27 June 2012

Edge Server Quick Reference Guide - install and Troubleshoot

I Use this page to speed up the deployment all the time :-p
#Adding the persistent Route
route add –p <dest net>192.168.99.0 mask 255.255.255.0 <default route>192.168.99.252 if ?

#Get Replication status
Get-CsManagementStoreReplicationStatus

#Force Replication
Invoke-CsManagementStoreReplication

#Exporting for Edge
export-csconfiguration -filename c:\edge.zip

#Importing to Edge
import-csconfiguration -filename c:\LXLSupport\edge.zip -localstore

#Testing the Ext interface - From Internet
telnet public IP/FQDN port 5061, 443

#Testing the Internal interface - From LAN
telnet from:
Lync FE to IP/FQDN port 5061, 5062, 443, 4443 - Used for Replication

#Testing the Internal interface - From DMZ
telnet from:
EDGE to IP/FQDN of Lync FE port 5061

# Ensure the Edge servers of the Federated Partners trust the certificate authority used by the other.

# Check SRV Record for Federation
nslookup -type=SRV _sipfederationtls._tcp.<FederationDomain>

# Test Edge infrastructure with MSTURNPING - Another beauty from the ResKit

It only runs on the Edge server
It needs the Edge Public cert to exist on the FE
If you have multiple Edge pools they will need to have access to each other
And of course they use internal DNS to look each other up

More Edge Stuff...

Make sure you can:-
  • Resolve the Lync server and DC on internal interface (via DNS or Hosts)
  • Resolve the internal CA to verify internal Certificates (via DNS or Hosts)
  • External interface is used for resolving federation traffic.

    Getting the cert from the internal CA...Of course you can add the external cert to both edge interfaces as long as the Lync server trusts the issuing authority.

A little pain I had was that after generating the request I tried connecting to the CA web (https:\\<CA FQDN>\certsrv) with no joy of course. I couldn't even connect from the CA itself, very frustrating.

How to check Lync FE Certificates for CMS from Edge Server
Exported the certificate from the server hosting the CMS (without the private key)
Copy the file to the edge server (C:\tmp\CMSCert.cer).
From a command prompt run:-
Certutil -verify -urlfetch “C:\tmp\CMSCert.cer” > c:\CRL.TXT

Then I found that you can launch the CA management console and request the cert straight from there...awesome! (newbie...)

This command runs a check on the certificate (including accessing the CRLs) and dumps the results to a text file, it may take a few minutes to complete.
Now simply check the CRL.TXT file for errors
Posted by at No comments:
Labels: , , , ,

14 June 2012

Some Outgoing Calls timeout

I was working on a strange issue at a customer regarding Enterprise Voice from Lync.
The issue:
Some calls fail before call setup completes...In my case it was mostly landline calls, cell calls worked fine.


A wireshark trace showed that Lync was "getting bored" waiting for a response from my SIP gateway. Then sends a CANCEL to which the gateway sends a SIP 487.

The Lync Mediation Server is sending a CANCEL on call setup, after a very short time (seemed like 8 seconds but must have been 10 seconds all up)

The culprit...
After the Lync 2010 CU4 update from Microsoft, Lync has become impatient  and if the remote party has not responded with more that “100 Trying” during 10 sec the Mediation Server sends a CANCEL ! 

This timer was earlier 30 – 40 seconds, but is now only 10 !!
The remote party can’t respond with more that “100 Trying”, until they have received anything from the Called Party.

The fix:
Configuring Parameters
Some of the above timeouts can be configured. The file which has the configurable parameters is ‘OutboundRouting.exe.config”  Use caution when changing these values, as a rule of thumb try not to increase or decrease the value by more than 25% of its original value.

From OutboundRouting.exe.config
<configuration>
    <appSettings>
      <add key=”FailOverTimeout” value=”10000″/> – The culprit
      <add key=”MinGwWaitingTime” value=”1″/>
      <add key=”MaxGwWaitingTime” value=”20″/>
      <add key=”FailuresForGatewayDown” value=”10″/>
      <add key=”FailuresForGatewayLessPreferred” value=”25″/>
      <!– Valid values are between 5 and 600 –>
      <add key=”HealthMonitoringInterval” value=”300″/>
      <!– Valid values are between 60 and 3600 –>
      <add key=”GatewayStateReportingInterval” value=”1800″ />
  </appSettings>
</configuration>

The FailOverTimeout should be increased to the desired time limit.
The file is found under 
C:\Program Files\Microsoft\Lync Server 2010\Server\Core on the Lync 2010 FrontEnd Server.
C:\Program Files\Microsoft\Lync Server 2013\Server\Core on the Lync 2013 FrontEnd Server.

Changing the value from 10000 (10 sec) to 15000 (15 sec) solved the issue.
After changing this value, it’s recommended to reboot the server. I tried restarting services but wasn't successful.

 Warning
Next time you run Lync updates this value may be reset to 10000 - Keep a record!
This one caught me out a second time after an update reset the timer to 10 seconds
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)