Friday, July 20, 2012

Lync Server 2013 Enterprise Server Setup (Step-by-Step)


Now it's time for the for the fir Lync 2013 site. I'm following up with the Topology blog i released earlier.
I prepare the first Enterprise Server Lync 2013.
Just in the Test Lab, I don't have the Load Balance yet, so what I did was, I gave the only EE Server two IP addresses. The second one is for the POOLLEFT, this is a supported scenario if you only have single pool server in place.

First we need all the Pre-Requisites for the new EE Server in place, which I have listed here:

PowerShell 3.0
PowerShell 3.0 is not a standalone product, it's part of the Windows Framework 3.0
http://www.microsoft.com/en-us/download/details.aspx?id=34595


.Net Framework 4.5
http://www.microsoft.com/en-us/download/details.aspx?id=30653

Windows Identity Foundation

http://www.microsoft.com/en-us/download/details.aspx?id=17331

IIS
Windows Desktop Experience
SilverLight 4

Visual C++ 11 x64
Active Directory Management tools


IIS:
  • Static Content
  • Default Document
  • HTTP Errors
  • ASP.NET
  • .NET Extensibility
  • Internet Server API (ISAPI) Extensions
  • ISAPI Filters
  • HTTP Logging
  • Logging Tools
  • Tracing
  • Windows Authentication
  • Request Filtering
  • Static Content Compression
  • Dynamic Content Compression
  • IIS Management Console
  • IIS Management Scripts and Tools
  • Anonymous Authentication (This is installed by default when IIS is installed.)
  • Client Certificate Mapping Authentication

Note:
Dynamic Content Compression - was not in the documentation right now, be aware

Open PowerShell 3.0 and run the following command for IIS Setup:

Windows Server 2008 R2:

Import-Module ServerManager

Add-WindowsFeature Web-Dyn-Compression,desktop-experience,RSAT-ADDS,Web-Server,Web-Scripting-Tools,Web-Windows-Auth,Web-Asp-Net,Web-Log-Libraries,Web-Http-Tracing,Web-Stat-Compression,Web-Default-Doc,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Http-Errors,Web-Http-Logging,Web-Net-Ext,Web-Client-Auth, Web-Filtering,Web-Mgmt-Console,Msmq-Server,Msmq-Directory


This next step is for copy and past in W2k12:

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Telnet-Client, BITS, Windows-Identity-Foundation -Source D:\sources\sxs




First the Screenshot for the Pre-Requisites:
.NET Framework 4.5 RC:

SilverLight 4.0:

Desktop Experience:

PowerShell script for IIS features:


If you start Setup.exe, it first installs the C++ Runtime:



Than it's time for the WMF 3.0 RC (PowerShell 3.0):

The Desktop Experience (you can do this via PowerShell too):


It will add the .Net FW 3.5.1 (so you remember that you can have multiple version of .NFW at the same time):


Install the Windows Identity Foundation (WIF):


---------------


Now we can finally start with the Lync Active Directory Preparation.
Therefore the First Step is to install the Administrative Tools, which you will find on the right site of the Installation Wizard:

Than as usual, we need to upgrade the Schema for Lync 2013 Preview. Since we are experienced, we want to do so via PowerShell:

Follow this command: Enable-CsAdServerSchema

After the Active Directory replicated the Schema changes, we have to verify if the Schema is successful implemented.

Follow this command: Get-CsAdServerSchema

Next step is the Forest Prep:

Follow this command: Enable-CsAdForest -GoupDomain LYNC15.DIR

Verify if the is action was successful too.
Follow this command: Get-CsAdServerSchema

Next step is the Forest Prep:
Follow this command: Enable-CsAdDomain -GoupDomain LYNC15.DIR

Verify if the is action was successful too.
Follow this command: Get-CsAdDomain


We have to define our Topology for Lync 2013 as the next action.

Start the Topology Builder and crete a NEW TOPOLOGY. Save the config file at a proper location and start Topology definition.

As I blogged before, have a look here on how to do this step-by-step.

http://lyncuc.blogspot.com/2012/07/lync-2013-topology-builder.html

SQL Server Mirroring is on of the option i have chose for this Lab, so as an additional Pre-Requisite, we need to prepare the Share before we are able to publish the Topology.

The next screenshots will take you through the configuration for the SQL Share Folder:
The requirements for the Share a simple.
Make sure you have really access to the Share, since the NTFS permission weight is higher than the share, you can still use "Everyone", else if you are in a secure environment, follow with the Share permission the same setup as I did for the NTFS permission.

NTFS Permission:
SQL01 (Primary):
you need read & write permission
SQL02 (Mirror): you need read
SQL Server Service Account: you need read & write permission
(The Service Account is not described yet in the Deployment Guides)


 

 




After the Topology is defined, you need to start preparing the SQL Server hosting the Central Management Store (CMS).
We do this also manually for Database initialization.
Follow the command: Install-CsDatabase -CentralManagementDatabase -SqlServerFqdn LYNC15SQL01.LYNC15.DIR

In SQL Server Management Studio, you will find the two databases:

LIS (Local Information Server)
XDS (Configuration Database)

After the Database is existing, you need to publish the Topology.

To do so, right click the root of the Topology Tree and click Publish Topology.

The Wizard will guide you through the entire process, so the topology will be written into the XDS Database.

(If you dont like PowerShell, you are able to run through the Database installation with the Wizard too, but remember if you have not install the Databases in a Default Path, or change the DP in SQL Server, you better do so with PowerShell, here are are able to specify every parameter including the Database and Log location)

Only if you have configured the SQL Server Backup Share proper, the Wizard will do nearly everything for you ;)
If you did not configure the Share Permission correctly, there is still a bug in the Lync 2013 Preview. The Wizard will run though perfectly with out giving you any error and information about the not proper configured SQL Server Mirroring. If you encounter this problem, correct your permission and follow exactly the other blog entry of mine: http://lyncuc.blogspot.com/2012/07/database-mirroring-step-by-step-lync.html
You have to define the Sahre Location in the Wizard.
Make sure you have "\\" this in front of the Server Name. Btw, the FQDN is not necessary here.

Still in Lync 2013 the same as before, the CMS will be hosted on a Enterprise Pool, since i only have the POOLLEFT, i will surely install it here:

It will take some time and you can have everything ready in around 15min.


Beautiful, it is successful.


Just having a look into the LyncShare:
Well there are some more folder compared with LYnc 2010. This is regarding the additional Services and Feature included in Lync 2013.
I will explain you all this folders functions and purposes later.




---------------------------------------------------------------------------------------------------------
The first step's for deploying Lync 2013 are done and we have now the focus on the Server Deployment itself.
Just that Lync Server 2013 will install much more Components than Lync 2010 did, if understandable due to consolidated and added features.
So don't be surprised if you will wait a little bit longer than usual.


You see the next Deployment Wizard menu, just follow the steps listed and it will lead to success.
Start with the local copy of the XDS Database, this will install a local SQL Server on every single Lync Server 2013 as a Pre-Requisite. But this is not different from Lync 2010.


Just chose the replication Source from the CMS Server Server.


As we know, the SQL installation will take really some time and you dont see and progress at all.
What you have to do is, open the Task Manager and follow the activity of the SQLEXPR_x64.exe, which is the installer for SQL Server Express. (Funny is, this is a 32bit installer.. Good question why?)


Next you are ready to install Lync Server Components, based on the Topology Definition you have done earlier.


Always necessary and an important configuration is are the Certificates.
What you still find in Lync 2013 are the Mobility Features included. So you don't have to do the same as in Lync 2010, because it is integrated.





Next we have to assign the Certificates:

And start the Services:


Better make sure all sure all Services are up and running.


If have setup the POOL DNS Name and IP Address you are able to start he CSCP:



I hope this overview helps you setting up our first Server, don't forget all the other DNS entries and than you have a lot of work ahead if you start configuring Lync.
Truly out of the box, even with Lync Std Edt, you can start working. But Lync 2013 has so so so many new features, you need time to dig through all of them. Here is still room to blog a lot.
Just continue and follow me, I will bring you deep into the Lync 2013 secrets.


24 comments:

  1. Thomas, Thanks a lot for your work but I would like to know if it's required to setup a separate Lync SQL server for the Lync Share ?
    thanks

    ReplyDelete
  2. @Mohammed

    The share that hosts the Lync file store has to be on a file server (or one that's not in your Lync topology). If you specify a Lync server to store the share on the wizard gives you an error.

    If you're asking about the SQL Express instance that's installed on Lync front-end servers, there's unfortunately no way around it. The wizard won't let you install any roles until a local copy of the configuration database is setup in SQL Express on the server.

    And yes, that is incredibly stupid. No idea why the config database (xds) needs to be on every front-end in an enterprise pool.

    ReplyDelete
    Replies
    1. Hi both of you,

      well you are right, the File Share can be on any server, preferable a File Server.

      Regarding the database, this is a complex process how the replication of data take place. Truly it could have been made simpler (see also the blog about the xds replication I wrote). Sometime it better not to ask why ;)
      On the other hand, lync use the local xds instance for replication. so long.

      Delete
  3. Thomas, thanks a lot for great article!
    And I have one little question :)
    When I try Prepare forest with cmdlet, that you write (Install-CsAdForest), I receive error:
    The term Install-CsAdForest is not recognized as the name of cmdlet
    I think that for Forest Preparation I need use Enable-CsAdForest instead?

    ReplyDelete
    Replies
    1. Hi Oleg,

      thank you for your hint. Your are absolute right. I change the it and also updated the blog with the actual PowerShell Command installing the Windows Features.
      Btw, you could have seen the correct commands in the pictures.

      Delete
  4. Thomas,
    I've run the planning tool and it created this realy complex network diagram (complex to me). Some the interfaces dont make a lot of sense and/or not explained well.
    I get external network. I get DNS round robin entries for the load balancing. But there seems to be more parts to this than is either necessary or I just dont' get it. Specifically, I'm looking at the permiter network

    ReplyDelete
    Replies
    1. HI,
      Lync Edge need two NIC, one each, internal and external and in DMZ, they must have different subnet
      DNS round robin is fine, but you still need HLB for https and also if you federate with PIC.
      Can you be more specific, where you actually having problems. I will try to explain this more in detail.
      Thomas

      Delete
  5. Hi Thomas, gr8 post, thanks for taking the time to write the article, aan just reading it a bit late...btw do you have a chan at YouTube? have you recorded the session? or posted the video somewhere?

    ReplyDelete
    Replies
    1. Hi Shuvro, I started a youtube chanel, but I will take sometime until I fill it with content
      do you have any suggestion how the video should suite the most requirements

      Delete
  6. Hi Thomas, just to keep it actual. Lync Server 2013 requires one more prerequisite: KB26468886. maybe you want to update your Blog...

    Regards Stefan

    ReplyDelete
    Replies
    1. Hi Stefan,

      well is you deploy based on a Windows 2008 R2 OS, sure you need this Patch as well. Since is a IIS 7.5 related security hotfix.
      The KB is 2646886
      http://support.microsoft.com/kb/2646886

      Delete
  7. hi mate .
    how u doing..!
    hey i am getting error in work group system during logging .its asking for certificate ,?????

    ReplyDelete
    Replies
    1. you need the root certificate from your internal PKI installed, that it is working correctly!

      Delete
  8. hi thomas,

    i have issue in starting FE service, error Lync Server Service Startup Pending as Backup Store BackEnd is not yet available. i found some blog that the resolution is to check if xds is created in backend sql but xds is visible in my backend. what could be the problem? lync 2013 Ent. fresh install, windows 2012. thank you.

    ReplyDelete
    Replies
    1. Did you deploy the all databases?
      check on the SQL Server is they are all present. if the xds would not be available, you cannot deploy Lync FE. So I assume this DB is ok, but you have issue with the other backend databases.
      check the sql connectivity from FE and validate the firewall setting. also on QL check if the correct RTC Groups have rights on the DBs.
      I strongly believe here lays the issue

      Delete
  9. Hello Thomas;
    many thanks for this great post

    Ihave a database issue ,

    in my lync 2010 I have 3 servers (FE, ME, BE) , in the new 2013 I have 2 servers (FE ,BE )

    I went throw the steps for migration till I reach to the topology builder where I have to create the database for (rtc , 2013mon,2013 arc)

    I chose to put all the three DB in BE server . I installed the sql server 2012 on my BE server , do I need to install sql server 2012 to my FE

    I get this error when I try to finish the install DB from topology builder



    SqlConnectionFailure: Failed to connect to SQL Server


    Error: Failed to find SQL Service. Make sure that SQL Server service (instance name rtc) is installed in machine HQ-LYNC2013-BE.######

    any advice about this issue ?

    Regards

    MK

    ReplyDelete
    Replies
    1. Hi MK,
      first when you are migrating, you must follow and plan your steps carefully.
      http://technet.microsoft.com/en-us/library/jj205369.aspx
      there are dependencies in CMS and FileShare, as well as the entire rights structure.
      Next is in your case, if you install the databases, validate if the RTC Groups are present and even for the first setup, that you account you are using has DBCREATOR rights or SYSADMIN.
      If you have a named SQL Instance, you can use the Wizard installing the DBs, check in the logs if you saw the correct instance. else you can install the DBs manually using the powershell.

      if you can/ want, please use the contact form on my blog, I reply to you and you can send me your logfiles, so I can guide you

      Delete
  10. Hello Thomas

    I have a post in your blog about lync 2010 to 2013 migration data base issue ,

    and still im getting the error below .
    Yes I'm using the enterprise edition , I named my instance RTC during the 2013 topology building ,

    I already installed the SQL SERVER 2012 in the backend server .

    I try the command install cs-database , but again I got the error failed to find sql services make sure that the sql service instance name rtc is installed in the machine hq-lunc2013 -be

    do I need to create the database rtc which I have named ..in the sql server manually ?

    I disabled the firewall in both the front end and the back end server's , but still the issue .

    there was errors during the sql server installation related to .net frame work , but I fixed the issue and I continue the sql server installation ..later on I can see the management studio and all the sql server service running .

    any other suggestion to solve the issue ?


    SqlConnectionFailure: Failed to connect to SQL Server

    7/17/2014 6:39:06 AM

    Error



    â””

    Error: Failed to find SQL Service. Make sure that SQL Server service (instance name rtc) is installed in machine HQ-LYNC2013-BE.######

    7/17/2014 6:39:06 AM

    Error


    â–¼ Details


    â”” Type: DbSetupSqlServiceNotInstalledException

    I appreciate if you can help me in this issue ?

    mk

    ReplyDelete
    Replies
    1. As far as I see, you have messed up something. Because if the SQL Instance is called/ named "RTC" this are instance on a Standard Edition. Local Instances on Enterpise are named "LYNCLOCAL" and "RTCLOCAL".

      So I suggest, you check your Topology the issue must be there.
      And in your case you might have to start all over again and clean up AD too.

      Sorry for this bad news, but there might be no other easy way

      Delete
  11. hello Thomas .
    Many thanks for u r replay to me .

    I have created one instance called rtc on my BE where installed the sql server 2012 , then from topology builder I chose to install the LYNC2013 database which I named (rtc ).

    it is completed successfully but with warnings ."PLEASE CHECK TEH LOGS BELOW"

    remaining iS the 2013mon and 2013arc database do I need first To create instances for them ?

    on my front end server , I notice in the d drive there is folder called "LYNCLOCAL" and "RTCLOCAL". and it conatians dababase and logs file but the name is rtc for the db .. I chose that name during the setup ??

    so what do you think ??


    Lync Server 2013 Deployment Log Collapse All Actions
    Action Action Information Time Logged Execution Result
    ▼ Install-CsDatabase Completed with warnings

    └ Connection: Data Source=HQ-LYNC-BE-01.TEST\LYNC;Initial Catalog=xds;Integrated Security=True 9/9/2014 2:12:09 PM

    └ ▼ Action 9/9/2014 2:12:09 PM Success

    └ Root domain: TEST. 9/9/2014 2:12:09 PM
    └ Root domain: TEST. 9/9/2014 2:12:10 PM
    └ Filter: (&((ObjectCategory Equal person)(ObjectClass Equal user)(Sid Equal S-1-5-21-1656373359-878998195-3562782424-16158))) 9/9/2014 2:12:10 PM
    └ Found 9/9/2014 2:12:10 PM
    └ User: CN=TEST 9/9/2014 2:12:10 PM
    └ Group security identifier (SID): S-1-5-21-1656373359-878998195-3562782424-519 9/9/2014 2:12:10 PM
    └ HasToken: True 9/9/2014 2:12:10 PM
    └ Check Groups 9/9/2014 2:12:10 PM

    └ Found "RTCHSUniversalServices": True 9/9/2014 2:12:10 PM
    └ Found "RTCUniversalServerAdmins": True 9/9/2014 2:12:10 PM
    └ Found "RTCHSUniversalServices": True 9/9/2014 2:12:10 PM
    └ Found "RTCHSUniversalServices": True 9/9/2014 2:12:10 PM
    └ Found "RTCUniversalReadOnlyAdmins": True 9/9/2014 2:12:10 PM
    └ Found "RTCComponentUniversalServices": True 9/9/2014 2:12:11 PM
    └ Found "RTCComponentUniversalServices": True 9/9/2014 2:12:11 PM
    └ Found "RTCUniversalServerAdmins": True 9/9/2014 2:12:11 PM
    └ Found "RTCUniversalReadOnlyAdmins": True 9/9/2014 2:12:11 PM

    └ ▼ InstallDatabaseCmdlet.CreateDatabaseForFeature 9/9/2014 2:12:12 PM Success

    └ Feature: BackendStore 9/9/2014 2:12:12 PM
    └ SQL Instance: HQ-LYNC2013-BE.TEST\rtc 9/9/2014 2:12:12 PM
    └ Collocated: False 9/9/2014 2:12:12 PM
    └ Found "RTCHSUniversalServices": True 9/9/2014 2:12:12 PM
    └ Found "RTCUniversalServerAdmins": True 9/9/2014 2:12:12 PM
    └ Found "RTCHSUniversalServices": True 9/9/2014 2:12:12 PM
    └ Found "RTCHSUniversalServices": True 9/9/2014 2:12:12 PM
    └ Found "RTCUniversalReadOnlyAdmins": True 9/9/2014 2:12:12 PM
    └ Found "RTCHSUniversalServices": True 9/9/2014 2:12:32 PM
    └ Log file: C:\Users\MK\AppData\Local\Temp\2\Create-BackendStore-HQ-LYNC2013-BE.TEST_rtc-[2014_09_09][14_12_12].log 9/9/2014 2:12:35 PM

    └ ▼ InstallDatabaseCmdlet.CreateDatabaseForFeature 9/9/2014 2:12:35 PM Success



    kind regards

    MK


    ReplyDelete
    Replies
    1. Well, if Lync is installing databases on the backend, by default the instance name is SQL default (MSSQLSERVER).
      I saw you have used an instance name called LYNC.
      In your log is another log embedded: Create-BackendStore-HQ-LYNC2013-BE.TEST_rtc-[2014_09_09][14_12_12].log
      there the warnings are listed, so I cant see them.
      I think it might be a good idea to understand the Create Database Options in the wizard.
      If you or someone else see it in the same way, I might blog about the Backend Server (SQL) incl. Mirroring in more detail.

      thomas

      Delete
  12. i am facing some problem
    all users with windows 64Bit are working but those who is under windows 32Bit is sending that failed to get the Certificate from the server .
    is there any help on this ?
    i am running Lync 2013 for the first time .
    thanks in advance

    ReplyDelete
    Replies
    1. HI do you have Win7 or XP? is the internal/external root certificate on the client. Are they domain joined?
      if there is untrusted server message, follow my other blog article about untrusted by client.
      If all doesn't help, please send me client log file, but please clean it up first, I'm only than looking into the clients logon process for you. Ping me via my contact form here in the blog and I reply with my direct mail

      Delete