Deploying Mobility
When you deploy the Lync Server 2010 mobility feature, mobile users can use supported mobile devices for Lync functionality such as instant messaging (IM), presence, and contacts.
To deploy the mobility feature, you must deploy cumulative update for Lync Server 2010: November 2011. For details about requirements for deploying the mobility feature, see Planning for Mobility.
This section guides you through the steps for deploying and verifying the mobility and automatic discovery features available with cumulative update for Lync Server 2010: November 2011.
In This Section
· Creating DNS Records for the Autodiscover Service
· Installing Cumulative Update for Lync Server 2010: November 2011
· Setting Internal Server Ports for Mobility
· Installing the Mobility and Autodiscover Services
· Modifying Certificates for Mobility
· Configuring the Reverse Proxy for Mobility
· Verifying Your Mobility Deployment
· Configuring for Push Notifications
· Configuring Mobility Policy
Creating DNS Records for the Autodiscover Service
To support autodiscovery for Lync Server 2010 mobile users, you need to create the following Domain Name System (DNS) records:
· An internal DNS record to support mobile users who connect from within your organization's network
· An external, or public, DNS record to support mobile users who connect from the Internet
You must create an internal DNS record and an external DNS record for each SIP domain.
The DNS records can be either A (host) records or CNAME records. The following procedures describe how to create internal and external DNS records. For more details about the DNS requirements for mobile users, see Technical Requirements for Mobility.
To create DNS CNAME records
|
1. Log on to a DNS server as follows:
· To create an internal DNS record, log on to a DNS server in your network as a member of the Domain Admins group or a member of the DnsAdmins group.
· To create an external DNS record, connect to your public DNS provider.
2. Open the DNS administrative snap-in: Click Start, click Administrative Tools, and then click DNS.
3. Do one of the following:
· For an internal DNS record, in the console tree of the DNS server, expand Forward Lookup Zones for your Active Directory domain (for example, contoso.local).
Note:
This domain is the Active Directory domain where your Lync Server Director pool and Front End pool are installed.
· For an external DNS record, in the console tree of the DNS server, expand Forward Lookup Zones for your SIP domain (for example, contoso.com).
4. Verify that a host A record exists for your Director pool as follows:
· For an internal DNS record, a host A record should exist for the internal Web Services fully qualified domain name (FQDN) for your Director pool (for example, lyncwebdir01.contoso.local).
· For an external DNS record, a host A record should exist for the external web services FQDN for your Director pool (for example, lyncwebextdir.contoso.com).
5. Verify that a host A record exists for your Front End pool as follows:
· For an internal DNS record, a host A record should exist for the internal Web Services FQDN for your Front End pool (for example, lyncwebpool01.contoso.local).
· For an external DNS record, a host A record should exist for the external Web Services FQDN for your Front End pool (for example, lyncwebextpool01.contoso.com).
6. For an internal DNS record, in the console tree of your DNS server, expand Forward Lookup Zones for your SIP domain (for example, contoso.com).
Note:
If you are creating an external DNS record, Forward Lookup Zones is already expanded for your SIP domain from step 3.
7. Right-click the SIP domain name, and then click New Alias (CNAME).
8. In Alias name, type one of the following:
· For an internal DNS record, type lyncdiscoverinternal as the host name for the internal Autodiscover Service URL.
· For an external DNS record, type lyncdiscover as the host name for the external Autodiscover Service URL.
9. IFully qualified domain name (FQDN) for target host, do one of the following:
n
· For an internal DNS record, type or browse to the internal Web Services FQDN for your Director pool (for example, lyncwebdir01.contoso.local), and then click OK.
· For an external DNS record, type or browse to the external Web Services FQDN for your Director pool (for example, lyncwebextdir.contoso.com), and then click OK.[A1]
Note:
If you do not use a Director, use the internal and external Web Services FQDN for the Front End pool, or, for a single server, the FQDN for the Front End Server or Standard Edition server.
Important:
You must create a new Autodiscover CNAME record in the forward lookup zone of each SIP domain that you support in your Lync Server 2010 environment.
|
To create DNS A records
|
1. Log on to a DNS server as follows:
· To create an internal DNS record, log on to a DNS server in your network as a member of the Domain Admins group or a member of the DnsAdmins group.
· To create an external DNS record, connect to your public DNS provider.
2. Open the DNS administrative snap-in: Click Start, click Administrative Tools, and then click DNS.
3. Do one of the following:
· For an internal DNS record, in the console tree of the DNS server, expand Forward Lookup Zones for your Active Directory domain (for example, contoso.local).
Note:
This domain is the Active Directory domain where your Lync Server Director pool and Front End pool are installed.
· For an external DNS record, in the console tree of the DNS server, expand Forward Lookup Zones for your SIP domain (for example, contoso.com).
4. Verify that a host A record exists for your Director pool as follows:
· For an internal DNS record, a host A record should exist for the internal Web Services FQDN for your Director pool (for example, lyncwebdir01.contoso.local).
· For an external DNS record, a host A record should exist for the external Web Services FQDN for your Director pool (for example, lyncwebextdir.contoso.com).
5. Verify that a host A record exists for your Front End pool as follows:
· For an internal DNS record, a host A record should exist for the internal Web Services FQDN for your Front End pool (for example, lyncwebpool01.contoso.local).
· For an external DNS record, a host A record should exist for the external Web Services FQDN for your Front End pool (for example, lyncwebextpool01.contoso.com).
6. For an internal DNS record, in the console tree of your DNS server, expand Forward Lookup Zones for your SIP domain (for example, contoso.com).
Note:
If you are creating an external DNS record, Forward Lookup Zones is already expanded for your SIP domain from step 3.
7. Right-click the SIP domain name, and then click New Host (A or AAAA).
8. In Name, type the host name as follows:
· For an internal DNS record, type lyncdiscoverinternal as the host name for the internal Autodiscover Service URL.
· For an external DNS record, type lyncdiscover as the host name for the external Autodiscover Service URL.
Note:
The domain name is assumed from the zone in which the record is defined and, therefore, does not need to be entered as part of the A record.
9. In IP Address, type the IP address as follows:
· For an internal DNS record, type the internal Web Services IP address of the Director (or, if you use a load balancer, type the virtual IP (VIP) of the Director load balancer).
Note:
If you do not use a Director, type the IP address of the Front End Server or Standard Edition server, or, if you use a load balancer, type the VIP of the Front End pool load balancer.
· For an external DNS record, type the external or public IP address of the reverse proxy.
10. Click Add Host, and then click OK.
11. To create an additional A record, repeat steps 8 through 10.
Important:
You must create a new Autodiscover A record in the forward lookup zone of each SIP domain that you support in your Lync Server 2010 environment.
12. When you are finished creating A records, click Done.
|
Installing Cumulative Update for Lync Server 2010: November 2011
Before you can install the Lync Server 2010 Mobility Service and Lync Server 2010 Autodiscover Service, you need to install cumulative update for Lync Server 2010: November 2011. Install the cumulative update on all server roles in your deployment. You can find the cumulative update for Lync Server 2010: November 2011 installation package in the Microsoft Download Center at
http://go.microsoft.com/fwlink/?LinkID=208564
.
To install cumulative update for Lync Server 2010: November 2011
|
1. Log on to the server you are upgrading as a member of the CsAdministrator role.
2. Download the latest installation package from the Microsoft Download Center and extract it to the local hard disk.
3. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
4. Stop Lync Server services. At the command line, type:
Stop-CsWindowsService
5. Close all Lync Server Management Shell windows.
6. Stop the World Wide Web service. At the command line, type:
net stop w3svc
7. Install the cumulative update for Lync Server 2010: November 2011 by running LyncServerUpdateInstaller.exe.
Note:
Restart the computer if you are prompted to do so.
8. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
9. Stop Lync Server services again to catch Global Assembly Cache (GAC) –d assemblies. At the command line, type:
Stop-CsWindowsService
10. Restart the World Wide Web service. At the command line, type:
net start w3svc
11. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
12. Apply the changes made by LyncServerUpdateInstaller.exe to the SQL Server databases by doing one of the following:
· If Enterprise Edition Back End Server databases are not collocated with any other databases, such as Archiving or Monitoring databases, at the command line, type the following:
Install-CsDatabase –Update –ConfiguredDatabases –SqlServerFqdn
· If Enterprise Edition Back End Server databases are collocated with other databases, such as Archiving or Monitoring databases, at the command line, type the following:
Install-CsDatabase –Update –ConfiguredDatabases –SqlServerFqdn iws-db.iwstech.com
-ExcludeCollocatedStores
· For Standard Edition, type the following:
Install-CsDatabase –Update -LocalDatabases
13. Restart the Lync Server services. At the command line, type:
Start-CsWindowsService
|
Setting Internal Server Ports for Mobility
The Lync Server 2010 Mobility Service requires two new ports on internal servers: one for the internal Web Services and one for the external Web Services.
To set ports for internal servers
|
1. Log on to the computer as a user who is a member of the RTCUniversalServerAdmins group.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. Set the port for the internal Web Services. At the command line, type:
Set-CsWebServer –Identity
For example:
Set-CsWebServer –Identity pool01.contoso.com –McxSipPrimaryListeningPort 5086
Where pool01.contoso.com is the pool where the Mobility Service will be installed
4. Set the port for the external Web Services. At the command line, type:
Set-CsWebServer –Identity
For example:
Set-CsWebServer –Identity pool01.contoso.com – McxSipExternalListeningPort 5087
Where pool01.contoso.com is the pool where the Mobility Service will be installed
Note:
The Set-CsWebServer cmdlet runs Publish-CsTopology to publish the updated topology.
5. At the command line, type the following:
Enable-CsTopology -verbose
|
Installing the Mobility and Autodiscover Services
After you install cumulative update for Lync Server 2010: November 2011 and set the ports, you need to install the new Microsoft Lync Server 2010 Mobility Service and Microsoft Lync Server 2010 Autodiscover Service.
Important:
It is important that before installing the Mobility Service and Autodiscover Service, you first set the ports for the pool that you want to enable for mobility. If you do not set the ports first, the Mobility Service will not be installed.
The Mobility Service supports presence, instant messaging (IM), contacts, and dial-out conferencing on mobile devices. It also supports Enterprise Voice features, such as single number reach (receive calls on a mobile device that were dialed to your work number), Call via Work (call from a mobile device using your work identity), voice mail, and missed calls, on supported mobile devices.
The Autodiscover Service enables mobile devices to locate resources, such as the URL for Web Services, regardless of network location, without requiring the user to manually enter URLs in the mobile device settings.
You need to run the installer on each Front End Server and each Director in every Lync Server pool where you want to provide the mobility feature. The installer installs the Mobility Service on Front End Servers and installs the Autodiscover Service on Front End Servers and Directors.
The latest installation package is available for download from the Microsoft Download Center at
http://go.microsoft.com/fwlink/?LinkID=230577
.
The default configuration enables Mobility Service traffic to go through the external site. However, you can restrict Mobility Service traffic to the internal corporate network. When you restrict the traffic to the internal corporate network, users cannot access mobility services from outside the corporate network.
Note:
When you restrict mobility traffic to the internal network, you must configure the internal Web Services virtual IPs (VIPs) for cookie-based persistence on your hardware load balancer. For details, see Load Balancing Requirements.
If you use Internet Information Services (IIS) 7.0, you need to perform extra steps to change some ASP.NET settings. If you use IIS 7.5, the installer automatically changes these settings for you.
The Mobility Service installation requires that the Internet Information Services (IIS) module for Dynamic Content Compression be installed. If this module is not already installed in your deployment, install it before running McxStandalone.msi.
Note:
The Dynamic Content Compression module is not required for the Autodiscover Service. You do not need to install this module on Directors where only the Autodiscover Service is installed.
To install IIS module
|
1. Log on to the computer as a user who is a member of the CsAdministrator group.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. For Windows Server 2008 R2, at the command line, type:
Import-Module ServerManager
Add-WindowsFeature Web-Server, Web-Dyn-Compression
4. For Windows Server 2008, at the command line, type:
ServerManagerCMD.exe –Install Web-Dyn-Compression
|
To change ASP.NET settings in IIS 7.0
|
1. Log on to the server as a local administrator.
2. Use a text editor such as Notepad to open the applicationHost.config file, located at C:\Windows\System32\inetsrv\config\applicationHost.config.
3. Search for the following:
4. At the end of the line, before the ending angle bracket (>), type the following:
CLRConfigFile="C:\Program Files\Microsoft Lync Server 2010\Web Components\Mcx\Ext\Aspnet_mcx.config"
5. Search for the following:
6. At the end of the line, before the ending angle bracket (>), type the following:
CLRConfigFile="C:\Program Files\Microsoft Lync Server 2010\Web Components\Mcx\Int\Aspnet_mcx.config"
|
T
o install Mobility Service and Autodiscover Service
|
1. Log on to the computer as a user who is a member of the CsAdministrator group.
2. Download the latest installation package from the Microsoft Download Center and extract it to the hard disk.
3. Copy McxStandalone.msi to C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup.
4. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
5. Run C:\Program Files\Microsoft Lync Server 2010\Deployment\Bootstrapper.exe.
6. If you want to restrict mobility services to the internal corporate network, at the command line, type the following:
Set-CsMcxConfiguration –ExposedWebUrl Internal
|
[A2]
Modifying Certificates for Mobility
The certificates for your cumulative update for Lync Server 2010: November 2011 Director pool, Front End pool, and reverse proxy require additional subject alternative name entries to support secure connections with mobile clients. For details about certificate requirements for mobility, see Technical Requirements for Mobility.
Update the certificates after you install the new Microsoft Lync Server 2010 Mobility Service or after you run the Set-CsWebServer cmdlet to set ports for the Mobility Service.
The Set-CsCertificate cmdlet validates subject alternative names and returns a warning if a subject alternative name for the internal Microsoft Lync Server 2010 Autodiscover Service fully qualified domain name (FQDN) or external Autodiscover Service FQDN is missing. If the cmdlet finds a missing subject alternative name, you need to run the Request-CsCertificate cmdlet. To run this cmdlet locally, you must be a local administrator and have rights to the specified certification authority.
Important:
One exception is when the external Domain Name System (DNS) record is an A (host) record. If the external DNS record is an A (host) record and you run the Set-CsCertificate cmdlet on a Director, the cmdlet does not return a warning about a missing subject alternative name for the external Autodiscover Service (lyncdiscover.).
To update certificates with new subject alternative names
|
1. Log on to the computer using an account that has local administrator rights and permissions.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. Find out what certificates have been assigned to the server and for which type of use. You need this information in the next step to assign the updated certificate. At the command line, type:
Get-CsCertificate
4. Look in the output from the previous step to see whether a single certificate is assigned for multiple uses or whether a different certificate is assigned for each use. Look in the Use parameter to find out how a certificate is used. Compare the Thumbprint parameter for the displayed certificates to see if the same certificate has multiple uses.
5. Update the certificate. At the command line, type:
Set-CsCertificate –Type
For example, if the Get-CsCertificate cmdlet displayed a certificate with Use of Default, another with a Use of WebServicesInternal, and another with a Use of WebServicesExternal, and they all had the same Thumbprint value, at the command line, type:
Set-CsCertificate –Type Default,WebServicesInternal,WebServicesExternal –Thumbprint
Important:
If a separate certificate is assigned for each use (the Thumbprint value is different for each certificate), it is important that you do not run the Set-CsCertificate cmdlet with multiple types. In this case, run the Set-CsCertificate cmdlet separately for each use. For example:
Set-CsCertificate –Type Default –Thumbprint
Set-CsCertificate –Type WebServicesInternal –Thumbprint Set-CsCertificate –Type WebServicesExternal –Thumbprint
6. If an Autodiscover Service subject alternative name is missing, do the following:
· For a missing internal Autodiscover subject alternative name, at the command line, type:
Request-CsCertificate –New –Type WebServicesInternal –Ca dc\myca –AllSipDomain –verbose
If you have many SIP domains, you cannot use the new AllSipDomain parameter. Instead, you must use DomainName parameter. When you use the DomainName parameter, you must use an appropriate prefix for the SIP domain FQDN. For example:
Request-CsCertificate –New –Type WebServicesInternal –Ca dc\myca –DomainName “LyncdiscoverInternal.contoso.com, LyncdiscoverInternal.contoso.net” -verbose
· For a missing external Autodiscover subject alternative name, at the command line, type:
Request-CsCertificate –New –Type WebServicesExternal –Ca dc\myca –AllSipDomain –verbose
If you have many SIP domains, you cannot use the new AllSipDomain parameter. Instead, you must use DomainName parameter. When you use the DomainName parameter, you must use an appropriate prefix for the SIP domain FQDN. For example:
Request-CsCertificate –New –Type WebServicesExternal –Ca dc\myca –DomainName “Lyncdiscover.contoso.com, Lyncdiscover.contoso.net” -verbose
|
Configuring the Reverse Proxy for Mobility
If you want to use automatic discovery for mobile device clients, you need to create a new web publishing rule for the reverse proxy whether or not you update the subject alternative name lists on the reverse proxy certificates.
If you decide to use HTTPS for initial Microsoft Lync Server 2010 Autodiscover Service requests and update the subject alternative names lists on the reverse proxy certificates, you need to assign the updated public certificate to the Secure Sockets Layer (SSL) Listener on your reverse proxy. For details about the required subject alternative name entries, see Technical Requirements for Mobility. Then you need to create a new web publishing rule for the external Autodiscover Service URL. If you do not already have a web publishing rule for the external Lync Server Web Services URL for your Front End pool, you also need to publish a rule for that.
If you decide to use HTTP for initial Autodiscover Service requests so that you do not need to update subject alternative names for the reverse proxy, you need to create a new web publishing rule for port 80.
The procedures in this section describe how to create the new web publishing rules in Microsoft Forefront Threat Management Gateway 2010 for automatic discovery.
Note:
These procedures assume that you have installed the Standard Edition of Forefront Threat Management Gateway (TMG) 2010.
To create a web publishing rule for the external Autodiscover URL
|
1. Click Start, point to Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management.
2. In the left pane, expand ServerName, right-click Firewall Policy, point to New, and then click Web Site Publishing Rule.
3. On the Welcome to the New Web Publishing Rule page, type a display name for the new publishing rule (for example, LyncDiscoveryURL).
4. On the Select Rule Action page, select Allow.
5. On the Publishing Type page, select Publish a single Web site or load balancer.
6. On the Server Connection Security page, select Use SSL to connect to the published Web server or server farm.
7. On the Internal Publishing Details page, in Internal Site name, type the fully qualified domain name (FQDN) of your Director pool (for example, lyncdir01.contoso.local). If you are creating a rule for the external Web Services URL on the Front End pool, type the FQDN of the Front End pool (for example, lyncpool01.contoso.local).
8. On the Internal Publishing Details page, in Path (optional), type /* as the path of the folder to be published, and then select Forward the original host header.
9. On the Public Name Details page, do the following:
· Under Accept Requests for, select This domain name.
· In Public Name, type lyncdiscover.
· In Path, type /*.
10. On Select Web Listener page, in Web Listener, select your existing SSL Listener with the updated public certificate.
11. On the Authentication Delegation page, select No delegation, but client may authenticate directly.
12. On the User Set page, select All Users.
13. On the Completing the New Web Publishing Rule Wizard page, verify that the web publishing rule settings are correct, and then click Finish.
14. In the Forefront TMG list of web publishing rules, double-click the new rule you just added to open Properties.
15. On the To tab, do the following:
· Select Forward the original host header instead of the actual one.
· If your deployment has a Front End pool, select Requests appear to come from the original client. If your deployment has a single Front End Server or Standard Edition server, select Requests appear to come from the Forefront TMG computer.
16. On the Bridging tab, configure the following:
· Select Web server.
· Select Redirect requests to HTTP port, and type 8080 for the port number.
· Select Redirect requests to SSL port, and type 4443 for the port number.
17. Click OK.
18. Click Apply in the details pane to save the changes and update the configuration.
19. Click Test Rule to verify that your new rule is set up correctly.
|
To create a web publishing rule for port 80
|
1. Click Start, point to Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management.
2. In the left pane, expand ServerName, right-click Firewall Policy, point to New, and then click Web Site Publishing Rule.
3. On the Welcome to the New Web Publishing Rule page, type a display name for the new publishing rule (for example, Lync Autodiscover (HTTP)).
4. On the Select Rule Action page, select Allow.
5. On the Publishing Type page, select Publish a single Web site or load balancer.
6. On the Server Connection Security page, select Use non-secured connections to connect to the published Web server or server farm.
7. On the Internal Publishing Details page, in Internal Site name, type the internal Web Services FQDN for your Front End pool (for example, lyncpool01.contoso.local).
8. On the Internal Publishing Details page, in Path (optional), type /* as the path of the folder to be published, and then select Forward the original host header instead of the one specified in the Internal site name field.
9. On the Public Name Details page, do the following:
· Under Accept Requests for, select This domain name.
· In Public Name, type lyncdiscover.
· In Path, type /*.
10. On Select Web Listener page, in Web Listener, select a Web Listener or use the New Web Listener Definition Wizard to create a new one.
11. On the Authentication Delegation page, select No delegation, and client cannot authenticate directly.
12. On the User Set page, select All Users.
13. On the Completing the New Web Publishing Rule Wizard page, verify that the web publishing rule settings are correct, and then click Finish.
14. In the Forefront TMG list of web publishing rules, double-click the new rule you just added to open Properties.
15. On the Bridging tab, configure the following:
· Select Web server.
· Select Redirect requests to HTTP port, and type 8080 for the port number.
· Verify that Redirect requests to SSL port is not selected.
16. Click OK.
17. Click Apply in the details pane to save the changes and update the configuration.
18. Click Test Rule to verify that your new rule is set up correctly.
19. Verify that the external Autodiscover Service URL is not defined on any other web publishing rule.
|
Verifying Your Mobility Deployment
After you deploy the Microsoft Lync Server 2010 Mobility Service and Microsoft Lync Server 2010 Autodiscover Service, run a test transaction to verify that your deployment works correctly. You can run Test-CsMcxP2PIM to test sending an instant message between two users. To use this test transaction, you need two actual or test users and their full credentials.
To test person-to-person instant messaging (IM)
|
1. Log on as a member of the CsAdministrator role on any computer where Lync Server Management Shell and Ocscore are installed.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. At the command line, type:
Test-CsMcxP2PIM -TargetFqdn
You can set credentials in a script and pass them to the test cmdlet. For example:
$passwd1 = ConvertTo-SecureString "Password01" -AsPlainText -Force $passwd2 = ConvertTo-SecureString "Password02" -AsPlainText -Force $tuc1 = New-Object Management.Automation.PSCredential("contoso\UserName1", $passwd1) $tuc2 = New-Object Management.Automation.PSCredential("contoso\UserName2", $passwd2) Test-CsMcxP2PIM -TargetFqdn pool01.contoso.com -SenderSipAddress sip:[email protected] -SenderCredential $tuc1 -ReceiverSipAddress sip:[email protected] -ReceiverCredential $tuc2 –v |
Configuring for Push Notifications
Push notifications, in the form of badges, icons, or alerts, can be sent to a mobile device even when the mobile application is inactive. Push notifications notify a user of events such as a new or missed IM invitation, missed calls, and voice mail. The Microsoft Lync Server 2010 Mobility Service sends the notifications to the cloud-based Microsoft Lync Server 2010 Push Notification Service, which then sends the notifications to the Apple Push Notification Service (APNS) or the Microsoft Push Notification Service (MPNS).
Configure your topology to support push notifications by doing the following:
· If your environment has a Lync Server 2010 Edge Server, you need to add a new hosting provider, Microsoft Lync Online, and then set up hosting provider federation between your organization and Lync Online.
· If your environment has a Office Communications Server 2007 R2 Edge Server, you need to set up direct SIP federation with push.lync.com.
Note:
Push.lync.com is a Microsoft Office 365 domain for the Lync Server 2010 Push Notification Service.
· To enable push notifications, you need to run the Set-CsPushNotificationConfiguration cmdlet. By default, push notifications are turned off.
· Test the federation configuration and push notifications.
To configure for push notifications with Lync Server 2010 Edge Server
|
1. Log on to a computer where Lync Server Management Shell and Ocscore are installed as a member of the RtcUniversalServerAdmins group.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. Add a Lync Server online hosting provider. At the command line, type:
New-CsHostingProvider –Identity
For example:
New-CsHostingProvider –Identity "LyncOnline" –Enabled $True –ProxyFqdn "sipfed.online.lync.com" –VerificationLevel UseSourceVerification
Note:
You cannot have more than one federation relationship with a single hosting provider. That is, if you have already set up a hosting provider that has a federation relationship with sipfed.online.lync.com, do not add another hosting provider for it, even if the identity of the hosting provider is something other than LyncOnline.
4. Set up hosting provider federation between your organization and the Push Notification Service at Lync Online. At the command line, type:
New-CsAllowedDomain –Identity "push.lync.com"
|
To configure for push notifications with Office Communications Server 2007 R2 Edge Server
|
1. Log on to the Edge Server as a member of the RtcUniversalServerAdmins group.
2. Click Start, click All Programs, click Administrative Tools, and then click Computer Management.
3. In the console tree, expand Services and Applications, right-click Microsoft Office Communications Server 2007 R2, and then click Properties.
4. On the Allow tab, click Add.
5. In the Add Federated Partner dialog box, do the following:
· In Federated partner domain name, type push.lync.com.
· In Federated partner Access Edge Server, type sipfed.online.lync.com.
· Click OK.
|
To enable push notifications
|
1. Log on to a computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. Enable push notifications. At the command line, type:
Set-CsPushNotificationConfiguration –EnableApplePushNotificationService $True –EnableMicrosoftPushNotificationService $True
4. Enable federation. At the command line, type:
Set-AccessEdgeConfiguration -AllowFederatedUsers $True
|
To test federation and push notifications
|
1. Log on to a computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. Test the federation configuration. At the command line, type:
Test-CsFederatedPartner –TargetFqdn
For example:
Test-CsFederatedPartner –TargetFqdn accessprox.contoso.com –Domain push.lync.com –ProxyFqdn sipfed.online.lync.com
4. Test push notifications. At the command line, type:
Test-CsMcxPushNotification –AccessEdgeFqdn
For example:
Test-CsMcxPushNotification –AccessEdgeFqdn Accessproxy.contoso.com
|
Configuring Mobility Policy
Cumulative update for Lync Server 2010: November 2011 introduces a new mobility policy that determines who can use mobility features and who can use the Call via Work feature. Call via Work allows a mobile user to make and receive calls on a mobile phone by using a work phone number instead of the mobile phone number. This feature prevents the called party from seeing the caller's mobile phone number and allows a user to avoid outbound calling charges.
By default, both mobility and Call via Work features are enabled. Administrators can determine who has access to these features by running a cmdlet. You can turn options off globally, by site, or by user.
To be able to use mobility features and Call via Work, users must meet the following two prerequisites:
· Users must be enabled for Lync Server 2010.
· Users must be enabled for Enterprise Voice.
For users to be able to use Call via Work, they must meet the following two additional prerequisites:
· Users must be assigned a voice policy that has the Enable simultaneous ringing of phones option selected.
· Users must be assigned a mobility policy that has the EnableMobility option set to True.
Note:
Users who are not enabled for Enterprise Voice can use their mobile devices to join conferences by using the Click to Join link on their mobile devices, if you assign those users a voice policy. For details, see Defining Your Mobility Requirements.
For details about enabling users for Lync Server 2010, see Enable or Disable Users for Lync Server 2010. For details about enabling users for Enterprise Voice, see Enable Users for Enterprise Voice. For details about setting voice policy options, see Modify a Voice Policy and Configure PSTN Usage Records.
To modify global mobility policy
|
1. Log on to any computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. Turn off access to mobility and Call via Work globally. At the command line, type:
Set-CsMobilityPolicy –EnableMobility $False –EnableOutsideVoice $False
Note:
You can turn off Call via Work without turning off access to mobility. However, you cannot turn off mobility without also turning off Call via Work.
|
To modify mobility policy by site
|
1. Log on to any computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. Create a site level policy, and turn off access to mobility and Call via Work by site. At the command line, type:
New-CsMobilityPolicy –Identity site:
Note:
You can turn off Call via Work without turning off access to mobility. However, you cannot turn off mobility without also turning off Call via Work.
|
To modify mobility policy by user
|
1. Log on to any computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role.
2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
3. Create user level mobility policies and turn off mobility and Call via Work by user. At the command line, type:
New-CsMobilityPolicy –Identity
Grant-CsMobilityPolicy –Identity
You can turn off Call via Work without turning off access to mobility. However, you cannot turn off mobility without also turning off Call via Work.
For example:
New-CsMobilityPolicy "tag:disableOutsideVoice" –EnableOutsideVoice $False Grant-CsMobilityPolicy –Identity –[email protected] –PolicyName Tag:disableOutsideVoice |