Archive

Archive for the ‘Lync’ Category

No More local names in the certificate starting November 2015 #MsExchange #Lync #ucoms #lync2010 #Microsoft Part1

July 9, 2012 5 comments

Starting November 2015 all public domains providers will prohibit the use of invalid domain names, this is because internal servers names are common and could be falsified and end server connection can’t be assured, you can read more about it here

http://www.digicert.com/internal-names.htm

and

http://www.networking4all.com/en/ssl+certificates/faq/change+san+issue/

The reason that is given for the change is that the internal server names are not unique and therefore easy to falsify. With common names like server01 or webmail, the end user is never sure if it is actually dealing with the right party or with a malicious.

The changing legislation for SSL Certificates shall start on 1 November 2015. This means, from that date, the invalid Fully-Qualified Domain Names (hereafter called FQDN) will no longer be accepted at the standard of the CA/Browser Forum and after that date such certificates may no longer be issued. All certificates issued after 1 November 2015 and meet this qualification will be revoked upon discovery.

Users who are requesting a certificate on an invalid FQDN with an expiration date after 1 November 2015 should remember that their certificates will be revoked after 1 November 2015. After this date, no SAN SSL Certificate with a reserved IP address or internal server name will be issued either.

you can download the new certificate requirement for the cabforum here http://www.cabforum.org/Baseline_Requirements_V1.pdf

What does that means:

if you are running your domain using an invalid name (.local or .dom) you might face some issues depending on your configuration, the most commonly affected applications by this changes are Microsoft Exchange and Microsoft Lync servers.

for years we have been using the UCC certificate which allowed us to include internal server names along within the public certificate which offered a simplified configuration, I do believe that this change will require massive changes in the Exchange and Lync infrastructure to support this change.

For Microsoft Exchange:

Depending on your configuration you might need to do some changes in your infrastructure to support this change, let us divide the configuration as following:

1- Your Active Directory domain name is domain.com or other valid domain names:

if your Active Directory domain is running domain.com name or other valid domain names, then most probably your changes are minimal, the only catch here if your users are accessing OWA using https://mail or https://Exchange internally for end users simplicity, this will not be supported or working anymore and you will need to work with your end-users to fix that.

2- your Active Directory domain is domain.local (or other invalid name): 

oooh baby, you will have fun, because of how internal and external URLs in Exchange are functioning you will need to do more than just a new certificate request for your servers, but again it depends on how you configured your Exchange servers:

For a single Active Directory site deployment:

 

If your Internal URLs for Exchange Webservices uses External names, then you are fine, but if you are running a single Website for OWA, OAB and other webservices functionality, you will have to consider 2 solutions:

  • Change the internal names of the vDirectories to include public domain names (.com or .net for example) this will require creating the correct DNS zones in Active Directory (domain.<valid domain>) and configure the entries in that DNS zone to map to the correct internal and external IPs (some services will point to internal IPs like Exchange webservices and some will point to External IPs like your website for example), you might also require some changes in the certificate to include the new names or purchase a new certificate to accommodate the new names.
  • Create a new website on the Exchange and split the traffic between the External website and the internal website, for the new website you will need to include the correct names (either internal and External) and configure a new IP for the CAS servers, using host headers with OWA and ECP currently breaks OWA/ECP thus you will need to assign your CAS servers new IP, and configure the websites to listen on its corresponding IPs and configure publishing rules to publish the new configuration (this also depends on your network infrastructure and firewall configuration).
  • External Names and its certificate will need to be revisited to issue the correct names in the certificate, I am not sure whether old certificate will be revoked or kept as-is, but if they will be kept until they are revoked and never re-issues then you can skip this step.
    You might need to check you NLB configuration if it is there to include a new NLB IP for the internal Names.

For a Multi Active Directory site deployment:

again it depends on your configuration, and this might be a little tricky because or redirection and proxying, I have tried to simplify it but I couldn’t as there are various factors and configurations but here are some guidelines:

  • Document how you are doing OWA and webservices right now, also how your are doing your proxy or redirect configuration.
  • External Names and its certificate will need to be revisited to issue the correct names in the certificate, I am not sure whether old certificate will be revoked or kept as-is, but if they will be kept until they are revoked and never re-issues then you can skip this step.
  • Internal Names will need to be checked and either re-mapped to names that includes valid external domains and this will require DNS and certificate changes as I stated above.
  • Internal names that will be kept internal will need to use their own website, new IPs and Certificate which might be re-issued, also you might want to re-visit your NLB configuration, also you will need to check you NLB configuration.
  • you will need to revisit your InternalNLBBypassUrl , the recommendation is not to change it from the internal server name and for the time being I don’t have another recommendations, and until then and if you do Proxy across the sites you might stuck with the new website option
  • in part 2 we will see how the change affects Lync 2010.

Advertisements

iPhone/iPad Client for Lync 2010 now available #lync2010 #ucoms #iphone #apple #Microsoft #ipad

June 23, 2012 Leave a comment

the IPhone/iPad clients for Lync 2010 are now available, links and Kbs are here

Product

KBs

Download

Version

Type

External

External

4.2

Mobile Client

External

Download

4.2

Mobile Client

External

Download

New Android Client update for Lync 2010 #android #lync2010

June 20, 2012 Leave a comment

Just released:

 

Product

KBs

Download

Product

Version

Type

External

External

Lync 2010 for Android

4.0.5324.3000

Mobile Client

External

Download

Categories: Lync, Lync 2010, Microsoft

New June Updated for Lync 2010 server products and client #lync2010 #lync #ucoms #Microsoft

June 17, 2012 Leave a comment

Today, Microsoft released the following updates for Lync 2010 products and client:

Product

Version

KBs

Download

Lync 2010 (64bit client)

4.0.7577.4103

2701664

MS download

Lync 2010 (32bit client)

4.0.7577.4103

2701664

MS download

Lync Server 2010

4.0.7577.199

2493736

MS download

       

Lync 2010 Group Chat Client

4.0.7577.4102

2701665

MS download

Lync 2010 Group Chat Admin

4.0.7577.4102

2707265

MS download

       

Lync 2010 Phone Edition

[Polycom CX700 and LG-Nortel IP Phone 8540]

4.0.7577.4100

2724545

MS download

Lync 2010 Phone Edition

[PolycomCX500, CX600 and CX3000]

4.0.7577.4100

2701671

MS download

Lync 2010 Phone Edition

[Aastra 6721ip and 6725ip]

4.0.7577.4100

2701667

MS download

Lync 2010 Phone Edition

[HP 4110 and 4120]

4.0.7577.4100

2701670

MS download

Categories: Lync, Lync 2010 Tags: , ,

Update: Lync 2010 Adds Video Calling for RCC-Enabled Users

March 2, 2012 Leave a comment

Source: http://blogs.technet.com/b/nexthop/archive/2012/03/01/update-lync-2010-adds-video-calling-for-rcc-enabled-users.aspx

The February 2012 update to Microsoft Lync 2010 provides new functionality for the Remote Call Control feature, commonly known as RCC. With this enhancement, RCC enabled users can initiate and answer peer-to-peer Lync video calls and use Lync to join online meetings with video enabled.

Author: Jamie Stark

Publication date: February 28, 2012

Product version: Lync Server 2010

Remote Call Control (RCC) is a feature with a long history, dating back to Live Communications Server 2005 SP1. The basic capability of RCC is enabled by communicating with a PBX using a Computer Telephony integration (CTI) link between the PBX and a Lync Server pool based on theECMA TR/87 standard. For end-users, the core capability this feature delivers is click-to-call using a user’s existing PBX phone and PBX-based binary presence update (such as to In a Call).

As a side note, this capability is completely unrelated to the Enteprise Voice functionality available with Lync. With Enterprise Voice, users have the ability to use Lync as a complete softphone (dialing internal, federated, and PSTN contacts), along with IP-based desk phones that connect directly with the Lync server.

While the capabilities of Remote Call Control were largely unchanged through the last four releases, with Lync 2010 changes were made that required video calling for RCC-enabled users to be unavailable. 

The February 2012 update to Lync 2010 adds two video call scenarios for RCC-enabled users. With this enhancement, RCC enabled users can initiate and answer peer-to-peer Lync video calls, join conferences with audio and video enabled using Lync, and continue to use RCC for its core purpose of controlling the PBX desk phone and binary presence update. The KB covering the update is available at An update is available for RCC enabled users to make video calls or conference calls in Lync 2010.

For RCC-enabled users to make peer-to-peer video calls and join video conference calls, they need a webcam and a headset, handset, or speakerphone for their workstation or laptop. Additionally, the user’s RCC policy needs to be set to Remote Call Control as opposed to Remote Call Control Only. For more information, see Enable Lync Users for Remote Call Control in the Technical Library.

The update does not support the scenario known as Split AV, where audio is delivered through the desk phone and video comes through the Lync client. The Split AV scenario provides an inconsistent and oftentimes suboptimal end-user experience, because the audio and video use different network paths and frequently lose sync. This means when a user starts an audio call using a PBX phone, they cannot add video to that call. If a call is started using the Lync client as the audio endpoint, it can be escalated to include video.

The February 2012 update is all client-side with Lync 2010. There are server-side updates as a part of this cumulative update, but nothing is required server-side for RCC-enabled users to take advantage of video. Similarly, customers can also use Office Communicator 2007 R2 to leverage the video capability of RCC against a Lync Server 2010 backend. Naturally, we recommend that customers apply the cumulative update to both server and client side and use Lync 2010.

Summary

For video capability with RCC-enabled users, deploy the February 2012 update for Lync. There is no additional information at this time about future releases of Lync. With the exception of this scheduled update, there are no additional planned changes for the RCC feature set. Should any plans arise, we will announce them publically as soon as we can.

#Lync Client #Virtualization the full story #ucoms #Citrix #xendesktop #xenapp

April 27, 2011 Leave a comment

if you have been reading carefully, Citrix released a document the article published here http://support.citrix.com/article/CTX128831 .

by that time, I knew internally that Microsoft didn’t support Client virtualization for OCS/Lync. although if you have been reading and even attended Citrix Xenapp 6 or Xendesktop training you will hear a lot about Lync/OCS client virtualization delivery with Xenapp or Xendesktop.

starting 14/4, Microsoft released a document that explains the supportability statement for Xenapp and Xendesktop and virtualization techniques that they support/no support.

the document is available here http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f865e66d-1163-46ef-ba9c-d585376dfbae.

in summary Microsoft now supports client virtualization through full desktop or application delivery/streaming with some considerations “check the document for more details” it is so amazing to see that Microsoft finally released such a support statement and changed the fully rigid statement of the big NO before.

#Lync Web Scheduler is now RTM #Microsoft #UCOMS

April 18, 2011 Leave a comment

Lync Web Scheduler is a resource kit tool for Microsoft® Lync Server 2010. It provides a Web-based alternative to the add-in for the Microsoft Office Outlook® messaging and collaboration client for the purpose of scheduling a meeting using Lync Server 2010. It also provides a browser-based conference management experience that includes operations such as the following:

· Scheduling a new online Lync meeting.

· Listing all existing Lync Server 2010 meetings that the user has organized.

· Viewing and modifying details of an existing meeting.

· Deleting an existing meeting.

· Sending an email invitation to meeting participants by using a configured SMTP mail server.

· Joining an existing conference.

you can download it from here

http://www.microsoft.com/downloads/details.aspx?FamilyID=b7d8f948-fa64-4c51-8b54-2223954d1fa4

%d bloggers like this: