#Lync 2013 marks gateway as down – when it is not???

I was recently working on an issue where Lync was marking a single gateway of 3 in a voice policy route as down. This customer is using 3 gateways and outbound calls are using all 3 together via round-robin routing. The only item that was unique about this particular gateway was that there is a FXS paging trunk connected to it. Our support team restarted the mediation service and saw all the necessary event log entries indicating that the gateway was back online only to see it be marked as unreachable after a period of time. The issue was escalated to me since I did the original implementation and suggested that we try testing a few things:

Issue

  • Make a call to the paging trunk, while there is a call established make another call.
    • This resulted in an event log entry stating that there was a failed attempt on outbound routing.
    • We did this 4 more times (the magic number here is 5 failures)
    • After 4 more failures we saw Lync mark the gateway as unavailable

Cause

  • The reason this is a problem is that the gateway was responding to Lync when the FXS port was in use with a 503 Service Unavailable (Remember Good SIP Messages 1xx, 2xx, and 3xx) (bad SIP messages 4xx, 5xx, 6xx) If Lync receives 5 permanent failures Lync will mark the gateway as down. That is OK when there are other gateways that provide the same outbound routing, but now paging will not work. Remember it is connected to the gateway that is marked offline

Resolution

In order to solve this issue I suggested that we utilize the New-CsSipResponseCodeTranslationRule Lync PowerShell command to take a 503 message and translate it to a 483 (Busy Here). By doing this we take a permanent failure like 5xx and translate that to a temporary failure that Lync does not count towards the 5 failures before a gateway is marked down.

Here is the command that was run:

New-CsSipResponseCodeTranslationRule -Identity “PstnGateway:xx-xxx-gateway1.contoso.corp/Rule503_Paging” -ReceivedResponseCode 503 -TranslatedResponseCode 483

After we implemented the command we ran several tests. We had a user connect to paging and then another user call the same trunk over and over. Lync never marked the gateway as down. We validated this by reviewing the Lync logs and seeing that we were in fact getting a 483 message back now.

Hope this helps someone!

San Francisco Lync User Group – Wednesday April 23rd, 2014 #Lync #LyncUG

The San Francisco Lync User Group will be having our next meeting Wednesday April 23rd, 2014 from 3:00PM-6:00PM. This meeting will include two sessions, the first session will cover the Top Ten Takeaways from Lync Conference 2014.  The second session will dive into Advanced Troubleshooting Tools for Lync.

Location Details:
835 Market Street
Suite 700
Golden Gate North Room
San Francisco, CA 94103

There is a parking garage right behind Market Street on 5th and Mission.  BART station at Powell street and is a 2 minute walk to the Microsoft offices.

Please register on our webpage at http://www.LyncUG.com

San Francisco #Lync User Group January 23rd, 2014 3PM-6PM #UCOMS

*Win a trip to Lync Conference!

About Us

The San Francisco UC Users Group is targeted at IT Pros and Developers interested in Microsoft Unified Communications. Our goal is to provide the San Francisco area with valuable information as it relates to Microsoft Unified Communications. Our meetings will include both technical and business information relating to Lync Server, Exchange Unified Messaging and other components of the Microsoft UC product suite.

Please register on our webpage at

http://www.LyncUG.com

Meeting Details

January 23rd 2014 3PM-6PM Pacific

The San Francisco UC Users Group will be conducting their next meeting Thursday January 23rd, 2014. This meeting will include two sessions, the first – a session covering the ins and outs of Centralized Logging in Lync 2013. The second session will take a dive into Lync Room Systems presented by Smart Technologies.

Industry Experts will be on site to deliver these presentations and help answer any questions related to Lync Server.

Food, beverages and additional door prizes courtesy of the Lync Users Group

*Lync Conference trip entry requires attending an in person event on or prior to January 31st, 2014 and completing a survey. Drawing will be conducted February 1st, 2014 and winner will be contacted immediately. Lync user’s group volunteers, sponsors, employees of sponsors and their immediate families are not eligible to win.

Location Details:
835 Market Street
Suite 700
Golden Gate North Room
San Francisco, CA 94103 

2013 in review

The WordPress.com stats helper monkeys prepared a 2013 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 49,000 times in 2013. If it were a concert at Sydney Opera House, it would take about 18 sold-out performances for that many people to see it.

Click here to see the complete report.

Publish #Lync 2013 Web Services with Windows Server 2012 R2 Web Application Proxy

Deploying WAP for Lync Server 2013

Requirements:

2 Servers 1 Web Application Proxy (WAP), and 1 ADFS.  Both Windows Server 2012 R2

The ADFS server is an internal server joined to the corporate domain on the internal LAN

The WAP server is a perimeter server in the DMZ in a workgroup (think TMG here), 2 interfaces 1 Internal, 1 External.

  • Install ADFS, Open PowerShell and run the following command:

    Install-WindowsFeature ADFS-Federation

  • Open Server Manager and select the status icon shown below and click Configure the federation service on this server

  • The Active Directory Federation Services Configuration Wizard screen will open. Select Create the first federation server in a federation server farm

  • Click Next
  • As long as you are logged in as a Domain Administrator you can just select Next.

  • On the next screen you will need to select a certificate that matches the FQDN of the ADFS server or servers if you are deploying more than one ADFS server for high availability (If you are deploying multiple ADFS server ensure that the SAN field contains the name of the servers)

    Note: You can use my post here in order to create certificates.
    http://cmcgreanor.wordpress.com/2011/07/06/create-standalone-certificate-request-for-lynctmg-2010-reverse-proxy/

  • You can select a Group Managed Service Account or a Managed Service Account that already exists in Active Directory.
    • In order to use the Group Managed Service Account you must run the command below

      Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)
      You will need to wait for AD replication in order for the option to become active

  • Select next on the Specify Configuration Database

  • At the review options screen select Next.

  • After the Pre-Requisite check finishes select configure:

  • You should see this final screen when finished.

As far as ADFS is concerned for Lync we are finished. There is no other ADFS configuration required.

Web Application Proxy Configuration

  • First thing we need to do on the WAP server is either set internal DNS on the internal facing NIC for internal host name resolution or modify the hosts file and add the ADFS server FQDN and Lync Web Services FQDN’s. In my case that is:

  • Ensure you add the primary DNS suffix in the Computer Name options area to match the internal domain name. In my case that is mcgreanor.net
  • Import the domain Enterprise Root Certificate to the Trusted Root Certification Authority snap-in since this server will be establishing secure SSL sessions to the ADFS server the only way to do that is by importing the root ca just as you would have on a TMG or Edge Server.
  • Import your Public Certificate that contains the web services names on it to the Personal Store on the WAP Server
  • Run the following command via PowerShell:

    Install-WindowsFeature Web-Application-Proxy,RSAT-RemoteAccess-Mgmt, RSAT-RemoteAccess-PowerShell, GPMC, CMAK

After the command has completed open the Web Application Proxy Wizard via the Server Manager Console

  • At the Welcome screen select Next

  • Enter the federation service name that you specified in the ADFS configuration as well as credentials for accessing ADFS.
  • Export the certificate you created for your ADFS service from the ADFS server and import it with private key to the WAP Personal Certificate Store.
  • You will see the following as an option

  • Click Next

  • After this has completed you can configure your publishing rules.
  • Now open the Remote Access Management Console and select Publish
  • At the welcome screen select Next

  • Select Pass-Through

  • For your Lync External Web Services use the following as an example

  • Select the certificate that contains the public names of your Lync Web Services
    • Note that the Backend server URL has the :4443 added to the end since Lync is listening on this port for external web traffic
  • Click Next and you will get to this screen

  • Click Publish
    • At this point you are going to want to ensure that you have TCP Port 443 open between the WAP Server and the ADFS server. If you do not this step will fail.
  • Complete steps 17-28 for the remaining web services you wish to publish
    • Note: You can use the following PowerShell command to create multiple entries
    • Add-WebApplicationProxyApplication -BackendServerUrl ‘https://lyncwebext.mcgreanor.com:4443/‘ -ExternalCertificateThumbprint ‘insert Certificate thumbprint here’ -ExternalUrl ‘https://lyncwebext.mcgreanor.com/‘ -Name ‘Lync Web Services’ -ExternalPreAuthentication PassThrough
  • My final configuration looks like this:
  • Since some of the Lync 2013 mobile clients do not support Server Name Indication (SNI) you will need to apply a default SSL certificate for the Web Application Proxy to use.
  • Run this command from PowerShell:
    • netsh http show sslcert

    • You will get a screen that contains the following copy the Certificate Hash
    • Run the following command:

      netsh http add sslcert ipport=0.0.0.0:443 certhash=b58f8eda33987269a286f72af7766687743b87ec appid={f955c070-e044-456c-ac00-e9e4275b3f04}

    • If the full command doesn’t work run netsh first like below
  • And finally the last command to run is the following:

    Get-WebApplicationProxyApplication | Set-WebApplicationProxyApplication -DisableTranslateUrlInRequestHeaders:$false

#Lync 2013 November Update Released 15.0.4551.1005

Microsoft released the November 2013 client update recently. Below are the fixes with major fixes highlighted.

In addition the following features have been added.

Client feature enhancements include Photos of Sender/Receiver, URL Photo Experience, pChat Escalation, Login Trace Files and New Recording Options

For more details you can go here to read the NextHop blog on the article here: http://blogs.technet.com/b/nexthop/archive/2013/11/07/cumulative-update-for-lync-desktop-client-2013-november-2013.aspx

The update is available here: http://support.microsoft.com/kb/2825630

San Francisco UC User Group Meeting Wednesday October 30th, 2013 #Lync #LyncUG

I am excited to announce that we will be having our next UC User group meeting on October 30th from 3-6PM at the Microsoft Office in San Francisco. This is going to be a great way to learn about Lync if you are new to the product or if you have already deployed Lync listen to others that are at different stages of deployment. You will also be able to mingle with industry experts including Lync Microsoft Certified Master’s! I am the Local Chapter Organizer for this group. Please use the link below to register and I look forward to seeing you soon!

About Us

The San Francisco UC User Group is targeted at IT Pros and Developers interested in Microsoft Unified Communications. Our goal is to provide the San Francisco Bay Area with valuable information as it relates to Microsoft Unified Communications. Our meetings will include both technical and business information relating to Lync Server, Exchange Unified Messaging and other components of the Microsoft UC product suite.

Please register on our webpage at http://www.LyncUG.com
http://www.lyncusersgroup.com/

Meeting Details

October 30th 2013 3PM-6PM PDT, Hardware Load Balancing, Reverse proxy, and Lync Edge Deep Dive

The San Francisco UC User Group will be conducting their next meeting Wednesday, October 30th, 2013. This meeting will include two sessions, the first – Lync Hardware load balancing and Reverse Proxy presented by KEMP. The second session will be a Lync Edge Server Deep Dive. Industry Experts will be on site to deliver this presentation and help answer any questions related to Lync Server.

Food, beverages and door prizes courtesy of the Lync Users Group.

Location: Microsoft Offices San Francisco

Golden Gate North

Microsoft

835 Market Street, Suite 700

San Francisco, CA 94103

Sponsored by