I was trying to find out the Lync Mobility service step by step deployment guide along with the Publishing rule for TMG but couldn’t find any where except how to install MCX and Autodiscovery Service, some how i found one or two blogs out there for Lync mobility service publishing. How ever i came across alot of problems which made me think and forced me to read Technet articles (I love to read technet because you will not find alot of things else where except Technet) to understand the whole concept of Mobility. In this two part article you will be able to understand the Lync mobility, how to deploy and how to make it work internally and externally. Please read the whole Blog before you deploy.
Prerequisites:
You must have Microsoft Lync 2010 Enteprise or Standard Edition up and running, don’t think that you are going to install Lync Mobility service on any server without having Lync binaries installed 😛
Internal PKI should be deployed
If planning for external client connectivity add another SAN name (lyndiscover.khatri.com) in third party certificate, how ever you can publish lync mobility on port 80 which doesnt require External Certificate
Create A records in External and Internal DNS
Lync Cu4 must be installed on Lync FE Servers
For those who might be worried about the down time during Lync Mobility deployment, No there is no down time required
Overview of Deployed Lync Servers
Ok before moving ahead let me introduce you about my environment, about DNS A records and IP addresses so that i dont have to mention each and every thing again and again
1. One Domain Controller name DC1 and Domain name is khatri.com
2. Two Lync Front End Servers Enterprise Edition, Server names are QHQ-Lyncfe-01 and QHQ-Lyncfe-02
3. one Hardware Load Balancer which is being used for client to server and server to client https requests
4. Meet.khatri.com, admin.khatri.com, dialin.khatri.com are simple urls for the lync pointing to the Hardware Load Balancer, IP is 10.0.0.200
5. Lync pool name is lyncpool1.khatri.com which is DNS load balancing towards the lync servers
6. Lync interrnal URL is lyncweb-int.khatri.com pointing to the hardware load balancer
7. Lync External URL is Lyncweb-ext.kahtri.com published through TMG and there is no A record in inetrnal DNS
8. All simple urls A records are created in internal DNS as well as in External DNS how ever admin.khatri.com is not published publically which is why there is no A record for admin.khatri.com in external DNS and there is no A record for lyncweb-ext.khatri.com in internal DNS
9. i have split brain dns configuration in my environment which means inside the domain and outside the domain both DNS name are same. for example my Domain name is khatri.com and my url which are published outside are also khatri.com
10. one TMG EMS Array means three servers one acting as EMS and two as managed array. TMG is joined to the domain, having two interfaces one connected internally another connected externally, windows NLB is installed and configured.
Create A records in internal DNS and External DNS
Before installing Lync Mobility services we will have to create A records for Lync mobility in internal and External DNS. While deploying Lync Mobility service it doesn’t ask that which name you would like to use for Lync Mobility which is why we are forced to use following A records
1. lyncdiscoverinternal.khtri.com (Cname or A record in internal DNS)
2. lyncdiscover.khatri.com (Cname or A record in External DNS)
Open DNS management Console in internal DNS server and create the Cname record pointing to the lyncweb-int.khatri.com. Send email to your external DNS provider so that they can create cname record for lyncdiscover.khatri.com pointing to lyncweb-ext.khatri.com or if you have DNS console in your hand create it by your self.
Run Commands on Lync FE servers
Logon to QHQ-LYNCFE-01 open Lync Management by right click and select Run As Administrator on Lync Power Shell write the following commands, the first command is for internal litsening port, remember the port can be any litsening port which is free
now type another command for external service
Once done publish the topology by running enable-cstopology -ver. After successfully publishing the topology we have to install some IIS features which is required by Lync Mobility. In the Lync management shell type Import-Module servermanager and press enter (there will be no output so dont worry). Now type following commands to install IIS features required by Lync Mobility service (as i have Windows 2008 R2 SP1 i do not have to do any changes on ASP, but those admins who have Lync installed on Windows 2008 with latest SP review the technet article http://technet.microsoft.com/en-us/library/hh690016.aspx because you have to do some manual changes).
Remember if you have two Lync servers do the above on both Front End Servers. As all commands and prerequisites are satisfied go to http://www.microsoft.com/download/en/details.aspx?id=28356 to download MCXStandalone.msi (Do not double click and install downloaded MSI) copy MCXStandalone.msi file to C:\ProgramData\Microsoft\Lync Server\Deployment\Cache\4.0.7577.0\Setup
Now go back to the Lync Management Shell then explore to the path C:\Program Files\Microsoft Lync Server 2010\Deployment then type bootstrapper and press Tab key from keyboard, this command will look in to updated files in the above folder if it finds some thing it will install that msi, in our case we have copied MCX file in to the cache in this case it will only install new msi file found in cache,
Following will be the output
Once the above will be successfully open log files which is given in the above output to make sure that every thing has been installed successfully. There is another way to make sure that it is successfully done, open the iis manager console from the FE server you will find two virtual Directories (Do this on both FE servers if you have two FE SERVERs)
We will have to update the internal Certificate so that users will not get any certificate errors. Remember if you are publishing lyncdiscover over TLS you have to add SAN name in your third party certificate which have meet and dialin urls. Following procedure should be done on all cases doesnt matter you are trying to publish lyncmobility service over TCP or over TLS.
Update Lync Internal Certificate
On the Lync Front end server open Deployment wizard then select Install or udpate Lync Server System
Now click on Run Again for Request, Install or Assign Certificate
on the Certificate Wizard click on right hand side click on Request
on the first page click Next, on the second page select Send the request immidiately to an online certificate authority click Next (here online doesnt mean that it will go to verisign or digicert or any third party certificate vendor, it will go to internal pki to send the request and get the certificate automatically), on the Choose a Certificate Authority make sure your Internal CA is selected which is responsible for certificates then click Next, go through the Wizard based on your infrastructure untill you reached to the summary page, where you will see two names which are added automatically, lyncdiscoverinternal.khatri.com and lyncdiscover.khatri.com then click Next
once the request is successful click Next
on the Online Certificate Request Status clilck Finish
On the Certificate Assignment click on View Certificate to make sure that it is a new Certificate then click Next, on the Summary page click Next, on the executing commands click Finish make sure that assignment is successful, by clicking on view Summary. Go to the event viewer and look in to the events about certificate has been successfully assigned, Remember you don’t need to restart any Lync service.
There are some more commands to do the federation with office online to fetch notifications for Iphone and windows phone, i don’t need this which is why i will not go to those steps. At this time i thought i would connect my windows phone or iphone to my wifi and then voila but it was not the case. You might will get the error that cannot verify server certificate and you might also get that can not find the server error. We will go through all of this in part 2 and 3.