Tag Archive: setup


I am going to glaze over the beginning processes, because I have already performed and documented them here.
This is a Lync Server 2010 install on a domain member server running Windows Server 2008 R2 Enterprise.

I will pick up: Prepare First Standard Edition Server.

This goes through the process, and completes this time, installing SQL 2008 Express and an instance named RTC, which is started and running.

Next, select Install Topology Builder, and let the tool complete.

Topology Builder
Topology Builder

Now let’s do some prep. First, add the account you are using to DomainAdmins and RTCUniversalServerAdmins groups. You can do this via ADUC, by double clicking the group, selecting the members tab, and adding the name of your account.

RTCUniversalServerAdmin

RTCUniversalServerAdmin

Next, create the share you will be using during your topology setup. The default sharename is share, on the server you are installing Lync 2010 on. I will name it LyncShare, as this server has little else to do besides Lync, and no other shares. I create a new folder on any drive, right-click it and select share with, specific people. I then add Domain Users and Everyone with read/write permissions. We can change these to least access later on.
File Sharing

File Sharing

Make sure the account you are using is in there as well- and this should be a domain account.
DNS Records for your Server Pool need to exist, as well as simple URL’s. We will add those after we build the topology, before we publish it.

Now, go to Start>All Programs>Lync Server 2010, and select Topology Builder.

Click on New Topology.

The Primary SIP Domain can be any domain name that you use, I leave mine set to my internal domain name. For this example, I will use company.local.

Primary SIP Domain

Primary SIP Domain

Click Next. I am not adding any added domains, so click Next again.

Under Site Name, name your site something nice, like CompanyLync.

First Site

First Site

Click Next. Enter your City, State, and Country.

Check the box: Open the New Front End Wizard… and click Finish.

New Front End Wizard

New Front End Wizard

Click Next.

Select Standard Edition Server, and enter the domain member server’s FQDN.

Front End FQDN

Front End FQDN

Click Next. Check no boxes, click Next.

Select Features

Select Features

Uncheck Mediation Server, and hit Next.

Collocated Server Roles

Collocated Server Roles

Enable anything you want, I leave all unchecked. Click Next.

Associated Server Roles

Associated Server Roles

Click Next on the grayed out options screen for SQL Store, to leave them at the default settings for new.

Select the name of a File Share, leave File Server alone or set to your company’s file server- in this case it is all on one server, so enter that servers FQDN. Click Next.

File Share

File Share

Leave Web Services URL alone- remember this is going to be used for internal IM only. You can change this as you see fit, if you will be hosting external access.

Web Services URL
Web Services URL

I named my External URL ExternalPool.company.local. I will now create DNS records for both pools. Open up DNS MMC, and add an Alias(CNAME) entry for both internal and external base urls, pointing to the correct FQDN address of the server.

DNS Alias for Pool

DNS Alias for Pool

You can now view the properties of everything you have configured.

Properties
Properties

Click Edit Properties from the menu on the right. Click Simple URLs on the left of the window that opens.

Add an Administrative access URL. I did mine to match the other too, changing the first word to admin.
Click Central Management Server and select the only option.
Simple URLs

Simple URLs

Now let’s add DNS entries for these three Simple URLs.
Back in the DNS MMC, add a Alias(CNAME) for dialin, meet, and admin.

In the menu on the right, click Publish Topology.

Read the requirements, and when ready, click Next.

Leave this to default and click Next.

Central Management Server

Central Management Server

Now I decided to change my pool name, and I got all sorts of problems. If you get warning messages about your pool not existing in AD, then you can use Lync Management Shell to remove the pool, and redo the set up. The post on how to do this is here.

Now when I hit Publish, it completed successfully.

Publish Progress

Publish Progress

Publish Success
Publish Success

Nice, but we still have more to do. Microsoft says that this is the point in which you rerun the setup on all servers that will be handling Lync. Since I am only using one, we do not need to do this. Go back to the Lync Server Deployment Wizard. This time click on the link to the left- Install or Update Lync Server System.

Install or Update Lync Server System

Install or Update Lync Server System

Click Run next to Install Local Configuration Store. Leave the default options on both screens, and click next.
Let the Wizard complete. Hopefully you will receive success on all the prerequisites.
NOTE: Make sure to always expand the prerequisites tab before each item and make sure you are in compliance.
Installing Local

Installing Local

Once complete, click Run next to the next item, Lync Server Components.

Click Next.

IIS Roles

IIS Roles

I get an error about IIS features. I remember when I added the Feature IIS, I left most of the boxes cleared by default. Lets enable all of that now.

Click Server Manager, and select Roles. At this point you will have IIS installed, so click on the link. Scroll down a bit and click Add Role Services. I then added all of the roles that the error message mentioned. I suppose you could add all, but why add extra stuff that you do not need?

IIS Role Services

IIS Role Services

Click Next, click Install.

It will complete (no reboot needed), and go back to your Lync Deployment screen, and re-run Setup Lync Server Components.

Click Finish once that completes without errors.

Run the next task: Request, Install, or Assign Certificates.

A box appears with a Default Certificate, which is unassigned. Click Request next to it. You could also click request, and formulate a CSR to an Offline CA. I will select send the request immediately to an online CA, and click Next.

Certificate Wizard
Certificate Wizard

It should automatically pull up your CA server, which in my case is my DC. I will click Next if this is correct. You can then specify alternate credentials, if you are not signed in as a domain admin account. I am, so I will leave this alone. Click Next.

Click Next pas the Alternate Template page.
Specify a friendly name. I used lyncfriendly
Ill let you decide what to put here, for OU and Organization. Consult the Lync Documentation if you need help with this. Click Next and fill out your locale.
Click Next twice.
Check the box next to your SIP Domain, and click Next.
SIP Domain

SIP Domain

Click Next.

Click Next again.

And Again, and let the wizard do it’s thing.

Certificate Request Completed

Certificate Request Completed

You will get a message about thumbprints, make sure the box is checked, and click Finish.

Online Certificate Request Status

Online Certificate Request Status

Now you will be ported to the Assignment screen. Click Next.

Click Next again- I won’t show you all of my company internal information. Once the wizard completes, click Finish.

Click Close, and select Run on the next object: Start Services.

On the wizard that opens, click Next.

Cross your fingers! Yay! It completed successfully. Click Finish.

Click on Service status to see if they are all running.

Lync Services

Lync Services

Close out everything, and open Lync Control Panel from the Start Menu. It should open and look like this.

Lync Control Panel

Lync Control Panel

Now I am going to end this God awful long post, and go about adding my users. If there is an area I could be clearer, please comment. If I did something wrong, please let me know! I posted this mainly for my own documentation purposes, and to help out the next guy who is not comfortable with certificates, pools, SIP domains, etc. Thanks for reading!

Update: I stumbled across this post, by Jeff Guillet. He is the author of some of the books I have read, and this post and tool are amazing. Thanks for the GREAT contribution Jeff!

http://www.expta.com/2011/01/introducing-lyncaddcontacts.html

A tool to add contacts to a users Lync over and over. Say you have a domain of 20 users who will use Lync (as I did). Adding 20 people, 20 times (as I did) takes forever. Use this tool to set up one client once, and then re-run it to perform the same actions on other clients. Ingenious.

 

UPDATE: When you first install the client, the initial sync can take a while. If you are like me, you need to get it up an running quick so you do not further disturb the network or desktops. There is a registry entry you can add. What I do is install Lync Client. Then I import the company contacts from the GAL to the users contacts list. Then exit the client.

Now open an elevated command prompt. Type this command:

reg add hklm\software\policies\microsoft\communicator /v GalDownloadInitialDelay /t REG_DWORD /d 0 /f             (And that is a zero at the end).

Now wait one minute, and restart the Lync Client. It will now have all of the users contacts synced up and ready to add.

This is part one, covering the setup and dhcp tabs.

Router documentation is well written from a technical standpoint. It tells you exactly what each option is. What it often lacks is a description of what each option does, and what setting is recommended. In this blog post series, I will describe each tab and setting of a RV016 Linksys router, and what the settings do and should be set to. Your settings will obviously not be the same as mine, but my examples should head you in the right direction.

Before we start, you need to know your IP address scheme. There are a million sites on this, so I will not get into it. I would suggest writing it out on paper to refer to while configuring. It also helps to know what services you will be running on the domain. You only want to allow through what you need to let through, and UPnP often opens “extra” ports in your router that are not specifically needed.

To get a general understanding of how the router works, I will describe the path information takes when leaving a domain.

  1. A workstations sends out a data packet.
  2. It queries a DNS server on where it should go. The DNS server will in most cases be your server, or a server.
  3. It then gets forwarded to the correct IP address- in this case the internal IP address of your RV016, or your default gateway.
  4. Then that router queries its external DNS, which is most likely your ISP. With that information, your router sends the data to the correct location.

I know a lot more goes on under the hood, but this is a basic explanation of how the network path will go- keeping a visual of this in your head helps when designing IP addresses and pointing DNS.

For this explanation, I will assume that you have bought the router, have an internet connection with a static IP address, your server has a NIC, and that you have connected at least 1 workstation and the server to the router ports, and the router is connected to your modem.

This article also assumes that you know the basics, and can gloss over items not generally used in a simple server network. Furthermore, I assume that you know you must hit save after changes, and how to navigate tabbed browsing- do not get angry if you changes do not take due to not saving your work.

In this scenario we use Comcast Broadband cable, with a static IP address of 70.89.23x.x5- I am going to leave some IP bits masked for security purposes. Not that I mind if my public IP address is known, but why risk it, right? The internal IP addressing scheme that I used was 192.168.1.1. In hindsight, this was a mistake. As the default, most home network have this type of IP address. this causes problems when connecting remote machines to the network, with IP address conflicts. Pick something else- even as simple as 192.168.5.1.

Our router is connected, let’s log in. The default IP is 192.168.1.1, so open up a web browser and type that into the address bar. you will be prompted for a user name and password. Administrator is the user name (the RV016 is case-sensitive, fyi) while the password is either admin, or 1234.

Your ports will not be green, and your ip addresses will not be filled out.

Summary Screen

Summary Screen

The green boxes are port status- telling you if a port is active or not. This can be important for troubleshooting.

LAN IP is the routers internal IP address. This is 192.168.1.1.

WAN1 and 2 IP are the external IP addresses of the router. I only use one, but you can configure two to host another network, provide modem failover, bandwidth throttling, etc.

DMZ is for the demilitarized zone, if you plan to provide a separate network segment for internet access.

You will want the mode to say Gateway if this is your main router.

Then you have DNS, this is your external DNS- the DNS of your IP. Comcast’s main DNS is 68.87.73.242. This can be changed to suit your needs and location. Google Public DNS and OpenDNS are alternatives.

The rest of the settings are for later, lets just skip over them.

The first thing you will do is set up your IP address. Click the setup tab up top.

Setup Tab- Network

Setup Tab- Network

Host and Domain name will most likely be left blank.

Device IP address will remain at 192.168.1.1, unless your address scheme is different. Say your network is 10.1.10.1, then this would be the device IP address.

Chose a subnet mask to fit your network. The default and mine is 255.255.255.0. And explanation of ip addresses and subnets can be found here. After, you can add multiple subnets. I have one added, though it is not in use. If you don’t know what this is, you don’t need to change it 🙂

In the bottom tables, you have settings for your WAN ports. I only use WAN2, so I will leave WAN1 set to automatically obtain IP address, which is nothing in this case. I will also leave DMZ alone, as I do not use a DMZ. Click edit for each of these items if you wish to use them.

Click Edit on WAN2, and we will configure this ports settings.

WAN2 IP Setup

WAN2 IP Setup

Select Static IP.

Enter in the WAN IP address provided by your ISP. this is your internet IP.

Provide the subnet mask and default gateway they they provide. This should all be on the pink slip you got when the internet was installed.

DNS server are your external ISP’s DNS servers. For most cases, leave MTU to auto- we can alweays adjust it later if necessary. Save and click on password subtab.

Change the router password. Use complex strong passwords, and change them every couple of months. I have a string that I remember because it rhymes, but it is very complex with all the trimmings. I would suggest doing the same, and NOT writing it down.

If I was a burglar, and I broke into your server room, the first thing I would do would be to check drawers, under the keyboard and calendar, and notebooks for written down passwords (then I would probably pry open the case to steal your HDD’s, but that’s for later).

Save and move on to Time. Leave this as default, unless you need to change it. DMS Host- we dont need to change this with no DMZ.

Forwarding- this is a BIG one! In order for your network to even work, there are certain things that you need to forward to the server. This is telling certain types of communication coming into your network via the external IP address that they need to report to the server, who then forwards them on to their destination (ther server is the internal DNS server).

I will list the things you need to forward to your DNS server. Bold text is necessary, underlined is probably necessary, and regular text is optional depending upon services.

Setup Forwarding

Setup Forwarding

  • SMTP– TCP25, allows mail to come in, dependent upon your email configuration
  • HTTP– TCP80- web browsing, and a lot of default services
  • HTTPS– TCP443- Secure HTTP, used for Remote Companyweb/RWW/etc
  • Companyweb– TCPxxx- this is the port that you set up remote Sharepoint access on, which is changed in IIS Manager
  • PPTP- TCP1723- if you dont know what this is leave it alone, but this allows VPN connection
  • Hostmonster- TCP26, my remote mail provider does not operate on port 25, we use 26 instead
  • RWW– TCP4125, for Remote Web Workplace access
  • HTTPS Secondary- TCP8443, default secondary HTTPS port, used for multiple secure sites. I use mine for a private database site
  • FTP- TCP21, use this if your network has any FTP sites or servers
  • TELNET- TCP23, use this if you have any need to telnet into the server. I use this for mail troubleshooting, and disable it when not needed
  • L2TP- UDP1701, this is used for VPN tunneling protocol. DO NOT enable this unless you use L2TP VPN
  • RD– TCP3389, Remote Desktop port. This can be defined through your network access policy

You can of course add to this list. If you need a port open for a particular application, then open that port and forward it to the server. Do not open spare ports for the heck of it. Remember that this router supports UPnP. You can also run UPnP, and then run the Connect to the Internet Wizard. I prefer not to do this, personally.

One to the one-to-one nat tab; you probably don’t need this enabled for a simple network. MAC Clone, DDNS, and Advanced Routing you will most likely leave alone.

DHCP Tab

You will only enable this if your router is handling DHCP, which provides IP addresses for connected devices. A typical server setup will have the server providing DHCP. There are configurations using both server and router DHCP in case of server failure or vice versa- but typically you will leave this setting alone. The status tab tells you the status of the router DHCP if it is enabled.

%d bloggers like this: