Configuring the Microsoft Lync 2013 Front End Pool for Lync Express 2.0

    Overview

    This document will walk you through the steps of setting up your Microsoft Lync 2013 on your lync express appliance. All the Microsoft Lync related software has been pre-installed on your Lync Express appliance. In order to complete this process, you would need to complete the following steps in order:

    • Add the Lync Express appliance to the Active Directory Domain.
    • Setup the Lync Deployment through the Lync topology builder and deployment wizard
    • Run a complete windows update to make sure all features and hotfixes get applied to all Lync Server 2013 components.

    Please not that the creation of the initial Lync 2013 topology can take between 1-2 hours and will require the Lync Express appliance to reboot itself a few times.


     

    Add the Lync Express Appliance to the Active Directory Domain

    To add the Lync Express appliance to your Active Directory Domain Infrastructure, please follow the steps below:

    1. On the Windows Start Screen, right click on "Computer" and select "Properties".
      right-click-properties.png
    2. This will bring up the "System" window. In the Computer name, domain and workgroup settings, click on the "Change Settings" link.
      system-properties.png
    3. In the "System Properties" window, under the "Computer Name" tab, click on the "Change..." button.
      system-properties-change.png
    4. In the Computer Name/Domain Changes window, select "Domain:" from the "Member of" section. In the textbox below "Domain:", enter the AD Domain name. In this example, i will be using the domain lynctest.local. Click OK to accept the changes.
      computer-domain-changes.png
    5. Windows Security will ask you to enter a username and password associated with a Domain Administrator account. If you have left the Lync Express domain credentials at defaults, use the following credentials:
      Username: administrator
      Password: sangoma1!
      If you have changed them, please use the valid Domain Administrator account and click OK.
      windows-security.png
    6. Once the changes are accepted, the Computer/Domain window will welcome you to the new domain. Click OK to proceed. It will then inform you that the appliance will need to be restarted to complete the process. Click OK to restart the appliance.
    7. Once restarted, you would need to login with the new Domain Credentials. if you use the old credentials, you will not log into the domain and will not be able to complete the Lync Server setup.
      At the windows welcome screen, select "login as different user", and under the username use the notation "DOMAIN\USERNAME". Enter the password below it

     

    Configuring Microsoft Lync Server 2013

    Preparing Active Directory Infrastructure for Lync 2013 Deployment

    In order to begin the configuration of Lync 2013, you must first prepare Active Directory. The preparation wizard installs critical users and groups within the Active Directory schema, which will be added to the domain administrator account.

    Active Directory Preparation

    To prepare Active Directory, follow the steps below:

    1. On the Windows Desktop, double click on the "Lync Server Deployment Wizard".
      lync-deployment-icon.png
    2. In the Lync Server 2013 - Deployment Wizard, click on the link labelled "Prepare Active Directory".
      lync-deployment-prepare-ad.png
    3. The Lync deployment wizard will bring you to the Active Directory Preparation window. Here is where the Active Directory schema will be modified. Everytime a step is available, the "Run" button will become available to click. Click on the Run button next to "Prepare Schema" in order to begin the process.
      NOTE: if the Windows Firewall is enabled on the Primary Domain Controller (PDC), it can cause problems when trying to modify the AD schema. Best practice is to drop the firewall temporarily until the schema preparation is completed.
      lync-deployment-ad-steps.png
    4. You will be brought to the Prepare Schema Wizard. This wizard must be run once per deployment. Click Next to continue.
      lync-deployment-ad-prepare-schema-wizard-1.png
    5. The Prepare Schema wizard will then begin step 1 of the process. It might take several minutes to complete so please be patient. Once completed clikc "finish" to return to the deployment wizard.
      lync-deployment-ad-prepare-schema-wizard-2.png
    6. Once returned to the Deployment wizard, you will notice that the Step 3 Run button will become available. Click on it to start the preparation of the AD forest. This also has to be run once per deployment.
    7. Like the Schema Preparation wizard, click Next to proceed.
      lync-deployment-ad-prepare-forest-wizard-1.png
    8. The Forest Preparation wizard will now ask you where you would like the universal AD groups to be installed. Leave the "Local domain" option selected and click Next to proceed.
      lync-deployment-ad-prepare-forest-wizard-2.png
    9. Once completed, click Finish to return to the Deployment wizard.
      lync-deployment-ad-prepare-forest-wizard-3.png
    10. Once returned to the Deployment wizard, you will notice that the Step 5 Run button will become available. Click on it to start the preparation of the current domain. This also has to be run once per deployment.
    11. When the Prepare Domain wizard launches, click Next to proceed.
      lync-deployment-ad-prepare-domain-wizard-1.png
    12. Once the wizard has completed, click "Finish" to return to the Deployment Wizard.
      lync-deployment-ad-prepare-domain-wizard-2.png
    13. This will complete the AD Preparation. Click on the Back button in the AD Deployment Wizard to return to the main Deployment screen.|
      lync-deployment-ad-completed.png

    Add Universal Lync Groups to the Domain Administrator Account

    Once the Lync Deployment wizard has updated Active Directory, you will need to make the domain administrator account you are using a member of 2 universal groups. This will allow the domain administrator the ability to make changes to the Lync Deployment and the Topology. To add the groups to the user account, follow the steps below:

    1. On your Primary Domain Controller (PDC), launch "Active Directory Users and Groups" from the Windows Start screen.
      lync-deployment-ad-start-screen-users-computers.png
    2. In the Active Directory Users and Computers MMC, locate your domain controller.
      If you are using the default administrative account, you will locate it in <Domain>->Users. It is labelled as "Administrator".
      Right click on the user and then click on "Add to Group".
      lync-deployment-ad-users-groups-addgroup1.png
    3. In the "Select Groups" window, type in the following in the Object Names textbox.
      CSAdministrator
      RTCUniversalServerAdmins
      RTCUniversalUserAdmins
      You cannot enter more than 1 group at once so please repeat step 2 to get back to the Select Group window to add the remainder of the groups.
      lync-deployment-ad-users-groups-addgroup2.png
    4. Once all the groups are added, you will need to log out of the administrative account from any location that the account is logged in. The reason for this is because the new group permissions do not take into affect until the user logs back into any domain computer. Since we need this taken into affect, log out of all windows server machines and log back in.

     Completion of the Lync 2013 Deployment

    Once the Active Directory preparation is completed, you can complete the Deployment Wizard.

    Update the DNS Server

    In order to further the lync deployment, you would need to create a few DNS A-Records within the Active Directory Managed DNS Server. To do this, follow the steps below:

    1. Launch the DNS Server MMC Snap-in from your PDC (Primary Domain Controller).
      lync-deployment-ad-start-screen-users-computers.png
    2. In the DNS Manager, navigate to your domain by expanding the forward lookup zones. Right click on your domain, and click on "New Host (A or AAAA)...".
      dns-server-add-a-record.png
    3. In the New Host Window, add the name "meet" in the name textbox. For the IP Address, enter the Internal IP Address of the Lync Express appliance.
      dns-server-add-a-record2.png
    4. Follow step 2 and 3 again to add the DNS A records for "dialin" and "admin" as well.
    5. Right click on the your domain again and select  "Other New Records...".
    6. From the "Resoure Record Type" window, select "Service Location (SRV)". Click on "Create Record" to continue.
      dns-server-add-srv-record1.png
    7. In the New Resource Record window, enter the following:
      Service: _sipinternaltls
      Protocol: _tcp
      Port Number: 5061
      Host offering this service: <FQDN of your Lync Express Appliance>
      Click OK to complete the srv record creation and click Done to close the Resource Record Type window.
      dns-server-add-srv-record2.png
    8. Once the DNS names have been added, close the DNS Manager window.

    Prepare first Standard Edition Server

    As the heading of this section suggest, we need to run the final preparation wizard of the lync deployment. This will install all the required MSI files for the Lync Server. This takes several minutes to complete. To complete this step, follow the instructions below:

    1. Click on the "Prepare first Standard Edition server" link from the Lync Deployment wizard.
      lync-deployment-prepare-standard-edition1.png
    2. Once the "Prepare single Standard Edition Server" wizard launches, click "Next" to proceed.
      lync-deployment-prepare-standard-edition2.png
    3. The wizard will then ask you where the MSI files for Lync Server 2013 are located. In the textbox enter "C:\Program Files\Microsoft Lync Server 2013\Deployment\Setup\amd64\Setup\"
      lync-deployment-prepare-standard-edition3.png
    4. The wizard will then begin installing all the required packages. This will take several minutes to complete. Once completed, click "Finish" to exit the wizard.
      lync-deployment-prepare-standard-edition4.png

    You will now be returned to the Main Deployment Wizard screen to continue with the Lync Deployment. You may close the Deployment Wizard as the next step requires you to create your topology.

    Create Lync Server 2013 Topology

    Before you can finalize your deployment, you must create a Lync topology. The Lync topology defines how Lync Server's deployment will behave once deployed. It houses a collection of configurable options which we will go through one by one. To complete your topology, follow the steps below:

    1. Launch the Lync Server Topology Builder from the WIndows Desktop.
      lync-topology-create-1.png
    2. When the Topology Builder launches, select "New Topology" and click OK.
      lync-topology-create-2.png
    3. The Topology Builder will ask you to save the new topology. Give the topology a name and click the "Save" button to continue. You may change the location of where you would like to save the topology if you wish. If you do change the location, remember where you saved it. If you are required to make any changes, you would need to re-load the saved topology.
      lync-topology-create-3.png
    4. The next step will ask you to define your primary SIP domain. Enter the name of the Active Directory domain.
      lync-topology-create-4.png
    5. The next step will ask you to specify any additional SIP domains you would like to add to the topology. If you do not have any, you can just click Next to proceed. If you do, please add them and click Next.
      lync-topology-create-5.png
    6. This next screen will ask you to define your first site. Enter a name and description in the textboxes and click Next to proceed.
      lync-topology-create-6.png
    7. This next screen will ask you for some details of your deployment. Fill out the City, State/Province and Country Region code where your topology is being deployed at and click Next to continue.
      lync-topology-create-7.png
    8. Once the new topology is defined, click on Finish to open the New Front End Wizard. Make sure "Open the New Front End Wizard when the wizard closes" is checked off.
      lync-topology-create-8.png
    9.  When the front end pool wizard launches, click Next to proceed.
      lync-topology-front-end-pool-1.png
    10. The wizard will now ask you to define the Front End Pool for Lync. Enter the FQDN of the Lync Express Appliance and make sure "Standard Edition Server" is selected.
      lync-topology-front-end-pool-2.png
    11. The wizard will now ask you to select the feature you would like included in the Front End Pool. For this guide, we have chosen to add the conferencing, Enterprise Voice and Call Admission Control features. Click Next to proceed.
      lync-topology-front-end-pool-3.png
    12. The wizard will now ask you about collocation. This feature should be used in a standalone Lync Deployment. Make sure "Collocate Mediation Server" is checked off and click Next to continue.
      lync-topology-front-end-pool-4.png
    13. The wizard will now ask you to define an edge pool. We will not define an edge pool as the edge server is not configured or activated yet. An edge pool can be added later to the topology. For now, make sure the "Enable an Edge pool" option is unchecked.
      lync-topology-front-end-pool-5.png
    14. The wizard will now ask you to define the SQL store. Leave the SQL store options at defaults and click Next to proceed.
      lync-topology-front-end-pool-6.png
    15. The wizard will now ask you to define a file store. Make sure the server FQDN is correct and the file share being used is accessible. By default, the Lync Express appliance comes preconfigured with the default share. Unless you need to change this, leave it at the default and click Next to proceed.
      lync-topology-front-end-pool-7.png
    16. The wizard will now ask you to define the web services URL. Leave this at defaults unless you would like to define another URL for the web services and click Next to proceed.
      lync-topology-front-end-pool-8.png
    17. The server will now ask you about your Office Web Apps server. In this guide, we will not be configuring a Web Apps Server. If you have a web apps server, select it from the list or click new to add a new one. If you do not, uncheck the "Associate pool with an Office Web Apps Server" and click Finish to complete the Topology Wizard.
      lync-topology-front-end-pool-9.png

    Once the Topology Builder loads the newly created topology, we must make a few more changes in order to publish the topology to the SQL Store. Please follow the steps below to enable the last few options in the topology.

    1. Expand the Lync Server menu, and navigate down to Lync-deployment->Lync Server 2013->Standard Edition Front End Servers. Select the Lync Express Server and right click on it. Click on Edit Properties to launch the properties window.
      lync-topology-front-end-pool-10.png
    2. Scroll down to the Mediation Server section, and click on the "Enable TCP port" option. This will allow the Mediation Server to listen on TCP port 5068. Click OK to accept the change.
      lync-topology-front-end-pool-11.png
    3. Right Click on the "Lync Server" Menu item and then click on "Publish Topology". This will load the Topology publishing wizard to publish the topology to the SQL Store.
      lync-topology-front-end-pool-12.png
    4. When the Publish Topology wizard opens, click Next to proceed.
      lync-topology-front-end-pool-13.png
    5. The wizard will then ask you to select the server which will host the Central Management Store. Select the Lync Express appliance from the dropdown list and click Next to proceed.
      lync-topology-front-end-pool-14.png
    6. The Publish Topology wizard will now publish the topology to the SQL store. This may take several minutes. Once completed click "Finish" to close the wizard. You can then close the Topology builder.
      lync-topology-front-end-pool-15.png

    Install Domain Certificate into the Trusted Root Certificate Store

    You now need to install the certificate chain created from Active Directory Certificate Services into the Windows Server 2012 certificate store. This will then be used in the final portion of the Lync 2013 Deployment. This portion will be performed on the Lync Front End Server. To do this, follow the steps below:

    1. Launch Internet Explorer from the Windows Start screen.
      ad-cs-add-store-1.png
    2. Navigate to the URL of your certificate server. The URL used in this guide is http://win-lkh0gl1rrg6.lynctest.local/certsrv. If the URL of your Certificate Server is different please use the following URL notation http://<DNS Name of your Cert Srvr>/certsrv. Once Internet Explorer connects to the website, it will ask you to enter a user account which is a member of the Domain Admins group.
      ad-cs-add-store-2.png
    3. Click on the "Download a CA Certificate, certificate chain, or CRL from the loaded webpage.
      ad-cs-add-store-3.png
    4. Click on "Download CA certificate chain" from the next loaded page. Save the chain on your windows desktop for ease of access.
      ad-cs-add-store-4.png
    5. Locate the file on the desktop and right click on it. Click on "Install Certificate".
      ad-cs-add-store-5.png
    6. The Certificate Import wizard will now open. Click "Next" to continue.
      ad-cs-add-store-6.png
    7. The next step will ask you where you would like to import the certificate to. Select "Place Certificate in the following store" then click Browse. In the Select Certificate Store window, select "Trusted Root Certification Authorities" and click "OK". Click Next to then proceed to the next step.
      ad-cs-add-store-8.pngad-cs-add-store-7.png
    8. Click "Finish" to import the certificate and complete the wizard. Once done, you will be notified that the import was successful.
      ad-cs-add-store-9.png

    Finalizing the Lync 2013 Deployment

    In order to complete the deployment, we must now re-launch the Lync 2013 Deployment Wizard. Follow the steps below to finalize the deployment:

    1. On the Windows Desktop, double click on the "Lync Server Deployment Wizard".
      lync-deployment-icon.png
    2. In the Lync Deployment wizard, select "Install or Update Lync Server System".
      lync-deployment-install-1.png
    3. The Lync deployment wizard will bring you to the Lync 2013 Installation window. Here is where Front End Server and Mediation Server will be installed. Everytime a step is available, the "Run" button will become available to click. Click on the Run button next to "Install Local Configuration Store" in order to begin the process.
      lync-deployment-install-2.png
    4. The Install Local Configuration Store window opens and asks you where to retrieve the Central Management store information from. Since this server is hosting it, choose the option which states "Retrieve Directly from the Central Management Store". Click Next to proceed.
      lync-deployment-install-3.png
    5. The wizard will now install the local configuration store. This may take several minutes to complete. Once completed, click "Finish" to return to the Deployment Wizard.
      lync-deployment-install-4.png
    6. Once returned to the Deployment Wizard, you will notice the Step 2 Run button becomes available. Click on the Run button to start the setup of the Lync Server Components.
    7. Once the "Setup Lync Server Components" wizard launches, click "Next" to proceed.
      lync-deployment-install-5 - Copy.png
    8.  Once the installation has completed, click "Finish" to close the wizard and return to the Lync Deployment window.
      lync-deployment-install-6.png
    9. In the deployment wizard, launch Step 3 which is labelled "Request, Install or Assign Certificates". This is where we will contact the Active Directory Certificate Service on the domain controller to retrieve the domain certificate for use with Microsoft Lync.
    10. When the certificate wizard launches, you will notice that there are two certificates you would need to assign to the front end pool. They are the "Default certificate" and the "OAuthTokenIssuer". Both can be assigned the same CA certificate issued from the domain controller. To start the certificate installation process, we must request the certificate. Click on "Request" to start the process.
      ca-cert-install-1.png
    11. When the certificate request window launches, click "Next" to continue.
      ca-cert-install-2.png
    12. In the next window, make sure "Send the request immediately to an online certification authority" is checked and click "Next" to proceed.
      ca-cert-install-3.png
    13. In the next window, from the drop down, select the detected domain controller in your environment which hosts the certificate authority. Click "Next" to proceed.
      ca-cert-install-4.png
    14. In the next window you can specify credentials to access the certificate authority. The credentials have to be a user with domain administrator privileges. If you are logged in as a domain administrator, you don't need to specify any alternate credentials. Click "Next" to proceed to the next step.
      ca-cert-install-5.png
    15. In the next window, make sure "Use alternate certificate template for the selected certification authority" is unchecked and click "Next" to proceed.
      ca-cert-install-6.png
    16. In the next window, enter a "Friendly Name". This will be the name used to identify the certificate in the certificate manager. Make sure the Bit Length is 2048 and click "Next" to proceed.
      ca-cert-install-7.png
    17. In the next window, enter your organization information and click "Next" to proceed.
      ca-cert-install-8.png
    18. Enter the geographical location of your Front End server and click "Next" to proceed.
      ca-cert-install-9.png
    19. The next window will populate the subject name and subject alternate names required for you to run Lync Server 2013. Click "Next" to proceed.
      ca-cert-install-10.png
    20. In the next window, check off the configured SIP domain and click "Next" to proceed. Select all the SIP domains that apply to your deployment.
      ca-cert-install-11.png
    21. In the next window, enter any additional subject alternative names required for your deployment. If you have multiple SIP domains, make sure you enter all the additional SAN's for your deployment. Click "Next" to continue.
      ca-cert-install-12.png
    22. In the certificate summary window, review everything entered. If you are happy with your request, click "Next" to proceed.
      ca-cert-install-13.png
    23. The Certificate Request wizard will not create the request. Once completed, click "Next" to proceed.
      ca-cert-install-14.png
    24. Once the certificate request is completed, you will be notified of the status. Make sure "Assign this certificate to Lync Server certificate usages" is checked off and click "Finish". This will launch the assign task wizard.
      ca-cert-install-15.png
    25. In the new "Certificate Assignment" window, click "Next" to proceed.
      ca-cert-install-16.png
    26. The wizard will now give you a summary of the certificate you will be attaching to Lync Server. Review the certificate and click "Next" to proceed.
      ca-cert-install-17.png
    27. The wizard will now apply the certificate to Lync Server. Once completed, click "Finish" to end the wizard.
      ca-cert-install-18.png
    28. You will now be returned to the certificate wizard. You will notice a checkmark next to the "Default Certificate". You must now request a certificate for the "OAuthTokenIssuer". Click on "OAuthTokenIssuer" then click "Request" to launch the "Certificate Assignment" wizard again.
      ca-cert-install-19.png
    29. When the wizard launches, click "Next" to proceed.
      ca-cert-install-20.png
    30. The wizard will now prompt you to select a certificate from the certificate store. Since we only have 1 certificate, select the previously uploaded certificate and click "Next" to proceed.
      ca-cert-install-21.png
    31. The next window will be the certificate assignment summary. Review your changes like in step 26 and click "Next" to proceed.
    32. Like in step 27, the wizard will install the certificate. Once finished, click "Finish" to exit the wizard.
      NOTE: if you encounter an error stating "The private key of the certificate is not marked exportable and cannot be stored in the central management store", you must re-run the certificate request for the OAuthTokenIssuer. Select it from the Certificate wizard and re-run steps 11 - 27.
    33. Once completed, you will notice both the "Default certificate" and "OAuthTokenIssuer" have checkmarks and you can close the certificate wizard.
      ca-cert-install-22.png
    34. When returned to the Deployment wizard, launch step 4 labelled "Start Services".
    35. When the Start Services wizard launches, click "Next" to proceed.
      lync-launch-service-1.png
    36. The next window will launch all the Lync Server Front End services. Once completed. Click Finish. You may now close the Deployment Wizard as all tasks have now been completed and your Lync deployment is finished.
      lync-launch-service-2.png

    You may now start configuring Lync Server through the Lync Server Control Panel. The icon is located on your desktop or through the Windows Start screen. Once a user is added, you can launch a Lync client on a domain joined PC.