Tag Archives: Lync 2010

How to administratively forward Lync calls or numbers

Scenario: A user leaves the organization and you would like to forward their number/calls to a manager.

Solution: Microsoft has a Lync Server 2013 (and 2010) Resource Kit that contains a command-line tool called SEFAUtil (secondary extension feature activation) which can be used to achieve this task.  Before beginning, I would recommend taking a look at the official TechNet article/documentation on the utility itself: http://technet.microsoft.com/en-us/library/jj945604.aspx  In this tutorial, we will download the tool and execute the proper commands to configure call forwarding for a specified user.

  1. Download a copy of the Lync Server 2013 Resource Kit from Microsoft's website here: http://go.microsoft.com/fwlink/p/?LinkID=330429
  2. Run the installer from your Front End Server/Pool
    OCSReskit_msi
    Lync Server 2013 - Resource Kit - Welcome
    Lync Server 2013 - Resource Kit - EULA
    Lync Server 2013 - Resource Kit - Destination Folder
    Lync Server 2013 - Resource Kit - Install
    Lync Server 2013 - Resource Kit - Finish
  3. Create a trusted application pool
    1. Execute the following command
      1. $Site=Get-CsSite -Identity "My Site"
        Lync Server 2013 - Get-CsSite - Variable

        1. Note: If you don't know what to substitute for My Site, execute the following command to see what sites you have available and then use the Identity value.
          1. Get-CsSite
            Lync Server 2013 - Get-CsSite
      2. Execute the following command
        1. New-CsTrustedApplicationPool -id <Pool FQDN> -Registrar <Pool Registrar FQDN> -site $Site.SiteID
          Lync Server 2013 - New-CsTrustedApplicationPool

          1. Note: Technically we didn't need to run the 1st command, however this can help cut-down on user error.  Additionally, if you have multiple sites and you knew what site you wanted to use but not the ID, this helps skip a step.
  4. Define SEFAUtil as a trusted application in the Lync topology
    1. Execute the following command
      1. New-CsTrustedApplication -ApplicationId sefautil -TrustedApplicationPoolFqdn <Pool FQDN> -Port 7489
        Lync Server 2013 - New-CsTrustedApplication sefautil
  5. Enable the Lync topology to commit the changes
    1. Enable-CsTopology
      Lync Server 2013 - New-CsTrustedApplication sefautil - Enable-CsTopology
  6. Forward a user's number
    1. Navigate to %ProgramFiles%\Microsoft Lync Server 2013\ResKit
      Lync Server 2013 - Navigate ResKit
    2. Execute the following command
      1. SEFAUtil.exe /Server:<Pool FQDN> [email protected] /enablefwdimmediate /setfwddestination:[email protected]
        SEFAUtil enablefwdimmediate setfwddestination

That should be it!

Note: If you are more comfortable using a GUI or don't wish to type in multiple powershell commands, I would highly recommend checking out Johan Veldhuis's SefaUtil GUI PowerShell script.  Once you are done following steps 1-5 above, you you can grab a copy of the script here: http://johanveldhuis.nl/sefautil-gui/sefautil-gui/

Lync - Filter failed to return unique result error

Symptom: You receive the following error when trying to assign an Enterprise Voice number to a new user via powershell or the Lync Admin Web GUI (CSCP):

Filter failed to return unique result, "[SipAddress : sip:[email protected]] [LineURI : tel:+15555555555] [PrivateLine : tel:+15555555555] "

Solution: Execute the following commands below to see what the number is currently assigned to.

This command will check all users for the requested number.

Get-CsUser | where {$_.LineURI -eq "tel:+15555555555" -or $_.PrivateLine -eq "tel:+15555555555"} | Sort-Object LineURI | Select-Object Displayname, LineURI, PrivateLine

This command will check all common area phones for the requested number:

Get-CsCommonAreaPhone | where {$_.LineURI -eq "tel:+15555555555"} | Sort-Object LineURI | Select-Object Identity, LineURI, DisplayNumber, DisplayName, Description

This command will check all response groups for the requested number:

Get-CsRgsWorkflow | where {$_.LineURI -eq "tel:+15555555555"} | Sort-Object LineURI | Select-Object Name, Identity, LineURI, DisplayNumber, Description

This command will check all exchange contacts for unified messaging:

Get-CsExUmContact | where {$_.LineURI -eq "tel:+15555555555"} | Sort-Object LineURI | Select-Object identity, LineURI

Notes: I stumbled across these powershell commands from "The Regular IT Guy"; please check out his site here http://onlize.wordpress.com/2013/07/01/lync-add-user-error-filter-failed-to-return-unique-result/

Enabling Skype Federation - Lync Server 2010-2013

Most articles are saying that Skype federation is now available and "you're good to go with federation enabled".  The problem though is you are more than likely missing the "Skype" option when you select Add a contact not in my organization and you may need to enable PIC provisioning for Skype.  This guide will go through enabling PIC federation through Office 365 and bringing back the Skype icon to the Lync client.

NOTE: This guide assumes you have configured your edge servers and have verified federation to other partners works.

Here is what my Lync client looked like before following the instructions below:

Lync client without Skype

Enabling Federation and Public IM Connectivity (PIC)

  1. Login to your Office 365 Portal
  2. Select Lync from the Admin dropdown
    Lync Menu Office365
  3. Select External Communications
  4. Ensure the following settings:
    1. Domain federation mode: Turned on for all domains except blocked domains
    2. Public IM connectivity mode: Enabled
      Lync Online Control Panel

Adding Skype option to Lync Client

  1. Navigate to your front end server
  2. Open up the Lync 2010/2013 Management Shell
  3. Execute the following command to list what providers you federate to
    1. Get-CsPublicProvider
  4. If you have a provider that has a ProxyFqdn of federation.messenger.msn.com, execute the following command to remove it (replacing MSN with the Identity that had federation.messenger.msn.com for your environment):
    1. Remove-CsPublicProvider -Identity MSN
  5. Execute the following command to add Skype as a federated provider
    1. New-CsPublicProvider -Identity Skype -ProxyFqdn federation.messenger.msn.com -IconUrl "https://images.edge.messenger.live.com/Messenger_16x16.png" -VerificationLevel 2 -Enabled 1
  6. Close your Lync client and reopen for the option to be available

Powershell Lync Skype

Adding Skype contacts to Lync

  1. Click the Add a Contact icon
  2. Select Add a Contact Not in My Organization
  3. Select Skype.
    1. Lync client with Skype
  4. In the IM Address field, enter the Microsoft Account (MSA) of the Skype user in the format user(domain name)@msn.com.
    1. Example: If someone's email was [email protected], the entry would be bob(contoso.com)@msn.com

  5. In the Add to contact group dropdown box, select the contact group to put the user in.
  6. In the Set privacy relationship dropdown box, select the appropriate relationship.
  7. Click OK.
  8. NOTE: Once the Skype user adds your account, the federated user will appear online.  Until the user adds you to their Skype list, the contact will appear offline.

Adding Lync user to Skype

  1. Sign into Skype
  2. Click the Add User icon
    Add User Icon Skype
  3. Type in the user's SIP address
    1. For example: [email protected]
      1. Note: You do not need to use the MSA format when adding the contact to your list from Skype
  4. Select (single click) the name when it appears in the search list
  5. Click the Add to Contacts button
    Adding Lync Contact - Skype
  6. NOTE: If you add the user to Skype first before Lync, the user will show up with a question mark (?) icon for a status until the Lync user approves the request/adds you to their contacts list.

Awesome Tidbits

When setting up Lync-to-Skype federation for the first time, I was seeing the following symptom.  Lync users could see the Skype user Offline, the Skype user could not add the Lync user as it would not pull the directory, and IMs would not work because the users had not accepted each other.  Doing a log on the front end server, resulted with the following error message as well:

TL_INFO(TF_PROTOCOL) [0]1838.0B20::06/05/2013-14:36:41.206.00008d15 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:2420.idx(196))[506561689] $$begin_record
Trace-Correlation-Id: 506561689
Instance-Id: B0B5F
Direction: incoming
Peer: myedgepool.mydomain.local:5061
Message-Type: response
SIP/2.0 480 temporary unavailable
Start-Line: SIP/2.0 480 temporary unavailable
FROM: "Jack Stromberg"<sip:[email protected]>;tag=0f6bccf745;epid=1aadaf98be
TO: <sip:person(hotmail.com)@msn.com>;tag=qwemztox
CALL-ID: a0b5bb30381640c08b30ee2bda403905
CSEQ: 1 INVITE
Via: SIP/2.0/TLS 192.168.169.221:53811;branch=z9hG4bK6DC1D74D.F39C6D8A52E04898;branched=FALSE;ms-received-port=53811;ms-received-cid=718100,SIP/2.0/TLS 192.168.170.142:50017;ms-received-port=50017;ms-received-cid=208A00
CONTENT-LENGTH: 0
ms-diagnostics: 1035;reason="Previous hop public IM provider did not report diagnostic information";Domain="msn.com";PeerServer="federation.messenger.msn.com";source="sip.mydomain.com"
ms-diagnostics-public: 1035;reason="Previous hop public IM provider did not report diagnostic information";Domain="msn.com";PeerServer="federation.messenger.msn.com"
$$end_record

Findings: Doing some research, the 480 temporary unavailable error with 1035;reason="Previous hop public IM provider did not report diagnostic information" means that there are federation issues.  Since I know I enabled PIC Federation through Office 365 and federation worked to other partners (hotmail users for example), I assumed this was an issue with the PIC configuration.

Solution: According to a technet article recently posted (http://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2013/06/01/troubleshooting-lync-skype-connectivity.aspx) if you are having issues federating to Skype, you may have to toggle the Public IM Connectivity mode switch in your Office 365 Lync portal.  If you are a small business user, you are almost gaurenteed to be affected by the upgrade to Office 365 2013.  If you are an enterprise business, it appears you should be fine, but in my case, I still saw issues connecting under an underprise account.

Additionally, it turns out I needed to submit a request to the old PIC provisioning crew at Microsoft in another scenario.  Once they enabled federation to Skype, I was able to go on my merry way.  You can start the request process here (their website can be quite frustrating... I couldn't get half the pages to load and ended up sending them an email): https://pic.lync.com/provision/Logon/Logon.aspx?rret=https%3a%2f%2fpic.lync.com%2fprovision%2fAgreementNumber.aspx%2f

Configuring Lync Server to push out latest Microsoft Lync Phone Edition firmware

I noticed today that a large shipment of Polycom phones we were going to deploy were using the RTM version of Lync Phone Edition and were outdated compared to Microsoft's latest version.  That being said, here is a guide on how to update the firmware for your phones.

At the time of this writing, it appears there are only a few different manufacturers that distribute the Microsoft Lync Phone Edition phones.  For reference, here are the Microsoft URLs for each of those phone types:

Deploying latest firmware for the Microsoft Lync Phone Edition

  1. Download the latest firmware for the Lync Phone Edition device.
    1. In my case, I want to push out the latest firmware for the Polycom CX600s, which can be found here (links to the firmware of other phones can be found above in this same article): http://www.microsoft.com/en-us/download/details.aspx?id=23866
  2. Double click on the downloaded file (UCUpdates.exe), and run through the wizard.
    1. Select your language:
      Microsoft Lync Phone Edition Wizard - Select Language
    2. Accept the EULA
      Microsoft Lync Phone Edition Wizard - Accept EULA
    3. On this step, extract the files to a folder you can recognize.  All firmware downloads are called UCUpdates.exe and ucupdates.cab, so I highly recommend you sort out each firmware to a corresponding folder.
      Microsoft Lync Phone Edition Wizard - Extract To 
    4. Click the "Click this link to open folder in Windows Explorer." and verify you see the ucupdates.cab file.
      Microsoft Lync Phone Edition Wizard - Open Extracted Contents
    5. Here we see the ucupdates.cab file.
      ucupdates - Extracted files
  3. Copy the ucupdates.cab file over to your Lync Front End Server if you didn't in the first step.
  4. Execute the following powershell command (where the WebServer is the Front End Pool or Front End Server in a standalone instance):
    1. Import-CsDeviceUpdate -Identity service:WebServer:lync.mydomain.local -FileName "C:\Polycom CX600\ucupdates.cab" -Verbose
      1. Note: I added the optional -Verbose parameter to show the output of what the PowerShell command is doing behind the scenes.  Some people have mentioned this step taking awhile to complete, this will at least give you some comfort if things are moving forward or not.
  5. Once the command has completed successfully, head over to the Lync Server Control Panel (LSCP) (Web GUI), and navigate to Clients > Device Update.  Here you should see the firmware for your device and you should notice that the version shows up under the "Pending Version" column.  This means that the firmware will NOT be pushed until we manually approve it.
    LSCP - Clients - Device Update - Polycom
  6. Now we will push out the firmware to one device to ensure the firmware actually works.  Inside of the Lync Server Control Panel, click on the Test Device tab.
    1. Click the New... button and then select Global test device
    2. For Device Name, type in something like Polycom CX600 to identify what will be pushed to it, and then enter in the MAC address of the phone in the Unique identifier field.
      1. Note: if you use the MAC address as the Unique identifier, make sure you leave out any special characters, it should be only the hex address.
    3. Here is a screenshot below of my test device:
      LSCP - Clients - Test Device
  7. At this point, all you need to do is wait until the phone reboots and applies the update automatically (you don't need to approve the firmware or anything like that, it just starts to deploy to the test device).
    1. If you want to check what is going on, if you login to your front end server and navigate to C:\inetpub\logs\LogFiles\<randomID>, you can see the process of the phone trying to pull the update files and then reconnecting with the updates.  In my case, I could see the phone boot, pull the new firmware files, and then reboot and make new requests with the latest version in the headers.
    2. 2013-05-16 15:43:13 192.168.1.21 POST /locationinformation/liservice.svc/mex - 443 - 192.168.2.2 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) - 200 0 0 114
      2013-05-16 15:43:13 192.168.1.21 POST /RequestHandler/ucdevice.upx - 443 - 192.168.2.2 Microsoft+UCPhone+Device+(lcs_se_w14_main:1077577:2012/02/18:16:44:15) - 200 0 0 219
      2013-05-16 15:43:13 192.168.1.21 GET /RequestHandler/Files/UCPhone/POLYCOM/CX600/Rev-5/ENU/4.0.7577.4387/CPE/CPE.nbt - 80 - 192.168.2.2 Microsoft+UCPhone+Device+(lcs_se_w14_main:1077577:2012/02/18:16:44:15) - 200 0 995 240
      2013-05-16 15:43:13 192.168.1.21 POST /groupexpansion/service.svc/mex - 443 - 192.168.2.2 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) - 200 0 0 30
      2013-05-16 15:43:15 192.168.1.21 POST /WebTicket/WebTicketService.svc/mex - 443 - 192.168.2.2 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) - 200 0 0 129
      2013-05-16 15:43:17 192.168.1.21 POST /WebTicket/WebTicketService.svc/cert - 443 - 192.168.2.2 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) - 200 0 0 68
      2013-05-16 15:43:17 192.168.1.21 POST /locationinformation/liservice.svc/WebTicket_Bearer - 443 - 192.168.2.2 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) - 200 0 0 197
      ..........Some random logs here..........
      2013-05-16 15:44:16 192.168.1.21 GET /RequestHandler/Files/UCPhone/POLYCOM/CX600/Rev-5/ENU/4.0.7577.4387/CPE/CPE.nbt - 80 - 192.168.2.2 Microsoft+UCPhone+Device+(lcs_se_w14_main:1077577:2012/02/18:16:44:15) - 200 0 0 61951
      2013-05-16 15:44:16 192.168.1.21 GET /RequestHandler/Files/UCPhone/POLYCOM/CX600/Rev-5/ENU/4.0.7577.4387/CPE/CPE.cat - 80 - 192.168.2.2 Microsoft+UCPhone+Device+(lcs_se_w14_main:1077577:2012/02/18:16:44:15) - 200 0 0 44
      2013-05-16 15:44:16 192.168.1.21 GET /RequestHandler/Files/UCPhone/POLYCOM/CX600/Rev-5/ENU/4.0.7577.4387/CPE/CPE.cat - 80 - 192.168.2.2 Microsoft+UCPhone+Device+(lcs_se_w14_main:1077577:2012/02/18:16:44:15) - 200 0 0 10
      ..........Some random logs here..........
      2013-05-16 15:51:55 192.168.1.21 POST /groupexpansion/service.svc/mex - 443 - 192.168.2.2 OCPhone/4.0.7577.4387+(Microsoft+Lync+Phone+Edition) - 200 0 0 11
      2013-05-16 15:51:55 192.168.1.21 POST /locationinformation/liservice.svc/mex - 443 - 192.168.2.2 OCPhone/4.0.7577.4387+(Microsoft+Lync+Phone+Edition) - 200 0 0 8
      2013-05-16 15:51:56 192.168.1.21 POST /WebTicket/WebTicketService.svc/mex - 443 - 192.168.2.2 OCPhone/4.0.7577.4387+(Microsoft+Lync+Phone+Edition) - 200 0 0 10
  8. Once the firmware has been applied to your test device and all is well, we need to approve the firmware for all phones in the organization.  To do so, follow the steps below.
    1. Navigate to Clients -> Device Update
    2. Click Edit, Select all
    3. Click Action, Approve
      LSCP - Clients - Device Update - Approve

Removing last Lync 2010 Front End – Unassigned Number Error

Symptom:
You receive the following error when trying to publish your new Lync Topology, after removing the last Lync 2010 Front End Server.

Result: Call orbit depends on an application server that is being removed.
ServiceInUse: The new topology XML removes services that will create stale configuration settings.
ServiceInUseResolution: Consult your Lync Server documentation to learn how to to disassociate the service of the settings using it.

Error: Cannot publish topology changes. Unassigned number still exists on one or more deleted application servers.
▼ Details
└ Type: InvalidOperationException
└ ▼ Stack Trace
└ at Microsoft.Rtc.Management.Deployment.Tasks.PublishTopologyTask.CheckIfVacantNumberRangesInUse(DeletedServices deletedServices) at Microsoft.Rtc.Management.Deployment.Tasks.PublishTopologyTask.VerifyServiceDependentSettings(DeletedServices deleteServices) at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog[T](Action`1 action, T arg)

Error: An error occurred: "System.InvalidOperationException" "Cannot publish topology changes. Unassigned number still exists on one or more deleted application servers."

Solution:
Open up the Lync Server Management Shell as an Administrator on a different Front End server that you aren't retiring and execute the following command:

Get-CsUnassignedNumber

For each of the returned results with the AnnouncementServerFqdn matching the server you are trying to retire, execute the following command:

Set-CsUnassignedNumber -Identity IdentityFromPreviousCommand -AnnouncementService newlyncpoolorfrontend.mydomain.local

Alternately, you can change the Front End server these numbers are on through the Lync Web GUI (Cscp).  To do so, navigate to the Lync Server 2013 Control Panel, click on Voice Features->Unassigned Number, and then double click every entry that has a destination with the old Front End.  When the Edit Unassigned Number Range dialog shows up, type in the FQDN to the new Front End Pool/Server and then click OK. Repeat for each number.

Lastly, if you want to cleanup your Lync server, you can remove all instances of the old Announcements using the following command:

Remove-CsAnnouncement -Identity "ApplicationServer:myoldfrontend.mydomain.local"

Alternately, if you published the topology, you may have to remove the Announcements individually by using entering the command below with the entire Identity value or via the old ApplicationServer's name (in my case it was 1-ApplicationServer-1 as shown below):

Remove-CsAnnouncement -Identity "ApplicationServer:probablysays1-ApplicationServer-1/1951f734-c80f-4fb2-965d-51807c792b90"

Once all Unassigned Numbers have been moved to the new Front End server or pool, you should be able to successfully publish your topology.

Removing last Lync 2010 Front End - Conference Error

Symptom:
You receive the following error when trying to publish your new Lync Topology, after removing the last Lync 2010 Front End Server.

ConferencingPoolInUse: The new topology XML removes services that will orphan existing conference directories.

Error: Cannot publish topology changes. Conference directories still exist on a pool that would be deleted. Remove the conference directories before continuing.
▼ Details
└ Type: InvalidOperationException
└ ▼ Stack Trace
└ at Microsoft.Rtc.Management.Deployment.Tasks.PublishTopologyTask.VerifyOrphanedDirectories()
at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog(Action action)

Error: An error occurred: "System.InvalidOperationException" "Cannot publish topology changes. Conference directories still exist on a pool that would be deleted. Remove the conference directories before continuing."

Solution:
On one of your front end lync servers, open up the Lync Server Management Shell as an Administrator.  Once open, execute the following command:

Get-CsConferenceDirectory

For each of the items that have a ServiceID referencing the Front End server you are trying to retire, execute the following command (replacing the appropriate values with the output found from the previous command):

Move-CsConferenceDirectory -Identity X -TargetPool poolorfrontendserver.mydomain.local

After all conferences have been moved off of your Lync 2010 Front End server, you should be able to successfully publish the topology.

Lync 2012 Creating CommonAreaPhone - Filter failed to return unique result

Symptom:

You receive the following error when executing the New-CsCommonAreaPhone command via PowerShell.

New-CsCommonAreaPhone : Filter failed to return unique result, "[LineURI : tel:+15555555555] [PrivateLine : tel:+15555555555] "
At line:1 char:1
+ New-CsCommonAreaPhone -LineUri "tel:+15555555555" -RegistrarPool "lync.mydomain ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [New-CsCommonAreaPhone], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Rtc.Management.AD.Cmdlets.NewOcsCommonAreaPhoneCmdlet

Solution:
This means that the phone number has been assigned to either another user or response group. Make sure the number is not in use by Lync.

Configuring Common Area Phones for Lync 2010-2013

This guide will go over configuring phones for Lync 2010/2013.  Particularly, this is going to go over configuring phones for conference rooms or any other public area that you would like a phone, but the same steps can be used to force users to login/authenticate to a phone with their number/extension and pin.  That being said, purchasing some Polycom CX3000 phones prompted me to write this guide, so if all goes well, your Polycom phones should work like a charm (Aastra phones should follow this guide as well) 😛

Making sure DHCP and DNS can dish out configurations to phones

The first thing to do is make sure you have your DHCP server setup to get your phones working (we will push settings out to the clients/phones so they can find your Lync server, pull down certificates, etc).  In order to do this, you will have to complete the following tasks on your DHCP, DNS, and Lync Front End servers.

  1. Create a DNS record to point to your NTP servers (if you haven't already)
      • Service: _ntp
      • Protocol: _udp
      • Port Number: 123
      • Host: xxx.xxx.xxx (your time server (probably your DC))
  2. Copy the DHCPUtil.exe and DHCPConfigScript.bat from the paths below to the Desktop on your DHCP Server
    1. %ProgramFiles%\Common Files\Microsoft Lync Server 2010 or 
      1. %ProgramFiles%\Common Files\Microsoft Lync Server 2013
  3. Open up a command prompt as Administrator on your DHCP server
  4. Execute the following commands on your DHCP Server
    1. DHCPUtil.exe -SipServer mylyncpoolorserver.mydomain.local –RunConfigScript
      1. If you receive the following
        1. The program can't start because MSVCR110.dll is missing from your computer. Try reinstalling the program to fix this problem.
      2. You can find MSVCR110.dll in the Lync 2013 media (D:\Setup\amd64 for example)
  5. To see if everything ran smoothly, open up the DHCP role and verify the entries were made in the IPv4 section
    1. Phone DHCP
  6. Execute the following from your Lync Server to verify the DHCP settings are correct (Note, if you run this from your DHCP server, it will always come back with a failed result).
    1. DHCPUtil.exe -EmulateClient
  7. Next, you will need to set a PIN policy for any users who will want to login.  Open the Lync Control Panel and click on Security.  Select the PIN Policy tab and double click on the Global policy.  Change the PIN Length to at least 4 you want.  Now click on Commit.

Creating the Common Area Phones Lync Policies

First, create a policy that will Enable Hotdesking.  This will log out a user that may have signed in to the phone and revert the phone back to a Common Area phone after 10 minutes of timeout.

New-CsClientPolicy -Identity CommonAreaClient -EnableHotdesking $True -HotdeskingTimeout 00:10:00

Next, we create a new voice policy to lockdown what the phone can do.  This will prevent users from  setting the phone to do call forwarding, delegation, call transfer, etc.  Alternatively, if you don't want to run the PowerShell command, you can browse use the Lync Server Control Panel web GUI to create a new Voice Policy.  Go to the Lync Control Panel, click on Voice Routing, and then the Voice Policy tab.  The command below will add the Internal policy, you can add others if you desire.

New-CsVoicePolicy -Identity CommonAreaVoice -PstnUsages @{add="Internal"} -AllowSimulRing $FALSE -AllowCallForwarding $FALSE -Name CommonAreaVoice -EnableDelegation $FALSE -EnableTeamCall $FALSE -EnableCallTransfer $FALSE -AllowPSTNReRouting $FALSE -Description "Feature-Restricted Common Area Phone Policy"

Next, we create a policy to restrict what the Common Area phone can do in conferences.  Execute the following command to create a new Conferencing Policy.  Alternatively, we could create this using the Lync Server Control Panel web GUI by clicking on Conferencing and then selecting the Conferencing Policy tab.

New-CsConferencingPolicy -Identity CommonAreaConf -AllowIPAudio $FALSE -AllowIPVideo $FALSE -EnableFileTransfer $FALSE -EnableP2PFileTransfer $FALSE -EnableDataCollaboration $FALSE

Last, we need to create a PIN policy for these guys to login.  I suppose you could use the global one for this step, but we could set this rule to be stricter for just these phones.  This will require all CommonArea phones to use a 4 digit pin to login.

New-CsPINPolicy -Identity CommonAreaPIN -Description "Common Area Phone 
Authentication PIN Policy" -MinPasswordLength 6 -AllowCommonPatterns $TRUE

Creating the Common Area Phones With Our policies

Next, create the commonarea phone:

New-CsCommonAreaPhone -LineUri "tel:+15555555555" -RegistrarPool "lync.mydomain.local" -OU "OU=CommonAreaPhones,DC=mydomain,DC=local" -Description "Batline 1" -DisplayName "Conference Room Batline" -DisplayNumber "1 (555) 555-5555"

Next, we need to set the new account we created with a PIN policy.  To do so, execute the following command (keeping in mind you need this to be at least 4 digits or longer depending on your policy you created earlier).

Set-CsClientPin –Identity “Batline 1” -Pin 123123

Lastly, we need to assign all of the polices we created earlier to this Common Area Phone account. To do so, execute the following commands:

Grant-CsClientPolicy -PolicyName CommonAreaClient -Identity "Batline 1
Grant-CsConferencingPolicy -PolicyName CommonAreaConf -Identity "Batline 1
Grant-CsPINPolicy -PolicyName CommonAreaPIN -Identity "Batline 1

Grant-CsVoicePolicy -PolicyName CommonAreaVoice -Identity "Batline 1

Last, you can execute the following powershell command on your Lync Front End server to try and emulate logging in to the phone.  This is great for debugging where the Lync Phone login would fail:

Test-CsPhoneBootstrap -PhoneOrExt 5555 -Pin 12345 -Verbose

 

Notes: If you have a polycom phone and you receive the following error "Certificate web service cannot be found. Please contact your support team." -- You need to configure the DHCP options as noted above in the "Making sure DHCP and DNS can dish out configurations to phones" section.

When executing the New-CsCommonAreaPhone command above, you receive the following powershell error "New-CsCommonAreaPhone : Management object not found for identity." I saw this error being an issue with your distinguishedName attribute.  Make sure you spelled your OU correctly, and that you are not using an OU that is built into AD like Users.

Good resources that explain exactly what is going on in greater detail.

http://blog.schertz.name/2010/12/configuring-lync-server-for-phone-edition-devices/

http://blog.schertz.name/2011/04/common-area-phone-configuration-in-lync/

http://www.graham-walsh.com/blog/?p=593

How to activate Lync Evaluation to Licensed Version

Have Lync 2010 Standard, Enterprise or Lync 2013 in evaluation mode and want to activate it with your licensed version? Here are the steps to do it!

  1. Download the Lync Server version from the Microsoft Licensing portal (or where ever else you obtain your licensed software).
  2. Extract the ISO to a folder/burn it to a disk and pop it into the Lync server.
  3. Open up the Lync Server Management Shell as an Administrator
    1. Start->All Programs->Microsoft Lync Server 2010 (or 2013)->Lync Server Management Shell
  4. Navigate to the installation media
    1. cd PATHTOYOURLYNCSERVERINSTALLER\Setup\amd64\Setup
  5. Execute the following command
    1. msiexec.exe /fvomus server.msi EVALTOFULL=1 /qb
  6. Use the following command to update the services
    1. Enable-CsComputer
  7. Use the following command to verify your copy of Lync is now licensed
    1. Get-CsServerVersion