Example of adding Lync QoS settings with PowerShell

Microsoft TechNet note from Lync 2013 QoS planning section: “If you are using Microsoft Windows Server 2012 or Windows Server 2012 R2 you might be interested in the new set of Windows PowerShell cmdlets available for managing Quality of Service on that platform.”

Of course interested!

Works on Windows 8/8.1/2012/2012R2.
DSCP values and port ranges can be different depending on network environment.


# Lync 2013 Client QoS for Windows 8/8.1
New-NetQosPolicy "Lync 2013 Audio" -NetworkProfile All -AppPathName lync.exe -IPProtocol Both -IPSrcPortStart 50000 -IPSrcPortEnd 50100 -DSCPValue 46
New-NetQosPolicy "Lync 2013 Video" -NetworkProfile All -AppPathName lync.exe -IPProtocol Both -IPSrcPortStart 60000 -IPSrcPortEnd 60100 -DSCPValue 26

# Lync Conferencing, Application and Mediation Servers QoS for Windows 2012/2012R2
New-NetQosPolicy "Lync Server Audio" -NetworkProfile All -IPProtocol Both -IPSrcPortStart 49152 -IPSrcPortEnd 57500 -DSCPValue 46
New-NetQosPolicy "Lync Server Video" -NetworkProfile All -IPProtocol Both -IPSrcPortStart 57501 -IPSrcPortEnd 65535 -DSCPValue 26

# Lync Edge QoS for Windows 2012/2012R2
New-NetQosPolicy "Lync Server Audio" -NetworkProfile All -IPProtocol Both -IPDstPortStart 49152 -IPDstPortEnd 57500 -DSCPValue 46
New-NetQosPolicy "Lync Server Video" -NetworkProfile All -IPProtocol Both -IPDstPortStart 57501 -IPDstPortEnd 65535 -DSCPValue 26

More info:
Network Quality of Service (QoS) Cmdlets in Windows PowerShell
http://technet.microsoft.com/en-us/library/hh967469.aspx
Managing Quality of Service (QoS)
http://technet.microsoft.com/en-us/library/gg405409.aspx

Basic security better than no security – limit access to Office Web Apps server

If Office Web Apps Server published to Internet and if you do not want to allow everyone on internet using it for file operations without your knowledge – then strongly recommended at least limit access only for internal servers. Example:

New-OfficeWebAppsHost -Domain "addomain.local"
 

Lync communicates with Office Web App Server using WOPI (Web app Open Platform Interface protocol)
Good picture, helped me better understand WOPI terminology used in PowerShell command.
7128_Intro_WOPI_5C7408B7
In short:
Browser – Internet browser or Lync client
WOPI Server/Host – Lync Web Conferencing Server (on Front-End)
WOPI Client – Office Web Apps Server often referenced as WAC (Web Applications Companion)

More info:
New-OfficeWebAppsHost
http://technet.microsoft.com/en-us/library/jj219459.aspx
Plan Office Web Apps Server
http://technet.microsoft.com/en-us/library/jj219435.aspx
Introducing WOPI
http://blogs.msdn.com/b/officedevdocs/archive/2013/03/21/introducing-wopi.aspx
Office Web Apps Server – Hva trenger vi egentlig den til?
http://lyncatea.no/2013/02/26/office-web-apps-server-hva-trenger-vi-egentlig-den-til/

Lync Conference 2013

I had fortune and privilege to be at first Lync Conference ( http://lyncconf.com ) and be part of software enabled communications history! This conference really shown how serious Microsoft are about unified communications and focus of importance of human aspect of those.

For me there was number of takeaways, if I should highlight few:

– Networking. New contacts. It was great to meet Microsoft and partners directly as well meet fellow MCM peers and get together with MVPs.

 It personally reassured me about great choice I made several years ago to start working with communications and to continue work with Microsoft technologies in long perspective.

– Skype integration with Lync enables new business relations possibilities with consumers and other business, B2X was of main themes at conference keynote. At first peer to peer IM and voice direct integration between Lync and Skype was announced.

– Lync Room Systems are simply great! Follow news from Microsoft and great hardware vendors like Smart, Polycom, LifeSize and Crestron.

– Lync mobility new features. Support for audio and video over Wi-Fi and mobile data networks. Fully featured mobile clients was announced for Android, IPhone, IPad and Windows Phone

– Great technical content about new features and hours of recorded sessions available to watch afterwards.

Add DNS records with PowerShell

#Add A record example
Add-DnsServerResourceRecord -ZoneName domain.com -Name "dialin" -A -IPv4Address 10.0.0.10 -ComputerName dnsserver.domain.com -TimeToLive 3600

#Add SRV record example
Add-DnsServerResourceRecord -ZoneName domain.com -Name "_ntp._udp" -Srv -DomainName domain.com  -Priority 0 -Weight 0 -Port 123 -ComputerName dnsserver.domain.com  -TimeToLive 3600

Lync corporate photo update script

Simple example how to update thumbnailPhoto in AD. Pictures are optimized in process and usually not exceed 3K and still good quality. Not depending on Lync or Exchange Management shell.

It easy modify this script for  more complex scenarios and of course in production environment some reporting are advised, but that was not propose of this post.

Proven in field :)


###############################################################################################
# updateadphoto.ps1
# v2
# 2011
# Marjus Sirvinsks (marjuss.wordpress.com)
#
# picture file names should match SAM account name
#
# Requires convert.exe; vcomp100.dll in same folder where script located.
# Already compiled files can be downloaded here http://www.stevieg.org/downloads/GALBatchConvert_with_ImageMagick_Convert.zip
# or directly from http://www.imagemagick.org
#
# Idea for picture optimization technique comes from Steve Goodman's Exchange blog:
# http://www.stevieg.org/2011/01/batch-optimize-exchange-gal-photos-importing-active-directory/
#
###############################################################################################

# AD search root
$SearchRoot = "dc=domain,dc=com"

# Filter - not disbalded AD and Lync enabled user objects
$filter="(&(objectCategory=person)(objectClass=User)(msRTCSIP-UserEnabled=TRUE)(!userAccountControl:1.2.840.113556.1.4.803:=2))"

# Picture source location. Can be network share.
$source = "C:\scripts\picturesource\"

#Temporary folder where optimazed pictures stored for review
$destination = ".\optimizedpictures\"

$ds = [ADSISearcher]$filter
$ds.SearchRoot = "LDAP://$SearchRoot"

# litle thing to remember if there is more than 1000 users.
$ds.PageSize = 1000

#we do not want load all properties for performance reasons
$ds.propertiesToLoad.Add("samaccountname")

$users = $ds.findAll()

if (Test-Path -path $destination) {

Remove-Item $destination* -recurse
}
else {
New-Item optimizedpictures -type directory
}

foreach($row in $users) {

$dn = $row.path
$sam = $row.properties.samaccountname
$picture = $source + $sam +'.jpg'

[string]$jpg=$picture

if ((Test-Path -path $picture) -and ($jpg -like '*.jpg')) {

$filename = [io.path]::GetFileName($picture)
$ext=[io.path]::GetExtension($picture)
.\convert.exe -quality 75 -depth 8 -strip -thumbnail 96x96^ -gravity Center -crop 96x96+0+0 $picture $destination$sam$ext
$photo = [byte[]](Get-Content $destination$sam$ext -Encoding byte)
$adUser = New-Object DirectoryServices.DirectoryEntry $dn
$adUser.put("thumbnailPhoto", $photo )
$adUser.setinfo()
}
}

Troubleshoot Lync Mobility reverse proxy

Updated: Do not ever do this in production, only for testing :) Following TMG setting is not necessary  if following  the Lync Mobility guide and reading it careful. Check comments. Thanks All for input.

If allow publishing lyncdiscover over HTTP using TMG  then following listener setting might help to resolve problem connecting to mobility service (Advanced settings on listener Authentication Tab)

You can also test lyncdiscover service without publishing it. In Windows mobile Lync client turn off  “Auto-detect server” and enter both Internal and External discovery address exatly as it is configured on Lync. To get those user friendly links:


Get-CsService -WebServer | fl  autodiscover*

Happy testing!

Good starting point for deploying Lync Mobility by Ståle Hansen can found here http://msunified.net/2011/12/12/enabling-lync-mobility/

Requesting VCS certificate

In OCS it was practical to use cert wizard for requesting certs even not for OCS purposes. In Lync there is different story.

Example of online certificate request from internal CA using Lync Server Management Shell:

Request-CsCertificate -New -Type Default -ComputerFqdn "VCSFQDN" -CA "CAFQDN\CANAME" -FriendlyName "whatever" -PrivateKeyExportable $True -DomainName "VCSFQDN"

NOTE: can only be done if VCS (VCSFQDN) defined in Lync topology, so first need create trusted application pool.

More info:
http://technet.microsoft.com/en-us/library/gg425723.aspx

Additional notes:

Created cert can be exported with private key as .pfx file

To convert to .pem format it is handy to have accessible virtual machine with Linux (Ubuntu, CentOS …)
There are available some online services that can be used instead, but think twice, you never know how and where private keys are stored in that case.

In short:

openssl pkcs12 -in vcs.pfx -out cert_inf.pem

Extract certificates and private key from cert_inf.pem (open in text editor) and make 3 diferent files, for example:
Encrypted private key priv_e.pem
Certificate cert.pem
Root (CA) certificate root_ca.pem

Decrypt the private key using the command line:
openssl rsa -in priv_e.pem -out priv.pem

Connect to VCS and upload certs …