Thursday, December 9, 2010

Me, Myself and I


Cool – testing PIC making a call between Lync and Windows Live messenger on the same PC  with two webcam’s.

Thursday, December 2, 2010

Lync reverse proxy using IIS ARR

Disclaimer : this is part of my Lab install series of posts, it works for me in my lab with a  small number of users but is neither a recommended or supported topology (AFAIK).
I have Lync standard edition server with mediation on the front end running in media bypass mode, Lync Edge server and Exchange server 2010 running on a single server with all roles.
I have decided to use IIS ARR + URL Rewrite as my reverse proxy for Exchange OWA, web services, etc and Lync reach client and web services all on my Lync Edge server. I did this because its already internet facing (and therefore ‘at risk’) and I figured its better to keep machines like this at a minimum. It is also the only machine not domain joined and has very few permissions on my network. Of course I could have setup ISA / TMG / whatever, but I want to focus on building software, not maintaining infrastructure.
  1. Ensure IIS and .net are installed.
  2. Download & Install ARR (includes rewrite).
  3. Add a binding for your certificate (As this is on my edge server and I use the same certificate for both SIP and HTTPS I already have it installed on the machine)
  4. Setup server farms for Exchange and Lync
    1. image
    2. image(select advanced settings, choose ports 8080, 4443 – which point to the external bindings on the front end server))
    3. image (Choose Yes if you see this)
    4. image(double click routing rules)
    5. image(ensure URL rewrite is checked and optionally SSL offloading – depending on your bindings on the target server you may need this checked)
    6. Repeat from step 4 for Exchange
    7. Go to the URL rewrite configuration, either by clicking the link on the right pane on the routing rules screen in step 5 or on the main URL Rewrite icon under IIS when on the Features page for your server.image
    8. Modify the Lync rule as follows:
      Choose Using Regular Expressions and enter this expression :

    9. Same for Exchange with this expression :
      Also select https protocol (depending on your bindings for exchange)
    10. For completeness I have an OCS R2 CWA server in my Lync farm and have added a similar proxy for that too.

Now lets test

  1. Go to https://yourdomain/owa
  2. You should also run the tests here
  3. Go to https://yourdomain/meet
    image (you can also create and join a meeting in outlook)
  4. Go to https://yourdomain/reach/client/webpages/reachclient.aspx

Wednesday, December 1, 2010

Federating with everyone.

In order to use federation with OCS, OCS R2 and Lync you must obey this:

  • The certificate must be issued by an approved public CA that supports subject alternative name. For details, see Microsoft Knowledge Base article 929395, "Unified Communications Certificate Partners for Exchange Server and for Communications Server," at

This is a short list of official certificate providers :

Now in reality (and if you don’t need to be in a fully supported configuration) you just need a certificate that is issued back to a root certificate that you know everyone has. So assuming you might be federating with partners using OCS, OCS R2 or Lync Server 2010 we can assume their edge is running Windows 2003, Windows 2003 R2, Windows 2008 or Windows 2008 R2. So to narrow down your requirements you want a certificate that we know is installed by default on those platforms. In theory on Windows 2008 the root certificates are supposed to auto download on demand – however it seems OCS R2 doesn’t demand them, so they don’t get downloaded Sad smile. Ok… so this is now quite a short (and getting shorter) list. So if you encounter weirdness that you can federate with some partners but not others then chances are that their certificate is issued by a root cert not installed in your system.

So as a certificate buyer, you really should buy a cert from an officially approved vendor. That said, after a bad experience with federation using GoDaddy certs, in my lab, I use (in an unsupported manner – as I use a single CN and don’t list any SAN’s) a RapidSSL cert from ServerTastic for $13.00 per year for a single domain cert – conveniently its issued from a root cert by GeoTrust / Equifax, which is far more prevalent than GoDaddy. I have had no issues since using this cert.

As a federating partner, if you want to expand your scope to ‘cheap’ federation partners, try installing the latest root certificate package hereafter reading the warnings here .

Friday, November 26, 2010

Lync (and OCS) presence–the hard way!

So assuming that the easy way ( - the easy way is to use UCMA 3.0, see the ‘Microsoft UCMA 3.0\SDK\Core\Sample Applications\QuickStarts\PublishPresence’ sample in the SDK) is not for you for some reason – such as your implementing your own application using a 3rd party SIP stack on a non-windows platform and you don’t want to build a simple web service that does the heavy lifting for you on a windows box..
To get started you should read the dry but informative protocol spec, [MS-PRES]. And you should also review presence basics (that article is OCS, so doesn’t include the new Lync bits like location and pictures, but it’s a good overview). You will also find the Enhanced Presence Schema download handy – this consists of all the schema mentioned in the protocol specs so you can use a tool to create strongly typed objects in your language of choice as well as a help file (for windows) which is a little more digestible than [MS-PRES].

Wednesday, November 24, 2010

Lync Server depends on J# – are you serious? its 2010 you know!

So I just noticed that Lync Server has J# as a pre-req – this fills me with yucky feelings, Am I the only one who feels uncomfortable with a pre-req that doesn’t support the OS we are required to install to and is due to expire support long before the product itself?
I quote a few nuggets of nastiness:
From the redist download page :
    • Supported Operating Systems:Windows Server 2003, Enterprise x64 Edition;Windows Server 2003, Standard x64 Edition;Windows Vista Business 64-bit edition;Windows Vista Enterprise 64-bit edition;Windows Vista Home Basic 64-bit edition;Windows Vista Home Premium 64-bit edition;Windows Vista Ultimate 64-bit edition;Windows XP Professional x64 Edition
From the J# Developer center homepage :“Product Announcement - January 10, 2007: … Visual J# 2.0 Redistributable Second Edition is targeted for release in the second quarter of 2007, with support continuing through to 2017 (5 years mainstream and 5 years extended support) on EN-US locales.”

Monday, November 22, 2010

Do UC what I See?

One of the most exciting things I saw in the Lync launch last week which really got me excited was the ProtoSphere virtual world offering from Proton Media

This is a virtual reality world application that has been in use in the life sciences industry for collaborating on scientific models for quite a while. Just recently they integrated with Microsoft Lync (for outbound audio dialing) and the potential here is amazing.
My long term vision for UC is where remote workers (which I have been for most of my career, and it seems every major corporation is trending towards) are afforded the same level of interaction and collaboration as their office bound counterparts. Within the physical space, Telepresence rooms like the Polycom OTX provide a truly immersive collaboration experience for participants in the rooms, but despite interoperability with Lync – the experience for the remote participants is still a second class citizen, and far from immersive.
The next logical step of all this is to combine immersive Telpresence in the real world with a remote virtual experience – eventually of course everyone will work from home and the physical spaces will go away.
Another embodiment is for the remote worker outside fixed meetings- Microsoft Research has this – see Scott Hanselmans ‘virtual persona trolley’ / Social Proxy :
Get Microsoft Silverlight

Now replace the flat screen with this spherical monitor:
Global Imagination globe screen
Now create the ultimate mobile device like this MIT creation for a true real meets virtual device.

Wednesday, November 17, 2010

Lync developer resources – UPDATED 12/7/2010

Well, today finally arrived, the day we have all been waiting for. Lync and all its bits are now generally available on MSDN and MS downloads for all to get their hands on.
As the OCS developer site is still lagging a little I thought I would post the list of and a quick summary of the API set:

The API’s

Microsoft Unified Communications Managed API 3.0 Software Development Kit – This is the main deal, if you do any real Lync development you need this. The managed API is a significant improvement on the previous 2.0 release for OCS 2007 R2 with levels of abstraction and simplification for contact list management as well as supporting all the new Lync Server goodies such as conference lobby’s. I cant wait to get busy with this in the coming months.
Unified Communications Managed API 3.0 Runtime – Just the runtime to be installed as a pre-req to your UCMA 3.0 application.
Microsoft Lync Server 2010 SDK – For building MSPL scripts and managed sip filters that run inside the Lync server roles (front end or edge usually). Hasn’t changed a lot since OCS or even LCS
Microsoft Lync 2010 SDK [UPDATE – Released 12/1/2010]– The most talked about developer resource that lets you create your own Lync client or just embed bits of it into your own app with a quick drag and drop. Interestingly under the covers its really just a wrapper on the COM API. The COM API is not really documented or available in this version.
Lync Server 2010 Resource Kit Tools [UPDATE – Released 11/18/2010] – Has some useful tools for developers, especially if your doing anything voice related.


Important Development docs

Microsoft Office Protocol Documentation – Its not exactly the most stimulating read but if you need to know what’s going on under the covers, this is the place to go. It has got to qualify as the most technical detail you will find.
Microsoft Lync Server 2010 Protocol Workloads Poster – A neat visio poster of all the call flows for various scenarios.
Unified Communications Enhanced Presence Schemas for Microsoft Lync Server 2010 – Handy if your doing advance presence work.
UC "14" Developer Training Kit [UPDATE – Released 11/18/2010] – If you were not on the TAP and missed the metro training, this is essential viewing for you.

“The Bits” (Full versions are on MSDN subscriber downloads too)

Microsoft Lync Server 2010 Trial (registration required) – The 180 eval, fully functional server you can use to develop against.
Microsoft Lync 2010 Trial (32 Bit) / Microsoft Lync 2010 Trial (64 Bit) – The Lync Client itself.
Microsoft Lync 2010 Attendee - User Level Install / Microsoft Lync 2010 Attendee - Admin Level Install – Not to be confused with the Attendant - this is a trimmed down (free I assume, but I’m no licensing expert) version of the Lync client for attending conferences either anonymously or authenticated. Depending on your application, this could offer some interesting options.

Group Chat

Microsoft Lync Server 2010 Group Chat – You will need this if your doing GC development (you know who you are)
Microsoft Lync 2010 Group Chat – The GCC, I hope its better than it used to be…
Microsoft Lync Server 2010, Group Chat Admin Tool – Use this to manage rooms and users in GC
Microsoft Lync Server 2010 Group Chat SDK- Here for completeness, you know if you need it. I haven’t even looked at it yet.

Related Stuff

Exchange Web Services Managed API – Not strictly Lync, but so closely related, its here.
Outlook 2010: Auxiliary Reference – Also not strictly Lync, but also handy for building client applications.

Wednesday, November 10, 2010

Be Right Back

There are two things about me and presence… –
1.I feel _very_ strongly that it’s a cornerstone of UC (along with User Experience and a single address for a person).
2.I am the worst offender of fake presence. And really I don’t mean to…
The problem is that I want to set my status to away (or BRB) when I get up for a break / lunch whatever, but I am forgetful and I forget to reset it when I get back.
So I built an app that will set me presence to ‘Be Right Back’ when I hit the hot key (shift-caps lock or scroll lock). It then resets my presence when I return (and move the mouse or press any key).
As an aside, I thought it would be a good practice to build this as a real application and go through the now slightly less tedious Windows Platform certification process.
Its setting screen is fully integrated into the Lync UI’s main menu.
And there is not much to this app (yet) :
I’m releasing it here free for personal use, if you have a commercial use for it…. please get in touch.
Also if you have any ideas for improvements / feature requests, let me know that too.
I built this simple app using the Lync SDK – I cant wait for Lync to release next week so that I can share some code samples.
Updated 11/15/2010 : Version 1.0.2 now has a couple of bug fixes and better handling of the screen dimmer (not using the power management API as it only seemed to work on laptop screens). I also added Windows Live messenger status sync, for all states including BRB.

Friday, November 5, 2010

The mystery of the C++ redistributable

Have you ever got a cryptic error like this when you try and run an application : “Activation context generation failed for "C:\Users\administrator.UC\Desktop\DHCPUtil.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found. Please use sxstrace.exe for detailed diagnosis” ?
What that basically says is that the Visual C++ runtime (C++ 2008 SP1 x64 to be precise) was not found on your system. Now there is a whole lot of details out there about side by side configuration and how apps are compiled and how windows searches for the runtime. But basically you just need to know what version you need and where to download the latest version right?
Another point of note is that within each family (2005, 2008, 2010 etc) there have been service packs and updates, each time there is an update Side By Side(winsxs) adds policies in your system to make sure the latest version is always used.
Latest VersionDescriptionDownload link
8.0.50727.4053Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update
9.0.30729.4148Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update
10.0.30319.1Microsoft Visual C++ 2010 Redistributable Package (x64)
10.0.30319.1Microsoft Visual C++ 2010 Redistributable Package (x86)

And the answer to ‘how do I know what version I have?’ – well the easiest thing is to look in ‘add/remove programs’ or ‘Programs and Features’. This will tell you which redistributables have been installed.
However If you want to know exactly what’s installed and what sxs is up to go to %windir%\winsxs\manifests\ and search for the policy file relating to the version you are having trouble with. The files are named For example 

Tuesday, October 19, 2010

OCS R2 / Lync Server + Exchange 2010 lab setup (in a home office behind single dynamic IP)

So let me start by saying that of course this is not a supported scenario, and is not recommended in a production environment.
I made some tradeoffs and configuration decisions to simplify my setup as much as possible for a basic lab.
I was working with the following:
  1. Single public IP Address
  2. Single domain SSL cert (a cheap $14 / yr one)
  3. Communications Server R2 (in process of migration to Lync server RC at the same time).
  4. Exchange 2010
  5. Hyper-V virtual hosts with limited resources (Host has dual core with 4Gb Ram)
Features I wanted to enable:
  1. OCS Federation (already up and running)
  2. OCS Communicator Web Access (CWA) on same domain, using same certificate.
  3. Lync / Communicator external access
  4. CoMo on Windows Mobile 6.1
  5. Outlook Mobile (WM 6.1)
  6. iPhone
  7. PSTN connectivity (already up and running using FreeSWITCH)
  8. Mailbox access via Outlook Anywhere
  9. Exchange UM
    1. Exchange Web Services
    My topology (did I mention this is not supported or recommended for various reasons) looks like this:
    Some hoops, gotchas and other intricacies:
    1. I am running my lab on a residential internet connection with a single dynamically allocated IP address. This meant I had to be creative about things like multiple roles wanting to use the same ports on unique IP addresses, as well as dealing with multiple web apps running on a single ip / cert. So the solution for this is a reverse proxy, I opted to use IIS 7’s ARR:
      1. Set it up with the following rule:
        <rule name="ReverseProxyInboundExchange" stopProcessing="true"> <match url="((?:^owa|^OAB|^Microsoft-Server-ActiveSync|^EWS|^ecp|^Autodiscover).*)" /> <action type="Rewrite" url="https://internal-cas-fqdn/{R:1}" /> </rule>
      2. Install your public cert & assign to the default website.
      3. Disable NTLM authentication on the root of the default website.
    2. Another symptom of being behind a residential internet connection is that SMTP outbound is barred to anywhere (and even if I could send smtp, it would probably by blacklisted and get bounced by lots of recipients). My solution to this is to use a cheap VPS (I pay around $10/month). It happens to be Linux based running Sendmail as my smarthost. I’m no Linux guy so I wont even embarrass myself with a step by step. I also use it inbound in case my ip address changes, Sendmail will just queue up the email until my dns entries get set to the new dynamic ip.
    3. Certificates… any post on Exchange or Lync would not be complete without a mention of Certificates. On my exchange server I replaced the self signed cert with one from my domain cert. This was my lazy way:
      1. Use the OCS certificate wizard to do an online request using the internal fqdn of my exchange server as the CN (no SAN’s). (make sure you check the exportable checkbox. Do not assign it to the ocs server.
      2. Export to a pfx, copy to and install on the exchange box.
      3. Run Enable-ExchangeCertificate cmdlet.
    4. Before I installed Exchange I had to clean up my previous botched attempts of pre-release versions of Exchange. I just used ADSI edit and removed everything I could find to do with Exchange as described here.
    5. I had a very very slow exchange VM, initially I had given it 768Mb ram (all I had spare at the time). Turns out that was not enough – I was experiencing a very slow EMC  and shell and lots of shell commands seemed to be missing. Exchange seems to complain pretty quietly when it has too little ram and also use all the ram it has available once its running ok. I moved some of my VM’s around and gave it 1.3Gb ram and now it seems a lot happier. Remember I am only using one or two accounts for a lab install, this is way too little for any real server – minimum supported in my configuration (all roles on one server) is 8Gb.
    6. I am a domain admin in my domain so ActiveSync to my WM device over the air did not work initially – thanks to this answer about my error (0x86000c0a) and my buddy Mike Stacy confirmed “just uncheck the inheritable permissions box on your account then sync. AD will enable it again within 15 min’s but that's ok as long as you've synced before it does that”. I had the same issue on the iPhone but there was no error code, it just didn’t work.
    7. I used SRV records for Autodiscover because I didn’t want to use another hostname / cert and I am only interested in supporting newer clients. You could do the same with the redirect method but it will result in a user prompt.
    8. Set my external uri for auto discover : set-autodiscovervirtualdirectory -identity 'autodiscover (default web site)' -externalURL https://myuri//Autodiscover/Autodiscover.xml
    9. Install the Exchange anti-spam components with the Install-AntispamAgents.ps1script. (Depending on how realistic you want your lab to be, you could also use Forefront for Exchange)
    10. My IP PBX, FreeSWITCH is listening on a port other than 5060 – so I had to run “Set-UMIPGateway –Identity my_servername -Port my_port”
    11. I have UM running in my VM, but it doesn’t work well at all (I have never had any success virtualizing UM) – its also neither recommended nor supported - “ All Exchange 2010 server roles, except for the Unified Messaging server role, are supported in a virtualization environment. This is due to the real-time response requirements associated with voice communications with the Unified Messaging server role.” – technet
    Here is a  handy online tool (hosted by Microsoft) to help test the configuration.
    In a future post I will cover my next steps of:
    1. Completion of Lync Server install
    2. Lync / Exchange integration
    3. SharePoint 2010

    Monday, October 4, 2010

    Outlook 2010 + Lync with OCS R2 backend, what happened to my conferencing add-in?

    It would be a real shame if I couldn’t schedule on premise conferences any more… so here is what you need to do to fix it - change these reg keys:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Communicator\W13AddinSwitch = 0
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Communicator\W13AddinSwitch =0
    Here is a reg file to enable OCS 2007 R2 and the conferencing add-in for it.

    Restart Lync and Outlook and hey presto:

    Friday, October 1, 2010

    Outlook social connector development

    At the NYMUCUG meeting yesterday a question came up about the documentation for the Outlook social connector (OSC).

    Its here on msdn. There is also a sample provider here. More details on John Andersons blog over here.

    Lync Contact Pictures (turning them off)

    I attended the NYMSUCUG yesterday and few questions came up. One question from an IT manager in a large enterprise asked if the pictures in the contact list in Lync can be switched off.

    The answer is of course yes. A user can switch it off (or on) by going into options-> personal –> display photo –> ‘Show photos of contacts’

    Lync options page

    Or if you prefer to use Client Policy look for PhotoUsage and DisplayPhoto in the IT Pro documentation. The documentation is a little confusing as they changed the name of this setting but I believe that the correct parameter is DisplayPhoto, possible values are NoPhoto, PhotosFromADOnly and AllPhotos (OIP docs)

    Once off the main UI looks like this: