Category Archives: Lync

Skype for Business Client Testing in Lync 2013 on PremiseEnvironment

Microsoft has released Skype for Business Client.  Lync 2013 client will become Skype for Business after April 14, 2015 as part of regular Office monthly updates if performed by the organizations.

This Skype for business client will be working on  Lync 2010 & 2013 on premise registrars servers and Lync Online . But specific server builds are required on Lync Server 2013 and Lync Server 2010 onpremise in order to set client policies

Below are the prerequisites for Lync 2010 & 2013 OnPremise Servers

Minimum server Build for Lync 2013 – Deploy server build 5.0.8308.857 (December, 2014) or later.

Minimum server Build for Lync 2010 – Deploy server build 4.0.7577.710 (February, 2015) or later.

If you have the above build version on your Lync 2013 server you can go ahead and start testing .

But before setting this policy to all the users it is better that if we test this new client in few of the users and then we can deploy them to rest of the users.

Inorder to to that follow the below steps

First run Get-CsClientPolicy to check how many policies you have .



If we have any test client policy already you can try with the policy. In most of the cases we might be having only default global policy. It is better not to  play around with this since it will affect all the users if at all there is any issues.

So its better to create a new Client Policy to test this client on the few user accounts.

Run the below command to create a test client policy

New-CsClientPolicy -Identity SkypeforBusiness -EnableSkypeUI $True



Run the below command to grant the client policy to the  users for testing this client functionality.


Grant-CsClientPolicy  -Identity username -PolicyName SkypeForBusiness




Once the above is done you can download the Skype for Business client for the test users and start testing the client functionality.


Sathish Veerapandian

MVP – Exchange Server

Change your logo on the Lync Web App meeting join page in Lync 2013

In this article we will have a look at changing the default  lync logo in the meeting page.

You can change your Lync  logo 2013 on  lync webapp meeting join page in Lync

In-order to do that please perform the following things

Navigate to the below location

C:\program files\Microsoft Lync Server 2013\Web Components\LWA\Ext\Images\LyncWebApp_logo.png

Change the highlighted below logo to your company logo or the logo wish you keep




The above one is for external meeting page. If you want to change the meeting page for internal as well you need to navigate to the below location.

C:\program files\Microsoft Lync Server 2013\Web Components\LWA\INT\Images\LyncWebApp_logo.png




There will be another logo below the logo LyncWebApp_logo.png which is LyncWebApplogo.png .This file is  for backup for the original file. So better not to delete them for future use.

The customized  image will get overwritten while upgrading roll-ups or service packs. So its better to change this logo to customized from default during every upgrades.


Sathish Veerapandian

MVP – Exchange Server

Steps to add additional SIP domains in already existing Lync 2013 deployment

In this article we will have a look at the steps to add additional SIP domain in the already existing Lync 2013 deployment.

In short we need to perform the following tasks to add a new SIP domain

1) Add the new SIP domain  in the existing Lync topology.

2) Publish the Topology and install the wizard on all the front end and edge servers.

3) Update your internal certificate with the new SIP domain entry through CA and then assign the new internal CA to the FE servers

4) Create the certificate for the new SIP domain and then install them on the edge servers and on the reverse proxy server .


Steps to add new SIP domain 


1) First we need to add the new SIP domain to our topology

Inorder to do that we need to perform the following task

Open the Lync Server Topology Builder

Select download the topology from the existing deployment since we are going to modify the existing topology only




Once the topology builder is open – Right click on the topology and click edit properties




Click on add new domain and add the new sub domain.



Once done click on publish topology




Once it’s done click on the setup and rerun the setup



Note : 

We have to rerun the above setup on all the FE servers and the edge servers.


Now we need to create the DNS records

The DNS records must be created in the following order



Port Service Protocol Type Entry Server Request Type
CNAME Add it to your public DNS entry New
A Point it to your FE server pool
A Point it to your FE server pool
5061 _sipfederationtls SRV Should be created on your public DNS
443 _sip Should be created on your public DNS



This above creation is only for IM and presence. For dial-in ,Audio/Video respective entries should be created in the DNS.

Now we need to create the certificate for the new SIP domain.

Updating your internal Certificate  with the new SIP domain  through CA and then assign the new internal CA to the FE servers is a normal process so im not explaining that part in this article. But make sure that you run the certificate wizard in the FE server and assign the new updated internal certificate.

For external certificate we can create the certificate through digicert,go daddy etc depending upon with whom you have  bought the public certificates.

In this scenario lets take an example of creating certificate from the digicert.

Download the digicert utility tool for windows.

Create your private key and CSR by using this utility and request certificate from digicert.

Open digicert and click on create CSR.




Type in common name and select SSL certificate since we require SSL certificate.

Add all the required SAN’s should be added as shown below.

Choose the provider type






Now after click on create we will get the private CSR key generated for the new SIP domain as below




Now send this private CSR to digicert for the certificate . Once they issue for this new domain just download this certificate and install them on the edge servers and your reverse proxy servers.

Inorder to do that please log into and log in to your account and click on request certificate.




Now choose the new SSL certificate type and paste the private CSR request we generated.



Now type the common name you wish to call the certificate . In our case we need to choose the server platform Lync server 2013 since we need to import this certificate on our edge server.





After this go to my certificates and download the certificates.Once they issue for this new domain just download this certificate and install them on the edge servers and your reverse proxy servers.

Now import this certificate on the edge servers by using Lync Server Deployment wizard.

Later request this same certificate for your reverse proxy server (F5,Kemp or TMG) on your certificate request and then install them on reverse proxy server for the mobile connectivity.

Now we have successfully added the new domain in our Lync Environment.

Sathish Veerapandian

MVP- Exchange Server

Configuring federation , external access and limitations in Lync 2013

Configuring external access in lync 2013 is one of the challenging part for the administrators.

In this article we will see the options to configure external access and few limitations that we have on them.

In order to perform that open Lync Server Control Panel  and click on federation and external access as shown below.




Choose the type of external access policy that you would like to have configured


Note : By default there will be global policy and its not enabled until we enable them.This policy is created while you deploy edge servers.

In the access edge configuration we have the below settings as shown




Public IM – for Outlook,Hotmail and public messenger that are supported refer more on technet for this part.

Enable Anonymous – For users joining the meeting by providing the link

The below option SIP Federated Providers that are hosted providers running Microsoft Office 365, Microsoft Lync Online and Microsoft Lync Online 2010




We have an option to specify allowed domain as well as blocked domain.



Below option is for SIP federated providers.



Below is the option for the SIP federated providers



Below is the option for specifying XMPP federated partners



Can we control this federation access services to few users and give full access to rest of the users ?

Lets take an example where a company wants to federate with us but we don’t want them to have A/V access to all of their users but need to enable full federation services IM,Presence,A/V only for few users.

Can we achieve this with the policy ?

The answer is no . Because the policies are not defined that granular.We can block outside AV access altogether through firewall or stopping the A/V edge service but making this change will stop a real user from our organization from using A/V when connected remotely.

So the final conclusion is that the current policies cannot be configured as of now to control federation in few services A/V for few users and to allow for rest of the users but still this can be achieved with some third party products.


Sathish Veerapandian

MVP – Exchange Server

Quick Bites – Lync Mediation Server concurrent voice call handling capacity

What would be the maximum number of concurrent Voice calls that  can handle  take from a single mediation server?

1) Standalone mediation server.

2) Collocated with FE server.

It depends on the number of servers configured  in the pool

The Number of Video conferencing, voice calls that can be hosted on the number of servers depends on what other conferences like IM, desktop sharing is used in the organization as well.

Here is the calculation for video conferencing to be hosted on Front End Server.

This from the TechNet article – Scenario-Based Capacity Planning-


Can we use DNS Load Balancing for Mediation Server collocated with existing FE servers?

You must deploy DNS load balancing to support Mediation Server pools that have multiple Mediation Servers.

For details, see the Using DNS Load Balancing on Mediation Server Pools section of DNS Load Balancing in the Planning documentation.


Mediation servers should use only DNS load balancing according to Microsoft recommendation:

If you want to deploy multiple Mediation Servers in the pool in order to provide high availability, then select multiple computers pool option.


Sathish Veerapandian

MVP – Exchange Server 

Configure site resiliency for Lync 2013

In Lync 2010 the site resiliency was given by stretching one FE pool across 2 sites, however this setup was much complicated during disasters and hence it is not supported and was discontinued from Lync 2013.

In Lync 2013 there is a new concept called pool pairing by which we can have datacenter resiliency by creating a second Enterprise pool and fail-over to that pool in an event of primary datacenter failure. So basically you will need to create two enterprise FE pool in your topology, one pool in primary site & second pool in DR site.

Below are the steps to configure pool pairing in Lync 2013

1. In Topology Builder, right-click one the pool you wish to configure site resiliency, and then click Edit Properties.

2. Click Resiliency in the left pane, and then select Associated Backup Pool in the right pane.

3. In the box below Associated Backup Pool, select the pool that you want to pair with this pool. Only the pools that are not paired with another pool will be available to select from.

4. Select Automatic fail-over and fail-back for Voice, and then click OK.
When you view the details about this pool, the associated pool now appears in the right pane under Resiliency.

5. Use Topology Builder to publish the topology.

6. Run Enable-CsTopology.

7. If the two pools were not yet deployed, deploy them now and the configuration will be completed without any issues.

However, if the pools were already deployed before you defined the paired relationship in the topology builder then you must complete the following two final steps.

8. On every Front End Server in both pools, run the following:

\Program Files\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe
This configures other services required for backup pairing to work correctly.

9. From a Lync Server Management Shell command prompt, run the following to restart the lync backup services

Stop-CsWindowsService -name LyncBackup
Start-CsWindowsService -name LyncBackup

10. Force the user and conference data of both pools to be synchronized with each other, with the following cmdlets:

Invoke-CsBackupServiceSync -PoolFqdn
Invoke-CsBackupServiceSync -PoolFqdn

Synchronizing the data may take some time. You can use the following cmdlets to check the status. Make sure that the status in both directions is in steady state.

Get-CsBackupServiceStatus -PoolFqdn
Get-CsBackupServiceStatus -PoolFqdn

SQL Lync Back End server resiliency setup

Since the CMS is located on the sql server planning for SQL server resiliency is also very much mandatory otherwise we wouldn’t be able to get a full fledged site resiliency in a enterprise edition setup.

How ever in the standard edition this is not applicable and if the number of users are less than 3000 you can have 2 standard edition each one of them on different sites.This will allow Lync site resiliency with less roles required and much cost effective  because no SQL servers are required here . Lync Front End standard edition is using SQL express installed locally.

Imp Note:

You should use the same Back End high availability solution (either  SQL Mirrioring or SQL Clustering) in both pools.i.e, You should not pair a pool using SQL mirroring with a pool using SQL clustering.

Below are the Reasons to use the same type of SQL high availability solution : 

SQL clustering requires a shared storage solution, but SQL mirroring does not require shared storage solution.
SQL mirroring requires SQL witness role (in addition to principal and mirror SQL servers) for the failover of the Back End Server to be automatic. Otherwise, an administrator must manually invoke failover.


More references : 

SQL clustering does not require any additional SQL servers to be able to fail over automatically-

Back End Server High Availability –

Lync 2013 high availability & disaster recovery –

Branch-Site Resiliency Requirements –

Lync Server 2010 Metropolitan Site Resiliency –


Sathish Veerapandian

MVP – Exchange Server 

Technology Evangelist

Steps to completely uninstall/remove an already existing lync 2010/2013 deployment

At times we might run into a situation where we would need to remove all the server roles , remove the features and front end roles in our lync environment  like a disaster recovery scenario, a lync server upgrade.

In this article we will have a look at the steps to decommission the lync servers in a existing deployment.

Based on my experience, i have gathered few steps which would be useful to troubleshoot in these kinds of scenarios.

1) Disable all users that are enabled for Lync Server and conferencing directories.

Probably you can run the below commands

Get-CSuser | Disable-CSuser

Get-CsConferenceDirectory | Remove-CsConferenceDirectory

2)  Remove Exchange Unified Messaging (UM) Contact Objects

Get-CsExUmContact -Filter {RegistrarPool -eq “LyncServerPoolFqdn”} | Remove-CsExUmContact

3) Remove Response Group Service Workflow Contact Objects

Get-CsRgsWorkflow -Identity:Service:ApplicationServer:LyncServerPoolFqdn | Remove-CsRgsWorkflow

4) Remove Dial-in Conferencing Access Number Contact Objects

Get-CsDialInConferencingAccessNumber | where {$_.Pool -eq “LyncServerPoolFqdn”} | Remove- CsDialInConferencingAccessNumber

5) Reassign the PSTN Gateway

Set-CsPstnGateway -Identity “PstnGateway:Xds Identity of PSTN Gateway” -MediationServer:”MediationServer: Name of Mediation Server Identity”

6) Confirm that a Front End Pool or Front End Server is Vacant

Get-CsVoiceRoute | select Identity,PstnGatewayList

7) Delete all the server roles in the topology, and then publish the final, empty topology.

Log on to the computer where Topology Builder is installed.
Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder.
In the Actions pane, click Remove Deployment.
Read the information regarding Remove Deployment
Click Next, and then click Finish.

Once the above is done you can open topology builder and publish the empty topology by choosing the option Download Topology from existing deployment.

8) Uninstall all Lync related SQL database.

Uninstall-CsDatabase -DatabaseType User -SqlServerFqdn[-SqlInstanceName <instance name>]

9) Run “Remove-CsConfigurationStoreLocation” to remove the Central Management store service control point (SCP) for the existing Central Management store in Active Directory Domain Services (AD DS).

Remove the Central Management Store Service Control Point in Active Directory Domain Services (Optional)

10) Unprep the domain.


Disable-CsAdDomain -Domain -GlobalSettingsDomainController -Force

11) Unprep the forest.


Disable-CsAdForest -Force -GroupDomain

After doing the above, you should be able to start a new deployment.


Sathish Veerapandian

MVP – Exchange Server 

Lync 2010/2013 Trusted Application Pool, communication paths and firewalls ?

Integrating the Lync 2010/2013 server with a trusted application is one of the major task that an admin needs to do for integrating with 3rd party device.

In this article lets have a look at few things that we need to consider  to accomplish this task.

In-order to establish a signaling gateway between the Lync servers and these 3rd party medias we need to create a trusted application pool for them which will be acting as a gateway for to and fro communications.

This Trusted application pool must be created and defined in the Lync topology to represent the 3rd party application
New-CsTrustedApplication -ApplicationID VideoRouting -TrustedApplicationPoolFqdn -Port 5061

Next step is we need to define the end points for this Trusted application pool by creating Static Routes

Static route can be created for a SIP URI and then point that route to trusted application pool as next hop.
This static route can have a seperate SIP name space which points to the SIP URI used by the organization.

$route = New-CsStaticRoute -TLSRoute -Destination “” -Port 5061 -MatchUri “” -UseDefaultCertificate $True
Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$route}

Lync operates Exactly similar to Exchange’s Internal Relay method for an accepted domain with respect to a shared SIP domain. It first attempts to resolve a URI internally, and only if no match is found does it route the call to the third-party system.

Note :

The DMA certificate only needs to be installed on the DMA, there is no need to have it saved on the Lync servers

Codec Support :

The signaling between the Lync and third party device happens always via SIP but still the final end point hosts must have a IP connectivity and a type of codec to send the media stream between each others.

