Posts

Showing posts from June, 2013

ebook: Microosft Lync 2013 Unified Communications: From Telephony to Real-time Communication in the Digital Age

today I like to recommend a "non technical" book, written by my friend Daniel Valik.
Lync 2013 is not all about technical knowledge, in Unified Communication we also need to come more closer to the business approach. We need knowledge about business process and financial consultancy ahead of any Lync deployment.
With Daniels book it is possible to understand this areas and gain knowledge about this new areas we should be aware of ...

Please have a look and drop us any feedback.

http://www.packtpub.com/microsoft-lync-2013-unified-communication/book

Cheers
Thomas

Lync Client: Certificate Authentication Problem

Very often I'm ask about this problem:

English:
Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?

German:
Lync kann nicht überprüfen, ob der Server für Ihre Anmeldeadresse vertrauenswürdich ist. Trotzdem verbinden?


Explanation:
Lync Client 2013 has an additional safety check implemented.
This verify the users SIP Domain with the FQDN of Lync server where the user tries to connect with.
In the most customer environments, the SIP domain is different from the Active Directory domain. It usual and normal. Possible the SIP domain will match the SMTP domain, so user can easily experience Unified Communication, and the communication addresses are the identically.

If you are in an lager enterprise, it's quiet a hassle if all users would have to click the acknowledgement. We need a solution!

How to solve this problem, there are two methods
A manual way and a GPO based solution.

If you are adjusting the Lync Client manually, you have to navigate to:

HKEY_CURRENT…

Configure and Identify Lync Server 2013 Services and Ports (Communication via SIP TCP Port 5060)

Image
We in larger environments or under special circumstances, we need to identity or redefine Lync Server Services. Either we need a list of running service and their configuration about assigned servers, or we might need a special configuration.
For example, in some Video Conferencing environments, the VC system can only communicate over TCP Port 5060 with the SIP Registrar, rather than over TLS Port 5061.

If this is the case, you need to reconfigure the Lync Server 2013 defined Default Settings.
In Lync 2013, the following Ports are defined by default:

SipPort: 5061
WebPort: 444
LyssWcfMtlsPort: 5077
XmppGatewaySipPort: 5058
WinFabClientConnectionPort: 5092
WinFabLeaseAgentPort: 5091
WinFabFederationPort: 5090
WinFacIPCPort: 5093
WinFabReplicationPort: 5094

Other Ports are not defined:
SipHealthPort, SipServerTcpPort, SipClientTlsPort


We can figure-out the configuration with the following command only:
Get-CsService -Registrar




If you have a look into TechNet under Lync CmdLets, you will find several ser…

Lync Certificate Planning and Assignments

Image
Lync Certificate Planning and Assignments
(Edge, Reverse Proxy, Director, Frontend, Mediation, WAC)
Download the article as PDF: SlideShare Link (here)

The following article is optimized for Lync 2013, but in general valid for Lync 2010 or OCS 2007

NOTE: First I need to highlight; Lync Server and Client make use of Certificates, therefor the technical principals of certificate deployments are necessary to understand. If on your Clients or Servers an Internet Explorer Setting with a Proxy Server is activated, make sure you have the correct design. The CRL (Certificate Revocation List) check is mostly HTTP based (in AD Environments also possible via FILE or LDAP), if you have setup an internal Proxy, which cannot redirect the request into your LAN, you will run into major issues!

I wrote another article in 2012 which maybe from interest for you too:
Forefront TMG – Directors, Front End and Standard Edition for Lync

GENERAL
Lync Certificate Planning must be separated into three different areas:
1…