So now with all services started we are ready in this final part to create and enable our first Lync users but let me show you first the Lync Control Panel.

1. From the start menu open the ‘Lync Server Control Panel’

2. You will be prompted for the admin credentials as shown below,

3. Add the URL to the trusted zone and don’t forget to remove any proxy settings from your IE or bypass the admin URL

And here is the first look to the Lync CP; honestly I like the new UI!

So let’s enable our users…

1. From the Lync CP we will select Users and then click on ‘Enable Users’

2. Click Add

3. Select the users that you want to enable

4. Select the Lync pool and Under ‘Generate user’s SIP URI’ choose Use the user principal name (UPN), leave the rest on the default settings and then click on Enable.

And here are the enabled users,

Now we are ready to install our Lync client… The installation is very straight forward and there is nothing to be confused in, as you see below, it is just one page with Install

And after the installation here is the Lync client

And finally user1 is signed in to the lab

So as you see the Lync deployment is different than OCS however the way it’s designed and integrated with tools such as the planning tool and the topology builder is giving the product a strong, scalable and flexible Enterprise UC application…

Do you want to build your own Lync lab and you need guideline, I’ll post a series of four parts for a walkthrough for my lab setup and configuration over the next period… So let’s start by part 1:

The Lab environment:

• Windows 2008 R2 as the OS for Lync
• Windows 2008 R2 Active Directory (mbdomain.ad)
• 1 Lync server SE (The Standard Edition server supports IM, presence, A/V conferencing and Web conferencing)
• 1 Lync consolidated Edge server (Will be used later)
• TMG as the edge firewall and reverse proxy (Will be used later)
• Windows 2008 R2 CA standalone
• Windows 7 for the Lync client
• Remote Admin is enabled on the Lync server

So I started with preparing the base OS, so I used a Windows Server 2008 R2 VHD from my image library and run the sysprep on it (don’t ever forget to select the Generalize option to create a new SID), attached it to my Hyper-V server and joined it to the domain (only the LyncSE server since Edge will be in workgroup). Now we need to install the following components on the Lync server as a setup prerequisites:

• IIS with the below components:

• Remote Server Administration Tools (RSAT)
• Microsoft .NET Framework 3.5 with SP1

You can use the below cmdlet for ease of deploying these components

Import-module Servermanager

Add-WindowsFeature NET-Framework,RSAT-ADDS,web-server,Web-Static-Content,Web-Default-Doc,Web-Http-Errors,Web-Http-Redirect,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Http-Logging,Web-Log-Libraries,Web-Http-Tracing,Web-Windows-Auth,Web-Client-Auth,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools –Restart

• From the installation media, navigate to \Setup\amd64\SQLNCLI.EXE and install the SQL Server native client program
• MS Silverlight plug-in
• Lync planning tool (can be downloaded from the web)
• On the Lync server, I created a file share named Lyncshare. Configured the administrator account to have full rights. Configured everyone else to have read only privileges.

Now let’s see the installation process itself:

1. The Autorun will open the below IE page where I selected the install Lync Server 2010 option

2. First thing the setup prompted me to install the Microsoft Visual C++ 2008 redistributable, for sure I did

3. I accepted the default path below

4. First thing I selected the “prepare Active Directory” option

5. Run the ‘Prepare Schema’ option

6. Click on Next

7. After few min the schema extension finished successfully

8. Clicking on ‘view log’ showed the log with green status

9. Next step is ‘prepare current forest’ option

10. For the UG creation, I selected the local domain since I’m in a single domain anyway

11. Another green status

12. Now we need to prepare the current domain to set the ACEs for the UGs

13. Another green status

14. With this last step the Lync necessary groups are created in the mbdomain.ad

15. To allow access to the Lync admin control panel, manually I add the administrator account to the ‘CSAdministrator’ and the ‘RTCUniversalServerAdmins’ UG

16. After that from the setup menu I selected to deploy the topology builder

17. Next step is to prepare my SE server to host the Central Management Service with the SQL express, you can do so from the deployment wizard by clicking on ‘Prepare first standard edition server’ option

18. Another green status

Now we are ready for the deployment itself, in part 2 I’ll take you through these steps (don’t worry part 2 is almost ready for blogging)…

In part 1 of this series we went through the deployment prerequisites, prepared the servers and prepared the environment for the deployment. In this part we will go through the planning tool, topology building and the server deployment.

1. First we need to create the necessary DNS records, we need the below records:

Default SIP domain	_sipinternaltls	lyncse.mbdomain.ad
Meeting URLs	meet.mbdomain.ad	10.1.1.40
Administrative access URL	admin.mbdomain.ad	10.1.1.40
Proxy internal interface	tmg.mbdomain.ad	10.1.1.1
Phone access URL	dialin.mbdomain.ad	10.1.1.40

2. The next step will be creating a simple internal only topology using the planning tool and export it to the central store using the topology builder. Using the planning tool I selected the Getting Started option

And used the below parameters:

Audio and Video Conferencing	Yes
Dial-In Conferencing	No
Web Conferencing	Yes
Enterprise Voice	No
Call Admission Control	No
Monitoring	No
Archiving	No
Federation	No
High Availability	No
Network Connection	Shared WAN

So my Central site will look like that

3. Then in the next page I added mbdomain.ad as my SIP domain as shown below

4. For the Bandwidth capacity planning, I changed the profile to be light (it’s a labJ) and left the rest as is

5. Skip the branch office page as it’s only one central site

6. For the External user access, I selected No since I’ll build this lab with no external access then I’ll discuss enabling the external access later in another series…

7. Click Draw and here is the topology

8. Double clicking my site showed the expanded topology as below

9. Now to export our topology to the Lync topology builder where we will modify few parameters and then export the topology to the central management server… Select File, Export, Export to Topology Builder

10. We need to import the topology using the Lync topology builder. Select the ‘Open Topology from a local file’ and choose the lab topology

11. As you see there are few points that needs attention and they are marked in Red-X

12. Expand the File Stores and Edit the configuration to use the Lync Server share that we created before

13. Now we need to configure the administration URL by editing the Lync Server 2010 (RC) root object from the left hand pane, click Simple URLs, under Administrative access URL type https://admin.mbdomain.ad

14. So now you should have the below

Now with the configuration in the builder we need to publish the configuration to the management server.

15. From the Lync root object select ‘Publish Topology’

16. Select Next

17. Ensure that the pool is the correct one and then Next

18. And finish

In the next part, we will deploy a local configuration store with the published configuration in the central management store on our Lync server.

In this post I’ll list to you 30 fact and info about Lync which is totally new and different than OCS:

1. You can virtualize all topologies and we support all workloads, including Enterprise Voice to be virtualized
2. When you virtualize, Scalability is roughly 50% of the scalability offered by a Lync Server 2010 topology running only on physical servers
3. In Microsoft Lync Server 2010, A/V Conferencing service functionality, which normally runs on the Front End Server, can also run in a standalone server role called A/V Conferencing Server
4. If your site has more than 10,000 users, we recommend that you deploy a separate A/V Conferencing pool
5. Lync introduced ‘Survivable Branch Appliance’, which is a new device introduced in Lync Server 2010 that combines a PSTN gateway with a Lync Server Registrar and Mediation Server. This appliance is targeting branch offices who require telephony services in case of WAN failures with the central site
6. In the event a branch office’s WAN connection to a data center fails, the Survivable Branch Appliance provides the following voice features to users in that branch office:
   1. PSTN inbound and outbound calls
   2. Intra-site and inter-site calls
   3. Call hold, retrieve, and transfer
   4. User authentication and authorization
   5. Leaving and retrieving voicemail
   6. Call forwarding, simultaneous ringing, boss-administrator, and team calling
   7. Call Detail Recording (CDR).
   8. All two-party functionality, including instant messaging and audio-video conferencing
   9. PSTN dial-in conferencing with Conferencing Auto-Attendant
7. In Lync Server 2010, the Director is now a unique server role which you cannot home users on it
8. A Director is not designated as either a Standard Edition server or an Enterprise Edition server; it does not require any type of Microsoft Lync Server 2010 license (interesting huh)
9. Collocation of mediation with FE is recommended if you are not using SIP trunking or Direct SIP
10. New to Lync is the ‘Topology Builder’ which is a wizard-driven user interface that you use to create and edit your Microsoft Lync Server 2010 topology
11. With Microsoft Lync Server 2010, configuration data about servers and services is moved to the Central Management store. Read-only copies of the data are replicated to all servers in the topology, including Edge Servers and survivable branch appliances
12. Although most of the Lync configuration is stored in the central management store, the Active Directory Domain Services (AD DS) are still used to store basic Lync Server user information, such as the user’s SIP URI and phone number
13. The Lync Server 2010 Management Shell is a new method of administration and management
14. Lync introduces role-based access control (RBAC). Lync Server 2010 includes 11 predefined roles that cover many common administrative tasks
15. Administration console is no longer using MMC, Lync Server Control Panel replaces the MMC administrative interfaces of previous releases
16. Microsoft Lync Server 2010 introduces DNS load balancing for load balancing for SIP and media traffic (you will still need hardware LB for other traffic such as HTTP however this is the easiest part in configuring a HW load balancer)
17. DNS load balancing is supported for Front End pools, Edge Server pools, Mediation Server pools, and Director pools
18. Microsoft Lync 2010 Attendee is a new downloadable client that enables users without Microsoft Lync 2010 to attend meetings
19. You manage Edge Servers from the internal network. All configuration data for servers and services resides in the Central Management database, which you can manage by using internal administrative tools
20. Lync Server 2010 introduces support for integration with hosted Exchange UM
21. Lync supports Enhanced 9-1-1 (E9-1-1) as part of your Enterprise Voice deployment
22. New for the Mediation Server in Microsoft Lync Server 2010 is the ability for a single Mediation Server to route outbound calls through multiple gateways
23. Also new for Lync Server 2010 is the ability for a Mediation Server to be deployed as a pool; this pool can be collocated with the Front End pool, or can be a standalone pool
24. Malicious call tracing enables users to flag incoming calls which are harassing, threatening, or obscene. Immediately after hanging up, the user can select an option to report the call as malicious. If they do so, a trace request is sent to mark the record of the call, and an event is logged
25. Lync introduced the concept of ‘Anonymous call’ in the Response Group feature, when a response group is so configured, agents can accept incoming and make outgoing calls on behalf of the response group without revealing their identity (Anonymous call). Anonymous calls do not support conferencing, application sharing and desktop sharing, file transfer, whiteboarding and data collaboration, or call recording
26. Archiving policy settings for both IM and meetings are unified. The core archiving store contains both IM content and Web conferencing attendee entries and exits consolidated together
27. You can do searchable transcript of archived information without the need for scripts
28. In Microsoft Lync Server 2010, the Group Policy settings used in previous  Office Communications Server releases are now controlled by in-band provisioning client policies that are server-based.
29. Lync 2010 clients can now receive updated software from Windows Server Update Service (WSUS) or Microsoft Update instead of from a location hosted on Lync Server 2010
30. Lync Server 2010 provides support for analog devices. Specifically, the supported analog devices are analog audio phone and analog fax machines. Now you can configure the analog gateways and devices in your organization to use Lync Server 2010. After you do this, analog devices use Lync Server to make and receive calls, and Lync Server makes routing decisions and log calls in call detail records (CDRs) for analog devices, just as it does for any device

In this part we need to deploy a local configuration store with the published configuration in the central management store on our Lync server, we will do that by using the deployment wizard again and selecting the ‘Install or update Lync Server System’

1. Choose ‘Install Local Configuration Store’

2. Leave the option to auto retrieve from the central store

3. And finish

4. Now for setting up the Lync components based on our topology

5. Next

6. And Finish

Now we need to configure the server certificates, from the deployment wizard choose step 3

7. On the Certificate Wizard page, click Request then Next

8. Select the option to send the request immediately to the online CA (you can also prepare the request but to send it later if you don’t have an online CA however you will need to do extra few steps to assign the certificate to the Lync pool). In my case I configured my CA to auto issue certificates so I’ll go for the online option.

9. Select the CA

10. Accept the default for the CA Account or provide an alternate credentials if needed

11. On the Specify Alternate Certificate Template page click Next

12. Provide a friendly name and mark the key as exportable

13. On the Organization Information page, optionally provide organization information, and then click Next

14. On the Geographical Information page, optionally provide geographical information, and then click Next

15. Review the SAN list and click Next

16. On the SIP Domain setting page, select mbdomain.ad as the SIP Domain and then click Next

17. There is no need for additional SAN for now so Next

18. Review the result and Next

19. On the ‘Executing Commands’ page, click Next

20. On the ‘Online Certificate Request Status’ page, click Finish

21. On the certificate Request page select the option to assign the certificate for Lync usage and click Finish

22. On the ‘Certificate Assignment’ page, click Next

23. On the ‘Certificate Assignment Summary’ page, click Next

24. On the ‘Executing Commands’ page, click Finish

25. So now my certificate is ready and assigned as below

26. Next is to start the service

27. Click Next

28. And finally the Lync services is up and running

Going to the services snap and having a quick look… All services are started.

In the next part we will see how the Lync Control panel looks like, enable our first Lync users and deploy the Lync client…