Pleasant work Hareli Dudaei Microsoft Architect 1
Table of Contents Preliminary knowledge:... 3 Connection... 3 Lync topology Builder... 4 The control panel... 7 users... 8 Enable or Disable Users for Lync Server 2013... 12 Managing Computers in Your Topology... 13 Federation and External Access... 17 Enable or Disable External User Access for Your Organization... 17 Enable or Disable Federation for Your Organization... 19 CALL ADMISSION CONTROL... 22 Enabling Media Bypass... 23 Configuring Location Policy... 24 Configuring Bandwidth Policy Profile... 28 Get-CsMediaConfiguration... 29 New-CsMediaConfiguration... 32 Set-CsMediaConfiguration... 37 Remove-CsMediaConfiguration... 41 Register RMX to Lync 2013... 44 Configure RMX FQDN in the DNS:... 44 Configure RMX static route and trusted application - Power Shell:... 46 Create RMX Certificate:... 47 Setting the RMX for the Lync 2013:... 50 Import RMX Certificate to the RMX... 54 Using Centralized Logging Service in Lync Server 2013... 58 2
PRELIMINARY KNOWLEDGE: Active directory CONNECTION We run mstsc (open the RDP)and remote the server. Enter the IP address and after first connection enter user and password under the right Domain. Welcome to Lync server (Front End) As you can see we run the application server on Windows 2008R2 sp1. Get to start->programs-> Microsoft Lync server 2013 What we have: Control panel (run under https, https://admin.(domain.com)/cscp) must install silver light. 3
The Control panel is a GUI interface that gives you almost everything that you need for Dailey maintenance. Lync server management shell - is Lync power shell. Lync server Topology Builder is Lync topology manager. LYNC TOPOLOGY BUILDER We will start with the topology Builder The Topology Builder -> allocation servers to resources and publish to Lync DB. When we open the TB he will ask us to download the topology from the DB After downloading, we will need to save the topology. 4
5
What we see: Enterprise Pool, the Servers under the Pool. Mediation pool / servers. Edge pool / servers. Trusted application, (RMX etc') SQL servers, File store, and the Office web application servers (WAC). To understand the topology builder please see: http://technet.microsoft.com/en-us/lync/gg430649 6
THE CONTROL PANEL Open the control panel, Enter user and password, (if you get error please contact the system admin) 7
USERS Find users, 8
Enable users Click on enable users You will get the "new Lync server user" Click on add 9
Find user or users 10
Assign users to a pool, Use UPN for the sip address. Telephone, is we want to give the user enterprise voice (Line) And click enable 11
ENABLE OR DISABLE USERS FOR LYNC SERVER 2013 After enabling a user account in Active Directory Users and Computers, you can use the following procedures to enable a new user for Microsoft Lync Server 2013 or disable a previously enabled user account in Lync Server 2013 without losing the Lync Server 2013 settings that you configured for the user account. Because you do not lose the Lync Server 2013 user account settings, you can re-enable a previously enabled user account again without having to reconfigure the user account. To enable a user account for Lync Server 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 3. In the left navigation bar, click Users. 4. In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account that you want to enable, and then click Find. 5. In the table, click the user account that you want to enable. 6. On the Edit menu, click Modify. 7. In Edit Lync Server User, select the Enabled for Lync Server check box, and then click Commit. To disable or re-enable a previously enabled user account for Lync Server 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 3. In the left navigation bar, click Users. 4. In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account that you want to disable or re-enable, and then click Find. 5. In the table, click the user account that you want to disable or re-enable. 6. On the Action menu, do one of the following: To temporarily disable the user account for Lync Server 2013, click Temporarily disable for Lync Server. To enable the user account for Lync Server 2013, click Re-enable for Lync Server. 12
MANAGING COMPUTERS IN YOUR TOPOLOGY Topics in this section provide step-by-step procedures for tasks you can perform using the Topology page in Lync Server Control Panel. View a List of Computers Running Lync Server 2013 You can use Lync Server 2013 Control Panel to view a list of all the computers that are running Lync Server 2013 in your topology and see the service status of each. You can sort the list by computer, pool, or site. To view a list of computers running Lync Server 1. From a user account that is assigned to any of the predefined administrative roles for Lync Server 2013, log on to any computer in your internal deployment. For details about the predefined administrative roles available in Lync Server 2013, see Role-Based Access Control. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 3. In the left navigation bar, click Topology and then click Status. 13
4. On the Status page, do any of the following as needed: Sort the list by clicking the Computer, Pool, or Site column heading, and then clicking the up arrow or the down arrow. Click Refresh to view the most up-to-date list. Search for a specific computer by typing the computer name in the search field. View the Status of Services Running on a Computer You can use Lync Server Control Panel to view all the services that are running on a specific computer in your Lync Server 2013 topology and see the status of each service. To view the status of services running on a computer 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 2. In the left navigation bar, click Topology. 3. On the Status page, sort or search the list as needed to find the computer you are interested in and then click the computer name. 4. Do any of the following: To see the latest status of services running on the computer, click Get service status. To see a list of specific services running on the computer and the status of each service, click Properties and then click Close to return to the list. View Details About a Service You can use Lync Server Control Panel to view details about each service that is running on a specific computer in your topology. You can view the status of each service and details such as the associated databases, ports, and dependent services. To view details for a service 1. From a user account that is assigned to any of the predefined administrative roles for Lync Server 2013, log on to any computer in your internal deployment. For details about the predefined administrative roles available in Lync Server 2013, see Role-Based Access Control. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 3. In the left navigation bar, click Topology and then click Status. 4. In the Status page, sort or search through the list and then click the computer that you want to view. 5. Click Properties. 6. In the View Computer Detail window, sort the list of services, if necessary, and click the 14
service you want to view. 7. Do any of the following as needed: To see the latest status of that specific service, click Get service status. To see the details for that specific service, click Properties and then click Close. To return to the list of all computers in your topology, click Close. Start or Stop Lync Server 2013 Services You can use Lync Server Control Panel to start or stop all the Lync Server 2013 services running on a specific computer or to start or stop a specific Lync Server 2013 service. To start or stop all Lync Server services on a computer 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2013. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, sort or search through the list as needed to find the computer that is running the services you want to start or stop, and then click it. 5. Click Action. 6. Click Start All services or Stop All services. To start or stop a specific service 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, sort or search through the list as needed to find the computer that is running the service you want to start or stop, and then click it. 5. Click Properties. 6. Sort the list of services, if necessary, and click the service you want to start or stop. 7. Click Action. 8. Click Start service or Stop service. 9. Click Close. 15
Prevent Sessions for Services You can use Microsoft Lync Server 2013 Control Panel to prevent new sessions for all the Lync Server 2013 services running on a specific computer or to prevent new sessions for a specific Lync Server 2013 service. To prevent new sessions for all Lync Server services on a computer 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2013. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, sort or search through the list as needed to find the computer that is running the services for which you want to prevent new sessions, and then click it. 5. Click Action. 6. Click Prevent new sessions for all services. To prevent new sessions for a specific service 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2013. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, sort or search through the list as needed to find the computer that is running the service you want to start or stop, and then click it. 5. Click Properties. 6. Sort the list of services, if necessary, and click the service for which you want to prevent new sessions. 7. Click Action. 8. Click Prevent new sessions for service. 9. Click Close. 16
FEDERATION AND EXTERNAL ACCESS ENABLE OR DISABLE EXTERNAL USER ACCESS FOR YOUR ORGANIZATION After deploying one or more Edge Servers, you must enable the specific types of external user access to be supported for your organization. This includes the following types of external user access: Remote user access Enable this if you want users in your organization who are outside your firewall, such as telecommuters and users who are traveling, to be able to connect to Lync Server 2013. Federation Enable this if you want to support access by users of federated partner domains, users of public IM service providers, or both. Anonymous user access Enable this if you want internal users to be able to invite anonymous users to their conferences. 17
Note: In addition to enabling external user access support, you must also configure policies to control the use of external user access in your organization before any type of external user access is available to users. Enable or Disable Remote User Access for Your Organization Remote users are users in your organization who have a persistent Active Directory identity within the organization. Remote users often sign in to Lync Server your network from outside the firewall by using a virtual private network (VPN) when they are not connected internally to your organization s network. Remote users include employees working at home or on the road and other remote workers, such as trusted vendors, who have been granted enterprise credentials. If you enable remote user access for remote users, supported remote users do not have to connect using a VPN in order to collaborate with internal users using Lync Server 2013. To support remote user access, you must enable it. When you enable it, you enable it for your entire organization. If you later want to temporarily or permanently prevent remote user access, you can disable it for your organization. Use the procedure in this section to enable or disable remote user access for your organization. Note: Enabling remote user access only specifies that your servers running the Access Edge service support communications with remote users, but remote users cannot participate in instant messaging (IM) or conferences in your organization until you also configure at least one policy to manage the use of remote user access To enable or disable remote user access for your organization 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, and then click Access Edge Configuration. 4. On the Access Edge Configuration page, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, do one of the following: To enable remote user access for your organization, select the Enable remote user access check box. To disable remote user access for your organization, clear the Enable remote user access check box. 6. Click Commit. To enable remote users to sign in to your servers running Lync Server 2013, you must also 18
configure at least one external access policy to support remote user access. ENABLE OR DISABLE FEDERATION FOR YOUR ORGANIZATION Support for federation is required to enable users who have an account with a trusted customer or partner organization, including partner domains and users of public instant messaging (IM) provider users that you support, to collaborate with users in your organization. Federation is also required to use a hosted Exchange service provider to provide voice mail to Enterprise Voice users whose mailboxes are located on a hosted Exchange service such as Microsoft Exchange Online. When you have established a trust relationship with such external domains, you can authorize users in those domains to access your deployment and participate in Lync Server communications. This trust relationship is called federation and it is not related to or dependent upon an Active Directory trust relationship. To support access by users of federated domains, you must enable federation. If you enable federation for your organization, you must also specify whether to implement the following options: Enable partner domain discovery. If you enable this option, Lync Server 2013 uses Domain Name System (DNS) records to try to discover domains not listed in the allowed domains list, automatically evaluating incoming traffic from discovered federated partners and limiting or blocking that traffic based on trust level, amount of traffic, and administrator settings. If you do not select this option, federated user access is enabled only for users in the domains that you include on the allowed domains list. Whether or not you select this option, you can specify that individual domains to be blocked or allowed, including restricting access to specific servers running the Access Edge service in the federated domain. Send an archiving disclaimer to federated partners to advise them that communications are recorded. If you support archiving of external communications with federated partner domains, you should enable the archiving disclaimer notification to warn partners that their messages are being archived. If you later want to temporarily or permanently prevent access by users of federated domains, you can disable federation for your organization. Use the procedure in this section to enable or disable federated user access for your organization, including specifying the appropriate federation options to be supported for your organization. Note: Enabling federation for your organization only specifies that your servers running the Access Edge service support routing to federated domains. Users in federated domains cannot participate in IM or conferences in your organization until you also configure at least one policy to support federated user access. Users of public IM service providers cannot participate in IM or conferences in your organization until you also configure at least one policy to support public IM connectivity. Lync Server cannot use a hosted Exchange service to provide call answering, Outlook Voice Access (including voice mail), or auto-attendant services for users whose mailboxes are located on a hosted Exchange service until you configure a hosted voice mail policy that provides routing information. For details about configuring policies for communication with users of federated domains in other organizations, see Manage Federated Partner User Access in the Deployment documentation or the Operations documentation. Additionally, if you 19
want to support communication with users of IM service providers, you must configure policies to support it and also configure support for the individual service providers that you want to support. To enable or disable federated user access for your organization 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click External User Access, and then click Access Edge Configuration. 4. On the Access Edge Configuration page, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, do one of the following: To enable federated user access for your organization, select the Enable communications with federated users check box. To disable federated user access for your organization, clear the Enable communications with federated users check box. 6. If you selected the Enable communications with federated users check box, do the following: a. If you want to support automatic discovery of partner domains, select the Enable partner domain discovery check box. b. If your organization supports archiving of external communications, select the Send archiving disclaimer to federated partners check box. 7. Click Commit. To enable federated users to collaborate with users in your Lync Server 2013 deployment, you must also configure at least one external access policy to support federated user access. For details, see Manage Federated Partner User Access in the Deployment documentation or the Operations documentation. Enable or Disable Anonymous User Access for Your Organization Anonymous users are users who do not have a user account in your organization's Active Directory Domain Services (AD DS) or in a supported federated domain, can be invited to participate remotely in an on-premises conference. By allowing anonymous participation in meetings you enable anonymous users (that is, users whose identity is verified through the meeting or conference key only) to join meetings. Allowing anonymous participation requires enabling it for your organization. If you later want to temporarily or permanently prevent access by anonymous users, you can disable it for your organization. Use the procedure in this section to enable or disable anonymous user access for your organization. 20
Note: Enabling anonymous user access for your organization only specifies that your servers running the Access Edge service support access by anonymous users. Anonymous users cannot participate in any meetings in your organization until you also configure at least one conferencing policy and apply it to one or more users or user groups. The only users that can invite anonymous users to meetings are those users that are assigned a conferencing policy that is configured to support anonymous users. To enable or disable anonymous user access for your organization 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click External User Access, and then click Access Edge Configuration. 4. On the Access Edge Configuration page, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, do one of the following: To enable anonymous user access for your organization, select the Enable communications with anonymous users check box. To disable anonymous user access for your organization, clear the Enable communications with anonymous users check box. 6. Click Commit. To enable anonymous users to participate in conferences hosted by users in your Lync Server 2013 deployment, you must also configure and assign at least one conferencing policy to support anonymous users. 21
CALL ADMISSION CONTROL Enabling Call Admission Control Call admission control (CAC) is a network of regions, sites, and subnets that enable you to place restrictions on audio and video transmissions based on available bandwidth. After you configure the CAC network, you must enable CAC to enforce the bandwidth limitations. You can use Lync Server Control Panel to do this. 22
To enable CAC from Lync Server Control Panel 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click Network Configuration and then click Global. 4. On the Global page, click the Global configuration. Note: Only one network can be configured for any Microsoft Lync Server 2013 deployment, so there will never be more than one network configuration in the list. You cannot rename the Global configuration. 5. On the Edit menu, click Show details. 6. On the Edit Global Setting page, select the Enable call admission control check box, and then click Commit. When you click Commit, you run a test of the configuration. The Edit Global Settings dialog box closes, returning you to the Global page. You will receive a warning if any errors or inconsistencies are discovered in your network configuration that will prevent it from working correctly (for example, if every region is not connected to every other region through an interregion route). If you make changes to your network configuration, you can run the validation check again by opening the Global configuration and clicking Commit. You do not need to disable CAC first: leave the check box checked and click Commit. You can do this at any time without making any configuration changes. See Also Call Admission Control Overview of Call Admission Control Configure Call Admission Control Get-CsNetworkConfiguration Set-CsNetworkConfiguration Remove-CsNetworkConfiguration ENABLING MEDIA BYPASS Media bypass settings apply globally across a Microsoft Lync Server 2013 deployment. Media bypass allows calls to bypass the Mediation Server. For details about when to use Media bypass, see Media Bypass in the Planning section. You can enable and configure media bypass from the Lync Server Control Panel. 23
To enable and configure media bypass 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click Network Configuration and then click Global. 4. On the Global page, click the Global configuration. There is always only one configuration, and it is always named Global. 5. On the Edit menu, click View details. 6. On the Edit Global Setting page, click the Enable media bypass check box. 7. Select one of the following options: Always bypass Select this option to attempt media bypass on all calls. This option will be unavailable if call admission control (CAC) is enabled. If CAC is not enabled, select this option in the following situations: There is no need for bandwidth control. There is no need for fine-grained configuration to determine when bypass should happen. There is full connectivity between gateways and clients. Use sites and region configuration If CAC is enabled, this option is selected by default and cannot be changed. When this option is selected, network configuration sites and regions will be used to determine when media bypass is possible. If you select this option, you can choose to enable bypass for sites that are not mapped. Click the Enable bypass for non-mapped sites check box only if you have one or more large sites associated with the same region that do not have bandwidth constraints (for example, a large central site) and you also have some branch sites associated with the same region that do have bandwidth constraints. When you enable bypass for non-mapped sites, configuration is streamlined because you specify only the subnets associated with the branch sites rather than needing to specify all subnets associated with all sites. We recommend that you do not select the Enable bypass for non-mapped sites check box if CAC is enabled. 8. Click Commit to save your changes. See Also Global Media Bypass Options Media Bypass CONFIGURING LOCATION POLICY The location policy is used to apply settings that relate to Enhanced 9-1-1 (E9-1-1) functionality and to location settings for users or contacts. The location policy determines whether a user is enabled for E9-1- 1, and if so what the behavior is of an emergency call. For example, you can use the location policy to define what number constitutes an emergency call (911 in the United States), whether corporate security should be automatically notified, and how the call should be routed. 24
You can configure location policies from the Network Configuration group in Lync Server Control Panel. From the Lync Server Control Panel you can view, create, modify, or delete location policies. To view location policies 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click Network Configuration and then click Location Policy. A single policy, called Global, exists by default and cannot be deleted or renamed. However, you can modify the Global policy. This policy will apply to all users and contacts, unless you create site policies or per-user policies. Per-user policies must be applied to specific users. To create a new location policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click Network Configuration and then click Location Policy. 4. On the Location Policy page, click New and then select the type of policy you want to create: To create a site policy, click Site policy. In Select a Site, choose the site to which you want the policy applied and click OK. On the New Location Policy page, the Scope field contains the value Site, and the Name field contains the name of the site you chose. You cannot modify either of these fields. A site policy is automatically applied to all users on the specified site and overrides the global policy for those users. To create a User policy, click User policy. In the New Location Policy, the Scope field contains the value User. You cannot modify this value. In the Name field, type the name you want to give this policy. A user policy does not automatically apply to any users. After creating the user policy, you must manually grant the policy to the users or network sites to which you want to policy to apply. 5. Fill in the remaining fields as follows: Enable enhanced emergency services Select this check box to enable the users associated with this policy for E9-1-1. When emergency services are enabled, Microsoft Lync Server 2013 clients will retrieve location information on registration and include that information when an emergency call is made. Location Specify one of the following values: Required The user will be prompted to input location information when the client registers at a new location. The user can dismiss the prompt without entering any information. If information is entered, an emergency call will first be answered by the emergency services provider to verify the location before being routed to the Public Safety Answering Point (PSAP) operator (that is, the 911 operator). Not Required The user will not be prompted for a location. When a call is made with no 25
location information, the emergency services provider will answer the call and ask for a location. Disclaimer This option is the same as Required except that the user cannot dismiss the prompt without entering location information. The user can still complete an emergency call, but no other calls can be completed without entering the information. In addition, disclaimer text will be displayed to the user that can alert them to the consequences of declining to enter location information. To set the disclaimer text, you must run the Set- CsEnhancedEmergencyServiceDisclaimer cmdlet at command line by using the Lync Server Management Shell. For details, see Set-CsEnhancedEmergencyServiceDisclaimer in the Lync Server Management Shell documentation. Use location for emergency services only Location information can be used by the Microsoft Lync 2013 client for various reasons (for example, to notify teammates of your current location). Select this check box to ensure location information is available only for use with an emergency call. PSTN usage The public switched telephone network (PSTN) usage that will be used to determine which voice route will be used to route emergency calls from clients using this profile. The route associated with this usage should point to a SIP trunk dedicated to emergency calls. Emergency dial number The number that is dialed to reach emergency services. In the United States this value is 911. The string must be made of the digits 0 through 9 and can be from 1 to 10 digits in length. Emergency dial mask A number that you want to translate into the value of the emergency dial number value when it is dialed. For example, if you enter a value of 212 in this field and the emergency dial number field has a value of 911, if a user dials 212 the call will be made to 911. This allows for alternate emergency numbers to be dialed and still have the call reach emergency services (for example, if someone from a country or region with a different emergency number attempts to dial that country or region s number rather than the number for the country or region they are currently in). You can define multiple emergency dial masks by separating the values with semicolons. For example, 212;414. Maximum length of the string is 100 characters. Each character must be a digit 0 through 9. Important: Ensure that the specified dial mask value is not the same as a number in a call park orbit range. Call park routing will take precedence over emergency dial string conversion. To see the existing call park orbit ranges, click Voice Features in the left navigation bar and then click Call Park. For details, see Configure Phone Number Extensions for Parking Calls. Notification URI One or more SIP Uniform Resource Identifiers (URIs) to be notified when an emergency call is made. For example, the company security office could be notified through an instant message whenever an emergency call is made. If the caller s location is available that location will be included in the notification. Multiple SIP URIs can be included as a comma-separated list. For example, "sip:security@litwareinc.com","sip:kmyer@litwareinc.com". Keep in mind that distribution lists and group URIs are not supported. The string must be from 1 to 256 characters in length and must begin with the prefix "sip:". Before you click in the Notification URI field an 26
example is displayed. Conference URI The SIP URI, in this case the telephone number, of a third party that will be conferenced in to any emergency calls that are made. For example, the company security office could receive a call when an emergency call is made and listen in or participate in that call (depending on the value supplied in the Conference mode field). The string must be from 1 to 256 characters in length and must begin with the prefix sip:. An example is displayed until you click inside this field. Conference mode If you specify a value in the Conference URI field, the Conference mode determines whether a third party can participate in the call or can only listen in. Specify one of the following options: One-way A third party can only listen to the conversation between the caller and the PSAP operator. Two-way A third party can listen in and participate in the call between the caller and the PSAP operator. 6. Click Commit. Important When you create a user policy, initially that policy does not apply to any users or network sites. To apply the policy to a user, click Users in the left navigation bar. Find the user to which you want to apply the policy. On the Edit menu, click Show details. On the Edit Lync Server User page, select the new location policy from the Location policy drop-down list and then click Commit. To apply the policy to a network site, click Network Configuration in the left navigation bar and then click Site. Find the network site to which you want to apply the policy. On the Edit menu, click Show details. In Edit Site, select the new location policy from the Location policy dropdown list and then click Commit. To modify a location policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click Network Configuration and then click Location Policy. 4. On the Location Policy page, select the location policy that you want to modify. 5. On the Edit menu, click Show details. 6. On the Edit Location Policy page, modify the fields as necessary (for details, see Step 5 in the "To create a new location policy" procedures earlier in this topic). 7. Click Commit. To delete a location policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in 27
your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click Network Configuration and then click Location Policy. 4. On the Location Policy page, select the location policy that you want to delete. Note: You can delete more than one location policy at a time. To do this, press CTRL and select multiple policies while holding down the CTRL key. Or, to select all policies, click Select all on the Edit menu. 5. On the Edit menu, click Delete. 6. Click OK. See Also Important: You cannot delete the Global location policy. If you attempt to delete the Global policy you will receive a warning message and that policy will be reset to its default values. Create Location Policies Create or Modify a Network Site New-CsLocationPolicy Set-CsLocationPolicy Remove-CsLocationPolicy Get-CsLocationPolicy CONFIGURING BANDWIDTH POLICY PROFILE As part of call admission control (CAC), a bandwidth policy is used to define bandwidth limitations for certain modalities. In Microsoft Lync Server 2013, only audio and video modalities can be assigned bandwidth limitations. You can set overall bandwidth limitations and session limitations. You can use the Lync Server Control Panel to create or modify a container profile for these policies. Each bandwidth policy profile can be associated with one or more network sites. To create a new bandwidth policy profile 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click Network Configuration and then click Policy Profile. 4. On the Policy Profile page, click New. 5. In New Bandwidth Policy Profile, type a name in the Name field. This name must be unique among all bandwidth policy profiles. 28
6. In the Audio limit field, type a numeric value. This value is the maximum amount of bandwidth to allocate for all audio connections, expressed in kbps. 7. Enter a numeric value in the Audio session limit field. This value is the maximum amount of bandwidth to allocate for an individual audio connection, expressed in kbps. This value must be 40 or higher. 8. Enter a numeric value in the Video limit field. This value is the maximum amount of bandwidth to allocate for all video connections, expressed in kbps. 9. Enter a numeric value in the Video session limit field. This value is the maximum amount of bandwidth to allocate for an individual video connection, expressed in kbps. This value must be 100 or higher. 10. (Optional) Type a value in the Description field to provide more information about this bandwidth policy profile that cannot be expressed by the name alone. 11. Click Commit. Note: Creating a new bandwidth policy profile does not automatically enforce bandwidth restrictions. You must first associate the policy profile with a site. To modify a bandwidth policy profile 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. 3. In the left navigation bar, click Network Configuration and then click Policy Profile. 4. On the Policy Profile page, click the bandwidth policy profile that you want to modify. 5. On the Edit menu, click Show details. 6. On the Edit Bandwidth Policy Profile page, modify the fields as necessary (for details, see the "To create a bandwidth policy profile" section earlier in this topic). 7. Click Commit. Note: When you modify the bandwidth policy profile, it will immediately update the bandwidth limitations of all network sites associated with this bandwidth policy profile. GET-CSMEDIACONFIGURATION Returns information regarding media settings, including the supported level of encryption, whether Siren can be used as a voice codec by the Mediation Server in its interactions with Microsoft Lync 2013 clients, and the maximum allowed video resolution. 29
Syntax rameter>] Get-CsMediaConfiguration [-Identity <XdsIdentity>] [-LocalStore <SwitchPa >] Get-CsMediaConfiguration [-Filter <String>] [-LocalStore <SwitchParameter Detailed Description This cmdlet retrieves one or more collections of settings that define media interactions. Who can run this cmdlet: By default, members of the following groups are authorized to run the Get- CsMediaConfiguration cmdlet locally: RTCUniversalUserAdmins, RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole Where-Object {$_.Cmdlets match "Get-CsMediaConfiguration"} Parameters Parameter Required Type Description Identity Optional XdsIdentity The unique identifier of the media configuration you want to retrieve. This identifier specifies the scope at which this configuration is applied (global, site, or service). Filter Optional String This parameter filters the results of the Get operation based on the wildcard value passed to 30
this parameter. LocalStore Optional SwitchParameter Retrieves the media configuration information from the local replica of the Central Management store, rather than from the Central Management store itself. Input Types None. Return Types Get-CsMediaConfiguration returns instances of the Microsoft.Rtc.Management.WritableConfig.Settings.Media.MediaSettings object. Example -------------------------- Example 1 -------------------------- Get-CsMediaConfiguration Example 1 returns all the media configurations in use in your organization; this is done simply by invoking the cmdlet Get-CsMediaConfiguration without any additional parameters. -------------------------- Example 2 -------------------------- Get-CsMediaConfiguration -Identity site:redmond1 The preceding example returns only the media configuration that has the Identity site:redmond1. Because identities must be unique, specifying an Identity ensures that you will never retrieve more than one item. -------------------------- Example 3 -------------------------- Get-CsMediaConfiguration -Filter site:* In Example 3, the Filter parameter is used to return all the media configurations at the site scope. The wildcard string site:* ensures that Windows PowerShell will return only those media configurations that have identities beginning with the string value site:. -------------------------- Example 4 -------------------------- 31
Get-CsMediaConfiguration Where-Object {$_.EncryptionLevel -eq "SupportEncryption"} In this example, Get-CsMediaConfiguration and Where-Object are used to return all the media configurations that support (but do not require) encryption. To do this, the command first uses Get- CsMediaConfiguration to retrieve all the media configurations in use in your organization. This information is then piped to the Where-Object cmdlet, which applies a filter that restricts the returned data to those configurations where the EncryptionLevel property is equal to (-eq) SupportEncryption. -------------------------- Example 5 -------------------------- Get-CsMediaConfiguration -Filter *:*med* This example retrieves all media configurations defined for sites and services with names that contain the string "med". For example, this command will retrieve media configuration settings defined for the site medford1, the site TwoMedfordPlace, and the service MediationServer:redmond.litwareinc.com. NEW-CSMEDIACONFIGURATION Creates a new collection of media settings. These settings can be used to specify such things as the supported level of encryption and the maximum allowed video resolution. Syntax New-CsMediaConfiguration -Identity <XdsIdentity> [-Confirm [<SwitchParame ter>]] [-EnableQoS <$true $false>] [-EnableSiren <$true $false>] [-EncryptionLeve l <SupportEncryption RequireEncryption DoNotSupportEncryption>] [-Force <SwitchPa rameter>] [-InMemory <SwitchParameter>] [-MaxVideoRateAllowed <CIF250K VGA600K Hd 720p15M>] [-WhatIf [<SwitchParameter>]] Detailed Description This cmdlet creates a new collection of settings that define behaviors for specific media actions. Who can run this cmdlet: By default, members of the following groups are authorized to run the New-CsMediaConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: 32
Get-CsAdminRole Where-Object {$_.Cmdlets match "New-CsMediaConfiguration"} Parameters Parameter Required Type Description Identity Required XdsIdentity A unique identifier specifying the scope at which this configuration is applied (site or service). A configuration at the site scope would be entered as site:<site name>, such as site:redmond. A service would be entered as <server role>:<fqdn>, such as MediationServer:pool0.litwareinc.com. A media configuration at the global scope will always exist and cannot be removed, so a new global configuration cannot be created. Media configurations created at the service scope can be created only for the A/V Conferencing service, Mediation Server, and Application Server. EnableQoS Optional Boolean QoS monitors the quality of voice signals over a network. Default: False EnableSiren Optional Boolean By default, the Mediation Server does not negotiate Siren as a possible codec for calls between itself and other Microsoft Lync 2013 clients. If this setting is True, Siren will be included as a possible codec for use between the Mediation Server and other Lync 2013 clients. Default: False 33
EncryptionLevel Optional EncryptionLevel The level of encryption between Unified Communications entities. Valid values: SupportEncryption - secure real-time transport protocol (SRTP) will be used if it can be negotiated. RequireEncryption - SRTP must be negotiated. DoNotSupportEncryption - SRTP must not be used. Default: RequireEncryption MaxVideoRateAllowed Optional MaxVideoRateAllowed The maximum rate at which video signals will be transferred at the client endpoints. Valid values: Hd720p15M, VGA600K, CIF250K Hd720p15M - High definition, with a resolution of 1280 x 720 and aspect ratio 16:9. VGA600K - VGA, with a resolution of 640 x 480, 25 fps with the aspect ratio 4:3. CIF250K - Common Intermediate Format (CIF) video format, 15 fps with a resolution of 352 x 288. Note that these values are not case sensitive; values will be converted to appropriate casing when the configuration is created. Default: VGA600K Force Optional SwitchParameter Suppresses any confirmation prompts that would otherwise be displayed before making changes. InMemory Optional SwitchParameter Creates an object reference without actually committing the object as a 34
permanent change. If you assign the output of this cmdlet called with this parameter to a variable, you can make changes to the properties of the object reference and then commit those changes by calling this cmdlet s matching Set- cmdlet. WhatIf Optional SwitchParameter Describes what would happen if you executed the command without actually executing the command. Confirm Optional SwitchParameter Prompts you for confirmation before executing the command. Input Types None. Return Types Creates an object of type Microsoft.Rtc.Management.WritableConfig.Settings.Media.MediaSettings. Example -------------------------- Example 1 -------------------------- New-CsMediaConfiguration -Identity site:redmond1 -EncryptionLevel RequireEncryption Example 1 uses New-CsMediaConfiguration to create a new media configuration with the Identity site:redmond1. This new configuration requires both parties involved in a multimedia conversation to use encryption. That requirement is put in place by adding the EncryptionLevel parameter and setting the parameter value to RequireEncryption. -------------------------- Example 2 -------------------------- New-CsMediaConfiguration -Identity MediationServer:pool0.litwareinc.com -EnableSiren $True 35
This example uses New-CsMediaConfiguration to create a new media configuration with the Identity MediationServer:pool0.litwareinc.com. This new configuration will have an EnableSiren value of True, which means that Siren is enabled for calls involving this Mediation Server. 36
SET-CSMEDIACONFIGURATION Modifies an existing collection of media settings. Syntax Set-CsMediaConfiguration [-Identity <XdsIdentity>] [-Confirm [<SwitchPara meter>]] [-EnableQoS <$true $false>] [-EnableSiren <$true $false>] [-EncryptionLe vel <SupportEncryption RequireEncryption DoNotSupportEncryption>] [-Force <Switch Parameter>] [-MaxVideoRateAllowed <CIF250K VGA600K Hd720p15M>] [-WhatIf [<SwitchP arameter>]] Set-CsMediaConfiguration [-Confirm [<SwitchParameter>]] [-EnableQoS <$tru e $false>] [-EnableSiren <$true $false>] [-EncryptionLevel <SupportEncryption R equireencryption DoNotSupportEncryption>] [-Force <SwitchParameter>] [-Instance <PS Object>] [-MaxVideoRateAllowed <CIF250K VGA600K Hd720p15M>] [-WhatIf [<SwitchPara meter>]] Detailed Description This cmdlet modifies a collection of settings that define media configuration. These actions relate to audio and video calls between client endpoints. Who can run this cmdlet: By default, members of the following groups are authorized to run the Set- CsMediaConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole Where-Object {$_.Cmdlets match "Set-CsMediaConfiguration"} Parameters 37
Parameter Required Type Description Identity Optional XdsIdentity The unique identifier of the media configuration settings you want to change. This identifier specifies the scope at which this configuration is applied (global, site, or service). Instance Optional MediaSettings An instance of the Microsoft.Rtc.Management.Wri tableconfig.settings.media.me diasettings object. You can retrieve this object by calling Get- CsMediaConfiguration with a specific Identity. You can then assign new values to the properties of that object, and then save those changes by passing the object to Set- CsMediaConfiguration. EnableQoS Optional Boolean QoS monitors the quality of voice signals over a network. EnableSiren Optional Boolean By default, the Mediation Server does not negotiate Siren as a possible codec for calls between itself and other Microsoft Lync 2013 clients. If this setting is True, Siren will be included as a possible codec for use between the Mediation Server and other Lync 2013 clients. EncryptionLevel Optional EncryptionLevel The level of encryption between Unified Communications entities. Valid values: SupportEncryption - secure real-time transport protocol 38
(SRTP) will be used if it can be negotiated. RequireEncryption - SRTP must be negotiated. DoNotSupportEncryption - SRTP must not be used. This value is not case sensitive. (For details, see the Examples in this topic.) Default: RequireEncryption MaxVideoRateAllowed Optional MaxVideoRateAllowed The maximum rate at which video signals will be transferred at the client endpoints. Valid values: Hd720p15M, VGA600K, CIF250K Hd720p15M - High definition, with a resolution of 1280 x 720 and aspect ratio 16:9. VGA600K - VGA, with a resolution of 640 x 480, 25 fps with the aspect ratio 4:3. CIF250K - Common Intermediate Format (CIF) video format, 15 fps with a resolution of 352 x 288. Note that these values are not case sensitive; values will be converted to appropriate casing when the configuration is created. (For details, see the Examples in this topic.) Default: VGA600K Force Optional SwitchParameter Suppresses any confirmation prompts that would otherwise be displayed before making changes. 39
WhatIf Optional SwitchParameter Describes what would happen if you executed the command without actually executing the command. Confirm Optional SwitchParameter Prompts you for confirmation before executing the command. Input Types Microsoft.Rtc.Management.WritableConfig.Settings.Media.MediaSettings object. Accepts pipelined input of media configuration objects. Return Types Set-CsMediaConfiguration does not return a value or object. Instead, the cmdlet configures instances of the Microsoft.Rtc.Management.WritableConfig.Settings.Media.MediaSettings object. Example -------------------------- Example 1 -------------------------- Set-CsMediaConfiguration -Identity site:redmond1 -MaxVideoRateAllowed hd720p15m The example shown above modifies the media configuration collection with the Identity site:redmond1; in particular, the command sets the value of the MaxVideoRateAllowed property to Hd720p15M. Note that the value passed to the MaxVideoRateAllowed parameter must be one of the values specified in the parameter description. Also note that the values are not case sensitive; the value entered here as hd720p15m will be automatically converted to the appropriate casing (in this instance, to Hd720p15M). -------------------------- Example 2 -------------------------- Set-CsMediaConfiguration site:redmond1 -EncryptionLevel donotsupportencryption This example modifies the media configuration collection with the Identity site:redmond1 to have an EncryptionLevel value of DoNotSupportEncryption. Note that this value is not case sensitive; the value was entered as donotsupportencryption, but that value will be accepted as a valid value and will be automatically changed to mixed case (DoNotSupportEncryption). 40
REMOVE-CSMEDIACONFIGURATION Removes the specified collection of media configuration settings Syntax Remove-CsMediaConfiguration -Identity <XdsIdentity> [-Confirm [<SwitchPar ameter>]] [-Force <SwitchParameter>] [-WhatIf [<SwitchParameter>]] Detailed Description This cmdlet removes a collection of media settings. These settings relate to audio and video calls between client endpoints. This cmdlet can also be used to remove the global media settings. In that case, however, the settings will not actually be removed; instead, they will simply be reset to their default values. Who can run this cmdlet: By default, members of the following groups are authorized to run the Remove- CsMediaConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole Where-Object {$_.Cmdlets match "Remove-CsMediaConfiguration"} Parameters Parameter Required Type Description Identity Required XdsIdentity The unique identifier of the media configuration settings you want to remove. This identifier specifies the scope at which this configuration is applied (global, site, or service). 41
Force Optional SwitchParameter Suppresses any confirmation prompts that would otherwise be displayed before making changes. WhatIf Optional SwitchParameter Describes what would happen if you executed the command without actually executing the command. Confirm Optional SwitchParameter Prompts you for confirmation before executing the command. Input Types Microsoft.Rtc.Management.WritableConfig.Settings.Media.MediaSettings object. Accepts pipelined input of media configuration objects. Return Types Removes an object of type Microsoft.Rtc.Management.WritableConfig.Settings.Media.MediaSettings. Example -------------------------- Example 1 -------------------------- Remove-CsMediaConfiguration -Identity site:redmond1 In Example 1, Remove-CsMediaConfiguration is used to delete the media configuration collection with the Identity site:redmond1. When media settings are removed from the site scope, that site will automatically begin to use the global media settings. -------------------------- Example 2 -------------------------- Get-CsMediaConfiguration Where-Object {$_.EncryptionLevel -eq "RequireEncryption"} Remove-CsMediaConfiguration In the preceding example, three cmdlets--get-csmediaconfiguration, Where-Object, and Remove- CsMediaConfiguration--are used to remove all the media configuration collections where encryption is required of all parties involved in the conversation. To do this,get-csmediaconfiguration is first used to return all the media configuration collections in the organization. That information is then piped to Where-Object, which applies a filter that restricts the pipeline data to those collections where the 42
EncryptionLevel property is equal to (-eq) RequireEncryption. Finally, that filtered set of data is passed to Remove-CsMediaConfiguration, which deletes each item in the set. -------------------------- Example 3 -------------------------- Get-CsMediaConfiguration -Filter service:* Remove-CsMediaConfiguration In this example all media configurations defined at the service scope (meaning the configuration applies to a specific service) are removed. This is accomplished by first calling Get-CsMediaConfiguration using the Filter service:*. This filter retrieves all media configuration collections with an Identity starting with service, which means all collections at the service scope. That set of collections is then piped the Remove- CsMediaConfiguration, which removes them all. 43
REGISTER RMX TO LYNC 2013 The domain name / Servers Name and the rmx name is Example DO NOT USE IT! Step by Step CONFIGURE RMX FQDN IN THE DNS: 1. Connect to DNS server, Open DNS console, and expand forward lookup zones, right click on Zone: "your domain" and select New Host (A or AAAA). 44
2. Create new host (A or AAAA). Add RMX name and Signaling IP address. And click on Add Host when finished. 45
CONFIGURE RMX STATIC ROUTE AND TRUSTED APPLICATION - POWER SHELL: 1. Connect to Lync FrontEnd server, Go to Start->All programs->microsoft Lync Server 2013 and open Lync server management Shell. First command: $route = New-CsStaticRoute -TLSRoute -destination " RMX FQDN " -port 5061 - matchuri " RMX FQDN " -usedefaultcert $true *Where RMX FQDN is your RMX name. 46
Second command: Set-CsStaticRoutingConfiguration -identity global -route @{Add=$route} To check your static route configuration write in shell the following command: Get-CsStaticRoutingConfiguration 2. Then you need to create trusted application pool and trusted application use the following command: New-CsTrustedApplicationPool -Identity RMX FQDN -Registrar Registrar:lync2013.ilw14.polycom.eng -site 1 -ComputerFqdn RMX FQDN - ThrottleAsServer $true -TreatAsAuthenticated $true Enter YES. To add trusted application, add the following command: New-CsTrustedApplication -ApplicationId VideoProxy4 -TrustedApplicationPoolFqdn RMX FQDN -Port 5061 ApplicationId is the name of the application. This must be a string that is unique within the pool that is specified in the "TrustedApplicationPoolFqdn" parameter. "TrustedApplicationPoolFqdn" the FQDN of the trusted application pool on which the application will reside. To enable your changes, write the following command: Enable-CsTopology CREATE RMX CERTIFICATE: 1. To create certificate for RMX do the following steps. 1.1. Write in shell command: Request-CsCertificate -New -Type Default -KeyAlg RSA -CA Your CA server -City City -State State -ComputerFqdn RMX FQDN -Country IL -DomainName your domain -FriendlyName RMX FQDN -Organization 'Polycom ' - PrivateKeyExportable $true 1.2. To export certificate, click on start-> Administrative Tools-> Internet Information Services (IIS) Manager. 47
Click on Server Certificates You will get list of certificates, right click and Export. 48
Chose file location, set password, and click OK. Enter password: <your password> Create file by name certpassword.txt that contain only the password. 49
SETTING THE RMX FOR THE LYNC 2013: Open browser and enter the RMX IP User name <Your User> and the password <your password> Enter the RMX 50
On the left panel expand with by clicking the arrow, 51
Click on IP Network Services 52
Click on Management Network Click on DNS Enter the values: Name (as in the DNS) Local Domain Name: <your.domain> DNS Servers: Primary <ip> Secondary <ip> and click OK 53
IMPORT RMX CERTIFICATE TO THE RMX Click on IP Network Service Go to SIP Servers, and enter the values Certificate: Change to TLS Change the Certificate Method to PEM/PFX and load the "rmxxxx.pfx, certpassword.txt" file, by click on "Send Certificate" certpassword.txt 54
55
Change "Server IP Address Name"& "Server IP Address or Name" to the real one <XXX.XXX.XXX.XXX> Change "Port" to 5061 Change "Server Domain Name" to the domain <Domain.com> Restart the RMX 56
After the rmx is up, check the connection by entering the rmx and go to: Signalling Monitor->IP Network Service-> SIP Servers: You need to get Status OK. 57