Pleasant work
Hareli Dudaei
Microsoft Architect
1
Table of Contents
Preliminary knowledge: ........................................................................................................................ 3
Connection ........................................................................................................................................... 3
Lync topology Builder ........................................................................................................................... 4
The control panel ................................................................................................................................. 7
users .................................................................................................................................................... 8
Enable or Disable Users for Lync Server 2013 ..................................................................................... 12
Managing Computers in Your Topology............................................................................................... 13
Federation and External Access .......................................................................................................... 17
Enable or Disable External User Access for Your Organization ............................................................. 17
Enable or Disable Federation for Your Organization ............................................................................ 19
CALL ADMISSION CONTROL............................................................................................................... 22
Enabling Media Bypass ....................................................................................................................... 23
Configuring Location Policy ................................................................................................................. 24
Configuring Bandwidth Policy Profile ................................................................................................... 28
Get-CsMediaConfiguration .................................................................................................................. 29
New-CsMediaConfiguration ................................................................................................................. 32
Set-CsMediaConfiguration................................................................................................................... 37
Remove-CsMediaConfiguration ........................................................................................................... 41
Register RMX to Lync 2013 ................................................................................................................. 44
Configure RMX FQDN in the DNS:....................................................................................................... 44
Configure RMX static route and trusted application - Power Shell: ...................................................... 46
Create RMX Certificate: ...................................................................................................................... 47
Setting the RMX for the Lync 2013: .................................................................................................... 50
Import RMX Certificate to the RMX ..................................................................................................... 54
Using Centralized Logging Service in Lync Server 2013 ....................................................................... 58
2
PRELIMINARY KNOWLEDGE:
Active directory
CONNECTION
We run mstsc (open the RDP)and remote the server.
Enter the IP address and after first connection enter user and password under the right Domain.
Welcome to Lync server (Front End)
As you can see we run the application server on Windows 2008R2 sp1.
Get to start->programs-> Microsoft Lync server 2013
What we have:
Control panel – (run under https, https://admin.(domain.com)/cscp) must install silver light.
3
The Control panel is a GUI interface that gives you almost everything that you need for Dailey
maintenance.
Lync server management shell - is Lync power shell.
Lync server Topology Builder – is Lync topology manager.
LYNC TOPOLOGY BUILDER
We will start with the topology Builder
The Topology Builder -> allocation servers to resources and publish to Lync DB.
When we open the TB he will ask us to download the topology from the DB
After downloading, we will need to save the topology.
4
5
What we see:
Enterprise Pool, the Servers under the Pool.
Mediation pool / servers.
Edge pool / servers.
Trusted application, (RMX etc')
SQL servers, File store, and the Office web application servers (WAC).
To understand the topology builder please see:
http://technet.microsoft.com/en-us/lync/gg430649
6
THE CONTROL PANEL
Open the control panel,
Enter user and password, (if you get error please contact the system admin)
7
USERS
Find users,
8
Enable users
Click on enable users
You will get the "new Lync server user"
Click on add
9
Find user or users
10
Assign users to a pool,
Use UPN for the sip address.
Telephone, is we want to give the user enterprise voice (Line)
And click enable
11
ENABLE OR DISABLE USERS FOR LYNC SERVER 2013
After enabling a user account in Active Directory Users and Computers, you can use the following
procedures to enable a new user for Microsoft Lync Server 2013 or disable a previously enabled user
account in Lync Server 2013 without losing the Lync Server 2013 settings that you configured for the
user account. Because you do not lose the Lync Server 2013 user account settings, you can re-enable a
previously enabled user account again without having to reconfigure the user account.
To enable a user account for Lync Server
1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator
role, log on to any computer in your internal deployment.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
3. In the left navigation bar, click Users.
4. In the Search users box, type all or the first portion of the display name, first name, last name,
Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource
Identifier (URI) of the user account that you want to enable, and then click Find.
5. In the table, click the user account that you want to enable.
6. On the Edit menu, click Modify.
7. In Edit Lync Server User, select the Enabled for Lync Server check box, and then click
Commit.
To disable or re-enable a previously enabled user account for Lync Server
1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator
role, log on to any computer in your internal deployment.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
3. In the left navigation bar, click Users.
4. In the Search users box, type all or the first portion of the display name, first name, last name,
Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource
Identifier (URI) of the user account that you want to disable or re-enable, and then click Find.
5. In the table, click the user account that you want to disable or re-enable.
6. On the Action menu, do one of the following:
To temporarily disable the user account for Lync Server 2013, click Temporarily disable
for Lync Server.
To enable the user account for Lync Server 2013, click Re-enable for Lync Server.
12
MANAGING COMPUTERS IN YOUR TOPOLOGY
Topics in this section provide step-by-step procedures for tasks you can perform using the Topology
page in Lync Server Control Panel.
View a List of Computers Running Lync Server 2013
You can use Lync Server 2013 Control Panel to view a list of all the computers that are running Lync
Server 2013 in your topology and see the service status of each. You can sort the list by computer, pool,
or site.
To view a list of computers running Lync Server
1. From a user account that is assigned to any of the predefined administrative roles for Lync
Server 2013, log on to any computer in your internal deployment. For details about the
predefined administrative roles available in Lync Server 2013, see Role-Based Access Control.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
3. In the left navigation bar, click Topology and then click Status.
13
4. On the Status page, do any of the following as needed:
Sort the list by clicking the Computer, Pool, or Site column heading, and then clicking the
up arrow or the down arrow.
Click Refresh to view the most up-to-date list.
Search for a specific computer by typing the computer name in the search field.
View the Status of Services Running on a Computer
You can use Lync Server Control Panel to view all the services that are running on a specific computer in
your Lync Server 2013 topology and see the status of each service.
To view the status of services running on a computer
1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
2. In the left navigation bar, click Topology.
3. On the Status page, sort or search the list as needed to find the computer you are interested in
and then click the computer name.
4. Do any of the following:
To see the latest status of services running on the computer, click Get service status.
To see a list of specific services running on the computer and the status of each service,
click Properties and then click Close to return to the list.
View Details About a Service
You can use Lync Server Control Panel to view details about each service that is running on a specific
computer in your topology. You can view the status of each service and details such as the associated
databases, ports, and dependent services.
To view details for a service
1. From a user account that is assigned to any of the predefined administrative roles for Lync
Server 2013, log on to any computer in your internal deployment. For details about the
predefined administrative roles available in Lync Server 2013, see Role-Based Access Control.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
3. In the left navigation bar, click Topology and then click Status.
4. In the Status page, sort or search through the list and then click the computer that you want to
view.
5. Click Properties.
6. In the View Computer Detail window, sort the list of services, if necessary, and click the
14
service you want to view.
7. Do any of the following as needed:
To see the latest status of that specific service, click Get service status.
To see the details for that specific service, click Properties and then click Close.
To return to the list of all computers in your topology, click Close.
Start or Stop Lync Server 2013 Services
You can use Lync Server Control Panel to start or stop all the Lync Server 2013 services running on a
specific computer or to start or stop a specific Lync Server 2013 service.
To start or stop all Lync Server services on a computer
1. From a user account that is a member of the RTCUniversalServerAdmins group (or has
equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on
to any computer that is in the network in which you deployed Lync Server 2013.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
3. In the left navigation bar, click Topology and then click Status.
4. On the Status page, sort or search through the list as needed to find the computer that is
running the services you want to start or stop, and then click it.
5. Click Action.
6. Click Start All services or Stop All services.
To start or stop a specific service
1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator
role, log on to any computer in your internal deployment.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
3. In the left navigation bar, click Topology and then click Status.
4. On the Status page, sort or search through the list as needed to find the computer that is
running the service you want to start or stop, and then click it.
5. Click Properties.
6. Sort the list of services, if necessary, and click the service you want to start or stop.
7. Click Action.
8. Click Start service or Stop service.
9. Click Close.
15
Prevent Sessions for Services
You can use Microsoft Lync Server 2013 Control Panel to prevent new sessions for all the Lync Server
2013 services running on a specific computer or to prevent new sessions for a specific Lync Server 2013
service.
To prevent new sessions for all Lync Server services on a computer
1. From a user account that is a member of the RTCUniversalServerAdmins group (or has
equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on
to any computer that is in the network in which you deployed Lync Server 2013.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
3. In the left navigation bar, click Topology and then click Status.
4. On the Status page, sort or search through the list as needed to find the computer that is
running the services for which you want to prevent new sessions, and then click it.
5. Click Action.
6. Click Prevent new sessions for all services.
To prevent new sessions for a specific service
1. From a user account that is a member of the RTCUniversalServerAdmins group (or has
equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on
to any computer that is in the network in which you deployed Lync Server 2013.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel.
3. In the left navigation bar, click Topology and then click Status.
4. On the Status page, sort or search through the list as needed to find the computer that is
running the service you want to start or stop, and then click it.
5. Click Properties.
6. Sort the list of services, if necessary, and click the service for which you want to prevent new
sessions.
7. Click Action.
8. Click Prevent new sessions for service.
9. Click Close.
16
FEDERATION AND EXTERNAL ACCESS
ENABLE OR DISABLE EXTERNAL USER ACCESS FOR YOUR ORGANIZATION
After deploying one or more Edge Servers, you must enable the specific types of external user access to
be supported for your organization. This includes the following types of external user access:
Remote user access Enable this if you want users in your organization who are outside your
firewall, such as telecommuters and users who are traveling, to be able to connect to Lync Server
2013.
Federation Enable this if you want to support access by users of federated partner domains, users
of public IM service providers, or both.
Anonymous user access Enable this if you want internal users to be able to invite anonymous
users to their conferences.
17
Note:
In addition to enabling external user access support, you must also configure policies to control
the use of external user access in your organization before any type of external user access is
available to users.
Enable or Disable Remote User Access for Your Organization
Remote users are users in your organization who have a persistent Active Directory identity within the
organization. Remote users often sign in to Lync Server your network from outside the firewall by using a
virtual private network (VPN) when they are not connected internally to your organization’s network.
Remote users include employees working at home or on the road and other remote workers, such as
trusted vendors, who have been granted enterprise credentials. If you enable remote user access for
remote users, supported remote users do not have to connect using a VPN in order to collaborate with
internal users using Lync Server 2013.
To support remote user access, you must enable it. When you enable it, you enable it for your entire
organization. If you later want to temporarily or permanently prevent remote user access, you can
disable it for your organization. Use the procedure in this section to enable or disable remote user access
for your organization.
Note:
Enabling remote user access only specifies that your servers running the Access Edge service
support communications with remote users, but remote users cannot participate in instant
messaging (IM) or conferences in your organization until you also configure at least one policy to
manage the use of remote user access
To enable or disable remote user access for your organization
1. From a user account that is a member of the RTCUniversalServerAdmins group (or has
equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in
your internal deployment.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
For details about the different methods you can use to start Lync Server Control Panel, see
Open Lync Server Administrative Tools.
3. In the left navigation bar, click External User Access, and then click Access Edge
Configuration.
4. On the Access Edge Configuration page, click Global, click Edit, and then click Show
details.
5. In Edit Access Edge Configuration, do one of the following:
To enable remote user access for your organization, select the Enable remote user
access check box.
To disable remote user access for your organization, clear the Enable remote user access
check box.
6. Click Commit.
To enable remote users to sign in to your servers running Lync Server 2013, you must also
18
configure at least one external access policy to support remote user access.
ENABLE OR DISABLE FEDERATION FOR YOUR ORGANIZATION
Support for federation is required to enable users who have an account with a trusted customer or
partner organization, including partner domains and users of public instant messaging (IM) provider users
that you support, to collaborate with users in your organization. Federation is also required to use a
hosted Exchange service provider to provide voice mail to Enterprise Voice users whose mailboxes are
located on a hosted Exchange service such as Microsoft Exchange Online. When you have established a
trust relationship with such external domains, you can authorize users in those domains to access your
deployment and participate in Lync Server communications. This trust relationship is called federation and
it is not related to or dependent upon an Active Directory trust relationship.
To support access by users of federated domains, you must enable federation. If you enable federation
for your organization, you must also specify whether to implement the following options:
Enable partner domain discovery. If you enable this option, Lync Server 2013 uses Domain Name
System (DNS) records to try to discover domains not listed in the allowed domains list, automatically
evaluating incoming traffic from discovered federated partners and limiting or blocking that traffic
based on trust level, amount of traffic, and administrator settings. If you do not select this option,
federated user access is enabled only for users in the domains that you include on the allowed
domains list. Whether or not you select this option, you can specify that individual domains to be
blocked or allowed, including restricting access to specific servers running the Access Edge service in
the federated domain.
Send an archiving disclaimer to federated partners to advise them that communications are recorded.
If you support archiving of external communications with federated partner domains, you should
enable the archiving disclaimer notification to warn partners that their messages are being archived.
If you later want to temporarily or permanently prevent access by users of federated domains, you can
disable federation for your organization. Use the procedure in this section to enable or disable federated
user access for your organization, including specifying the appropriate federation options to be supported
for your organization.
Note:
Enabling federation for your organization only specifies that your servers running the Access
Edge service support routing to federated domains. Users in federated domains cannot
participate in IM or conferences in your organization until you also configure at least one policy to
support federated user access. Users of public IM service providers cannot participate in IM or
conferences in your organization until you also configure at least one policy to support public IM
connectivity. Lync Server cannot use a hosted Exchange service to provide call answering,
Outlook Voice Access (including voice mail), or auto-attendant services for users whose
mailboxes are located on a hosted Exchange service until you configure a hosted voice mail
policy that provides routing information. For details about configuring policies for communication
with users of federated domains in other organizations, see Manage Federated Partner User
Access in the Deployment documentation or the Operations documentation. Additionally, if you
19
want to support communication with users of IM service providers, you must configure policies to
support it and also configure support for the individual service providers that you want to support.
To enable or disable federated user access for your organization
1. From a user account that is a member of the RTCUniversalServerAdmins group (or has
equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in
your internal deployment.
2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel.
3. In the left navigation bar, click External User Access, and then click Access Edge
Configuration.
4. On the Access Edge Configuration page, click Global, click Edit, and then click Show
details.
5. In Edit Access Edge Configuration, do one of the following:
To enable federated user access for your organization, select the Enable communications
with federated users check box.
To disable federated user access for your organization, clear the Enable communications
with federated users check box.
6. If you selected the Enable communications with federated users check box, do the following:
a. If you want to support automatic discovery of partner domains, select the Enable partner
domain discovery check box.
b. If your organization supports archiving of external communications, select the Send
archiving disclaimer to federated partners check box.
7. Click Commit.
To enable federated users to collaborate with users in your Lync Server 2013 deployment, you must
also configure at least one external access policy to support federated user access. For details, see
Manage Federated Partner User Access in the Deployment documentation or the Operations
documentation.
Enable or Disable Anonymous User Access for Your Organization
Anonymous users are users who do not have a user account in your organization's Active Directory
Domain Services (AD DS) or in a supported federated domain, can be invited to participate remotely in an
on-premises conference. By allowing anonymous participation in meetings you enable anonymous users
(that is, users whose identity is verified through the meeting or conference key only) to join meetings.
Allowing anonymous participation requires enabling it for your organization.
If you later want to temporarily or permanently prevent access by anonymous users, you can disable it
for your organization. Use the procedure in this section to enable or disable anonymous user access for
your organization.
20
- Xem thêm -