About Me

My Photo
TsooRad is a blog for John Weber. John is a Lync Server MVP (2010-2013). My day job is titled "Principal Consulting Engineer" - I work with an awesome group of people at CDW, LLC. I’ve been at this gig in one fashion or another since 1988 - starting with desktops (remember Z-248’s?) and now I am in Portland, Oregon. I focus on collaboration and infrastructure. This means Exchange of all flavors, LCS/OCS/Lync, Windows, business process, and learning new stuff. I have a variety of interests - some of which may rear their ugly head in this forum. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. One of these days, I intend to start teaching. The opinions expressed on this blog are mine and mine alone.

2010/09/24

Lync Server 2010 RC SE Install

edited 29 Oct 2010 for IIS prereq changes

This is Part One of installing a Lync Server 2010 Standard Edition Environment.

We’ll get the prerequisites into place for a 2008 R2 server, and do the install up to the Topology Builder.

In the next part, we’ll take a look at the Topology Builder and install the Central Management Service.

After that we’ll get an Edge going too.  Maybe later, if I can swing some hardware, we’ll demo some voice.

-------------------------------------------------------------------------

Lync Server 2010 Standard Edition does not have a lot of existing documentation available in the help file, and I know many peeps want to have a guide for installing this most basic component of Lync Server 2010. Let’s jump right in!

I am using x64 Server 2008 R2 running in VMWare.

This means that my install is done, and I have run all existing updates from Microsoft Update onto my server and then rebooted it.  I have joined my domain. I am using a gawd account (domain admin, enterprise admin, schema admin) so I don’t have any permissions to worry about.  I have also cranked the UAC down to nothing.  Hey, this is a lab box, and it is behind a TMG, and you ain’t getting to it.  No worries here.  YMMV.

Because of the R2, we have the following prerequisites that must be met to install Lync Server 2010:

IIS7 with the following components:

For Standard Edition servers and Front End Servers, and Directors, the Microsoft Lync Server 2010 installer creates virtual directories in IIS for the following purposes:

  • To enable users to download files from the Address Book Service
  • To enable clients to obtain updates (for example, Microsoft Lync 2010)
  • To enable conferencing
  • To enable users to download meeting content
  • To enable unified communications (UC) devices to connect to Device Update Service and obtain updates
  • To enable users to expand distribution groups
  • To enable phone conferencing
  • To enable response group features

Lync Server 2010 requires the following IIS modules to be installed:

  • Static Content
  • Default Document
  • HTTP Errors
  • ASP.NET
  • .NET Extensibility
  • Internet Server API (ISAPI) Extensions
  • ISAPI Filters
  • HTTP Logging
  • Logging Tools
  • Tracing
  • Windows Authentication
  • Request Filtering
  • Static Content Compression
  • IIS Management Console
  • IIS Management Scripts and Tools
  • Tracing
  • AnonymousAuthenticationModule
  • ClientCertificateMappingAuthenticationModule

There are actually two ways do get this all done in one swoop. Using the GUI is good, but wouldn't you rather just do some cut n paste?

For Server 2008 SP1 or SP2:


Open a command line (runas administrator).  Then do the following (command will have wrapped):

servermanagercmd.exe -i web-common-http web-static-content web-http-errors web-http-redirect web-asp.net web-net-ext web-isapi-ext web-isapi-filter web-http-logging web-log-libraries web-http-tracing web-basic-auth web-windows-auth web-client-auth web-url-auth web-filtering web web-stat-compression web-mgmt-tools web-mgmt-console web-scripting-tools web-mgmt-compat web-metabase web-wmi web-lgcy-scripting web-lgcy-mgmt-console

For those Server 2008 R2 folks:  open powershell (runas administrator), then do the following - again command have wrapped here:

import-module servermanager

add-windowsfeature web-common-http, web-static-content, web-http-errors, web-http-redirect, web-asp-net, web-net-ext, web-isapi-ext, web-isapi-filter, web-http-logging, web-log-libraries, web-http-tracing, web-basic-auth, web-windows-auth, web-client-auth, web-url-auth, web-filtering, web-stat-compression, web-mgmt-tools, web-mgmt-console, web-scripting-tools, web-mgmt-compat, web-metabase, web-wmi, web-lgcy-scripting, web-lgcy-mgmt-console

Note that there subtle differences here in the syntax although the individual feature add statements are the same.

In addition (no you are not done yet!)

Important:  If you are running Windows Server 2008 R2, you must install version 1.1 of the URL Rewrite module, available at http://go.microsoft.com/fwlink/?linkid=197394.

You will also need:

.NET Framework 3.5.1 (right from the Server 2008 R2 install)

MSMQ (you will want this so you can do monitoring and archiving)(again, right from the Server 2008 R2 install)

Telnet client (used for troubleshooting)

Go get:

If you are doing just Server 2008 SP2, you will need MS KB 968929, "Windows Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0)," at http://go.microsoft.com/fwlink/?linkid=197390  - this is not needed for 2008 R2.

And, because we want to play with everything, we need Windows Media Format Runtime also… for R2, we have the following zippy command line: (and yes it wrapped)

%systemroot%\system32\dism.exe /online /add-package /packagepath:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum /ignorecheck

For you 2008 SP2 fans, use this command: (wrapped)

%systemroot%\system32\pkgmgr.exe /quiet /ip /m:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.0.6001.18000.mum

My server wanted a reboot in the middle of all this because I ran the .NET updates into this also.  You will want those, because there are several that fix some applications issues with Lync Server.

OK, so, we are pretty close!  After doing all that, we execute the setup.exe found in the ISO under setup\amd64.

Say yes to the warning about The Microsoft Visual C++ 2008 redistributable being required to run Microsoft Lync Server 2010 communications software. If you install Lync Server 2010 by using the Lync Server Deployment Wizard, Setup prompts you to install this prerequisite, and it automatically installs it if it is not already installed on the computer. If you choose not to install it, Setup terminates. We don’t want that do we?

Now we are to this point:

image

Because I am in a lab VM, I take this and move on.

Accept the terms of the license agreement.  If you don’t, you can’t install.  Which brilliant lawyer figured that out?

After a couple of screen blinks, we get this:

image

Now, in R2, we’d blast ahead and prepare AD, but in Lync, we MUST have the topology builder.  The topology builder is a great tool, does wonders for your success rate in deploying working solutions, and is needed later in your environment to make changes.  Besides, Lync Server 2010 is not going to install if you don’t put the Topology Builder in place, and then export your complete plans first, so let’s just do it, OK?

Now, that wasn’t too bad? 

This is what we get for our efforts…isn’t that pretty?

image

In our next installment, we’ll fire up the Topology Builder and get hot on installing our environment.

2010/09/17

Exchange 2010 SP1 curiosity(ies)

“(ies)” because there are mulitples.

I went to remove the default mailbox database from a new e2010 sp1 install today. In the midst of the fun, I noticed that I still could not remove the database from the EMC.  I had previously moved the arbitration mailboxes and the discover assistant mailbox. 

image

But still, I got this error:

image

But, turning to the EMS proved very fruitful.

image

Wazzup wid dat?  How can the GUI not allow the removal, but powershell yank it right out.  The GUI is just a shell of the CLI.  So what gives?

Also, note that GUI talks about set-mailboxplan and get-mailboxplan.  Neither of those commands exist on the copy of Exchange 2010 SP1 that is running on this server.  Nice, eh?

2010/09/15

Exchange 2010 public folder custom forms

Kudos to Dustin Rush, NAC Architecture

We are in the midst of an e2003-e2010 migration, and the customer has a custom contact form in the organization forms library.  Regular public folder replication created the requisite public folder structure on the e2010.  The custom form sort of worked in that new items in the contact list used the custom form, that data was intact, but viewing existing contact cards in the public folder reverted to the OOBE view.

Various efforts at enforcing the custom form from Outlook proved fruitless. 

Dashing Dustin found this tool (DocMessageClass) that allowed us to modify the object attribute for each of the contacts in the public folder.  The process took very little time – maybe 3-4 minutes for 10k+ objects.

2010/09/14

quotes

Michael Jordan:

"I've failed over and over and over again in my life and that is why I succeed."

Lou Holtz:

"Life is ten percent what happens to you and ninety percent how you respond to it."

2010/09/12

Spam spam spam spam

The Nigerian spam scam is making its’ rounds again.  I’ve been seeing this in filters for the last month or so.  Here is the first paragraph of what I received today:

Compliments of the day Sir,

How are you doing? Please this email is in regards to a consignment abandon which has been confiscated in your likely details etc, as the real approved receiving beneficiary from African delivering Company. we are running a scan text on this item to know why dropped before we discovered that it is a high valued and personal allocation, cash money is the content for delivering in your personal and company's favour hence this email. I have a scan copy result of Dubai airport detecting machine and can prove it.

Just for an eyeball test, how many grammar errors can you find in this short cut?  But, the scary part is not the bad grammar.  The scary part is that this spam is showing up because somebody is saying “wow, my lucky day!” and actually responding to this and following through, and losing their money.  This spam exists because if the numbers are big enough, even the 1/2 of one percent (or whatever the return is) is worth it to the originator.

Can people really be THAT stoopid?

2010/09/01

Default Exchange 2010 RBAC groups

I had to look this up the other day – and I did not think it was all that easy to figure, so I made up this little table so I could get my head around the DEFAULT RBAC groups.  Keep in mind that the base recommendation is to create your own groups to match your specific requirements.  This table illustrates the what comes OOBE and represents some great starting points for understanding what is going on under the hood with RBAC.

Built-in RBAC Group

Functionality

Default assigned roles

Default Members

Delegated Setup

Members of this management role group have permissions to install and uninstall Exchange on provisioned servers. This role group shouldn't be deleted.

View-Only Configuration

None

Discovery Management

Members of this management role group can perform searches of mailboxes in the Exchange organization for data that meets specific criteria.

Legal Hold

Mailbox Search

None

Help Desk

Members of this management role group can view and manage the configuration for individual recipients and view recipients in an Exchange organization. Members of this role group can only manage the configuration each user can manage on his or her own mailbox. Additional permissions can be added by assigning additional management roles to this role group.

User Options

View-Only Recipients

None

Hygiene Management

Members of this management role group can manage Exchange anti-spam features and grant permissions for antivirus products to integrate with Exchange.

Application Impersonation

Receive Connectors

Transport Agents

Transport Hygiene

View-Only Configuration

View-Only Recipients

 

FQDN of server

Public Folder Management

Members of this management role group can manage public folders. Members can create and delete public folders and manage public folder settings such as replicas, quotas, age limits, and permissions as well as mail-enable and mail-disable public folders.

Mail Enabled Public Folders

Public Folders

Exchange Public Folder Administrators

Recipient Management

Members of this management role group have rights to create, manage, and remove Exchange recipient objects in the Exchange organization.

Distribution Groups

Mail Enabled Public Folders

Mail Recipient Creation

Mail Recipients

Message Tracking

Migration

Move Mailboxes

Recipient Policies

Exchange Recipient Administrators

Records Management

Members of this management role group can configure compliance features such as retention policy tags, message classifications, transport rules, and more.

Audit Logs

Journaling

Message Tracking

Retention Management

Transport Rules

None

Server Management

Members of this management role group have permissions to manage all Exchange servers within the Exchange organization, but members don't have permissions to perform operations that have global impact in the Exchange organization.

Database Copies

Databases

Exchange Connectors

Exchange Server Certificates

Exchange Servers

Exchange Virtual Directories

Monitoring

POP3 And IMAP4 Protocols

Receive Connectors

Transport Queues

None

UM Management

Members of this management role group can manage Unified Messaging organization, server, and recipient configuration.

UM Mailboxes

UM Prompts

Unified Messaging

None

View-Only Organization Management

Members of this management role group can view recipient and configuration objects and their properties in the Exchange organization.

Monitoring

View-Only Configuration

View-Only Recipients

Exchange View-Only Administrators

Organization Management

Members of this management role group have permissions to manage Exchange objects and their properties in the Exchange organization. Members can also delegate role groups and management roles in the organization. This role group shouldn't be deleted.

Active Directory Permissions, Address List, Audit Logs, Cmdlet Extension Agents, Database Availability Groups, Database Copies, Databases, Disaster Recovery, Distribution Groups, Edge Subscriptions, E-Mail Address Policies, Exchange Connectors, Exchange Server Certificates, Exchange Servers, Exchange Virtual Directories, Federated Sharing, Information Rights Management, Journaling, Legal Hold, Mail Enabled Public Folders, Mail Recipient Creation, Mail Recipients, Mail Tips, Message Tracking, Migration, Monitoring, Move Mailboxes, Organization Client Access, Organization Configuration, Organization Transport Settings, POP3 And IMAP4 Protocols, Public Folder Replication, Public Folders, Receive Connectors, Recipient Policies, Remote and Accepted Domains, Retention Management, Role Management, Security Group Creation and Membership, Send Connectors, Transport Agents, Transport Hygiene, Transport Queues, Transport Rules, UM Mailboxes, UM Prompts, Unified Messaging, User Options, View-Only Configuration, View-Only Recipients

Exchange Organization Administrators