Blog Categories

Subscribe to RSS feed


Follow Microsoft Technologies on Pinterest

Jason Sloan

I currently hold the Microsoft Certified Master on Lync Server 2010 certificatoin and work as a Senior Technical Consultant at Perficient, specializing in Unified Communications design and deployments. My history in IT dates back 15 years with all my experience coming primarily from Microsoft Technologies. I believe the Microsoft Unified Communiations community is a very close and talented group of engineers who genuinely enjoy the technologies and collaborating with one another to help the technologies dominate the marketplace.

LinkedIn LinkedIn Public Profile
Twitter jason_D_Sloan

Posts by this author: RSS

Ringing in the New Year with Skype (Lync) for Business

This morning Microsoft lifted the curtains to finally unveil what everyone knew was inevitable; Lync Server now becomes “Skype for Business”. This is actually the second go around for the “Skype for Business” name, prior to the Microsoft acquisition Skype tried to enter the “Business” realm with a business offering…yeah, that didn’t work out to well. Now the Skype name officially gets both the consumer AND the enterprise by simply rebranding Lync Server as the first step of the Skype backbone and Lync backbone inching closer and closer together to become one cohesive environment.

So, enough of that rambling…I for one am very happy about the rebranding of Lync to Skype for Business, this for many reasons:
1.) I can explain my job easier to friends
2.) I can explain my job easier to family
3.) I can explain my job easier just random people. Flying becomes much more enjoyable.
4.) I don’t have to explain to anyone why there was Skype and Lync when they were essentially the same thing
5.) Lync and Skype are no longer two different silo’s…well, to the less technical people, anyway

My blog posts are more aimed at our customers and clients, so I should answer the questions you are probably really wanting to hear.

Question: How does this impact my on-premises deployment of Lync?
Answer: It doesn’t. It’s simply rebranding at this point. To stay relevant and always be part of the “cool people club” you should upgrade as soon as the next Skype for Business version is released in 2015. If you plan to stay with Lync 2013 or Lync 2010, you’re old.

Question: Skype is “in the cloud”, does that mean Skype for Business is going to be cloud based? I don’t want to be in the cloud!
Answer: Nope, it’s still on-premises. New server requirements will be releases soon enough, then at that point you should start budgeting for new servers.
Of course there is still Office 365 Lync Online offering…that will be rebranded as well.

Question: Will upgrade be “in place” upgrade.
Answer: Nope, not according to early reports. You’ll have to buy new hardware. This has always been the case with OCS and Lync so this shouldn’t come as a surprise.
Update: To clear up some confusion I’ve read between 2 different articles, in-place upgrades will indeed be available according to official statement on Microsoft’s announcement this morning.

Question: Skype is something we didn’t allow in our enterprise because we couldn’t control it, is Skype for Business going to be unmanageable?
Answer: Skype for Business is still going to be an on-premises deployment with the same “Backbone” that Lync Server was built on. All the “checks and balances” to keep Skype for Business secure are still in place.

Question: Can I finally make a video call between Lync and Skype?
Answer: Not yet, but should be able to in December of 2014 as reported by Microsoft. And when Microsoft says December of 2014, what they really mean is sometime in 2015.

So I hope this clears up any confusion regarding another rebranding. In short, technically, Skype for Business is staying the same course as it had been with Lync Server by offering on-premises and cloud based solutions. If your organization is eyeing Enterprise Voice or already has it deployed, the solution will still be on-premises as it should be.

Now that you’ve read my blog, here is a “Lync” (yup, I had to do it) to the official announcement.

#Lync and the Impacts of Windows XP

It’s no secret Microsoft is doing the same to XP as the bad boy trio from Office Space did to that poor Printer.
The deprecation of XP will have an impact on organizations for various reasons, some of which I’m not qualified to speak in depth about, but a key topics on the wire as of late is particularly around security. Without a steady stream of updates and patches, you leave your environment largely susceptible to attack.

Lync and the Impacts of Windows XPI can speak more intelligently and qualified around XP in the workplace and how it works with Lync…or how it DOESN’T really, kind of a little, maybe…work with Lync. Huh?
Let me explain. The Windows XP OS has been dropped from backward support-ability with Lync Server 2013. Microsoft knew long ago, XP was going to be killed off during the reign of Lync Server 2013, so they are essentially forcing your hand to upgrade. It’s a fair hand to be played in defense of Microsoft, at some point we have to move on and put to rest the aging systems to focus on improving existing and future releases, so don’t look at this as a strong arm play by Microsoft, it’s just simply evolution.

If you are considering the move to Lync Server 2013, understand that any pockets of existing XP machines need to be upgraded to at least Windows 7 for the Lync 2013 client to install. If you do not upgrade, your users will be left with Lync 2010 or OCS 2007 R2 (MOC) client and that’s not cool.
Start reviewing Client Interoperability and Support here.

Keeping Lync 2010 client in your environment because of XP is not ideal. It works and its supported, but its just not perfect. Expect that you will find feature and functionality caveats and shortcomings, plus multiple support streams and image packages. Yuck!

