banner-ad

#Lync User QuickTip #17: Lync Browser Pages Prompting for Credentials? How to Avoid Unnecessary Credentials Typing

Some features in Microsoft Lync 2010 route you to webpage user interface (like Response Group logging in and out), and by default will prompt you for your credentials (as shown below). If you add this LyncWeb URL to the Local Intranet this will save you this inconvenience.

credentials-screen

The first step to fixing this is to open Internet Options. (shown below using IE9. Earlier versions of IE you can go to the File menu: Tools | Internet Options.)

open-ie-internet-options

Click on “Security” tab, “Local Intranet” and then click “Sites”.

internet-options

click “Advanced”

localintranet-advanced

Now you will add the URL that will be under “Add this website to the zone:”

add-domain

Now close all browsers and test: You should NOT be prompted for credentials now!

For Lync Administrators: This same issue shows up on server Lync admin console, so this is a tip for you as well. And, Maybe you want to run a workstation policy to add the Lync Web URL to Local Intranet for your users?

Requirements for this Tip: Domain Joined PC logging into Domain with same credentials as Lync

See the whole Lync User Tips Series:
http://windowspbx.blogspot.com/search/label/LyncUserTip

Credits: Exchange MVP @patrichard suggested this tip a long long time ago and I finally got around to it. For some good Powershell and Exchange content see: http://www.ehloworld.com/

Everything You Wanted to Know About Microsoft Lync and Sonicwall Firewalls

 

sonicwall and lync

Note: This article is as of Sonicwall Firmware version: SonicOS Enhanced 5.8.1.8-xx

I’ve been spending the last couple days on and off getting familiar with Sonicwall VoIP features. since there are lot of Sonicwall devices in the field you most likely are going to meet up with one sooner or later. (and this will only get worse with Dell’s acquisition of Sonicwall I suspect) Another challenge is that most Sonicwall engineers are not spending their days thinking about VoIP, much less Microsoft Lync and SIP over TCP.

What is a Good Way to “Ramp Up” understanding the Sonicwall NAT Configuration process?

This is the exact question I had. I’ve noticed that googling seems to often return old Sonicwall HowTo’s that are a bit hard to follow since the older Sonicwall firmware is just a little different looking. I came across this short PDF manual that I think encapsulates doing simple tasks in Sonicwall well:
http://www.sonicwall.com/downloads/SonicWALL_TZ_210_Series_Getting_Started_Guide.pdf

Can Sonicwall do SIP ALG for Microsoft Lync? No.

The simple answer is that Sonicwall firewall VoIP features only work on SIP UDP traffic, not TCP traffic that Microsoft Lync uses. (This does not mean that Sonicwall will not work with Lync, it just means that there is no need to try to use the Sonicwall VoIP features with Lync at this time.)

Want a source? Open this document and notice on page 15 that you can set another SIP signaling port if it is not the standard 5060…but only for UDP traffic…and Microsoft Lync uses TCP for signaling. (shown below)

why ALG no worky for lync

If you want to do some more reading about the Sonicwall VoIP module click here.

Why are Lync Calls Not Shown on the “Call Status” Screen?

The reason Lync calls are missing from the “Call Status” screen is because Sonicwall (as noted above) only displays UDP VoIP calls here and Microsoft Lync uses TCP for call signaling.

why don't lync calls show in call status

How Shall I Configure the the VoIP Settings Screen?

“SIP Transformations” is Sonicwall’s language for what many others call ALG. Should this be turned on or off?

Actually, it doesn’t matter at ALL how you set these items because Sonicwall  firewalls can only do “Enable SIP Transformations” (aka ALG, or VoIP/SIP ALG) on UDP traffic and Lync only uses TCP.

So don’t sweat it and you can ignore all the dire warnings on forum posts that tell you to turn these settings off. (grin) Well, just to be safe…let’s uncheck them. (just in case some future firmware upgrade does enable them)

  • Enable Consistent NAT = Off/Unchecked
  • Enable SIP Transformations = Off/Unchecked

voip settings

[NOTE: If you are using a SIP trunk provider like Intelepeer you will want to make sure you let them know that you have ALG turned Off. They will change a setting on their side to compensate for this.]

Is Sonicwall Planning to Add TCP Support to It’s VoIP Features?

According to this forum post harishs@sonicwall.com notes this:

”The Current Implementation of SIP Transformations only affects UDP and not TCP hence we cannot transform SIP over TCP. There is an Enhancement Filed for the same and can be expected in future. No ETA.”
 

In my opinion this is not urgent as Lync can work fine without Sonicwall SIP Transformations, but it would show initiative on Sonicwall’s part.

Something Doesn’t Work Right and I’m on an Old Firmware, Do I Need to Upgrade?

Yes. This is a security device, if you aren’t up to date---you are not being responsible.

Can I Use Sonicwall AppFlow Monitor To Display Microsoft Lync Signaling and Media Traffic?

Absolutely. The Sonicwall AppFlow Monitor lets you easily setup a filter to show in realtime just the traffic you want to see: For example you can easily see SIP Trunk traffic from your Lync Mediation Server, or your Lync Edge Server traffic through your Sonicwall.

Below we have a screenshot of the AppFlow Monitor showing the traffic to a Lync Mediation Server. As you can see, at first there was merely SIP signaling traffic, then 1 SIP trunk call and then after a bit a 2nd SIP trunk call. At any time you can hover over the traffic types (lower left corner of chart) to get how much traffic is passing using that port/ports.)

sonicwall-appflow-monitoring-Lync

If Lync Traffic is DSCP Marked Will Sonicwall Prioritize This Traffic Going LAN to WAN/ISP? No

Sonicwall devices can tag traffic with DSCP tags, but the Sonicwall device itself will not prioritize traffic based on DSCP if it is going LAN > WAN. So if you have a Lync Mediation server that is sending traffic to your ISP (and ultimately to a SIP Trunk provider), even if the Lync Mediation server tags this traffic with DSCP, the traffic will not be prioritized through the Sonicwall Firewall Rule. (Use Sonicwall Bandwidth Management to achieve this.) If the ISP honors DSCP the packets will be prioritized once it reaches the ISP.

NOTE: Sonicwall can prioritize DSCP traffic traveling through a Sonicwall VPN.

How to Setup Bandwidth Management? (referred to as BWM)

Here are the steps to get BWM working with your Microsoft Lync Traffic.

  1. Go to Firewall Settings | BWM
  2. Check “Global”
  3. Set how you want your Priorities to act
  4. Click “Accept” button.

sonicwall-bwm-global

Below is an example/sample of what BWM Settings may look like:

image

Next configure an Interface to have BWM enabled:

image

On the next  screen you designate what bandwidth is available on this interface. (To ensure you didn’t switch egress/ingress numbers do a quick bandwidth check using http://www.speedtest.net/)

image

Next go to Firewall | Access Rules and Edit your LAN > WAN and WAN > LAN rules for Lync media (and other) ports. (You will want to assign the “Realtime” priority to these rules)

select-rule

Now click on “Ethernet BWM” tab and

  • check/Enable Outbound Bandwidth Management and set Bandwidth Policy to “0 Realtime”
  • check/Enable Inbound Bandwidth Management and set “Bandwidth Policy” to “0 Realtime”

AccessRule-BWM-On

Now everything should be setup. Below you can go to Dashboard | BWM Monitor and see our traffic. The to graph will show Real-Time traffic and the bottom graph (note this picture is photo-shopped together) shows the Medium priority traffic (in our case everything else)

bwm monitor1

 

How Do I test that Ports Are Actually Open?

Please see my article “How to Verify Lync Edge Server Ports Are Open”: http://windowspbx.blogspot.com/2013/01/how-to-verify-lync-edge-server-ports.html

Is My Sonicwall Device Correctly Sized to My Environment?

If you are noticing that your Sonicwall limits download speeds it could be that the Sonicwall device CPU cannot handle that bandwdith while doing DPI and you may need to upgrade to a unit with more CPU. You can check CPU on below screen. (And momentarily turn off DPI and/or IPS to test if unit can do full bandwidth then)

image

SIP Trunks Consistently Disconnect After Specific Amount of Time: Reinvites (Keep Alive) May Be the Culprit

SIP trunk providers will send a RE-INVITE (KeepAlive) after a specified amount of time. (For Intelepeer this is 15minutes if you don’t have Lync and 90 minutes if do have Lync). If you are noticing consistent disconnect at 90 minutes this means your Lync Server is not responding to this RE-INVITE and disconnecting the call. You can resolve this by having Intelepeer increase the RE-INVITE timer to a longer period. (preferably higher than what your longest calls are)

How to Setup 1 to 1 NAT?

This is a blog post all in itself. Watch for a post coming…

Conclusion

Bottom Line: Sonicwall and Lync work together just fine, but you need to understand both well.

Sonicwall will do 1 to 1 NAT’s just fine. Sonicwall currently does not do ALG but Lync Certified SIP trunk providers should be able to configure their side to avoid the need for ALG on your firewall. The biggest take away is that Sonicallwall VoIP features do not work on TCP traffic at this time.

________________________________________

Footnotes & Misc Links

QOS: http://help.sonicwall.com/help/sw/eng/6800/25/8/1/Firewall_qosSettings.html#1080295

SIP Trunk Traffic Notes:

  • RTP seems to always use Sonicwall LAN>WAN rule. (Egress=From Lync Server; Ingress=From SIP Trunk/Remote Party)
    • SDP tells Lync to do this
  • Appears SIP signaling uses Sonicwall WAN>LAN rule

SIP Trunk Traffic Examine Notes

Typicall SIP trunk traffic: Note solid RTP from remote user to Lync user. (first arrow represents 1 SIP trunk call and second is second SIP trunk call.)image

SIP trunk call put on hold by Lync user: Note that traffic stops from remote party and Lync MOH creates solid RTP to remote party.image

Sonicwall Firmware Notes

SonicOS 5.8.1.8 Release Notes youtube for schools support, fixes
     
     


MAC Address Manufacturer Look Up: http://aruljohn.com/mac.pl
PSTN Echo Test:+1 703-376-ECHO (3246)
Sonicwall Now Categorizes Lync Traffic as VoIP-APPS IPS signature category : Click Here

#Lync Mobile for #WindowsPhone Gets Update 4.1.7947.0: How to Get It and What’s Updated

Looks like Windows Phone Lync Mobile client got an update. The good news is it appears like the Lync Mobile updates will be more frequent than I expected. The less great news is that this Windows Phone update doesn’t seem to add features…just tweaks.

To get the Lync Mobile update you may need to search for the Lync Mobile app and click update. For some reason some users at our office got prompted to update while others of us had to push it a little. Since I didn’t get a notice of the update I was glad for @tommyclarkes twiiter update about it! Thanks.

What changed?

Well, the version: we’ve gone from 4.0.7878.0 to 4.1.7947.0. Winking smile

new lync mobile for win phone

Also BibbleIT blog notes that there was a minor UI tweak in that the signin address is now an email field and some minor language tweaks.

The take away is that it appears that the Lync Mobile clients may updated with regularity. Perhaps along the lines of around CU updates? (since both Android and WindowsPhone have been update around CU5, this might be deduced)

Matt Landis Talking Microsoft Lync in Small Business With VarVid at #MVPNation #MVP12

Everything I say here is off the top of my head so…don’t be too hard on me, technical people. If there is one thing I would take back it is the comment about running Lync on 8GB of RAM. Be very careful with that one…

But do remember that Landis Computer does provide  “Lync Implementation In-A-Box” consulting for small businesses at a fixed cost. Microsoft Partners get a fixed cost and 25% discounted implementation, so between having internal use licensing and getting a discounted implementation---there is no reason a Microsoft Partner should be replacing their existing communication platform with anything but Microsoft Lync! Winking smile

If you have interesting “Lync-in-a-Box” implementation or Microsoft Partner discounted Lync implementation, by all mean talk to us! sales@landiscomputer.com or 717-733-0793.

TechNet Article on Microsoft Lync and Small Business: Click Here
Old WindowsPBX Article Investigating How Small a Server Required to Run Lync: Click Here

[HowTo] Using Microsoft FixIt Center Pro To Do Automated Troubleshooting on Lync Server and Client

NOTE: This web service is BETA.

Something I have been asking for for some time from other PBX vendors!

What if you could have Microsoft Lync engineers at Microsoft log onto your server, collect relevant data and then sift through it and tell you if your Lync installation has a known issue from past support incidences Microsoft has worked with? Well the new Microsoft FixIt Center Pro Beta is designed to do just this.

Microsoft FixIt Center Pro Beta is a new tool from Microsoft that collects information from your Lync Server or Lync 2010 PC and and then submits it to the super intelligent data base of known issue based on problems Microsoft engineer’s have worked through in the past.

To take a look, goto:
https://wc.ficp.support.microsoft.com/Dashboards/Main/SelfHelpCase/Create?showReturn=True

One of the few requirements of FixIt Center Pro is that it will require a Live ID. Once you login you will see the below screen.

part1

Next you will be asked to give a name as shown below.

part2

FixIt Center Pro will download the MSDT tool to run on this machine.

part3

The normal “Open File” warning will come up in the browser, just click Run.

part4

Now MSDT will run. Oblige and click Next.

part4b

Next.

part5

Next MSDT tool will scan the PC/Server you are on. (Note: On my test machine this took quite a few minutes, so patience is key here. You don’t need to baby sit it really. Note2: On investigation the big files MSDT was collecting was the .ETL files. For me they were ~200MB)

part6

After what can be a 10 minute collection process you will see the below screen. At this point you can either take a look at what will be sent by clicking the 2nd option or just click “Upload the data now”. This upload can also take quite a bit of time. (~10 minutes?) Actually the upload failed on the initial try but the 2nd time it went great. (remember, Beta product at this stage. ;-)

part7

After the upload is done you will get the below screen.

part9

Now that you have the diagnostic data uploaded, FixIt Center Pro will start to analyze the data against the scenarios the Microsoft engineers have setup in the FixIt Center Pro database. The Progress column will let you know when it is done. (In my case the results took approximately 45minutes to complete. Whether there are issues or no, the results seems to take the same length of time.)

Since you have logged in using your LiveID, you can move to another machine and upload results and they will both show in the same dashboard below. Quite nice.

part10

After Microsoft has completed analyzing the submitted data the “Progress” will change to “Completed” as shown below with the results. In my case the Lync 2010 client was working fine so the Analysis noted there were no issues.

completed-successfully

What does the FixIt Center Pro Beta for Lync Server and Lync 2010 check for? How many Microsoft engineer “fixes” are in the Lync database? At the moment I don’t see a way to check this…perhaps it is a “secret sauce”?

Winking smile

[News] Lync Client Xync by Damaka Gets New Name and Becomes Xavy

 

xavy_logo

It looks like the Lync client by Damaka has been renamed to Xavy. Hmmm…

Take a look for yourself:
https://xavy.damaka.com/xavy/

snom 370 UC Edition Becomes Lync Qualified: First Attendant Console Lync Device

 

snom370_WEB_06

Some interesting features snom 370 brings to the Microsoft Lync eco system:

  • 12 freely programmable buttons (typically 2 or so are used for “Lines”/”Calls”)
  • Greyscale, tilt able display
    • (I’ve heard some complaints about Lync Phone Edition tilt angles)
  • Attendant console functionality using Expansion Module available so your receptionist can have up to 138 buttons.
    • The math above is that there are 12 buttons built in the phone plus 3 Expansion Modules with 42 buttons on each.

Some features that all snom UC Edition devices bring to Lync:

  • Ability to set your presence from the desk phone device
  • Physical buttons & lights that display other Lync user’s presence Click Here

Below is a snom 370 with 3 Expansion Modules:

Note: The snom 370 does NOT integrate via USB to the Microsoft Lync 2010 Attendant client. The presumption is that you are selecting a desk phone attendant scenario if using this phone.

Source: http://www.snom.com/en/products/unified-communications/microsoft-ocs-qualified-products/
snom 370 Specs: http://downloads.snom.net/documentation/data_snom370_en.pdf

UPDATE 3/22/2012 : The snom 370 is now on the Lync Official IP Deskphone page:
http://technet.microsoft.com/en-us/lync/gg278172