Lync 2013 LHPv2 Dialin Simple Url rewrite issue

Greetings people

As per the documentation here we can provision tenant Simple Meet URLs by the addition of the tenants SIP domains appended on to the Hosters primary SIP one.

The LHP code supports the provisioning of Tenant meet simple urls by performing the following:

https://meet.hostedprovidersSIPdomain.com/tenants_domain/meet

You can see this in the LHP deployment guide.

However it doesn't support the same method for the dialin simple url.

This appears to follow the previous guidance when performing multi-tenancy with Lync 2010 Enterprise.

However if you put in the dialin url as for example https://dialin.hostedprovidersSIPdomain.com and publish the topology (this is the default behaviour!), at no point is an IIS url rewrite rule created to forward the domain to

https://dialin.hostedprovidersSIPdomain.com/dialin

(Note that the code appears to still provide references to the BETA of Lync Online, this obviously wasn't cleared up for the RTM release)

LHP code doesn't add the rule in. Here's my screenshot from IIS, my Lab is under hslab2.net:

You can clear see the re-write rules for the Meet url. There's not one ever written for Dialin.

So how can we work around this issue?

What I have done to work around this is to publish the Dialin simple url in the topology builder as https://dialin.hostedprovidersSIPdomain.com/dialin

See here:

This then works around the problem, and all Lync tenants will have https://dialin.hostedprovidersSIPdomain.com/dialin as their phone access url when creating a Lync online meeting in Outlook.

Be sure once you make this change (or any other for a Simple URL) you run Enable-CsComputer on your Lync Front Ends and Directors if you are using them.

I have raised this to Microsoft and I am in the middle of pushing this as a bug, and I hope they will update their documentation in the mean time to be more specific around the Dialin simple URL.

 I will have more articles available on Microsoft Lync 2013 LHPv2 soon.

Take care people,

Oliver Moazzezi - MVP Exchange Server

Grab the Lync 2013 LHPv2 deployment documentation from Microsoft

Microsoft have release the Lync Hosting Pack version 2, based on Microsoft Lync 2013. It is formally known as Lync 2013 LHPv2.

Grab the deployment guide here

Oliver Moazzezi - MVP Exchange Server

An error occured: "System.IO.InvalidDataException" "Multiple Active Directory entries were found for type "ms-RTC-SIP-TrustedService"

A strange issue happened recently with Lync 2013 LHPv2 (Lync Online – Lync Hosting Pack) – however it also appeared to affect Lync 2010 and Lync 2013 Standard and Enterprise editions also after going through all questions on the internet around it and no apparent resolution.

I was getting this error upon trying to publish the Topology as shown here:

If I tried to remove the Trusted Application from the Topology Builder and re-publish I still got:

And using Remove-CsTrustedApplication prior to removing the Trusted Service from the Topology gave me the same error too:

Browsing to a Domain Controller and going to Configuration Container | Services | RTC Service | Trusted Services, I could see multiple entries for the Trusted Application Server – backing up the error both from the shell and when trying to publish the Topology.

So to resolve the issue I needed to ensure just the one was present. This would allow me to fix the issue but alas doesn't tell me why the hell I had this issue in the first place – seemingly 2 weeks after the Trusted Application Server was published into the Topology - a Lync Watcher node in this case.

Being wary of removing the duplicate – and also worried the GUID may very well be linked back to the XDS database, I simply renamed one – allowing me to easily test, with a fail back by renaming it back to it's previous state.

So did this resolve the issue? I tried using Remove-CsTrustedApplication again:

And bingo it removed it.

Now I want to clean up the Topology Builder by removing the Trusted Application from the Topology and re-publishing. I simply don't trust what is there. So I want to get back to a verified Topology state and then I can add the Trusted Application back at a later date.

So I remove the Trusted application, publish the Topology and..

Bingo. It fixed the issue.

However we still have the issue of the renamed object in AD under Configuration Container | Services | RTC Service | Trusted Services

Lets get back there, confirm the remaining object that was not renamed is removed, and then let's remove the renamed duplicate.

I refreshed the view and confirmed the un-altered object was indeed deleted. I then simply deleted the renamed duplicate:

In all instances when dealing with this issue, make sure you have backups of your Lync Topology and back up Active Directory prior to making these kind of hard deletes.

I hope this helps all people with this issue and there's finally a how-to now on the Internet for it.

Take care people,

Oliver Moazzezi - MVP Exchange Server

Lync 2013 LHPv2 supported features

I thought this would be a useful comparison to compare Lync 2013 LHPv2 supported features compared to its predecessor Lync 2010 LHPv1.

The biggest win from a customer standpoint is Lync IP Phones and true VOIP mobility with the Lync 2013 Mobility Apps for Android, iOS and Windows Phone.

 

Feature	Lync Server 2013 Hosting Pack
Presence
1 to 1 and multi-party IM/Presence	Yes
Contacts list	Yes
Address Book Service Web Query service	Yes
Distribution List Expansion protocol (DLX)	Yes
Instant Messaging (IM)
Point-to-point IM	Yes
Multiparty/Group IM	Yes
Persistent Chat	No
PC to PC audio/video dial out calling	Yes
File transfer	Yes
Mobile VoIP to PC audio	Yes
Click to communicate from Office apps	Yes
Interactive contact card in Office 2010 and Office 2013	Yes
Lync skill search in SharePoint Server (on-premises)	Yes
Lync skill search in SharePoint Online	No
Privacy mode	No
Client Support
Lync Client 2010 and Lync Client 2013	Yes
Web app for joining scheduled meetings	Yes
Rich attendee client (joining meetings)	Yes
Mac attendee client	Yes
CWA (2007 R2)	No
OC 2007 R2	No
Lync phone edition (Lync-based IP phones)	No
	Support expected in a future release
Lync Attendant client (receptionist rich client)	Yes
	Lync Server 2010 version
Communicator Mobile (Windows Phone 6.x)	No
Lync Mobile	Yes
Lync desktop client	Yes
Mac Messenger	Yes
Attendee (meeting only)	Yes
Lync Mobile clients	Yes
(for Android, Windows Phone, iPhone)	(If provisioned)
Conferencing and Online Meetings
Meeting attendee capacity	250
Point-to-point audio/video	Yes
Video conferencing over IP	Yes
Audio conferencing over IP only	Yes
Meeting recording	Yes
Registration	No
Public Events page	No
Customer branding	No
Customer invitations	No
Managed Q&A	No
Virtual breakout rooms	No
Easy Assist	No
Desktop sharing	Yes
Application sharing	Yes
White boarding and annotation	Yes
Office document upload	No
PowerPoint upload	Yes
Polling	Yes
Unauthenticated in Web App (reach)	Yes
Unauthenticated attendee (rich client)	Yes
Scheduled conferences using Outlook plugin	Yes
Round table support	Yes
Lobby	Yes
Integration with select partners for PSTN audio conferencing (ACP)	Yes
Provisioning for approved ACP partners for Office 365 customers	No
Scheduling an online meeting in OWA	Yes
Client side recording and playback	Yes
Cloud side recording and playback	No
Authenticated experience in Web app (reach)	No
Generate a link to a scheduled meeting via web page	Yes
PSTN audio conferencing in MCUs	Yes
	via audio conferencing provider
1:1 Chat	Yes
Backstage/Content Preview for Presenters	Yes
Mute / Unmute all attendees	Yes
Mute / Unmute individual attendees	Yes
In-meeting Attendee Permission Controls	Yes
Interoperability with on-premises video conferencing systems	Yes
	via 3rd party
Multimedia, JPEG, Text Page, Web Page,	Yes
Screen snapshot (Desktop Annotation)
PSTN dial-out from scheduled meetings	Yes
	via audio conferencing provider
Ad-hoc audio dial-out conferencing	Yes
	VoIP via SIP Trunk
“Meet now” audio dial-out conferencing	Yes
	via audio conferencing provider
Scheduled audio dial-out conferencing	Yes
	via audio conferencing provider
Sharing
Point-to-point/multiparty data conference (white boarding)	Yes
Point-to-point/multiparty file share	Yes
Point-to-point/multiparty desktop and application sharing	Yes
Point-to-point/multiparty Microsoft PowerPoint® slide sharing	Yes
Polling	Yes
Integration
Microsoft Outlook integration for IM, presence, calendar	Yes
(with users on the same hosting partner)
Microsoft SharePoint® integration for IM, presence	Yes
(with users on the same hosting partner)
Public IM Connectivity and Federation
Inter-tenant federation	Yes
Federation with Extensible Messaging and Presence Protocol (XMPP)	No
IM/P/A/V Federation with Office Communications Server,	Yes
Lync Server, Lync Online
IM/P/A/V with Windows Live Messenger / Skype	Yes
IM/P and voice with Skype	Yes
Public IM connectivity and presence	No
AOL®, Yahoo!®, Windows Live
IBM Sametime federation	No
Calling features
Public switched telephone network (PSTN) calling via Lync	Yes
incoming and outgoing
Ad-hoc PSTN dial-out for meetings	No
Call controls	Yes
hold, transfer, forward, simultaneous ring
Voice policies	Yes
Access to Exchange Online voice mail	No
Team call	Yes
Delegation (boss-admin) for Voice	No
Call park	No
Outgoing DID manipulation	No
E-911	No
Dial plans & Policies	No
IP desk phone support	Yes
Resilient Branch Office Appliance	No
Call Admissions Control (CAC)	No
Support for Analog devices (e.g. FAX)	No
Response groups	Yes
	via 3rd party
Private Line (secondary DID for execs)	No
Direct connectivity with PBX via gateways	Yes
Direct SIP for audio with on-premises IP-PBXs	Yes
Direct SIP for signaling (presence updates) with on-premises IP-PBX	Yes
RCC (click-to-call) with on-premises PBX	No
Malicious call trace	No
Unassigned Number	No
Network QoS – DSCP	No
Media path optimization	No
Phone number management	No
CDR & billing reporting	Yes
Integration with call center solutions (Aspect)	Yes
Team call	YES
Delegation	Yes
Private line (secondary Direct Inward Dialing (DID))	No
Call park	No
Outgoing DID manipulation	No
Voice features
Private dial plans	No
Hosted Exchange Unified Messaging (UM) for voice mail	Yes
ACP Integration with select carriers	Yes
'Voice integration with select carriers	Yes
Security and Archiving
IM & media encryption	Yes
IM filtering	Yes
Anti-malware scanning for meeting content and file transfers	Yes
IM archiving (server side)	Yes
SharePoint and Exchange Co-existence
Presence Integration with Exchange/SP on-premises	Yes
Presence integration with Exchange/SP online	Yes
On-premise UM integration with Exchange Online	No
UM integration with Exchange on-premises	Yes
Hybrid with Lync Online
Server/cloud co-existence (split domain) on user basis (some users on-premises, some users online)	No
Splitting workloads (eg. Voice on-premises, IM&P in the cloud)	No
Administration and Manageability
Windows PowerShell support	Yes
Lync Server Control Panel UI	No
Feature Configurability Per User	Yes
Attendee/User Reporting	No
Reporting (CDR, QoE)	Yes
Support for 3rd party applications
Client automation APIs (client side)	Yes
Server side APIs	Yes
Support
Tenant User support	No
IT Support	Yes

 Take care,


Oliver Moazzezi - MVP Exchange Server

 

Customizing Role Assignment Policies for multi-tenants in Exchange Server 2013: Gal Pictures

When dealing with multi-tenants in Exchange Server 2013 (RTM and CU1) with a Hosting Control Panel that can only feed data into Exchange, rather than taking data back out of it to back-fill the Portal we have to lock down certain elements to only allow a customer to edit certain aspects via their desginated Panel Provider.

 

Take Exchange 2013, by default in most multi-tenant Hosting Orgs “MyContactInformation”, “MyPersonalInformation”, “MyMobileInformation” and “MyAddressInformation” and disabled, only allowing a tenant to configure this from the Hosting Control Panel.

 

The biggest issue this presents is that this means a user cannot change their Photo within OWA, as this is locked into “MyContactInformation”

 

 

1. A user cannot change their picture and thus it is empty, giving an unfulling experience in Outlook, OWA and Lync.

 

 

 

2. The logged in user can’t change their picture

 

 

3. Additionally other information is locked down also

 

 

 

So if we log into the EAC we can see this is because the Default Role Assignment Policy has “MyContactInformation”, “MyPersonalInformation”, “MyMobileInformation” and “MyAddressInformation” disabled. Standard practice in nearly all Enterprise Hosting environments.

 

 

 

So how can we keep this aspect locked down, allowing co-existence with a Control Panel but allowing tenants to actually upload pictures to get a more fulfilling experience?

 

Let takes a look at the Management Roles in question in PowerShell. We can do this simply by using “Get-ManagementRole”

 

 

So we can see above that “MyContactInformation” owns “Set-UserPhoto”, “Remove-UserPhoto” and “Get-UserPhoto”. We can take this built in Management Role and create a custom one from it, to allow pictures to be uploaded and used.

 

 

Let’s create a new Management Role using “New-ManagementRole”. We’ll call it “Oliver Test” and create it from the parent “MyContactInformation”

 

 

 

Now if I view this new Management Role I can see it has all the cmdlets from the parent.

 

 

 

I can now start to customise it by removing certain cmdlet elements. You can see I am using “Get-MangementRoleEntry”, specifing the cmdlet I do not want, and then removing it with “Remove-ManagementRoleEntry”

 

 

Once I have cleaned up my Management Role “Oliver Test”, let’s look at what I have left. You can see I now have just the cmdlets needed to allow photos to be uploaded and removed and edited if desired.

 

 

Logging back into the EAC I can now see this new Management Role under the Default Role Assignment Policy. I check it to enable it.

 

 

Logging back into my tenant user I am now able to change my photo, allowing picture integration into Outlook, OWA and Lync.

 

 

 

Checking the rest of my details you can see as before I cannot edit them, keeping the unity of your Hosting Control Panel which should control these settings.

 

 

 

Finally let’s log into OWA and Lync and see the new experience!

 

 

 

I hope this helps Hosters to integrate pictures into Exchange 2013 Enterprise. I will look to push a new blog out in a few weeks for managing different Role Assignments Policies per tenant in Exchange 2013 Enterprise.

 

Have a great week!

 

Take care!

 

Oliver Moazzezi - MVP Exchange Server