Blog Categories


Jason Sloan

I currently hold the Microsoft Certified Master on Lync Server 2010 certificatoin and work as a Senior Technical Consultant at Perficient, specializing in Unified Communications design and deployments. My history in IT dates back 15 years with all my experience coming primarily from Microsoft Technologies. I believe the Microsoft Unified Communiations community is a very close and talented group of engineers who genuinely enjoy the technologies and collaborating with one another to help the technologies dominate the marketplace.

LinkedIn LinkedIn Public Profile
Twitter jason_D_Sloan

Posts by this author: RSS

Lync Server 2013 Virtualization Whitepaper Goes Public

Virtualization of Lync Server 2013 is both supported and very common, yet understanding the proper way to virtualize the system becomes a complicated conversation. The gap between high level virtualization requirements outlined by Microsoft and the more specific details virtualization experts are requiring is quite large. The conversation normally goes like this in its simplest form:

Virtualization Expert: I want dynamic resources.
Lync Expert: You can’t have it, not supported.
Virtualization Expert: I want VMotion or Live Migration:
Lync Expert: You can’t have it, not supported.
Virtualization Expert: I need to know specific IOPS.
Lync Expert: That’s open ended, we don’t have that level of specifics…only a little bit.
Virtualization Expert: The host/guest sever requirements provided by Microsoft don’t make a lot of sense, they want to much.
Lync Expert: It is what it is, Microsoft sets the supported requirements.

The reality is that virtualization specifics are on the far left of the spectrum and Lync Server 2013 requirements are on the far right of the spectrum, meeting in the middle is almost impossible.

Toward the year end of 2014 I was contacted by Derek Seaman of Nutanix to help co-author a Lync Server 2013 Virtualization whitepaper. Nutanix are virtualization experts who focus on rapid, simple delivery of virtualization platforms into your environment…amongst other things. To read more about Nutanix and get accurate information about their expertise, you can visit their site here.

Derek and I collaborated for a few months back and forth between what it really means to virtualize Lync Server 2013. (Just to be clear, Derek is VCDX-125 on VMWare, so he kind of knows what he’s talking about).  As time went on, he began to ask the very questions my customers ask me, very detail oriented virtualization questions.  (He was using really big words).  The collaboration began to feel like a design session. Unfortunately, I was unable to provide answers he was looking for, for two reasons; 1.) I’m not a virtualization expert and 2.) I can only provide as much information about virtualizing Lync Server 2013 to him, that is given to me from Microsoft.  Derek found out that the information I was providing was falling short of what he needed answers to.  In client deployments typically what would happen is customers would just end up giving full specs based on Microsoft information or they would configure VMWare/Hyper-V the way they wanted which would probably fall out of supportability.  I would then have to recommend they open a support ticket with Microsoft to get sign off.  Neither of these are the best answer, especially for SMB size deployments.

After a few months of back and forth, the outcome of our collaboration was completed.  For the first time that I can find, a Lync Server virtualization whitepaper has been co-written, based on real world experience, by a Microsoft Certified Master on the Lync Platform and a VMWare Certified Design Expert.  I hope this paper can close that gap in the spectrum so organizations looking to virtualize and properly size their environment can finally get answer to some of those hard questions.

Read the blurb here:
Sign up for the whitepaper here:
Microsoft Virtualization whitepaper can be found here:

Lync Server 2013 Contributes to Perficient’s FlexJobs Award

Just recently, Perficient was named as a top 100 company for a remote job by FlexJobs. (Read About It) Being I work from home (as most people do in my field), I definitely felt Perficient was well deserving of this award. Although the FlexJobs criteria didn’t ask “what kind of tools do Perficient employees use to help in being remote?”, we all know what the single most common answer would be if asked; Lync Server 2013. So here is a break down of what I have to make myself productive being remote;

1.) A home office
2.) A company issued laptop
3.) Outlook connected to Office 365 Exchange Online
4.) SharePoint (On-Premises)
5.) Lync Server 2013 with Enterprise Voice. I use it extensively on my iPhone and obviously my PC.
6.) Yammer (on occasion)
7.) VPN – But only kind of. VPN is only used to do my timesheets as that system is not publically accessible…on purpose I believe.

Yes, I get it, you are probably reading all of those and thinking “why did you lend so much credence to Lync in the first paragraph, you still need all those other tools as well?”. That’s simple answer; The other technologies and the concept they represent have been around forever, so that really hasn’t changed. What ties it all together is Lync Server 2013, which in my opinion creates “Unified Communications.”
I’ve been using content management systems and email for quite some time prior to Lync going “mainstream”. Although those tools could be used while working remotely before Lync, they lacked the personal feel that Lync offers. With only those “pre-Lync” tools, I couldn’t rapidly connect with someone over IM/Voice/Video at the very moment I needed to. I required being with someone in person, which didn’t scale at all. Take for example; what if I needed talk to co-worker Jim in Chicago unscheduled. Then I needed to talk to customer Frank in Miami unscheduled 15 minutes after that? I can’t hop a flight to Chicago then to Miami in 15 minutes…I need a tool that allows me to see and communicate with these individuals immediately. That is the gap that the Unified Communications leader, Lync Server 2013, has filled.

So readers could be reading this and thinking, “Jason is bias, of course he’ll give this opinion.” Au contraire mon frere , I reached out to individuals, one of whom I don’t even know who work at Perficient.

Allison wrote this quote very professionally, so keep in mind this was a completely un-coached quote. She just joined Perficient through acquisition and her company prior didn’t have Lync.

How does Lync empower your day to day duties?
I typically get frustrated with technology, but I must say I really do like Lync.

Lync has actually saved me time and made it super easy to meet and collaborate with people remotely. Prior to the acquisition I used a conference call number, but that was only voice. If I needed to share a document or presentation I would have to schedule a GoToMeeting. That would take about 5 minutes to set up. For messaging I used a separate tool – Google Hangouts. With Lync everything is together in one tool. I can quickly schedule a meeting that includes a “Join Lync Meeting” link to join the call on my computer and an optional phone number for people that need to or prefer to call in via phone. Once in the meeting I also have the ability to share my screen, instant message people in the meeting, and record the call. I especially like the one click “New Lync Meeting” to schedule a meeting in my Outlook calendar. Only takes a second. So fast and easy.

Lync allows me to communicate securely from any location, be it office, home or the local coffee shop. It combines voice and video calls, meetings, screen sharing, and instant messaging into one, easy-to-use tool. This makes collaboration and sharing super easy.”
– Allison Gugala – Marketing Manager, Perficient

Second quote:
What would be the most challenging part of your job WITHOUT Lync?
Communication – tracking people down, scheduling meetings, answering questions, making a quick call – it’s all so much easier with Lync”
– Angie Lingk – BDE, Perficient

Now, to be fair, I also asked this question with an answer I didn’t expect;

How has the Lync Mobile “1-click” meeting join feature improved the Lync experience?
So, this is the one thing I have an issue with. It’s basically useless to me unless I am on Wi-Fi. When I’m traveling, specifically driving, I am never on Wi-Fi.”
– Angie Lingk

The “issue” Angie experienced happened to be a non-issue after all, it was simply the lack of user training. Once I explained to her how to setup the client, the Lync mobile client has become irreplaceable.
The client can indeed be configured to use with 1-click over normal cellular, which is incredibly invaluable to remote workers who don’t have good data signals. As much as the big cell carriers brag, they simply can’t get data coverage into all areas of the United States.
Stayed tuned for a subsequent blog detailing the simple Lync mobile client configuration to make your life easier while being remote.

So there you have it, Lync Server 2013 allows Perficient to be considered a top place to work fore remote workers. Without the proper tools to enable our users, Perficient would simply be unable to advertise jobs as being remote positions.

Ringing in the New Year with Skype (Lync) for Business

This morning Microsoft lifted the curtains to finally unveil what everyone knew was inevitable; Lync Server now becomes “Skype for Business”. This is actually the second go around for the “Skype for Business” name, prior to the Microsoft acquisition Skype tried to enter the “Business” realm with a business offering…yeah, that didn’t work out to well. Now the Skype name officially gets both the consumer AND the enterprise by simply rebranding Lync Server as the first step of the Skype backbone and Lync backbone inching closer and closer together to become one cohesive environment.

So, enough of that rambling…I for one am very happy about the rebranding of Lync to Skype for Business, this for many reasons:
1.) I can explain my job easier to friends
2.) I can explain my job easier to family
3.) I can explain my job easier just random people. Flying becomes much more enjoyable.
4.) I don’t have to explain to anyone why there was Skype and Lync when they were essentially the same thing
5.) Lync and Skype are no longer two different silo’s…well, to the less technical people, anyway

My blog posts are more aimed at our customers and clients, so I should answer the questions you are probably really wanting to hear.

Question: How does this impact my on-premises deployment of Lync?
Answer: It doesn’t. It’s simply rebranding at this point. To stay relevant and always be part of the “cool people club” you should upgrade as soon as the next Skype for Business version is released in 2015. If you plan to stay with Lync 2013 or Lync 2010, you’re old.

Question: Skype is “in the cloud”, does that mean Skype for Business is going to be cloud based? I don’t want to be in the cloud!
Answer: Nope, it’s still on-premises. New server requirements will be releases soon enough, then at that point you should start budgeting for new servers.
Of course there is still Office 365 Lync Online offering…that will be rebranded as well.

Question: Will upgrade be “in place” upgrade.
Answer: Nope, not according to early reports. You’ll have to buy new hardware. This has always been the case with OCS and Lync so this shouldn’t come as a surprise.
Update: To clear up some confusion I’ve read between 2 different articles, in-place upgrades will indeed be available according to official statement on Microsoft’s announcement this morning.

Question: Skype is something we didn’t allow in our enterprise because we couldn’t control it, is Skype for Business going to be unmanageable?
Answer: Skype for Business is still going to be an on-premises deployment with the same “Backbone” that Lync Server was built on. All the “checks and balances” to keep Skype for Business secure are still in place.

Question: Can I finally make a video call between Lync and Skype?
Answer: Not yet, but should be able to in December of 2014 as reported by Microsoft. And when Microsoft says December of 2014, what they really mean is sometime in 2015.

So I hope this clears up any confusion regarding another rebranding. In short, technically, Skype for Business is staying the same course as it had been with Lync Server by offering on-premises and cloud based solutions. If your organization is eyeing Enterprise Voice or already has it deployed, the solution will still be on-premises as it should be.

Now that you’ve read my blog, here is a “Lync” (yup, I had to do it) to the official announcement.

#Lync and the Impacts of Windows XP

It’s no secret Microsoft is doing the same to XP as the bad boy trio from Office Space did to that poor Printer.
The deprecation of XP will have an impact on organizations for various reasons, some of which I’m not qualified to speak in depth about, but a key topics on the wire as of late is particularly around security. Without a steady stream of updates and patches, you leave your environment largely susceptible to attack.

Lync and the Impacts of Windows XPI can speak more intelligently and qualified around XP in the workplace and how it works with Lync…or how it DOESN’T really, kind of a little, maybe…work with Lync. Huh?
Let me explain. The Windows XP OS has been dropped from backward support-ability with Lync Server 2013. Microsoft knew long ago, XP was going to be killed off during the reign of Lync Server 2013, so they are essentially forcing your hand to upgrade. It’s a fair hand to be played in defense of Microsoft, at some point we have to move on and put to rest the aging systems to focus on improving existing and future releases, so don’t look at this as a strong arm play by Microsoft, it’s just simply evolution.

If you are considering the move to Lync Server 2013, understand that any pockets of existing XP machines need to be upgraded to at least Windows 7 for the Lync 2013 client to install. If you do not upgrade, your users will be left with Lync 2010 or OCS 2007 R2 (MOC) client and that’s not cool.
Start reviewing Client Interoperability and Support here.

Keeping Lync 2010 client in your environment because of XP is not ideal. It works and its supported, but its just not perfect. Expect that you will find feature and functionality caveats and shortcomings, plus multiple support streams and image packages. Yuck!

If you are upgrading from OCS 2007 R2 Platform to Lync Server 2013, another knock against replacing the MOC client with Lync 2010 client just to justify the retention the XP OS, is user adoption. If you introduce Lync 2010, then plan to introduce Lync 2013 or maybe even the next rev of the Lync client over an accelerated timeline to get your OS’s upgraded, you essentially press change upon your users more times than needed. Change would essentially happen like this for your users:
1.) Introduce new Lync 2010 Client
2.) Introduce new OS
3.) Introduce new Lync 2013 Client
Simply put, this is not ideal.

If you hit the OS upgrade button now, change would look like this:
1.) Introduce new OS and Lync 2013 Client at the same time during the same roll out of a single package.
This strategy has much less of an impact on your sensitive user base.

The MOC client, however, is much much different.
First and foremost, you can’t join a Lync Conference using MOC. ALL you get with MOC, is IM and Presence, so that is an incredibly big disadvantage of using the MOC client as a stop gap.

Second, the MOC client does not support DNS Load Balancing as the Lync Clients do. This could cause an impact as well if you feel your users need HA. If you keep the MOC client on the desktops and move to a Lync Server 2013 back-end, you will need to configure or purchase an HLB to maintain SIP communication HA, no exceptions. All of this JUST for IM&P?
If you move to the Lync Client immediately, you can take advantage of the DNSLB mechanism built into the Lync client to maintain SIP communication HA. Keep in mind, however, HLB is still required for load balancing the web communications required by Lync, but sizing of the HLB can be dramatically reduced.

So the moral of the story, please look to upgrade as soon as possible. Your organization is only limiting itself by trying to squeeze every last breath from XP. The OS is dead, time to move on and allow the grieving process to run its course.

Cargill Showcasing at #Lync Conference

Lync Conference 2014 came and went this year with great success. Over the course of 3 days, it was impossible to attend all the breakout sessions because there were so many. To get caught up and watch the sessions you may have missed, they are now posted on the MicrosoftLync YouTube Channel.
I recommend taking time out of your day to virtually attend the sessions that may be applicable to your situation.

One of the sessions that I’m particularly biased too and highly recommned, is the Cargill session discussing the successful planning, deployment and roll out of Lync Server 2013.

The session takes you on an hour long journey through the processes Cargill used to justify, plan and then with Perficient’s help, execute on that plan to start saving Cargill a large sum of money each month. The savings were achieved by bringing 3rd party hosted conferencing in house onto the Lync Server 2013. If your organization is in the visioning stage of deploying the Lync Server platform, then this is definitely a great starting point to reference as it is a real world, no BS demonstration of success. Cargill is the largest privately held company in the world with over 140k employees worldwide. This story highlights the scale-ability of the Lync Platform, proving that Lync can lead the pack in the industry. Now granted, some of those employees are not Lync Users as they may be factory workers or non-computer users, so the initial roll out targeted around 70k heavy Lync Conferencing Users. As Enterprise Voice continues its growth pattern within Cargill, expect the usage to go up, as plants will start receiving common area phones and even managing existing analog phones. To understand more technical detail about the environment in the current state, please review my blog located here:, which is now no secret that the blog was depicting the Cargill environment.

Lync Conference 2014…Your Chance to Grill the Experts

Starting this upcoming Monday, February 17, Lync Conference 2014 goes into full swing through the 20th.  Experts from all over the world will be presenting, demoing, answering questions and having a good time representing the world of Lync.  The Lync community as a whole are just a bunch of geeks who love what they do and equally love passing on the knowledge we have gained in the marketplace.  Since the Lync Conference stateside is a once a year opportunity, we encourage you to get excited about grilling all the experts in the areas you need your questions answered, because we are just as excited to talk with you!  What’s better than attending a 4 day party on the company dime to obtain free advice?!

Lync Conference

Now that the general overview is complete, lets focus more on what Perficient has to offer at the LyncConf! As the conference moves along throughout the week, Perficient will be highly involved by sponsoring the event, throwing a VIP party and representing a booth with resident experts there to answer your questions. During the breakout sessions, you may not get your questions answered because maybe you can’t get the one on one time with the presenter, or the time runs out before you get to ask your question. That’s okay! We encourage you to stop by and ask the questions to get the answers you need. We have 2 Lync Certified Masters (MCMs) on staff who are ready and willing to cover all the topics that your hearts desire. If you need help in thinking of some ideas and questions to ask, here are some examples:

Lync Strategies:
1.) Lync Readiness Strategy
2.) Basic Deployment Strategy
3.) Conferencing Strategy
4.) Global Deployment Strategy
5.) PBX Replacement Strategy
6.) Greenfield Enterprise Voice Strategy
7.) LRS (Lync Room System) Strategy

Do you have questions regarding technical deep dives? Here are some ideas as well:

Technical Review:
1.) Understand Simple URLs and how they can impact a design
2.) Understand how Lync integrates to PBX and IPPBXs
3.) Understand how Lync 2013 HA and DR works
4.) Understand the importance of SBCs and Gateways
5.) Understand Call Admission Control and QoS
6.) Understand Flexible dial plans and why we use Global E.164 standards
7.) Why do we have this “misfit” Office Web Apps role?

We look forward to seeing you at the conference and fully expect you to bring the hard questions…Can you stump us?

Safe travels and see you soon!

Lync – A Tale of Stretching the Limits of Supportability

This blog post will highlight the infrastructure abilities of Lync when thinking a bit outside of the box on how to design Lync to meet very specific needs.  It’s not that I am condoning deploying Lync outside of supportability, but rather just showing that Lync truly can be flexible.

I recently finished up a global deployment of Lync Server 2013 where it took about 5 months to complete just the planning and build of the infrastructure alone.  During the planning and build we mainly touched on getting the overall Topology designed correctly, including SIP Domains, Certificates, HA, DR, capacity planning and a “Hidden DMZ” and that is why it took so long…Or maybe because the client was a multibillion dollar company who had to move cautiously?  Oh and yes, I did say Hidden DMZ, you read it correctly.  If you interested in the gory details of such a design and the “Hidden DMZ”, not to be confused with their traditional DMZ, read on because I do have to say it’s pretty interesting….

I do want to put a Disclaimer on this post before I continue;  The overall concept of this design was spawned before I was assigned this project, so when you read about this unorthodox design you must understand the conversations of this design were already signed off on by Microsoft yet the risks of such a design were still conveyed by Microsoft, myself and a fellow Microsoft MCM/MCSM.   The organization is one of the largest companies in the world, so you can only imagine how that played in their favor and was viewed as a major win.  The goal of this project was to bring their 3rd party hosted conferencing solution to an On-Premise Solution utilizing Lync Server 2013 for close to 100k users, save the re-occurring hosted conferencing cost while continuing to grow Enterprise Voice.  Also, when you read through this blog post, you will inevitably start looking beyond Lync and start to question why this organization practices such security tactics.  For the sake of the Lync Design, understand that this organization has an outstanding Security division with protections in place that are far greater than we will understand, so unless you are qualified as a security expert don’t get stuck on why they choose to do what they do.  Lync Server simply had adhere, to the best of its abilities, to the organizations tight restrictions, so getting Lync into a position to be accepted on the perimeter (in the DMZ) was a challenge  of itself.

Setting the Stage:

So I’ll set the tone with the environment first and foremost.  I came into the project about a 1/3 of the way through the planning stages, and the VERY first thing mentioned to me in my kickoff meeting was “We are going to put Front End Pools in the DMZ….will it work?”.  Well, needless to say I’m thinking; “What the hell did I just get into?”.  I took the comment in stride because I didn’t know the full background, but at that moment I simply took the supportability route and cautioned them with why that wasn’t such a good idea.  As the project roared on, it came to light that they simply wanted to put 2 Pools in the DMZ for user authentication, but not actually Home users themselves to these pools.  Lync veterans, I know what you are thinking – “Isn’t that just a Director and how a Director role was deployed with OCS RTM/R2?”, and to all the novice Lync Admins, yes, essentially, this pool will be acting like a Director.  So based on how I decided to design the Lync Server 2013 central site in the Western Hemisphere of this project, a traditional Lync Deployment would mimic this visio with the Directors located on the protected LAN:

So here is where the challenge surfaced with the Director role and the server placement of such a traditional design:


1.) The Director role, even though greatly explained to this organization by myself (a Lync MCM) and Microsoft was simply not good enough in their eyes to meet the security needs of the organization so they insisted on a complete Front End Pool.

2.) The pool they wanted as the “Director” also needed to be located in a protected are of the network, another purpose built “Hidden DMZ” so the authentication happened in this bubble.

3.) They only needed this hidden pool to authenticate Anonymous User join for conferencing because 2-factor authentication isn’t an option and Digest Authentication used for Anonymous users was viewed as a negative

So knowing how a traditional design would look, we had to modify such to now look like this visio with only “Meet URL” passing through the “Hidden DMZ”:


So this fulfills the same role as the Director, when anonymous users join, they initially hit this pool and authenticate before being “Shuffled off” to the Home Pool of the conference organizer; this met their needs.  So, now onto understanding how to make this work.  I cautioned against this design with the normal points; You don’t know how things change in the future, you never know all the ports this pool needs, you never know if an update will break this, Microsoft does not support this design in the documents….etc.  So I had to do some simple tracing to find the minimal amount of ports required from a Lync standpoint.  Now keep in mind, I did not consult on ports needed by Domain Joined machines in the DMZ.  The practice of this organization already deploys domain joined machines to their DMZ and protects them how they see fit, so I only looked after Lync ports.  Again, don’t question that practice, just know it is what it is.

During my testing and once again during go live we determined we only needed 3 ports open to the LAN for this to work and 1 from the traditional DMZ coming from the TMG.

1.) Port 445 – Bidirectional to/from LAN

2.) Port 444- Bidirectional to/from LAN

3.) Port 5061 – Bidirectional to/from LAN

4.) Port 4443 – One way to the Hidden DMZ from the traditional DMZ

The Hidden DMZ looked like this:

Hidden DMZ

After this is all said and done, with FE’s, SQL Servers now placed into the purpose built “Hidden DMZ”, the redirect work flawlessly as expected.  In the Western Hemisphere, the Hidden DMZ now serves 2 different user pools and in the Eastern Hemisphere there is another purpose built “Hidden DMZ” that serves 2 additional pools there as well.  Each is fully redundant offering High Availability so all traffic coming from either hemisphere can land on either hidden DMZ to keep conferencing up and running.

Now on to answer a few outstanding questions I know are going through your head.

1.) What about Edge communication? 

The Edge was addressed by using Lync-Solutions Security filter to protect against DDOS attacks and force users to use TLS-DSK.  Home PC’s are not allowed for connectivity with this organization as they can only connect remotely with company issued PC/laptops because of their security requirements.  This being said, they could restrict Lync to only signing in if they had the Lync issued Certificate downloaded to their machine.  This is the closest to 2-factor authentication they could achieve.

2.) What about other URLs, like Web Services, DialIn and LyncDiscover?

Again, the security filter was in place on the TMGs to guard against DDOS attacks.  The other web traffic was “OK’d” to hit the Front Ends, such as Web Services URLs.  You simply cannot redirect home pool Web Services URLs as that is simply a hard requirement to land on the respective pool.  LyncDiscover is still covered by a certificate, even though it is not an authenticated request on initial query anyway, so there is no such worry there.  We could have directed that traffic to the Hidden DMZ as well, but I recommended leaving it hit the internal servers with the first hit.  The authentication of a user is performed up to 2 times anyway, first against the pool associated to LyncDiscover and then once again if you are homed on a different pool.  Again, this is okay as they wanted the Hidden DMZ for anonymous authentication.

3.) What about mobility?

Well, this is a good one.  There simply was no good answer for mobility.  This organization is huge on 2-factor authentication, especially from a mobile perspective.  The Lync mobility client does not offer 2-factor natively, so in this case it just simply was not available, not even from third party vendors.  Because of this lack thereof, this organization had to make an exception until a solution is available.  Now, there were a few “attempts” by 3rd party vendors who said they could do it, but anyone who knows Lync at its deepest levels and how Lync authenticates knows you can’t simply slap a 2-factor authentication solution into IIS and expect it to work, it’s just not possible without a damning ripple effect.  With that said, however, Microsoft has acquired a mobile 2-factor provider, called “Phone Factor” who previously built 2-factor solutions for other Microsoft platforms.  One could think that Microsoft has plans to build this into the product in the future.  I’m speculating, but I think it’s a pretty accurate guess.

So there you have it, within this wordy blog post, an interesting situation that turned successful with a little out of the box thinking and thorough testing.  I’ll leave you with some fun facts from this environment:

  1. Environment is built with complete HA/DR functionality to keep conferencing up at all times
  2. Support for 70k-140k users.  Nobody could agree on a set number…just think really big.
  3. Their intent is to reduce costs by giving people an option to bring on premise some of their external conferencing volume
  4. 52 Servers with 100% dedication to Lync, not shared in anyway.  This number includes TMGs and SQL Servers.  56 servers      if you include shared Witnesses.
  5. The whole environment is Hardware with exception of the TMGs and the “Hidden DMZs”
  6. There are 2 “Hidden DMZs” as they call it.  Both Hidden DMZs contain a Lync pool with 2 FE’s/pool and 2 SQL Servers in mirror configuration.
  7. FE’s and SQL Servers are both entirely in this “Hidden DMZ” which is inside another DMZ…I guess.
  8. 6 Total Pools, 4 user pools and these 2 Hidden DMZ Pools (think Directors)
  9. 8 Edge Servers
  10. They built a whole new VMWare environment inside these DMZs specifically for these hidden dmz pools and TMGs.  This included new switches, hardware, network configuration and such.  Everything that goes with building a new VMWare environment and securing it.
  11. 12 GoDaddy Certificates.
  12. Lync Edge and TMG Security Filters to block potential DDOS attacks and to force TLS-DSK.
  13. 50ish SIP Domains
  14. 1 Certificate alone has 70+ SAN entries

Discussions and comments welcome

Mobile upgrade time, what to do? Windows Phone, it might be time.

I’m taking a break from Lync blogging to address this…situation I’m in.

So, as the title states, my contract is up and its time to run through the mobile debate once again.  If there is stress in my life right now, it isn’t the consulting work or raising 2 boys who are destined to destroy my house, but rather this mobile phone competition created by 6 Apple phones, 4000 Android devices and, like 10 Windows phones.  It seems that just by those numbers alone, you’d think I’d maybe follow the sheepish herd, but not so fast.  I’m going to essentially “talk out loud” in this blog, so it might get kind of wordy.  It’s up to you if you want to sit through my opinions or move on.  :)


So, I’ve been rocking the iPhone bandwagon since the 3G days, so basically 5-6 years of viewing mini-squares, cluttered home screens and countless anticipations of the iOS improvements.  I have to say, as of late, I’ve felt very annoyed with my 4s.  It’s not that it’s lacking in apps, or is “laggy” in nature, or has annoying updates are always happening, that’s obviously furthest from the truth.  For the iPhone, those are exactly everything the phone is NOT, which has been nice, but I’m simply tired of looking at the same screen for 6 years.  Think about it, even MS refreshes more often than that with Windows…interesting, eh?

Through those years, I would get excited about each release, the 3GS was pretty well anticipated, but that was quickly trumped by the anticipation I had for the 4 which was really high, then my anticipation declined greatly for the 4s and then COMPLETELY disappeared for the 5.  The 5″s”, as we’ll call it, is due out sometime this year by all purposely released rumors.  My interest has only slightly returned for the 5s, but I think its more because I’m interested to see how bad the iPhone is going to let down the industry.  Wait for it….Wait for it….  “S” now stands for “Stale” in my opinion.  I have not read of any major improvements other than the finger print, unlock, thinging.  Well, I tried that on my XPS 5 years ago and it was horrible.  That was so yesterday.  So needless to say, I’m looking at the new iPhone as probably my 3rd choice to use my precious upgrade on.

Now on to the Android.  This is a funny situation for me as I’m NOT an Android fan.  I have never owned one for myself, but I did however buy an Evo years back for my wife.  More on that in a moment…


I’m intrigued by the Galaxy.  Its on my radar, at least the Galaxy family is, because #1, I’m a Samsung fan, #2, it’s different for me.  Heck,  a flip phone would be a positive change at this point in time.  If I went with the Galaxy S4, or something newer, I’d have to forklift my Ecosystem I’m in with Apple; I have the AppleTV, 3 iPads, iPod and 2 iPhones.  Yeah, the iPads can stay, but its more of the AppleTV and all the things that come with it.  For a couple of examples; my kids know how to run Apple Remote on my iEverything, so they can navigate Netflix with ease…AND that’s huge.  Our photos go up to the Apple’s “iCloud” for Photostream, so that’s nice.  On a side note, Apple’s “iCloud” should be called “iBackupSomeOfYourThingsToOurServers”;  It’s far from a Cloud solution. I really love Apple’s Mirroring and AirPlay because I can play my NFL Mobile Verizon subscription to my big screen in HD.  So, going to Android would mean I need to find a new place for photos as that is very important and also replace my AppleTv with Roku or something similar and figure out if Samsung’s Play To, or whatever can compete with AirPlay.  I know this is all may seem trivial, but still, I need to find the best solutions all over again because this is all highly used.

Now onto my statement about the Evo, which is my segue into Window’s Phone.  My wife’s Evo lasted…about 1 year.  Awful phone.  I don’t think I could say anything good about it.  Just awful.  So she jumped on the 4s wagon with me and we rode around for 2 years….until this weekend when she upgraded to the Galaxy S4.  Yup, it happened.  Now keep in mind, when I met my wife, she was furthest from a technology enthusiast.  She had  a flip phone forever, fought against “Text messaging”, she didn’t understand why we needed internet on the phones, yada yada yada, the push back continued.  Fast forward to this last weekend and the debate was on full steam because now she cared about what the phones offer!  So, we’ll start with 2 simple reasons why she chose the Galaxy over the iPhone and Windows Phone; She missed the large screen of her Evo days, which the Galaxy provided and she said the Windows Phone was too “Connected”.  Really?  My wife, who knows nothing about IT let alone the verbiage us geeks use, said “the Windows Phone was too connected”.   Well well, what do we have here…

Windows Phone:

Now we are onto the Windows Phone debate.  Because I’m a Unified Communications enthusiast I have a special place in my heart for being “connected”, so when I heard my wife say the Windows Phone was too connected, it was interesting and actually has more weight behind it than coming from tech professionals.  Windows 6.whatever, was my first smart phone back in like, 2005 or something  and it was awful, but it was nonetheless “different” than what everyone else had  (probably for a reason), but I got it anyway.  Then I moved up in the smartphone world, landing with iPhones again because it was different and new, then tried the Windows Phone 7 in 2011 time frame while I waited for my iPhone 4 replacement to get issued because I broke it.  During my trial run, I was lucky enough to get Mango update.  Going from 7 to 7.5 was a HUGE leap forward and now rather than damning 7.0 I was praising 7.5’s foundation.  I loved and praised the foundation 7.5 was built on, but still hated the lack of Apps.  I’m not a huge app user, but there are the “essentials” as I like to think in my mind and WP just didn’t have them.  So fast forward to now at upgrade time and I’m uber-confused because I again want to be different, have something new and have something that nobody else has.  I’ve searched my app essentials and they are all there (cough cough, Fantasy Football) and I’ve been reading up a lot about Windows Phone 8, 8.1 Blue and the future of WP.  I truly believe 8.1 is going to be the next release that really lights the fuse on Windows Phone if the rumors are correct about all I’ve been reading.  When I say “light the fuse” I’m not saying its going to pass Android, but I think it will close the already dwindling  gap between Apple and WP and distance itself even further from the BlackBerry’s.  For the sake of argument though and to upset all the Android Fan boys, remember, the only reason Android is so far ahead is because it’s free, open and already on 4000 devices…that’s right..4000, look it up.  Not saying that’s bad, but it’s easy to tip the right side of the scale with free regardless of how good the OS may or may not be.

With WP, I can replace PhotoStream with Skydrive and go from 5 GB of free storage to 25GB of photo cloud storage (yeah yeah, google Drive has space…but…it’s Google!).  With WP, I get “SmartGlass” which is not a replacement for AirPlay, but I think it might be setting the stage for such, so I’m willing to gamble on that.  With WP, I get access to a real cloud with Microsoft Office 365 for documents and collaboration , not just glorified backup servers.  Being so tightly connected at work and at home, a Window’s phone can now truly bridge the gap of BYOD with Work by using Office products, Lync included and home related things such as Skype, Netflix, Xbox Live, etc.  Remember, Skype-Lync bridges the gap from home and work for communication.  Who doesn’t want to talk to their family while working on the road as you’ll already be logged into Lync!  I know most of that is available on other platforms, but remember, I’m looking for a change to the interface more than anything.  The Apps are also expanding as the most major ones that I use are now present or “on the way”.  Last but not least, the Hubs or Live Tiles that everyone has already heard about with bright, vibrant and refreshing colors, makes sense to me.  As I stated before, too many app icons drive me insane and checking all my popular people apps separately is annoying as well as all my news apps separately too.  I like how I can combine all those into individual tiles, which again, “bridges the BYOD” gap and creates a Unified system, so that’s really nice…and FlipBoard is coming to Windows Phone.  Praise the lord.


So now that WP is looking promising in my eye’s, I’m confused what to do with my upgrade on Verizon.  The only “Real” WP phone available on Verizon is the Lumia 928, but it’s a year old, so if I upgrade I essentially commit to a 3 year old phone by the time I upgrade again which is not ideal to me.  I could wait and see what’s coming out in the next 6 months, but that means staring at this danged ol’ iPhone some more *gag* and I don’t think I can do it.  Also, if I wait and buy the new WP or even buy the Lumia now and get the 8.1 update when it comes out, I’m pretty much committing to an Xbox One which is unbelievably over priced to replace my $99 AppleTV and existing 360.  So what should I do;  buy now or wait to see what Nokia, Samsung and Verizon have up their sleeve in the coming months for WP, buy Android or buy a refreshed iPhone when it comes out this fall?  Stay Tuned…..

Before I close out, I do want to give my opinion about Windows Tablets, I guess we’ll call them.  Is it just me, or does everyone else think Microsoft should modify the Windows Phone OS to put on a Tablet, rather than trying to put the desktop Windows 8 or RT onto a tablet?  I think it would make much more sense to try this approach and let the desktop OS be desktop and let the mobile OS be a mobile OS.  Just sayin’

Comments/debates welcome.

Lync Server – Install-CSDatabase error

With Lync Server 2013, the recommendation is to keep the OS on the C: drive and deploy Lync to a secondary drive running Raid 10.  When you ask for server provisioning with the requested drive layout you’ll receive your server with a second drive such as a D: or E: drive, or whatever your standard build calls for.  When installing Lync, the intelligence is built in to the Lync deployment wizard to detect this secondary drive and automatically install the CSData information to the secondary drive during step 2 of the deployment wizard.

I’ve had a couple of deployments now where I’ve ran into this particular error when running Step 2 on a new Lync Server 2013 Front End where my servers were provisioned with the secondary drive as I requested.  I receive the error; “An error occurred while applying SQL script for the feature RTCDatabaseStore…..” 

Click to view:


I have to admit, the first time this happened to me I was stumped.  After looking around a bit, I did notice that the folders on the E: drive had the padlock icon.


Digging a little deeper, I looked at the NTFS permissions on the CsData folder and noticed it had only “System” and “Administrators” listed for permissions.  Changing the permissions on this folder alone did not result in a fix, so it had to be something more.  Going up a level to the Root of the E: drive resulted in a much more positive outcome.  Looking at the C: drive and E: drive next to one another, I noticed how different they actually were as you can see.  We were missing “Creator Owner” and “Users”:


To add in the missing user/groups, you simply have to add “Creator Owner” first, THEN add “Users”.  If you do not do this, the permissions will not be correctly applied.  Your CsData information will now finish installation as expected.  If installation does not finish as expected after adding these permissions, you may have  to go deeper into permissions at the root drive.  If you look close at the attached pic, you’ll see 3 different entries for “Users” and the “Apply to” is different for each.  You’ll want to once again open your C: drive and compare all the permissions of your secondary drive and your primary drive, as these are probably different.  If the permissions are not applied correctly, chances are only a single set of permissions will be shown for “Users” so you’ll have to add the appropriate permissions for 3 “Users” entries.  Keep in mind that the “Apply to” is the key to entering these permissions correctly THEN all should work.  If this doesn’t work….tell the provisioning team to redo it.  :)


On a side note, remember this general rule for all servers in your environment including SQL Servers and Office Web Apps.  Office Web Apps will produce connections errors when installed to a secondary drive.  The installation will finish without errors so you’ll get a false positive and you will be presented with a successful installation, but truth be told these permissions will not allow connectivity.

Lync Server 2013 – Annoying LS DATA MCU 41029 Error

Starting with Lync Server 2010 and now with Lync Server 2013, Certificate management was much improved over previous OCS platforms with the ability to itemize certificates across the environment.  More specifically, on the Lync Server Front ends you can now apply up to 3 unique certificates to each server.  A description is provided for each certificate below:

Click to view


In a typical deployment, a single certificate can be issued and applied to all 3 services, which in turn simplifies certificates that much more and also keeps costs low.  There are times, however, that certificates may need to be itemized, or “broken out” into 2 or maybe 3 certificates and applied individually to each service.

In my latest deployment, the amount of SIP domains required for the certificates pushed the certificate’s SAN limitation which required me to itemize the certificates into 2 certificates.  In this particular deployment, I issued a single certificate that is applied to both “Default” and “Web Internal” and created a 2nd certificate to apply only to “Web External”.  With additional proper planning, I was able to share this certificate across all Front Ends of all 4 pools and the HLBs of the deployment.  Because this certificate has all the External Web Services names of all pools, it can also be applied to the TMGs (Reverse Proxy) if the organization is okay with having Internal Server FQDNs listed on a certificate that is applied to a public facing Reverse Proxy.  You may have noticed I implied that there are Internal Server FQDN’s listed on the External Web Services certificate; This is indeed a requirement.  As you can see from the Subject Name / Common Name field of the “Web External” certificate, it states the FQDN of the server is required.  In my experience, the name of the server does not need to be the SN/CN, but rather in the SAN of the certificate, this way the certificate can then be shared across however many servers you may be deploying.  If you do plan to use this single certificate across all FE’s in all of your pools, you must list every Server FQDN in the certificate.  If not, the following 41029 Lync Web App error will occur, which will break your the communication to your Lync Web App for external Users.  The blacked out FQDN you see from the picture is actually the FQDN of the server itself, not the pool.  If all the FE FQDNs are not listed in the SAN of the certificate, each FE in the pool will have a communication error to each FE in the pool, including itself.  So the end story is, Include FQDNs of each server in the SAN that you plan to apply the certificate too, to remove this annoying error.

Click to view:



Comments Welcome