If you are upgrading from OCS 2007 R2 Platform to Lync Server 2013, another knock against replacing the MOC client with Lync 2010 client just to justify the retention the XP OS, is user adoption. If you introduce Lync 2010, then plan to introduce Lync 2013 or maybe even the next rev of the Lync client over an accelerated timeline to get your OS’s upgraded, you essentially press change upon your users more times than needed. Change would essentially happen like this for your users:
1.) Introduce new Lync 2010 Client
2.) Introduce new OS
3.) Introduce new Lync 2013 Client
Simply put, this is not ideal.

If you hit the OS upgrade button now, change would look like this:
1.) Introduce new OS and Lync 2013 Client at the same time during the same roll out of a single package.
This strategy has much less of an impact on your sensitive user base.

The MOC client, however, is much much different.
First and foremost, you can’t join a Lync Conference using MOC. ALL you get with MOC, is IM and Presence, so that is an incredibly big disadvantage of using the MOC client as a stop gap.

Second, the MOC client does not support DNS Load Balancing as the Lync Clients do. This could cause an impact as well if you feel your users need HA. If you keep the MOC client on the desktops and move to a Lync Server 2013 back-end, you will need to configure or purchase an HLB to maintain SIP communication HA, no exceptions. All of this JUST for IM&P?
If you move to the Lync Client immediately, you can take advantage of the DNSLB mechanism built into the Lync client to maintain SIP communication HA. Keep in mind, however, HLB is still required for load balancing the web communications required by Lync, but sizing of the HLB can be dramatically reduced.

So the moral of the story, please look to upgrade as soon as possible. Your organization is only limiting itself by trying to squeeze every last breath from XP. The OS is dead, time to move on and allow the grieving process to run its course.

Cargill Showcasing at #Lync Conference

Lync Conference 2014 came and went this year with great success. Over the course of 3 days, it was impossible to attend all the breakout sessions because there were so many. To get caught up and watch the sessions you may have missed, they are now posted on the MicrosoftLync YouTube Channel.
I recommend taking time out of your day to virtually attend the sessions that may be applicable to your situation.

One of the sessions that I’m particularly biased too and highly recommned, is the Cargill session discussing the successful planning, deployment and roll out of Lync Server 2013.

The session takes you on an hour long journey through the processes Cargill used to justify, plan and then with Perficient’s help, execute on that plan to start saving Cargill a large sum of money each month. The savings were achieved by bringing 3rd party hosted conferencing in house onto the Lync Server 2013. If your organization is in the visioning stage of deploying the Lync Server platform, then this is definitely a great starting point to reference as it is a real world, no BS demonstration of success. Cargill is the largest privately held company in the world with over 140k employees worldwide. This story highlights the scale-ability of the Lync Platform, proving that Lync can lead the pack in the industry. Now granted, some of those employees are not Lync Users as they may be factory workers or non-computer users, so the initial roll out targeted around 70k heavy Lync Conferencing Users. As Enterprise Voice continues its growth pattern within Cargill, expect the usage to go up, as plants will start receiving common area phones and even managing existing analog phones. To understand more technical detail about the environment in the current state, please review my blog located here:, which is now no secret that the blog was depicting the Cargill environment.

Lync Conference 2014…Your Chance to Grill the Experts

Starting this upcoming Monday, February 17, Lync Conference 2014 goes into full swing through the 20th.  Experts from all over the world will be presenting, demoing, answering questions and having a good time representing the world of Lync.  The Lync community as a whole are just a bunch of geeks who love what they do and equally love passing on the knowledge we have gained in the marketplace.  Since the Lync Conference stateside is a once a year opportunity, we encourage you to get excited about grilling all the experts in the areas you need your questions answered, because we are just as excited to talk with you!  What’s better than attending a 4 day party on the company dime to obtain free advice?!

Lync Conference

Now that the general overview is complete, lets focus more on what Perficient has to offer at the LyncConf! As the conference moves along throughout the week, Perficient will be highly involved by sponsoring the event, throwing a VIP party and representing a booth with resident experts there to answer your questions. During the breakout sessions, you may not get your questions answered because maybe you can’t get the one on one time with the presenter, or the time runs out before you get to ask your question. That’s okay! We encourage you to stop by and ask the questions to get the answers you need. We have 2 Lync Certified Masters (MCMs) on staff who are ready and willing to cover all the topics that your hearts desire. If you need help in thinking of some ideas and questions to ask, here are some examples:

Lync Strategies:
1.) Lync Readiness Strategy
2.) Basic Deployment Strategy
3.) Conferencing Strategy
4.) Global Deployment Strategy
5.) PBX Replacement Strategy
6.) Greenfield Enterprise Voice Strategy
7.) LRS (Lync Room System) Strategy

Do you have questions regarding technical deep dives? Here are some ideas as well:

Technical Review:
1.) Understand Simple URLs and how they can impact a design
2.) Understand how Lync integrates to PBX and IPPBXs
3.) Understand how Lync 2013 HA and DR works
4.) Understand the importance of SBCs and Gateways
5.) Understand Call Admission Control and QoS
6.) Understand Flexible dial plans and why we use Global E.164 standards
7.) Why do we have this “misfit” Office Web Apps role?

We look forward to seeing you at the conference and fully expect you to bring the hard questions…Can you stump us?

Safe travels and see you soon!

Lync – A Tale of Stretching the Limits of Supportability

This blog post will highlight the infrastructure abilities of Lync when thinking a bit outside of the box on how to design Lync to meet very specific needs.  It’s not that I am condoning deploying Lync outside of supportability, but rather just showing that Lync truly can be flexible.

I recently finished up a global deployment of Lync Server 2013 where it took about 5 months to complete just the planning and build of the infrastructure alone.  During the planning and build we mainly touched on getting the overall Topology designed correctly, including SIP Domains, Certificates, HA, DR, capacity planning and a “Hidden DMZ” and that is why it took so long…Or maybe because the client was a multibillion dollar company who had to move cautiously?  Oh and yes, I did say Hidden DMZ, you read it correctly.  If you interested in the gory details of such a design and the “Hidden DMZ”, not to be confused with their traditional DMZ, read on because I do have to say it’s pretty interesting….

I do want to put a Disclaimer on this post before I continue;  The overall concept of this design was spawned before I was assigned this project, so when you read about this unorthodox design you must understand the conversations of this design were already signed off on by Microsoft yet the risks of such a design were still conveyed by Microsoft, myself and a fellow Microsoft MCM/MCSM.   The organization is one of the largest companies in the world, so you can only imagine how that played in their favor and was viewed as a major win.  The goal of this project was to bring their 3rd party hosted conferencing solution to an On-Premise Solution utilizing Lync Server 2013 for close to 100k users, save the re-occurring hosted conferencing cost while continuing to grow Enterprise Voice.  Also, when you read through this blog post, you will inevitably start looking beyond Lync and start to question why this organization practices such security tactics.  For the sake of the Lync Design, understand that this organization has an outstanding Security division with protections in place that are far greater than we will understand, so unless you are qualified as a security expert don’t get stuck on why they choose to do what they do.  Lync Server simply had adhere, to the best of its abilities, to the organizations tight restrictions, so getting Lync into a position to be accepted on the perimeter (in the DMZ) was a challenge  of itself.

Setting the Stage:

So I’ll set the tone with the environment first and foremost.  I came into the project about a 1/3 of the way through the planning stages, and the VERY first thing mentioned to me in my kickoff meeting was “We are going to put Front End Pools in the DMZ….will it work?”.  Well, needless to say I’m thinking; “What the hell did I just get into?”.  I took the comment in stride because I didn’t know the full background, but at that moment I simply took the supportability route and cautioned them with why that wasn’t such a good idea.  As the project roared on, it came to light that they simply wanted to put 2 Pools in the DMZ for user authentication, but not actually Home users themselves to these pools.  Lync veterans, I know what you are thinking – “Isn’t that just a Director and how a Director role was deployed with OCS RTM/R2?”, and to all the novice Lync Admins, yes, essentially, this pool will be acting like a Director.  So based on how I decided to design the Lync Server 2013 central site in the Western Hemisphere of this project, a traditional Lync Deployment would mimic this visio with the Directors located on the protected LAN:

So here is where the challenge surfaced with the Director role and the server placement of such a traditional design:


1.) The Director role, even though greatly explained to this organization by myself (a Lync MCM) and Microsoft was simply not good enough in their eyes to meet the security needs of the organization so they insisted on a complete Front End Pool.

2.) The pool they wanted as the “Director” also needed to be located in a protected are of the network, another purpose built “Hidden DMZ” so the authentication happened in this bubble.

3.) They only needed this hidden pool to authenticate Anonymous User join for conferencing because 2-factor authentication isn’t an option and Digest Authentication used for Anonymous users was viewed as a negative

So knowing how a traditional design would look, we had to modify such to now look like this visio with only “Meet URL” passing through the “Hidden DMZ”:


So this fulfills the same role as the Director, when anonymous users join, they initially hit this pool and authenticate before being “Shuffled off” to the Home Pool of the conference organizer; this met their needs.  So, now onto understanding how to make this work.  I cautioned against this design with the normal points; You don’t know how things change in the future, you never know all the ports this pool needs, you never know if an update will break this, Microsoft does not support this design in the documents….etc.  So I had to do some simple tracing to find the minimal amount of ports required from a Lync standpoint.  Now keep in mind, I did not consult on ports needed by Domain Joined machines in the DMZ.  The practice of this organization already deploys domain joined machines to their DMZ and protects them how they see fit, so I only looked after Lync ports.  Again, don’t question that practice, just know it is what it is.

During my testing and once again during go live we determined we only needed 3 ports open to the LAN for this to work and 1 from the traditional DMZ coming from the TMG.

1.) Port 445 – Bidirectional to/from LAN

2.) Port 444- Bidirectional to/from LAN

3.) Port 5061 – Bidirectional to/from LAN

4.) Port 4443 – One way to the Hidden DMZ from the traditional DMZ

The Hidden DMZ looked like this:

Hidden DMZ

After this is all said and done, with FE’s, SQL Servers now placed into the purpose built “Hidden DMZ”, the redirect work flawlessly as expected.  In the Western Hemisphere, the Hidden DMZ now serves 2 different user pools and in the Eastern Hemisphere there is another purpose built “Hidden DMZ” that serves 2 additional pools there as well.  Each is fully redundant offering High Availability so all traffic coming from either hemisphere can land on either hidden DMZ to keep conferencing up and running.

Now on to answer a few outstanding questions I know are going through your head.

1.) What about Edge communication? 

The Edge was addressed by using Lync-Solutions Security filter to protect against DDOS attacks and force users to use TLS-DSK.  Home PC’s are not allowed for connectivity with this organization as they can only connect remotely with company issued PC/laptops because of their security requirements.  This being said, they could restrict Lync to only signing in if they had the Lync issued Certificate downloaded to their machine.  This is the closest to 2-factor authentication they could achieve.

2.) What about other URLs, like Web Services, DialIn and LyncDiscover?

Again, the security filter was in place on the TMGs to guard against DDOS attacks.  The other web traffic was “OK’d” to hit the Front Ends, such as Web Services URLs.  You simply cannot redirect home pool Web Services URLs as that is simply a hard requirement to land on the respective pool.  LyncDiscover is still covered by a certificate, even though it is not an authenticated request on initial query anyway, so there is no such worry there.  We could have directed that traffic to the Hidden DMZ as well, but I recommended leaving it hit the internal servers with the first hit.  The authentication of a user is performed up to 2 times anyway, first against the pool associated to LyncDiscover and then once again if you are homed on a different pool.  Again, this is okay as they wanted the Hidden DMZ for anonymous authentication.

3.) What about mobility?

Well, this is a good one.  There simply was no good answer for mobility.  This organization is huge on 2-factor authentication, especially from a mobile perspective.  The Lync mobility client does not offer 2-factor natively, so in this case it just simply was not available, not even from third party vendors.  Because of this lack thereof, this organization had to make an exception until a solution is available.  Now, there were a few “attempts” by 3rd party vendors who said they could do it, but anyone who knows Lync at its deepest levels and how Lync authenticates knows you can’t simply slap a 2-factor authentication solution into IIS and expect it to work, it’s just not possible without a damning ripple effect.  With that said, however, Microsoft has acquired a mobile 2-factor provider, called “Phone Factor” who previously built 2-factor solutions for other Microsoft platforms.  One could think that Microsoft has plans to build this into the product in the future.  I’m speculating, but I think it’s a pretty accurate guess.

So there you have it, within this wordy blog post, an interesting situation that turned successful with a little out of the box thinking and thorough testing.  I’ll leave you with some fun facts from this environment:

  1. Environment is built with complete HA/DR functionality to keep conferencing up at all times
  2. Support for 70k-140k users.  Nobody could agree on a set number…just think really big.
  3. Their intent is to reduce costs by giving people an option to bring on premise some of their external conferencing volume
  4. 52 Servers with 100% dedication to Lync, not shared in anyway.  This number includes TMGs and SQL Servers.  56 servers      if you include shared Witnesses.
  5. The whole environment is Hardware with exception of the TMGs and the “Hidden DMZs”
  6. There are 2 “Hidden DMZs” as they call it.  Both Hidden DMZs contain a Lync pool with 2 FE’s/pool and 2 SQL Servers in mirror configuration.
  7. FE’s and SQL Servers are both entirely in this “Hidden DMZ” which is inside another DMZ…I guess.
  8. 6 Total Pools, 4 user pools and these 2 Hidden DMZ Pools (think Directors)
  9. 8 Edge Servers
  10. They built a whole new VMWare environment inside these DMZs specifically for these hidden dmz pools and TMGs.  This included new switches, hardware, network configuration and such.  Everything that goes with building a new VMWare environment and securing it.
  11. 12 GoDaddy Certificates.
  12. Lync Edge and TMG Security Filters to block potential DDOS attacks and to force TLS-DSK.
  13. 50ish SIP Domains
  14. 1 Certificate alone has 70+ SAN entries

Discussions and comments welcome

Mobile upgrade time, what to do? Windows Phone, it might be time.

I’m taking a break from Lync blogging to address this…situation I’m in.

