Home » Posts tagged 'lync 2013'

Tag Archives: lync 2013

Skype for Business Prevent Automatic Client Sign in on Common Area Computers

I came across an interesting scenario today where there was a requirement to prevent the Skype for Business client from automatically signing back in using the previous credentials entered. For computers that are used in public or common areas, users who use the Skype for Business client application for conferences etc would have to manually sign out of the client and delete their sign in information in order for the next user to use the device using their own credentials.

An interesting “feature” of the Skype for Business application is that even if you click “Delete my Sign-In Info” link it doesn’t actually prevent Skype for Business attempting to sign back in on next logon with the previous credentials, especially if the previous user has ticked the “Remember Password” option.

Looking into the workload for the client I decided to take a registry snapshot before and after the “Delete my sign-in info” link was clicked. Comparing the registry between before and after displayed 94 entries that had been deleted or modified in some way.

Interestingly, although when delete my sign in info was executed the default sign in address was still the previous user.


Understanding Skype for Business Normalizations and Regular Expressions

If you are like me, then understanding normalization rules can be challenging if you don’t quite fully understand the syntax. For the longest time I thought the syntax was written by some Mayan tribe and often relied on intelligent tools or regex libraries online to grab the rules I wanted. Then one night, I was lying in bed and the penny dropped and now while I do not profess to be an expert in regex I now know enough to get through normalisation rules in Skype for Business and wanted to share what little knowledge I have with you.

There are many websites out there that try to explain regex in the simplest and most difficult terms. For me, I do not need to understand character normalisation, just number, so that should be simple right?

Let’s strip back the basics of what we need to understand to formulate an E.164 number for Skype for Business

  • We need to be able add + to the beginning of every dialled number
  • We need to be able to drop all leading 0 (zeroes) from dialled numbers
  • We need to be able to translate local subscriber numbers into full e.164 numbers
  • We need to translate internal extension numbers into full Telephone URIs
  • We need to translate international numbers
  • We need to exclude emergency numbers from any normalisation


Skype for Business Client ADMX Group Policy Template

Over the weekend, I decided to “improve” the Office 2013 ADMX template for Skype for Business client. Having deployed Skype for Business server for a few customers there are certain end user experience requirements that could not be delivered using the standard ADMX provided by Microsoft. To avoid the worry of pushing out settings using batch files and registry imports which at the best of times can have its own unique problems, I thought why not give an ADMX a shot?

With that in mind, I decided rather than to start from scratch with my own ADMX, I would use the Office 2013 ADMX as a baseline.

Although, the improvements are by no means ground breaking it lifts the complexity of some of the common questions posed by end users and even some business compliance requirements. Hopefully, someone will find them useful 🙂

I should probably point out here, that this ADMX is not supported by Microsoft, but I have tested this on several machines and had no catastrophic problems. Enter the usual disclaimer: Use at your own risk!


Demystifying Migrations Strategies from Lync to Skype for Business

I was tweeted the other day from a follower about how to migrate to Skype for Business from Lync 2013 and further searching social media it seems that us Skype for Business consultants / experts or enthusiasts have blogged with all excitement about the new in place upgrade method and somehow, other migration strategies have perhaps been lost in all the hype. Therefore, I thought I would write a quick post on the other migration strategies you can adopt and not talk about in place upgrade at all from this point on.

If you are considering migrating from your existing Lync deployment to Skype for Business then you must consider the precursor environmental requirements before committing yourself.

It should be with no surprise that Microsoft have indeed allowed N -2 native compatibility with Skype for Business. This means you can perform a migration to Skype for Business if you are currently running  Lync 2010 or Lync 2013 within your domain. Native means, that you must not have a mixture of OCS 2007 servers in your OCS 2007 R2 topology, no OCS 2007 R2 servers in your Lync 2010 topology and no Lync 2010 servers in your Lync 2013 topology. All servers in your topology must be running the same version of Lync throughout.


Configuring Loadbalancer.org appliances as Reverse Proxy for Skype for Business

I wanted to share this configuration guide with you as I have never come across these load balancers before. A customer of mine had already purchased licences for these load balancers and wanted to leverage their capabilities as a reverse proxy for Skype for Business. Firstly, a quick search on technet revealed that these are not certified reverse proxy appliances, so I was a bit dubious as to whether these would actually do the job. In fact even KEMPs have been taken off the list. Currently there are only 2 reverse proxies that have gone through the certification process and these are; Big IP’s F5 and of course Microsoft Web Application Proxy (reference: https://technet.microsoft.com/en-us/office/dn947483). Looking through the history of Skype for Business, knowing it is almost an R2 of Lync 2013, I looked up ync 2013 certified hardware. Loadbalancer.org appliances are certified for Load Balancing of Lync 2013, but not for reverse proxy (reference: https://technet.microsoft.com/en-us/office/dn788945.aspx).

Armed with this, I promised the customer nothing, and made them aware that it may work, and if not then we have to perhaps consider KEMP’s free VLM instead. Anyway, it appears that these appliances can be used for reverse proxy requests for Skype for Business.


Skype for Business Server 2015 in-place Upgrade – Gotchas so far

I am currently in the process of performing an in-place upgrade from Lync 2013 Standard Edition to Skype for Business Standard Edition in my lab. Here is what I have come across so far.

Gotcha #1: If your Lync 2013 SE Front-end is running on SQL Server 2012 RTM (default) then you need to patch this to at least SP1. I recommend SP2


You must first stop all Lync 2013 services (Stop-CsWindowsService)

You can then upgrade all instances of SQL in one go by using this command line

SQLEXPR_X64.exe /Action=Patch /AllInstances /IAcceptSQLServerLicenseTerms

Once SQL has been patched you can then begin your in-place upgrade

Gotcha #2: You must ensure that your Lync 2013 services are stopped on the Lync 2013 SE Front-end before running the in-place upgrade or it will fail

Gotcha #3: You must ensure that your Lync 2013 FE server has at least 32GB free storage on the installation volume or it will fail

Gotcha #4: You must install Skype for Business Management Tools to a server that has no Lync 2013 management tools on to upgrade the topology

Gotcha #5: Upgrading Edge Servers in-place require .Net Framework 3.5 Feature to be installed

Gotcha #6: Upgrading Edge Servers in-place require SQL 2012 SP1 or above patched to RTCLOCAL

Gotcha #7: Upgrading Director Servers in-place require SQL 2012 SP1 or above patched to RTCLOCAL

Gotcha #8: There is no in place upgrade path for Survivable Branch Servers. These must be re-deployed side by side

Skype for Business: Hardening The Backend Databases

We all know that Lync uses SQL server to store it’s backend databases such as the Central Management Store. However, do we pay much attention as to how the Lync Front End servers connect to the database? Let’s look at a scenario.

You have 3 front end enterprise edition servers in a single pool. You are using SQL server 2012 as a backend database server for the Lync databases. This SQL server has multiple instances running other LoB applications. The installation of SQL was completed only accepting the default settings from the SQL installer.

So what security implications does this have on your SQL estate? To begin with SQL will use the static TCP port of 1433 to allow external connections access to the default instance (usually MSSQL) and TCP port 1434 for the SQL Browser service. The SQL browser service is used to allow connections to databases from external clients to other instances on the same SQL server that use dynamic ports. This means the client does not need to know which port the SQL server has assigned to the backend database and therefore only requires the SQL server name or IP address and the name of the SQL instance to target. Using dynamic ports also means that your machine firewall is perhaps not as effective as it should be as you have to allow the high end ports between 49152 and 65535 through the firewall to cater for your SQL instances using dynamic ports.


Lync 2013 Failed to Publish Topology ACL Error on File Share

While publishing the first topology, you may get an error when the topology builder attempts to enable to topology. Looking at the error it seems to suggest that the install cannot read the permissions on the Lync file share. In order to resolve this edit the file sharing permissions and add in the following groups giving them full control permissions to the share

  • RTCHS Universal Services
  • RTC Component Universal Services
  • RTC Universal Server Admins
  • RTC Universal Config Replicator

Re-publish the topology.

Configuring DHCP Options for Lync Phone Edition Manually

I came across a weird issue on a client site where the dhcputil script did not apply all the options required for Lync Phone Edition devices to connect to Lync. In order to get around this problem I had to create the DHCP Options manually.

To do this you still need to run dhcputil.exe file in order to gather the binary string for each MSUCClient option.


Set Client PIN Numbers in Lync

This script will set the Lync users client PIN numbers and then email them the extension numbers and PINs.

First you need to create a CSV file with 3 columns. They should read:

  1. Username
  2. Extension
  3. PIN

You can export the usernames and Extensions from Lync using powershell to CSV

Get-CsUser | Select SamAccountName,LineUri | Export-Csv -Path C:\Lyncusers.csv -NoTypeInformation

You will need to perform some excel wizardry to remove the DDI numbers to just display the extension

Then use an excel formula to create unique and random numbers to adhere to your PIN Policy in Lync (default is 5). Please use this link to help you http://www.listendata.com/2013/02/excel-generating-unique-random-numbers.html

Once you have your CSV formed like
Username     Extension     PIN

User1              400                35798
User2             401                 58972

Save it as a CSV called ClientPinNumbers.csv

Copy this file to your Lync Front End Server

Then Edit and Copy this powershell script and save it to the same directory as the CSV file on the Lync Front End

#Script to set users Pin Numbers and email them from Csv
Import-module lync
Import-module ActiveDirectory
$domain = Get-ADDomain 
$mailserver = "mail.domain.co.uk"
$from = "lyncserver@domain.co.uk"
$subject = "Lync Phone PIN Number"
$csv = Import-Csv -Path "clientpinNumbers.csv" -Delimiter "," 
ForEach ($user in $csv){
        $testuser = Get-csUser -Identity $user.Username -ErrorAction SilentlyContinue
        Set-CsClientPin -Identity "$($domain.NetBIOSName)\$($user.Username)" -Pin $user.Pin
        Send-MailMessage -To "$($user.Username)@$($domain.DNSRoot)" -From $from -Subject $subject -BodyAsHtml `
        "<strong>Your Lync Phone Edition PIN</strong><p>Hello $($user.Username), </p><p>Your Extension Number is: `
        $($user.Extension)</p><p>Your PIN is: $($user.PIN)</p><p>Please keep this secure and safe</p>" -SmtpServer $mailserver
        Write-Host "User is not Lync Enabled"

Replace domain.com with your internal domain name

Run this script from Windows Powershell. The email that is sent to the user will look like this



%d bloggers like this: