Troubleshooting Lync Mobility

If your users are anything like my users the release of the Lync Client for mobile devices had them super excited and the pressure was on to “make it work”

Unfortunately there are a significant number of ‘gotchas’ and with our roll out we seemed to hit them all.

Here are the steps we took, the problems we ran into and how we fixed them.

 

1. First Step to deploying Lync Mobility is to install the CU4 update.

Before you install the updates ensure you have a backup of the server or a snapshot. The last thing you want to do is rebuild your front end server.

Once you have your backup/snapshot.

a. Install the “Dynamic Content Compression” feature in the IIS role in Server Manager

 

b. The next thing you need to do is stop the services before installation. In Lync Server Management Shell – Type “Stop-CSWindowsService”

c. From a Elevated Command Prompt: type Net Stop W3SVC

d. Run the CU4 Updates Available Here: http://www.microsoft.com/download/en/details.aspx?id=11551

e. Once the CU4 updates are installed. Reboot the Front End Server.

2. Create your DNS Records.

On your internal domain server:

a. Create a CNAME record for your front end server. The CNAME record should be “Lyncdiscoverinternal.internaldomain.com” which points to the FQDN of your FrontEnd Server. e.g. “Frontend.internalDomain.com

b. Create an Public A Record for your Reverse Proxy

nbd. The assumption here is that you have created a Reverse Proxy for your WebComponents already. If you haven’t created a reverse proxy with TMG this is a pre-requisite. For documentation on how to setup the Reverse Proxy I recommend Daryl Hunter’s Blog. He does a really good job of going step by step.. http://www.darylhunter.me/blog/2011/11/lync-2010-reverse-proxy-part-1.html

The A Record should point to the IP address of your TMG FW proxy.

The A record should be : “Lyncdiscover” pointing to 212.111.111.101

3. Install the Autodiscover/Mobility Update

a. Shut down the “CS-WindowsService” via the Lync Server Management Shell again

b. Stop the Web server “net stop w3svc”

c. Download the Update: http://www.microsoft.com/download/en/details.aspx?id=28356 and install it.

Adam Jacobs on his blog (link) recommends installing this way.

First you’ll need to copy the McxStandalone.msi to C:ProgramDataMicrosoftLync ServerDeploymentcache4.0.7577.0setup, then execute C:Program FilesMicrosoft Lync Server
2010DeploymentBootstrapper.exe

However, double clicking the msi worked for me.

d. Reboot the Front End server.

4. Powershell Commands

We need to run some Powershell commands:

The first one enables listening on the Internal Side:  Set-CsWebServer –Identity frontend.internaldomain.com -McxSipPrimaryListeningPort 5086

The next command is for the External Site: Set-CsWebServer –Identity frontend.internaldomain.com -McxSipExternalListeningPort 5087

The Next Command is : Enable-CsTopology –verbose

This next set of commands is to enable push notifications:

Set-CsPushNotificationConfiguration

New-CsHostingProvider –Identity “LyncOnline” –Enabled $True –ProxyFqdn “sipfed.online.lync.com” –VerificationLevel UseSourceVerification

New-CsAllowedDomain –Identity “push.lync.com”

 

The last Powershell Command is to update the Database (I totally forgot about this step thanks to @itommyclarke for reminding me

If you are running Standard server you need to run this command: Install-CsDatabase –Update –LocalDatabases

If your Enterprise SQL Backend is on another server: Install-CsDatabase –Update –ConfiguredDatabases –SqlServerFqdn <SQL Server FQDN>

Lastly if you have the Monitoring and Archiving roles co-located on the same server as your other databases you will need to run this command:

Install-CsDatabase –Update –ConfiguredDatabases –SqlServerFqdn <SQL Server FQDN> –ExcludeCollocatedStores

 

5. File Edits

This is SUPER important.

a. We will start with the ApplicationHost.config file found here :C:WindowsSystem32inetsrvconfig

This I took from Microsoft (link)

  • Use a text editor such as Notepad to open the applicationHost.config file, located at C:WindowsSystem32inetsrvconfigapplicationHost.config.
  • Search for the following:
    &lt;Add name="CSExtMcxAppPool"
  • At the end of the line, before the ending angle bracket (>), type the following:
    CLRConfigFile="C:Program FilesMicrosoft Lync Server 2010Web ComponentsMcxExtAspnet_mcx.config"
  • Search for the following:
    &lt;Add name="CSIntMcxAppPool"
  • At the end of the line, before the ending angle bracket (>), type the following:
    CLRConfigFile="C:Program FilesMicrosoft Lync Server 2010Web ComponentsMcxIntAspnet_mcx.config"

 

b. The next two files we need to check are:

C:Program FilesMicrosoft Lync Server 2010Web ComponentsExternal Websiteweb.config (open with Notepad)

Add this at the end of the file before the <rules> tag

<rule name=”autodiscover rule 1″ enabled=”true” stopProcessing=”true”>

<match url=”(.*)” />

<conditions logicalGrouping=”MatchAll”>

<add input=”{HTTP_HOST}” pattern=”.*lyncdiscover.*” />

<add input=”{REQUEST_URI}” pattern=”Autodiscover/AutodiscoverService.svc/root” negate=”true” />

</conditions>

<action type=”Rewrite” url=”Autodiscover/AutodiscoverService.svc/root” />

</rule>

<rule name=”Client access policy Rule” enabled=”true” stopProcessing=”true”>

<match url=”clientaccesspolicy.xml” />

<action type=”Rewrite” url=”meet/clientaccesspolicy.aspx” />

</rule>

Make sure that you do not have two Client Access Policy rules in the file or it will create Internal Server Errors on your Autodiscover Service.

The Next file is for the internal site: C:Program FilesMicrosoft Lync Server 2010Web ComponentsInternal Website

The code is entered in the exact same place except you need this code:

<rule name=”autodiscover rule 1″ enabled=”true” stopProcessing=”true”>

<match url=”(.*)” />

<conditions logicalGrouping=”MatchAll”>

<add input=”{HTTP_HOST}” pattern=”.*lyncdiscoverinternal.*” />

<add input=”{REQUEST_URI}” pattern=”Autodiscover/AutodiscoverService.svc/root” negate=”true” />

</conditions>

<action type=”Rewrite” url=”Autodiscover/AutodiscoverService.svc/root” />

</rule>

<rule name=”Client access policy Rule” enabled=”true” stopProcessing=”true”>

<match url=”clientaccesspolicy.xml” />

<action type=”Rewrite” url=”meet/clientaccesspolicy.aspx” />

</rule>

Again make sure tha you dont  have two: “<rule name=”Client access policy Rule”….> rules.

If you don’t have these lines in your web.config files it can cause some big problems. I chased .net errors for a good week before I figured out what the problem was.

 

6. Certificates

 

We will start with the Internal Certs

On your FE server. Run the Lync Server Deployment Wizard again.

Choose to Install Lync Server

Run “Request, Install or Assign Certificates

 

Request new Certificates from your internal CA (Ensure that all three certificates are selected)

 

The Mobility and CU4 updates will fill in all the proper Subject Alternative Names (SAN).

Assign the certificates.

The External Certificates

Now Microsoft does not support Wildcard Certificates for UC purposes. We had a Wildcard Cert on our TMG Front End prior to the CU4 updates and it worked fine.

However, with the Mobility updates it did not work. You will need a UCC certificate from your Public Certificate Vendor. The SAN’s that need to be included on the Cert are:

  • meet.publicdomain.com
  • dialin.publicdomain.com
  • lyncdiscover.publicdomain.com

 

7. The Firewall Rules

 

We will need to create a new FW rule for the Lync Discover Service:

On your TMG Firewall Create a Web Site Publishing Rule:

 

Create a rule

 

It’s an Allow Rule

 

Publish a Single Web Site

 

Use SSL

 

Enter the name of your Lync Front End Server

 

Set the Path as /* and Forward the Original Host Header

 

The public DNS name of the autodiscover service: LyncDiscover.PublicDomain.com

 

Use the same Web Listener that you are using for your other Web Components (Meet,Dialin and Addressbook)

image

Set Delegation as:  No delegation, but client may authenticate directly

 

Complete The Rule with the default settings.

Once the rule is created go back and edit it.

On the Bridging Tab. Redirect the ports to 8080 and 4443

 

Click on the Listener Tab and choose properties to Edit the listener

On the Certificates Tab replace the Certificate with the new public certificate you created in Step 5

 

 

Conclusion

Hopefully this helps in your installation of the Lync Mobility features. Cheers.