So, as the title states, my contract is up and its time to run through the mobile debate once again.  If there is stress in my life right now, it isn’t the consulting work or raising 2 boys who are destined to destroy my house, but rather this mobile phone competition created by 6 Apple phones, 4000 Android devices and, like 10 Windows phones.  It seems that just by those numbers alone, you’d think I’d maybe follow the sheepish herd, but not so fast.  I’m going to essentially “talk out loud” in this blog, so it might get kind of wordy.  It’s up to you if you want to sit through my opinions or move on.  :)


So, I’ve been rocking the iPhone bandwagon since the 3G days, so basically 5-6 years of viewing mini-squares, cluttered home screens and countless anticipations of the iOS improvements.  I have to say, as of late, I’ve felt very annoyed with my 4s.  It’s not that it’s lacking in apps, or is “laggy” in nature, or has annoying updates are always happening, that’s obviously furthest from the truth.  For the iPhone, those are exactly everything the phone is NOT, which has been nice, but I’m simply tired of looking at the same screen for 6 years.  Think about it, even MS refreshes more often than that with Windows…interesting, eh?

Through those years, I would get excited about each release, the 3GS was pretty well anticipated, but that was quickly trumped by the anticipation I had for the 4 which was really high, then my anticipation declined greatly for the 4s and then COMPLETELY disappeared for the 5.  The 5″s”, as we’ll call it, is due out sometime this year by all purposely released rumors.  My interest has only slightly returned for the 5s, but I think its more because I’m interested to see how bad the iPhone is going to let down the industry.  Wait for it….Wait for it….  “S” now stands for “Stale” in my opinion.  I have not read of any major improvements other than the finger print, unlock, thinging.  Well, I tried that on my XPS 5 years ago and it was horrible.  That was so yesterday.  So needless to say, I’m looking at the new iPhone as probably my 3rd choice to use my precious upgrade on.

Now on to the Android.  This is a funny situation for me as I’m NOT an Android fan.  I have never owned one for myself, but I did however buy an Evo years back for my wife.  More on that in a moment…


I’m intrigued by the Galaxy.  Its on my radar, at least the Galaxy family is, because #1, I’m a Samsung fan, #2, it’s different for me.  Heck,  a flip phone would be a positive change at this point in time.  If I went with the Galaxy S4, or something newer, I’d have to forklift my Ecosystem I’m in with Apple; I have the AppleTV, 3 iPads, iPod and 2 iPhones.  Yeah, the iPads can stay, but its more of the AppleTV and all the things that come with it.  For a couple of examples; my kids know how to run Apple Remote on my iEverything, so they can navigate Netflix with ease…AND that’s huge.  Our photos go up to the Apple’s “iCloud” for Photostream, so that’s nice.  On a side note, Apple’s “iCloud” should be called “iBackupSomeOfYourThingsToOurServers”;  It’s far from a Cloud solution. I really love Apple’s Mirroring and AirPlay because I can play my NFL Mobile Verizon subscription to my big screen in HD.  So, going to Android would mean I need to find a new place for photos as that is very important and also replace my AppleTv with Roku or something similar and figure out if Samsung’s Play To, or whatever can compete with AirPlay.  I know this is all may seem trivial, but still, I need to find the best solutions all over again because this is all highly used.

Now onto my statement about the Evo, which is my segue into Window’s Phone.  My wife’s Evo lasted…about 1 year.  Awful phone.  I don’t think I could say anything good about it.  Just awful.  So she jumped on the 4s wagon with me and we rode around for 2 years….until this weekend when she upgraded to the Galaxy S4.  Yup, it happened.  Now keep in mind, when I met my wife, she was furthest from a technology enthusiast.  She had  a flip phone forever, fought against “Text messaging”, she didn’t understand why we needed internet on the phones, yada yada yada, the push back continued.  Fast forward to this last weekend and the debate was on full steam because now she cared about what the phones offer!  So, we’ll start with 2 simple reasons why she chose the Galaxy over the iPhone and Windows Phone; She missed the large screen of her Evo days, which the Galaxy provided and she said the Windows Phone was too “Connected”.  Really?  My wife, who knows nothing about IT let alone the verbiage us geeks use, said “the Windows Phone was too connected”.   Well well, what do we have here…

Windows Phone:

Now we are onto the Windows Phone debate.  Because I’m a Unified Communications enthusiast I have a special place in my heart for being “connected”, so when I heard my wife say the Windows Phone was too connected, it was interesting and actually has more weight behind it than coming from tech professionals.  Windows 6.whatever, was my first smart phone back in like, 2005 or something  and it was awful, but it was nonetheless “different” than what everyone else had  (probably for a reason), but I got it anyway.  Then I moved up in the smartphone world, landing with iPhones again because it was different and new, then tried the Windows Phone 7 in 2011 time frame while I waited for my iPhone 4 replacement to get issued because I broke it.  During my trial run, I was lucky enough to get Mango update.  Going from 7 to 7.5 was a HUGE leap forward and now rather than damning 7.0 I was praising 7.5’s foundation.  I loved and praised the foundation 7.5 was built on, but still hated the lack of Apps.  I’m not a huge app user, but there are the “essentials” as I like to think in my mind and WP just didn’t have them.  So fast forward to now at upgrade time and I’m uber-confused because I again want to be different, have something new and have something that nobody else has.  I’ve searched my app essentials and they are all there (cough cough, Fantasy Football) and I’ve been reading up a lot about Windows Phone 8, 8.1 Blue and the future of WP.  I truly believe 8.1 is going to be the next release that really lights the fuse on Windows Phone if the rumors are correct about all I’ve been reading.  When I say “light the fuse” I’m not saying its going to pass Android, but I think it will close the already dwindling  gap between Apple and WP and distance itself even further from the BlackBerry’s.  For the sake of argument though and to upset all the Android Fan boys, remember, the only reason Android is so far ahead is because it’s free, open and already on 4000 devices…that’s right..4000, look it up.  Not saying that’s bad, but it’s easy to tip the right side of the scale with free regardless of how good the OS may or may not be.

With WP, I can replace PhotoStream with Skydrive and go from 5 GB of free storage to 25GB of photo cloud storage (yeah yeah, google Drive has space…but…it’s Google!).  With WP, I get “SmartGlass” which is not a replacement for AirPlay, but I think it might be setting the stage for such, so I’m willing to gamble on that.  With WP, I get access to a real cloud with Microsoft Office 365 for documents and collaboration , not just glorified backup servers.  Being so tightly connected at work and at home, a Window’s phone can now truly bridge the gap of BYOD with Work by using Office products, Lync included and home related things such as Skype, Netflix, Xbox Live, etc.  Remember, Skype-Lync bridges the gap from home and work for communication.  Who doesn’t want to talk to their family while working on the road as you’ll already be logged into Lync!  I know most of that is available on other platforms, but remember, I’m looking for a change to the interface more than anything.  The Apps are also expanding as the most major ones that I use are now present or “on the way”.  Last but not least, the Hubs or Live Tiles that everyone has already heard about with bright, vibrant and refreshing colors, makes sense to me.  As I stated before, too many app icons drive me insane and checking all my popular people apps separately is annoying as well as all my news apps separately too.  I like how I can combine all those into individual tiles, which again, “bridges the BYOD” gap and creates a Unified system, so that’s really nice…and FlipBoard is coming to Windows Phone.  Praise the lord.


So now that WP is looking promising in my eye’s, I’m confused what to do with my upgrade on Verizon.  The only “Real” WP phone available on Verizon is the Lumia 928, but it’s a year old, so if I upgrade I essentially commit to a 3 year old phone by the time I upgrade again which is not ideal to me.  I could wait and see what’s coming out in the next 6 months, but that means staring at this danged ol’ iPhone some more *gag* and I don’t think I can do it.  Also, if I wait and buy the new WP or even buy the Lumia now and get the 8.1 update when it comes out, I’m pretty much committing to an Xbox One which is unbelievably over priced to replace my $99 AppleTV and existing 360.  So what should I do;  buy now or wait to see what Nokia, Samsung and Verizon have up their sleeve in the coming months for WP, buy Android or buy a refreshed iPhone when it comes out this fall?  Stay Tuned…..

Before I close out, I do want to give my opinion about Windows Tablets, I guess we’ll call them.  Is it just me, or does everyone else think Microsoft should modify the Windows Phone OS to put on a Tablet, rather than trying to put the desktop Windows 8 or RT onto a tablet?  I think it would make much more sense to try this approach and let the desktop OS be desktop and let the mobile OS be a mobile OS.  Just sayin’

Comments/debates welcome.

Lync Server – Install-CSDatabase error

With Lync Server 2013, the recommendation is to keep the OS on the C: drive and deploy Lync to a secondary drive running Raid 10.  When you ask for server provisioning with the requested drive layout you’ll receive your server with a second drive such as a D: or E: drive, or whatever your standard build calls for.  When installing Lync, the intelligence is built in to the Lync deployment wizard to detect this secondary drive and automatically install the CSData information to the secondary drive during step 2 of the deployment wizard.

I’ve had a couple of deployments now where I’ve ran into this particular error when running Step 2 on a new Lync Server 2013 Front End where my servers were provisioned with the secondary drive as I requested.  I receive the error; “An error occurred while applying SQL script for the feature RTCDatabaseStore…..” 

Click to view:


I have to admit, the first time this happened to me I was stumped.  After looking around a bit, I did notice that the folders on the E: drive had the padlock icon.


Digging a little deeper, I looked at the NTFS permissions on the CsData folder and noticed it had only “System” and “Administrators” listed for permissions.  Changing the permissions on this folder alone did not result in a fix, so it had to be something more.  Going up a level to the Root of the E: drive resulted in a much more positive outcome.  Looking at the C: drive and E: drive next to one another, I noticed how different they actually were as you can see.  We were missing “Creator Owner” and “Users”:


To add in the missing user/groups, you simply have to add “Creator Owner” first, THEN add “Users”.  If you do not do this, the permissions will not be correctly applied.  Your CsData information will now finish installation as expected.  If installation does not finish as expected after adding these permissions, you may have  to go deeper into permissions at the root drive.  If you look close at the attached pic, you’ll see 3 different entries for “Users” and the “Apply to” is different for each.  You’ll want to once again open your C: drive and compare all the permissions of your secondary drive and your primary drive, as these are probably different.  If the permissions are not applied correctly, chances are only a single set of permissions will be shown for “Users” so you’ll have to add the appropriate permissions for 3 “Users” entries.  Keep in mind that the “Apply to” is the key to entering these permissions correctly THEN all should work.  If this doesn’t work….tell the provisioning team to redo it.  :)


On a side note, remember this general rule for all servers in your environment including SQL Servers and Office Web Apps.  Office Web Apps will produce connections errors when installed to a secondary drive.  The installation will finish without errors so you’ll get a false positive and you will be presented with a successful installation, but truth be told these permissions will not allow connectivity.

Lync Server 2013 – Annoying LS DATA MCU 41029 Error

Starting with Lync Server 2010 and now with Lync Server 2013, Certificate management was much improved over previous OCS platforms with the ability to itemize certificates across the environment.  More specifically, on the Lync Server Front ends you can now apply up to 3 unique certificates to each server.  A description is provided for each certificate below:

Click to view


In a typical deployment, a single certificate can be issued and applied to all 3 services, which in turn simplifies certificates that much more and also keeps costs low.  There are times, however, that certificates may need to be itemized, or “broken out” into 2 or maybe 3 certificates and applied individually to each service.

In my latest deployment, the amount of SIP domains required for the certificates pushed the certificate’s SAN limitation which required me to itemize the certificates into 2 certificates.  In this particular deployment, I issued a single certificate that is applied to both “Default” and “Web Internal” and created a 2nd certificate to apply only to “Web External”.  With additional proper planning, I was able to share this certificate across all Front Ends of all 4 pools and the HLBs of the deployment.  Because this certificate has all the External Web Services names of all pools, it can also be applied to the TMGs (Reverse Proxy) if the organization is okay with having Internal Server FQDNs listed on a certificate that is applied to a public facing Reverse Proxy.  You may have noticed I implied that there are Internal Server FQDN’s listed on the External Web Services certificate; This is indeed a requirement.  As you can see from the Subject Name / Common Name field of the “Web External” certificate, it states the FQDN of the server is required.  In my experience, the name of the server does not need to be the SN/CN, but rather in the SAN of the certificate, this way the certificate can then be shared across however many servers you may be deploying.  If you do plan to use this single certificate across all FE’s in all of your pools, you must list every Server FQDN in the certificate.  If not, the following 41029 Lync Web App error will occur, which will break your the communication to your Lync Web App for external Users.  The blacked out FQDN you see from the picture is actually the FQDN of the server itself, not the pool.  If all the FE FQDNs are not listed in the SAN of the certificate, each FE in the pool will have a communication error to each FE in the pool, including itself.  So the end story is, Include FQDNs of each server in the SAN that you plan to apply the certificate too, to remove this annoying error.

Click to view:



Comments Welcome

Using Fiddler to troubleshoot Lync Mobile Client

Troubleshooting and reading the logs on the Lync Mobile client is in my opinion, very cumbersome.   I find myself staring at the logs trying to decipher the cryptic messages, reformatting the text in notepad, scrolling to left and right repeatedly,…  well, you get the idea, it simply isn’t any fun.    I was recently challenged with explaining the log in process for mobility, specifically how the traffic starts at the client and eventually logs in.  I like to call these “Ladder diagrams” and unfortunately, this information is not easy to find on the web at this point.  Using the logs from the client provide absolutely no help either, so I needed a solution.  In talking with a fellow MCM one day, Henry Creagh, he pointed out that I could use Fiddler for reading the mobile logs.  I used Fiddler prior for watching how the fat client interacts with the URLs, but I had no idea I could take it a step further and send all my mobile traffic through my PC/Laptop as a proxy and capture the traffic, hence cleaning up those ugly logs into a beautifully well formatted, Fiddler stream.  (Thank you Fiddler for being 100% Awesome).   Setting up the client is quite simple, follow these steps.

1.)    Download and install the Fiddler Client onto your PC or laptop

2.)    Go to “Tools –> Fiddler Options –> HTTPS and choose “Capture HTTPS CONNECTs” and “Decrypt HTTPS traffic”


3.)    Then move onto “Connections” and select “Allow remote connections to connect”


4.)    On your mobile client, you must find your Proxy settings and send all the traffic through to the IP address of your laptop/PC.  In my scenario, I’m using an iPhone.


5.)    Connect the phone to WiFi, on the iPhone click Wifi then navigate to the Wifi you are connected to and enter in the IP of your laptop/pc like below


6.)    Log in with the Lync Mobile and watch the traffic flow


I know it is hard to read my pictures from this post but keep in mind that LyncDiscover or LyncDiscoverInternal was not queried in my traffic sniff.  This is because when you install the mobile client, at least on an iPhone and log in, that initial request is cached and the client knows to always try the Web Services URL during subsequent logins.  If you want to see the first hit to the Autodiscover URLs you must delete the app and re-download then log in.

Lync Server 2013 SQL Mirroring “Gotcha” – Must Read

For quite some time now, I’ve been working on a global design/deployment where there are multiple pools located throughout the globe.  Throughout this design, I’ve seen the flexibility of Lync Server 2013 at its very finest and gained a much better appreciation for how Lync Server was designed by the Product Team at Microsoft.  Due to the shear size of this particular design, I’ve seen Lync have to perform as advertised with not much margin for error.  There has been a few hiccups, but nothing that a little forward thinking or creative thinking couldn’t solve.  Now with all the praise given, I do have to say that some of my pain points along the way were not well documented by the folks at Microsoft, so I’ve had to discover a few things as I’ve pushed forward.

As we know, Lync 2013 introduced Mirroring as a replacement for Clustering in the great search for respectable Disaster Recovery.  Even though the Lync team’s selection of Mirroring was a much better practice than clustering, it did spawn a whole new argument; Why Mirroring over AlwaysOn?”.  Find yourself a SQL guy and have a nice debate. J  Since we are using Mirroring, we as Lync Consultants must learn all the new tip and tricks that SQL Mirroring brings to the table.  We now straddle that fine line of who owns the Mirror and how much SQL do we need to know to accomplish our goals.  With this particular design, the SQL Team was great to work with so I got to learn quite a bit along the way.  One thing I did learn, was the reason for this blog and I find it to be quite the Gotcha that TechNet failed to tell us.  I’ll also call out a few more things that I’ve learned with this such deployment.

Lessons Learned from my experience:

1.)    TechNet states you can use a single Witness for all your pools.  This is correct, but if you have multiple central sites, that Witness needs to be defined in each “Shared Components” under each central site or it will not show up as an option.

2.)    If you have deployed a Single SQL Server in the Topology then decide to come back and deploy a mirror at a later time, you cannot use “Install Databases” under your targeted Pool.  You must use either PowerShell or configure the Mirror in Topology then Publish the Topology.  This may have been permissions related, but nonetheless, it was the only way Mirroring after the fact worked for me.  Keep it in mind.

3.)    When an organization employs Role Separation and permissions in SQL are tightly monitored, it is very important that the DBAs setup the permissions appropriately between the Mirror Nodes and the witness.  In my experience, we had dedicated SQL Boxes which was not an issue as we had SA permissions, however, the Witness was a “Shared” SQL Box, so the permissions were tighter.  We could not configure the Witness from Topology unless we allowed the SQL Administrators to run Topology.  You may be able to get your permissions granted as necessary, but just keep in mind that the backend permissions when a mirror and witness are involved are very delicate.

4.)    Now to the biggest Gotcha I found.  When deploying Lync Mirroring in Topology, we as Lync Admins are tasked with configuring a Mirror “Port” for each instance.  The default is 5022 but this is configurable.  Each subsequent Instance on the same SQL box, must have a unique Port, so the next one could be 5025 as an example.  In the SQL world, this port is actually referred to as an “Endpoint”.  It’s still using a port, it’s just that the terminology is used differently as a SQL DBA.  If the endpoints are not defined by the SQL DBAs, we allow Lync to setup and configure the Port/Endpoint when we allow Lync to configure the Mirror.  Allowing Lync to deploy the Mirror is our recommended approach as we are not DBAs(This is where the whole argument of who owns the mirror comes into play).  During this setup stage the Mirror completes as expected and the port configured and we are happy.  Now assuming we as the Lync Consultant had a temporary account created for us to deploy Lync, this is where the problem is.  Inside of SQL, the Process ID (Owner of the endpoint) is the account used to create the Mirror.  If I deployed the Mirror as Domain\TempLyncADmin that account now owns the Endpoint.  When I leave as a consultant and they disable my account, that account is no longer valid, hence the Mirror will now not function.  The Process owner must be changed from the Account who configured the mirror from Lync, to the ID of the Instance.  My recommendation would be to have the SQL DBA configure the Endpoint prior to deployment and tell you want Endpoint/Port to use so they retain ownership.

Here is a snip-it from the SQL Architect I worked with explaining the situation:

“The first person who sets up sql server mirroring on an instance becomes the owner of the mirroring endpoints (this is the default behavior).

After setting up a mirror, the DBA will change the owner of the endpoint to the process account that runs the sql server services on the instance. We Do not want the endpoint owned by an individual’s login.

Once the ownership has been changed the service owners for all instances in this configuration (Mirror, principal, witness) are granted permissions to the endpoint.

 (The permissions are granted at the time the endpoint is created. However since we change the owner, we re-grant the permissions.)

Keep in mind moving forward that this process DOES NOT make the Lync Admin re-take ownership during Cumulative Updates to break and re-enable the mirror.  This is just a one time ownership configuration.

If you are a consultant and you’ve moved on since a deployment, I would recommend you revisit this with your client.  If you are an organization who did Lync yourself, I would recommend you review this and make sure your Endpoints are properly owned.