This integration is very basic and the type of integration between both the video end points should be only H.263 considering the facts that third party end points did not support Microsoft’s RTVideo codec at any point of time.
Namespace Considerations:

Though from Lync 2013 it is possible to have the same SIP name space but still its is better to have 2 separate name spaces to differentiate only for IM enabled users and Video end points

Gateways ( DMA – Distributed Media Applications)

Any signaling gateway product used to achieve this type of integration with Lync server is called the Distributed Media Application (DMA). This DMA’s can be a 3rd party Audio/Video communications server that integrates with lync servers.

An organization can have multiple DMA’s for redundancy even in different geographical locations with different static routes.

Port Requirements:

Recommendation is to use a unique port which is free within a pool ,  so that application can use it. If you have mutiple trusted application pool , you may need to add different port numbers. As it is not a standard application built inside Lync , there is no specific port reserved for it.

For reference :


Sathish Veerapandian

MVP – Exchange Server 

Quick Bites – How to track Lync end users Audio/Video usage

How to track Lync end users Audio/Video usage daily,weekly or monthly ?

We can use the Lync Monitoring reports collected on Monitoring server to track the usage on Lync. We have different reporting options available in Lync monitoring reports which are Call Detail report(CDR) , Media quality diagnostics report and system usage report.

Below are the information about these reports

Call Detail report(CDR)

The Call Detail Report provides a detailed summary of an individual call which has quality of the call and the below information.

Call Information
Caller Device and Signal Metrics
Callee Device and Signal metrics
Caller Client Event
Callee Client Event
Audio Stream (Caller to Callee)
Video Stream (Caller to Callee)
Audio Stream (Callee to Caller)
Video Stream (Callee to Caller)

Media Quality Diagnostic Report

Used to diagnose and troubleshoot information for failed calls and has the below information.

UC Peer to Peer Calls (such as a Microsoft Lync 2013 to Microsoft Lync 2013 call)
UC Conference Sessions
PSTN Conference Sessions
PSTN Calls: Media Bypass
PSTN Calls (Non-Bypass): UC Leg
PSTN Calls (Non-Bypass): Gateway Leg
Other Call Types

System usage reports

System Usage Reports provide system usage information an overview of user logon activity, most notably information about the number of users who logged on to Microsoft Lync Server 2013 during a specified time period (hourly, daily, weekly, monthly).

In addition to system usage reports we can use the user activity report which has the detailed report of users connected in peer to peer, conferencing sessions on a given time frame that we choose.Also if you would like to drill down and see that users who have participated in a conference call we can expand the conference information which has the users joined in the conference and the role they had in the conference.

To capture, analyze, and diagnose poor quality audio, do the following:

  1. Enable Lync client logging.
  2. After the call is complete, open the client log using Lync Server 2010 Resource Kit Tool: Snooper.
  3. Copy the call quality data into a XML file.
  4. Parse that XML data with a free tool called XML Notepad.
  5. Trend on that data in Excel if needed.

Here are the tools you’ll need to do the job:

Below are the list of logs that can be collected for troubleshooting purposes of any audio/video calls and Call park issues 

SipStack , Inbound routing , Outbound routing logs on the FE server
S4 , Mediation logs on the Mediation server
Client logs from both the clients involved during establishing a Audio/Video Call.

Below articles references gives the information of how to use monitoring reports : –  – Deploying monitoring in Lync Server 2013  – Installing Lync monitoring reports  – Different type of monitoring reports  – User Activity Report – Troubleshoot call Quality with Snooper

Sathish Veerapandian

MVP – Exchange Server

Configure new UM Dial Plan and UM IP Gateway in Exchange 2013

UM server is the one  that provides Voice Mail, Outlook Voice Access and other Exchange voice features. Integrating the UM functionality along with the existing telephony system or lync is one of the challenging role that admin would face. Planning should be done properly according to the enterprise voice plan which is used in the organization.

As we know from Exchange 2013 there is no separate role for UM. Their services are running in CAS server and Mailbox server and below are the list of services that are handling  UM processes.

Microsoft Exchange Unified Messaging Call Router service

Routes the incoming SIP traffic from Lync server or any other IP-PBX or SBC which sends only SIP traffic. This traffic can come from a VoIP gateway, Session Border Controller (SBC), PBX or IP PBX. . Any media traffic sent to the Client Access servers would be redirected to a Mailbox server since the Client access servers are not capable of handling RTP and SRTP media traffics.

Microsoft Exchange Unified Messaging service

These servers will handle the initiating Session Initiation Protocol (SIP) traffic from the Lync server for voicemails are left over the Unified Messaging service. It accepts the connection either in port 5061  or 5060 (depends on your config secure or unsecure) and then redirects to Worker process in port 5065 or 5066 . This service does not do any media conversion.

Microsoft Exchange Unified Messaging Worker Process

Worker process receives the SIP requests only on port 5065 or 5066. Which means the actual media conversion takes place in this port. It does the following below thing

1) Does Registration of the process with Unified Communications Managed API 4.0 and converts all the required information for media processing for SRTP and RTP protocols.

2) Does the Initialization of Simple Mail Transfer Protocol (SMTP) message Submission and submits the voice message to the user’s mailbox who has UM enabled.

In this article we will have a look at the steps to configure UM and steps to integrating with Lync or existing telephone system in Exchange 2013.


Open EAC  Click on Unified Messaging and select UM dial plans as shown below





Give it a name and provide the extension length that the users need for the subscriber access number to be used by Enterprise Voice users.

Select the Dial Plan type according to your Lync / IP-PBX or SBC settings you have.





Select the VoIP Security mode according to your enterprise voice plan settings that you have.




Select the  appropriate country region and click save




Once finish click save and select configure the dial codes

Specify the codes according to your requirement.




Configure Outlook Voice Access as per requirement




Select settings and configure the options about searching the names when users are directed to the voice mailbox .




Configure the transfer and search options




Configure the transfer and search option according to the requirement and click save we are done.

Now we need to create a New UM IP gateway.

Things to consider before we create a new UM IP gateway

Run ExchUcUtil.ps1 and OcsUmUtil.exe only if you do not have any IP-PBX or SBC and if your are going to  integrate your UM functionality with Lync or OCS pool. If you have multiple dial plans associated with different enterprise voice plan then you need to plan accordingly.

If you plan to integrate with  Lync pool then run ExchUcUtil.ps1 on all Exchange Mailbox servers

Note : The ExchUcUtil.ps1 script creates one or more UM IP gateways for Lync integration. You must disable outgoing calls on all UM IP gateways except one gateway that the script created. This includes disabling outgoing calls on UM IP gateways that were created before you ran the script

Run OcsUmUtil.exe script on the Lync server

OcsUmUtil.exe Creates contact objects for each auto-attendant and subscriber access number to be used by Enterprise Voice users.

Verifies that the name of each Enterprise Voice dial plan matches its corresponding unified messaging (UM) dial plan phone context. This matching is necessary only if the UM dial plan is running on a version of Exchange earlier than Exchange 2010 Service Pack 1 (SP1).

If you are going to integrate UM with any IP-PBX or SBC directly then you can skip the above step.

Now we need to create a new UM IP gateway.

Open EAC click Unified Messaging and select New UM IP gateways





Give a name for the IP gateway

In the address tab give the FQDN or the IP address of the SBC or the IP-PBX that you have

Note: When you specify the FQDN on the IP-PBX or SBC then you need to create a Host A record for the same on DNS and map it to its IP.

Now select the associated dial plan that you need



Now enable the option the allow outgoing calls and allow message waiting indicator. Also set forwarding address if you wish to set forwarding address.


Click on save and we are done configuring UM dial plan and UM IP gateway  in Exchange 2013.

Note: Unified Messaging requires enterprise CAL licensing.

There is no mandatory requirement for Public UM certificate.UM cert can be internal as you do not need to publish this service to the outside world, since you’ll connect via Lync to it and therefore the communicationss are all internal in that respect.

References :


Sathish Veerapandian

%d bloggers like this: