Migrating Domain Controllers From Server 2008 R2 to Server 2012 R2

94 Replies

In this article, I have documented the steps I took to update our two domain controllers to Server 2012 R2 from Server 2008 R2. While this can be considered a tutorial, it is more a reflection of what I did during my migration process. This guide assumes you have already made backups of your environment, all Windows Active Directory Domain Controllers in the forest are running Server 2003 or later, and we will be recycling (reusing) the same two servers you deployed. Last, Microsoft strongly recommends we do a clean install and not directly upgrade each server, so we will decommission a DC, reinstall windows, and then redeploy the DC until the entire environment has been upgraded.

Prepare the AD Schema for Server 2012 R2
1. Mount the Server 2012 R2 installation disk on one of your Domain Controllers
2. Open up a command prompt with Administrative Privileges and navigate to the /support/adprep folder on the installation media.
  1. Click Start, type cmd, right click select Run as administrator
  2. Execute the command: d:
  3. Execute the command: cd d:\support\adprep
3. Execute the following command (don't close out of this until after we verify the schema version in an upcoming step):
  1. adprep /forestprep
  2. Type the letter C and press the enter key to begin the process
4. Execute the following command:
  1. adprep /domainprep
5. Verify the schema version has been updated
  1. Click Start and search for regedit
6. Open up regedit and navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters
7. Verify the Schema Version value matches the last entry shown in your upgrade results. In my case, the Schema Version should be 69.
Demote and decommission secondary domain controller
1. Click Start, Run...
2. Type dcpromo and click OK
3. Click Next > on the Welcome page
4. If the domain controller has the global catalog service, make sure your primary DC also has the service enabled and click OK. This can be done by opening up Active Directory Sites and Services and viewing the services for each domain controller.
5. Make sure the Delete this domain because this server is the last domain controller in the domain is UNCHECKED, and click Next >
6. Type in a new password to be used for the Local Administrator account the machine will contain after it is demoted.
7. Click Next > on the Summary page
8. Check the Reboot on completion box to restart the server after the service has been removed
9. Log back into the DC upon reboot and open up Server Manager
10. In Roles Summary, click Remove Roles
11. Click Next > on the Before You Begin page
12. Uncheck Active Directory Domain Services and DNS Server (if the role is installed) and click Next >
13. Click Remove
14. Click Close
15. Select Yes on the Do you want to restart now? dialog box
16. Log back into the DC upon reboot and you should greeted by a Removal Results window. Let the process finish and select Close upon removal success.
17. Disjoin the machine from the domain
  1. Click Start, right click Computer, select Properties
  2. Click Change settings
  3. Click Change... on the System Properties page
  4. Check Workgroup, type in a workgroup name, and click OK
  5. Click OK on the warning dialog
  6. Click OK on the Welcome to the workgroup dialog
  7. Click OK on the restart dialog
  8. Click Close on the System Properties window
    (oops, forgot to make a screenshot!)
  9. Click Restart Later on the Microsoft Windows dialog box
  10. Shutdown the machine
18. Format the decommissioned machine, reinstall a clean copy of Server 2012 R2, and join the machine to the domain.
Add first Server 2012 R2 Domain Controller
1. At this point, you should have one Server 2008 R2 Domain Controller and a blank Server 2012 R2 machine joined to the domain ready for the Active Directory services. If you are at this point, continue on, if not, you might want to read back a couple steps and see where things ventured off course.
2. Start Server Manager on your new Server 2012 R2 machine.
3. Select Manage in the top right and select Add Roles and Features
4. Click Next > on the Before you begin screen
5. Click Next > on the Select installation type screen
6. Ensure your new server is selected and click Next >
7. Check the box next to Active Directory Domain Services
8. On the Add features that are required for Active Directory Domain Services? dialog, click the Add Features button
9. Click Next >
10. Click Next >
11. Check the box that says Restart the destination server automatically if required
  (Click Yes on the restart dialog if it pops up)
12. Click the Install button
13. Once the install is done, click the Close button
14. Next, head back to the Server Manager screen and select the warning icon with the flag; then select Promote this server to a domain controller.
15. On the Deployment Configuration page, make sure Add a domain controller to an existing domain is checked and hit Next >
16. Check Domain Name System (DNS) server, Check Global Catalog (GC), and uncheck Read only domain controller (RODC). Enter a strong password to be used to access Directory Services Restore Mode and click Next >
17. Click Next > on the DNS Options page
18. Click Next > on the Additional Options page, or if you would like, you can manually select a domain controller to replicate data from and then hit Next >.
19. Click Next > on the Paths page
20. Click Next > on the Review Options page
21. Click Install on the Prerequisites Check page
22. Once the domain controller reboots after installation, open up Server Manager and select Tools, Active Directory Users and Computers
23. Expand your Domain and select Domain Controllers; ensure your new machine shows up here.
24. Next, verify DNS works properly
  1. Go back to Server Manager, select Tools, DNS
  2. Expand your server, Forward Lookup Zones, and right click on your domain name and select Properties
  3. Select the Name Servers tab and ensure all DCs are listed
Next, we need to verify the FSMO (Flexible Single Master Operations) roles are stored on our other server 2008 DC
1. On the new Server 2012 R2 DC we joined, open up a command prompt with administrative privileges.
2. Execute the following command to verify FSMO roles are on our 2008 DC:
  netdom query fsmo
Next, we need to transfer the FSMO roles from our primary DC to our new one
1. Execute the following command using the same command prompt in the previous steps: ntdsutil
2. Type roles when prompted and hit enter
3. Type connections when prompted and hit enter
4. Type connect to server server2012DC.mydomain.com, where server2012DC is the new DC we just deployed, when prompted and hit enter
5. Type quit and hit enter
6. Type transfer schema master and hit enter
7. Click Yes on the Role Transfer Dialog for the Schema Master role
8. Type transfer naming master and hit enter
9. Click Yes on the Role Transfer Confirmation Dialog for the Naming Master role
10. Type transfer PDC and hit enter
11. Click Yes on the Role Transfer Configuration Dialog for the Primary Domain Controller role
12. Type transfer RID master and hit enter
13. Click Yes on the Role Transfer Configuration Dialog for the RID master role
14. Type transfer infrastructure master and hit enter
15. Click Yes on the Role Transfer Configuration Dialog for the Infrastructure Master role
16. Type quit and hit enter
17. Type quit and hit enter
18. Execute the following command to ensure the FSMO services are on the new Server 2012 R2 machine: netdom query fsmo
At this point, you should have a Server 2012 R2 DC with the FSMO roles and a secondary 2008 R2 Domain Controller. If not, please go back and complete the steps to get to this point.
Optional Step: After upgrading the first DC, you may want to reconfigure the machine to keep its time in sync with an external source. To do this, please follow my guide here: http://jackstromberg.com/2013/10/configuring-external-time-source-on-your-primary-domain-controller/
Next, decommission the last Server 2008 R2 domain controller that used to function as the primary DC.
1. Follow the same instructions in Step 2 above called Demote and decommission secondary domain controller
Next, add the machine back to the domain
1. Follow the same instructions in Step 3 above called Add first Server 2012 R2 Domain Controller
At this point, your environment should be up and running with Windows Server 2012 R2! You can optionally transfer the FSMO roles back to your "primary" DC that you had before, or continue on with the roles left on the current DC.

Notes

Official information on removing a domain controller from the domain can be found on Microsoft's website here: http://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx

Lync call - error ID 52063 (source ID 242)

Export a list of numbers used in Lync Server 2013

13 Replies

Today I was curious how many numbers we have used up on our DID block and wanted to pull a report specifying which numbers were allocated to which user, conference room, etc. After a quick Google search, I came accross a powershell script by Lasse Nordvik Wedø. Attached below is a copy of his powershell script with a few modifications by me to pull a couple of extra attributes about the user from Active Directory. Please make sure to drop him a comment on his blog, located here: http://tech.rundtomrundt.com/2012/04/listing-all-deployed-numbers-in-lync.html

The following list of numbers will be generated to a .htm web report:

Users enabled in Lync without a number assigned
Users with a number assigned to them
Users with a private line
Analog devices
Common Area Phone Numbers
Response Group Numbers
Meeting (dialin) numbers
Meeting Room Objects
Exchange Objects
Application endpoints with a LineURI

The script can be downloaded here (make sure to remove the .txt extension once you have downloaded it): Assigned_numbers.ps1

Here is an image of executing the powershell script:

Here is an image of the result (webpage):

Here is an image of what the htm file looks like when you open it up:

Additionally, if you are looking for a complete resource of different attributes you can pull from the Get-ADUser command, see the following technet article: http://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx

Office 365 - Sorry, but we're having trouble signing you in: error 80041034

1 Reply

Symptom: After changing the samAccountName (User Principal Name (UPN)) of a user in your on-premise Active Directory environment, run the DirSync tool to update the user on Office 365 (or wait 3 hours) [and have verified the user's new UPN synchronized in the Office 365 admin portal], the user is presented with the following error when trying to sign into Outlook, SharePoint, CRM, etc. on Office 365.

Sorry, but we're having trouble signing you in Please try again in a few minutes. If this doesn't work, you might want to contact your admin and report the following error: 80041034.

Solution: This turns out to be an issue with ADFS (Active Directory Federated Services), caching user account attributes, which prevents a successful login. Here are a couple of solutions to solve this issue:

Try reupdating/repairing party trust with Office 365.
1. Login to one of your ADFS servers.
2. Click Start, All Programs, Windows Azure Active Directory, and then select Windows Azure Active Directory Module for Windows PowerShell.
3. Execute the following command to connect to Microsoft's online services (when prompted, type in your Office 365 Administrator credentials)
  1. Connect-MSOLService
4. Execute the following command to update federated trust
5. Update-MSOLFederatedDomain –DomainName:<Federated Domain Name>
Try temporarily disabling Local Security Authority (LSA) credential caching on your AD FS servers (note this can increase the load on your ADFS and AD DS servers)
1. Login to each of your ADFS servers and complete the following steps
  1. Click Start -> Run -> regedit to open up the registry editor
  3. Navigate to the following registry key
    1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  4. Right click on Lsa, select New -> DWORD (32-bit) Value
  5. Enter LsaLookupCacheMaxSize as the value name and press Enter
  6. Right click on LsaLookupCacheMaxSize and select Modify
  7. Ensure the value data is set to 0 and select OK
2. Verify the user can successfully login. Once they can, continue on to delete the key we created
3. Right click on the LsaLookupCacheMaxSize value we created and select Delete
Reboot all ADFS and ADFS proxy servers in your environment

Microsoft has released an official KB article referencing this issue, you can find it here: http://support.microsoft.com/kb/2535191

AD RMS (Rights Management Services) for Office 365

3 Replies

Note: This guide is deprecated. AD RMS is now supersceeded by Azure Information Protection. If you have previously used this guide, review the following guide on Migrating from AD RMS to Azure Information Protection.

https://docs.microsoft.com/en-us/azure/information-protection/migrate-from-ad-rms-to-azure-rms

Those that have the following tiers of Office 365 are entitled to use Microsoft's AD Rights Management Service to help secure their documents:

SharePoint Online Enterprise (E1),
SharePoint Online Enterprise (E3 & E4),
SharePoint Online Midsized Business

Here is a list of compiled questions I wanted to know when trying AD RMS for Office 365.

What is AD Rights Management Services?

Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use. Content owners can define who can open, modify, print, forward, or take other actions with the information.
http://technet.microsoft.com/en-us/library/cc771234(v=ws.10).aspx

Are their any examples of using AD Rights Management Services?

Office 365 did a pretty good job covering the concept of using AD RMS as well as how to use AD RMS. You can find the full tutorial here, however their official YouTube video covering this has been embedded below:

How do I deploy or enable AD Rights Management Services for Office 365?

Login to your Office 365 Administration Portal
1. https://portal.microsoftonline.com/
Select service settings on the left side navigation
Select the rights management tab and click on the Manage link
The Manage link should redirect you over to activedirectory.windowsazure.com and present you a big activate button. Click the activate button.
Click activate on the Do you want to activate Rights Management? prompt
After clicking the activate button, you should now see Rights management is activated on the windowsazure.com page

How do I create more policy templates for AD RMS using Office 365 or Windows Azure?

As pointed out in the following Office 365 forum article: http://community.office365.com/en-us/forums/148/t/177332.aspx

By default, in a pure Office 365 environment, we can get 3 RMS Templates in Windows Azure Rights Management. If we have an on-premises server running Active Directory Rights Management Services (AD RMS), we can get more via import a trusted publishing domain (TPD). So, without on premise server, we just can get default 3 Templates.

I enabled AD RMS for Office 365, but I don't see any options in Office 2010. How do I get Office 2010 to use AD RMS?

Since you are more than likely on the E4 tier, I would highly recommend downloading Office 2013 from your Office 365 portal and installing that. Office 2013 from the Office 365 portal comes preconfigured to work more fluidly with AD RMS. However, if you need to use Office 2010, you can complete the following steps as documented on the following technet article: http://technet.microsoft.com/en-us/library/jj585031.aspx#sectionSection1

Can people outside my organization open protected documents with AD RMS (not apart of my domain)?

Short answer, Yes. Long answer, they are required to create a Microsoft account using their email address (Gmail, AOL, Yahoo, etc) to authenticate themselves. Below are some screenshots of the registration process; I have copied them from the following technet article for archival purposes: http://blogs.technet.com/b/rms/archive/2013/08/29/the-new-microsoft-rms-is-live-in-preview.aspx

How can an Office 365 customer purchase Microsoft Rights Management Services (RMS)?

Active Directory RMS is already included in the Office 365 Enterprise E3, and E4 plans and the Education A3 and A4 plans. RMS is also available as an add-on in the E1 and A2 plans. Consumption of rights-protected content is free. A license is required to protect content.

Windows Update Services - Multiple Errors in Event Viewer - Event ID 12052,12042, 12022, 12032, 12012, 12002,13042

11 Replies

Symptom: When browsing through the event viewer logs on your Windows Update Services server, you notice the following Event IDs with a Level of Error in the following order: 12052, 12042, 12022, 12032, 12012, 12002, 13042.

Log Name: Application
Source: Windows Server Update Services
Event ID: 12052
Task Category: 9
Level: Error
Description: The DSS Authentication Web Service is not working.

Log Name: Application
Source: Windows Server Update Services
Date: 10/3/2013 4:53:26 AM
Event ID: 12042
Task Category: 9
Level: Error
Description: The SimpleAuth Web Service is not working.

Log Name: Application
Source: Windows Server Update Services
Date: 10/3/2013 4:53:26 AM
Event ID: 12022
Task Category: 9
Level: Error
Description: The Client Web Service is not working.

Log Name: Application
Source: Windows Server Update Services
Date: 10/3/2013 4:53:26 AM
Event ID: 12032
Task Category: 9
Level: Error
Description: The Server Synchronization Web Service is not working.

Log Name: Application
Source: Windows Server Update Services
Date: 10/3/2013 4:53:26 AM
Event ID: 12012
Task Category: 9
Level: Error
Description: The API Remoting Web Service is not working.

Log Name: Application
Source: Windows Server Update Services
Date: 10/3/2013 4:53:26 AM
Event ID: 12002
Task Category: 9
Level: Error
Description: The Reporting Web Service is not working.

Log Name: Application
Source: Windows Server Update Services
Date: 10/3/2013 4:53:26 AM
Event ID: 13042
Task Category: 6
Level: Error
Description: Self-update is not working.

Additionally, you can recreate these events by running the following command: wsusutil.exe checkhealth

Solution: Reconfigure the WSUS server via the wsusutil.exe command.

Login to the WSUS server
Open up a command prompt with Administrative rights
Navigate to the Update Services\Tools directory.
1. By default you can find it on your C drive by executing the following command
  1. cd "c:\Program Files\Update Services\Tools"
Execute one of the following commands
1. If updates are configured for port 80 execute this command
  1. wsusutil.exe usecustomwebsite false
2. If updates are configured for port 8530 execute this command
  1. wsusutil.exe usecustomwebsite true
Execute the following command to verify the WSUS service is running correctly
1. wsusutil.exe checkhealth
You should see Event ID 10000 in event viewer confirming all is well

How to federate with AOL via Lync

Tutorial - How to setup a KMS server for a Windows Domain

5 Replies

Copied from Microsoft, here is what we can achieve by configuring a KMS server on our local network for a windows domain: http://technet.microsoft.com/en-us/library/ff793434.aspx

KMS activates computers on a local network, eliminating the need for individual computers to connect to Microsoft. To do this, KMS uses a client–server topology. KMS client computers can locate KMS host computers by using Domain Name System (DNS) or a static configuration. KMS clients contact the KMS host by using remote procedure call (RPC). KMS can be hosted on computers that are running the Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 operating systems.

Go to the volume licensing center and grab a copy of the KMS key for your server OS
1. Navigate to https://www.microsoft.com/Licensing/servicecenter/home.aspx
2. Login
3. Select Downloads and Keys
4. Select Windows Server
5. Finder your server version and click Key
6. Copy the KMS type key
Login to the server you want to setup as the KMS server.
Open up a command prompt as an administrator.
Ensure you are in the system32 folder of Windows
1. cd c:\Windows\System32
Execute the following command to setup your license key
1. cscript slmgr.vbs /ipk WINDOWS-KMS-LICENSE-KEY-HERE
Execute the following command to activate the host
1. cscript slmgr.vbs /ato
Execute the following command to verify the host has the Key Management Service enabled
1. cscript slmgr.vbs /dlv
Next, we need to open the firewall for the server to accept activation requests
1. Open up Windows Firewall with Advanced Security
2. Right click on Inbound Rules and select New Rule...
3. Select Port and click Next >
4. Check TCP, check Specific Local Ports and enter port 1688, click Next >
5. Check Allow the connection and click Next >
6. Check Domain and click Next >
7. Enter a name for the rule and click Finish

Congrats! Your KMS server should now be ready to accept activation requests!

Notes: Here is a full listing of the commands/switches you can execute using the Software Licensing Management Tool.

Invalid combination of command parameters.

Windows Software Licensing Management Tool
Usage: slmgr.vbs [MachineName [User Password]] [<Option>]
MachineName: Name of remote machine (default is local machine)
User: Account with required privilege on remote machine
Password: password for the previous account

Global Options:
/ipk <Product Key>
Install product key (replaces existing key)
/ato [Activation ID]
Activate Windows
/dli [Activation ID | All]
Display license information (default: current license)
/dlv [Activation ID | All]
Display detailed license information (default: current license)
/xpr [Activation ID]
Expiration date for current license state

Advanced Options:
/cpky
Clear product key from the registry (prevents disclosure attacks)
/ilc <License file>
Install license
/rilc
Re-install system license files
/rearm
Reset the licensing status of the machine
/upk [Activation ID]
Uninstall product key

/dti [Activation ID]
Display Installation ID for offline activation
/atp <Confirmation ID> [Activation ID]
Activate product with user-provided Confirmation ID

Volume Licensing: Key Management Service (KMS) Client Options:
/skms <Name[:Port] | : port> [Activation ID]
Set the name and/or the port for the KMS computer this machine will use. IPv6 address must be specified in the format [hostname]:port
/ckms [Activation ID]
Clear name of KMS computer used (sets the port to the default)
/skms-domain <FQDN> [Activation ID]
Set the specific DNS domain in which all KMS SRV records can be found. This setting has no effect if the specific single KMS host is set via /skms option.
/ckms-domain [Activation ID]
Clear the specific DNS domain in which all KMS SRV records can be found. The specific KMS host will be used if set via /skms. Otherwise default KMS auto-discovery will be used.
/skhc
Enable KMS host caching
/ckhc
Disable KMS host caching

Volume Licensing: Token-based Activation Options:
/lil
List installed Token-based Activation Issuance Licenses
/ril <ILID> <ILvID>
Remove installed Token-based Activation Issuance License
/ltc
List Token-based Activation Certificates
/fta <Certificate Thumbprint> [<PIN>]
Force Token-based Activation

Volume Licensing: Key Management Service (KMS) Options:
/sprt <Port>
Set TCP port KMS will use to communicate with clients
/sai <Activation Interval>
Set interval (minutes) for unactivated clients to attempt KMS connection. The activation interval must be between 15 minutes (min) and 30 days (max) although the default (2 hours) is recommended.
/sri <Renewal Interval>
Set renewal interval (minutes) for activated clients to attempt KMS connection. The renewal interval must be between 15 minutes (min) and 30 days (max) although the default (7 days) is recommended.
/sdns
Enable DNS publishing by KMS (default)
/cdns
Disable DNS publishing by KMS
/spri
Set KMS priority to normal (default)
/cpri
Set KMS priority to low
/act-type [Activation-Type] [Activation ID]
Set activation type to 1 (for AD) or 2 (for KMS) or 3 (for Token) or 0 (for all).

Volume Licensing: Active Directory (AD) Activation Options:
/ad-activation-online <Product Key> [Activation Object name]
Activate AD (Active Directory) forest with user-provided product key
/ad-activation-get-iid <Product Key>
Display Installation ID for AD (Active Directory) forest
/ad-activation-apply-cid <Product Key> <Confirmation ID> [Activation Object name]
Activate AD (Active Directory) forest with user-provided product key and Confirmation ID
/ao-list
Display Activation Objects in AD (Active Directory)
/del-ao <Activation Object DN | Activation Object RDN>
Delete Activation Objects in AD (Active Directory) for user-provided Activation Object

Lync Persistent Chat Error - User is not sip-enabled

2 Replies

Symptom: When you try to create a new chatroom from the Lync 2010/2013 client, you are redirected to a webpage that shows the following error:

User is not sip-enabled.

Solution: Turns out this is an issue with cross-compatibility between Single-sign on and 3rd party browsers. Make sure you are using Internet Explorer and you should be able to login and manage your persistent chatroooms.

[Tutorial] Setting up and installing persistent chat for Lync Server 2013

5 Replies

Here is how to configure persistent chat for your Lync 2013 deployment.

Login to your Lync Front End Server and start the Lync Server Topology Builder
When the Topology Builder window opens, select Download Topology from existing deployment and select OK
Save the file to your desktop
Expand Lync Server -> Your Site -> Lync Server 2013 -> Persistent Chat pools
Right click Persistent Chat pools and select New Persistent Chat Pool...
On the Define the fully qualified domain name (FQDN) page, enter the FQDN your standard front end server and check Single computer pool. If you want to deploy a highly available environment for persistent chat, you will need to deploy 2 new machines to put into a persistent chat pool and check Multiple computer pool. It is not supported by Microsoft at this time to collocate the persistent chat service on the same machines in an enterprise front end pool. Once done, click Next.
1. In this tutorial, I am going to go over deploying persistent chat in a highly available environment.
If you clicked on Multiple computer pool, enter in the machine names where the persistent chat service will be installed, and click Next.
On the Define properties of the Persistent Chat pool page, enter in the Display name of the Persistent Chat pool (you can name this whatever you would like to) and click Next
Select the SQL Server store you wish to use and select Next
Select or create a new file store and click Next
Select the Front End pool/server as the next hop pool and click Finish
Once done with the Persistent Chat wizard, right click on Lync Server in the Topology Builder and select Publish Topology...
Click Next on the Publish the topology window
Click Next on the Create databases screen
Click Finish once the topology has been published
Complete the following steps on each of the Persistent Chat servers you created
1. Login to the server that will be running the persistent chat service
2. Copy/mount the Lync Server 2013 installation media
3. Run the setup.exe program from the Lync Server 2013 installation media
4. Click Yes on the "In order to run the software on this CD, the Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Package must be installed." Dialog box.
5. Click Install on the Microsoft Lync Server 2013 dialog box
6. Check I accept the terms in the license agreement and click OK
7. Once installed, click on Install or Update Lync Server System
8. Click Run next to Step 1: Install Local Configuration Store
9. Check Retrieve directly from the Central Management store and click Next
10. Click Finish once the installation has completed.
  (oops, no picture for this one :()
11. Click Run next to Step 2: Setup or Remove Lync Server Components
12. Click Next
13. Click Finish
14. Click Run next to Step 3: Request, Install or Assign Certificates
15. Click Request on the Certificate Wizard screen
16. Check Send the request immediately to an online certification authority and hit Next
17. Click Next on the Certification Authority (CA) page
18. Click Next on the Certification Authority Account page
19. Click Next on the Specify Alternate Certificate Template page
20. Type in a Friendly name for the certificate (I would just use whatever you used for the Persistent Chat Pool Display Name) and click Next
  1. NOTE: If you are deploying multiple servers in the Lync Persistent Chat Pool, make sure to check the Mark the certificate's private key as exportable box.
21. Enter in your Organization and Organizational Unit and hit Next
22. Enter in your Country/Region, State/Province, City/Locality, and hit Next
23. Hit Next on the Subject Name / Subject Alternative Names screen
24. Hit Next on the Configure Additional Subject Alternative Names screen
25. Hit Next on the Certificate Request Summary page
26. Hit Next once the certificate request process has finished executing commands
27. Hit Finish on the Online Certificate Request Status screen
28. Hit Next on the Certificate Assignment screen
29. Hit Next on the Certificate Assignment Summary screen
30. Hit Finish on the Executing Commands screen
31. Close the Certificate Wizard screen
32. Click Run next to Step 4: Start Services
33. Click Next on the Start Services screen
34. Click Finish on the Executing Commands screen
35. Click Run next to Service Status (Optional)
36. Scroll through the list of services and find Lync Server Persistent Chat and verify it is Running.
At this point of the deployment, the infrastructure should be in place to actually push Persistent Chat out to your clients. Next we will create a test group.
Login to the Lync Admin Panel (Cscp)
Select the Persistent Chat tab
Click New and select your persistent chat pool and click OK
Type in a Name for your persistent chat category and select who can have access to the category. This category will be the container that holds a set of chatrooms. Click Commit when finished.
Next, select the Persistent Chat Policy tab and double click on the Global policy.
Check Enable Persistent Chat and click Commit
Next, we need to create the actual chatroom. This step needs to be done via PowerShell, so open up the Lync Server Management Console.
Execute the following command
New-CsPersistentChatRoom -Name "My test chatroom" -Category "Test Category"
Next, we will assign a user to the chatroom, so execute the following command:
Set-CsPersistentChatRoom -Identity "My test chatroom" -members @{Add="sip:[email protected]"}
Now, we are ready to join our test chatroom. First, close your Lync client if it is already running.
Relaunch Lync, and you should see the persistent chatroom icon.
Double click on the chatroom and try sending a message.
Congrats! If you have made it to this point, you should now be able to offer a new collaborative feature to your users at your organization! 🙂