built-in rules are sufficient to normalize my format “+14785554000 X5001”. In any case, I want to make sure and so, I will force the Address Boor regeneration by executing Update-CsAddressBook –Force form Lync Management Shell and then use ABServer.exe tool to dump the content of the latest AB in text file where I can double check. In command prompt, I will navigate to “C:\Program Files\Microsoft Lync Server 2010\Server\Core” and execute ABServer -dumpFile C:\mcs\1-WebServices-1\ABFiles\00000000-0000-0000-0000-000000000000\00000000-0000-0000-0000-000000000000\F-0ec9.lsabs c:\out.txt

***Note that I am using the most resent AB file located in “C:\mcs\1-WebServices-1\ABFiles\00000000-0000-0000-0000-000000000000\00000000-0000-0000-0000-000000000000\” where mcs is my Lync share, and the output is text file on my C:\

Now I can see what was generated while ago.

Yup, the new users were added promptly. Let see them in Lync client.

Some might find this format little odd, but think about it – people from my company would know X5001 means Extension 5001, while Federated contacts would treat it as “PSTN number +1 (478) 555-4000, extension 5002”

***Now we are getting in the very complicated situation. Despite my extensive research, I cannot find any documentation about the fact we CANNOT use Pilot numbers (Subscriber Access and/or Auto Attendant) which are same as our “base” (as I call it) number. Shall we do that, an “Ambiguous number detected” error will be generated and the call will fail. We can overcome it these three ways:
  1. If we use POTS and FXO gateway, set forwarding rule on PSTN side, where call to the base number to be intercepted and forwarded to the AA number. This way PSTN caller will dial the base number shown, but the call will arrive on AA’s number directly.
  2. If we use POTS and FXO gateway, set incoming calls to the base number to be send to the AA number when leave gateway and hit Lync Mediation.
  3. If you use SIP Trunk, you could ask your provider to do the forwarding on their side
Frankly, if you plan to use one POTS line or SIP Trunk with one DID only in production, Lync is not for you (smile). If you are so cheap, how would you pay for the licenses to begin with?!?
I will now stop here and take my time to think how to proceed further with my setup.

Friday, May 13, 2011


Kevin, a.k.a the OCSGuy posted on his blog one very cool utility. When I saw it, my first thought was “This is awesome” and the second – “How come I did not come with this idea earlier…” Well, we have it now, thanks to his wiliness to share.

The GUI utility is based on Powershell script. By default, PS Execution policy is set to “Restricted” i.e., no scripts can be run. To see the current execution policy, run “Get-ExecutionPolicy”. To allow the script to be executed, run “Set-ExecutionPolicy unrestricted”. When you’re done, set back the Execution Policy to the recommended level – “Set-ExecutionPolicy restricted”.

Thanks again, Kev!

Monday, May 9, 2011

Location Information - Lync 2010

While LIS (Location Information Service) is designed mainly to support E911 (Enhanced 911 services), and I don’t have one, I will try to make the best of it in lab environment.

I will test by logging in from a PC on subnet and from my laptop, connected via Wireless Access Point on the same subnet.I will follow the directions form Technet found here:

First, I will set my Wired Subnet and populate the variables by executing:

Set-CsLisSubnet -Subnet -City “Southern City” -CompanyName “My Company” -Country US -Description “Wired LAN” -HouseNumber 100 -HouseNumberSuffix “” -Location “My Wired LAN” -PostalCode 99999 -PostDirectional “” -PreDirectional “” -State GA -StreetName “My Street” -StreetSuffix Str. -WhatIf

***Note the “WhatIf” parameter. With so much typing, errors are quite possible and I want to check if the cmdlet will be executed.

Looks good and I will run it without “WhatIf” switch.

Next, I will set my Wireless Access Point:

Set-CsLisWirelessAccessPoint -BSSID 00-23-04-6e-80-e0 -City “Southern City” -CompanyName “My Company” -Country US -Description “Wireless AP” -HouseNumber 100 -HouseNumberSuffix “” -Location “My Wireless AP” -PostalCode 99999 -PostDirectional “” -PreDirectional “” -State GA -StreetName “My Street” -StreetSuffix Str.

Because this is “just for fun” configuration, I will publish the LIS Configuration (publish-CsLisConfiguration)

After replication, I logged from both PC and laptop and... the test was successful.

Of course, this is quick touch on the subject. LIS has tons of features and reading and understanding how it works and possible implications is highly advisable.

Thursday, May 5, 2011

Publishing Simple URL – Lync 2010

I decided to spend some time today and publish my Lync lab deployment’s simple URL’s. Before proceed with the actual TMG configuration, there are some things I will take care first.

My simple URL’s and Web service are specified in the topology as shown:

Because the task is related to external access, I need to make sure internet users resolve those to my TMG’s Public IP address, assigned to the External Interface. I have already created A Records for “meet”, “dialin” and “webext”…

Next, I need to request and receive a SSL certificate for my TMG server. I personally use As with everything else, this has ups and downs. The good part – for $50 per year I get unlimited certificates, unlimited domains, unlimited SAN certificates – the whole nine yards. StartSSL is trusted by almost any web browser (I am yet to find one that does not work)… The bad – while included in the Trusted Root store of Windows Vista and Windows 7, it is not by default in Windows Server OS.

If you install any Update for Root Certificates dated 2010 and later, ( for example, StartCom will be included.

Another down side – the Root CA is not included in the Trusted Root of the mobile devices and so, unless you manually import it to your smart phone, Exchange Sync will fail.

When we create a certificate request via IIS or Lync, the mechanism is as follow – the utility generates private key (kept on the local computer) and CSR (Certificate Signing Request), which we then ask a Certificate Authority to sign with the their key. Once done, we “Process Pending Request” which actualy joins the Private Key and signed certificate in single entity. Because if this, if you use Lync server to generate CSR, later you MUST process the request on this same server and import it in the Personal Certificate Store. Then, export it with the private key (.pfx file), and import it in TMG’s Private store.

One thing I like with StartCom is that their wizard could process a CSR or we could generate private key there, get a certificate and finally create .pfx file all in one place. I will not explain the actual steps here because you might decide to approach the Certificate step different way…

Finally, my certificate is imported and good to go.

I used SAN certificate where my URL’s are in the SAN list. Just curious if will work…

My TMG is already installed and ready to go. First, I will create a listener to be used for my publishing rules.

Next, the publishing rules.


 Even thou the rule has been created, I will go over the settings one more time to make sure it is exactly as required for Lync 2010.

***Note here that we brigge the request that originaly will come on port 443 to port 4443. This is because we want requests from public internet to be served by webext web site.

…and lastly, test the rule.

 As described above, I created and tested two more rules - one for "meet" and one for "webext" (both bridged to port 4443 as well)

What left now is to test the functionality from a computer on public internet.

Dialin worked. No number is shown yet because I have not provisioned one as of this time.

For the next test, I started a meeting from home

...and fired up the meeting URL from a "public" computer i.e. my school PC and joined just fine.

What left now is to check tomorrow morning in my office if the Aastra phone updated the firmware and Lync client can download the Address Book.

So far - another good day for my lab Lync deployment.