Microsoft Lync Server
Header

Deploying Lync in a Multi-Forest Architecture (Partner Hosted Lync with Exchange Hybrid)

marzo 11th, 2015 | Posted by Santiago Buitrago in Lync Server - (0 Comments)

​Excelente documento que no debeis dejar de leer si queréis implementar Lync Server en Hosted y con un Exchange Server en un entorno híbrido, además claramente en un entorno Multi Bosque: Deploying Lync in a Multi-Forest Architecture (Partner Hosted Lync with Exchange Hybrid)

Exchange_Forest_Lync_Hosted.JPG
Aquí tenéis el índice del documento,
 
1      Introduction. 1
1.1      What problem are we trying to solve?. 1
2      About this document 2
2.1      Document scope. 2
2.2      Document assumptions. 3
2.3      Naming conventions. 3
3      Environment design and configuration. 3
3.1      Public Key Infrastructure (PKI) 3
3.2      User management and provisioning. 3
3.3      General environment configuration. 3
4      Overview of the multi-forest model 4
4.1      Customer on-premises Environment (Customer user forest) 6
4.2      Lync in a partner data center (Partner-hosted Resource Forest) 7
4.3      Exchange Online (Multi-Tenant Resource Forest) 8
4.4      Deployment considerations. 8
5      Prerequisites for configuring Lync Server with Exchange Online. 9
5.1      Public Key Infrastructure (PKI) 9
5.2      Domain Name System (DNS) 9
5.3      Trust relationships. 11
5.3.1      Active Directory Forest Trust 11
5.3.2      Office 365 Federation Trust 11
5.4      Active Directory Synchronization (DirSync) 11
5.4.1      Directory Synchronization with Exchange Online. 12
5.4.1.1        Exchange Online Attribute Write-back. 12
5.4.2      Directory Synchronization Tools. 12
5.4.3      Manual vs. Automated DirSync. 13
5.5      Authentication (AuthN) 13
5.5.1      Resource Provider vs. Identity Provider 13
5.5.2      Lync Client Authentication. 13
5.5.3      Exchange Online Client Authentication. 14
5.5.4      Pass Through Authentication. 14
5.5.5      Claims Based Authentication. 15
5.5.6      Endpoint authentication types. 15
5.5.6.1        Passive (web) clients. 16
5.5.6.2        Exchange Online Outlook Web Access Client Authentication Details (Always external) 16
5.5.6.3        MEX (rich) clients. 17
5.5.6.4        Active clients. 17
5.5.7      Password Synchronization. 18
5.6      Federation. 19
5.6.1      Microsoft Federation Gateway. 19
5.6.2      Identity federation. 20
5.6.3      Single Sign-On (SSO) for Lync. 20
5.6.4      Single Sign-On (SSO) for Exchange Online. 20
5.6.5      Active Directory Federation Services (AD FS) 20
5.6.6      Federation server proxy. 21
5.6.7      AD FS High Availability. 21
5.6.8      Smart links. 21
5.6.9      Identity management 22
6      Scenario A: Lync Server with Exchange Online (Multi-tenant) Implementation Details. 22
6.1      Initial Forest Configuration. 23
6.1.1      Step 1 – Make Changes to Global DNS Settings. 23
6.1.1.1        Create / Modify Internal DNS Records. 24
6.1.1.2        Create / Modify External DNS Records. 25
6.1.1.3        Additional considerations. 26
6.1.2      Step 2 – Configure Customer User Forest 26
6.1.2.1        Update Root Certificate Authority. 26
6.1.2.2        Configure the Customer user forest for SSO with Exchange Online. 27
6.1.2.3        Establish Directory Synchronization with the Lync Resource Forest Active Directory  27
6.1.2.4        Automate Lync Identity Management Process. 27
6.1.2.5        Establish Directory Synchronization with the Exchange Online resource forest Active Directory  28
6.1.2.6        Automate Exchange Identity Management Process. 28
6.1.2.7        Order Certificates for Lync and Exchange. 28
6.1.2.8        Configure DNS to locate services in the Lync and Exchange Online resource forests  29
6.1.3      Step 3 – Configure the Lync Resource forest 29
6.1.3.1        Establish Trust 29
6.1.3.2        Update Root CA. 29
6.1.3.3        Configure DNS to locate services in the Customer User Forest and Exchange Online resource forest 30
6.1.3.4        Prepare the Lync Resource Forest Active Directory for Lync. 30
6.1.3.5        Install and Configure Lync Server Using Microsoft Best Practices. 30
6.1.3.6        Install and Configure PSTN connectivity. 31
6.1.3.7        Configure the Lync Resource Forest for Exchange Online UM.. 31
6.1.3.7.1     Configure the Edge Server for Integration with Exchange Online UM.. 31
6.1.3.8        Create a Hosted Voice Mail policy. 31
6.1.4      Step 4 – Configure Exchange Online Resource Forest 32
6.2      Ongoing Identity Management 32
6.2.1      Step 1 – Create New Active Directory Account(s) 32
6.2.1.1        Create new Active Directory user accounts from an authoritative source. 32
6.2.1.2        Add attributes manually. 32
6.2.1.3        Add Exchange Online URL to IE Trusted Sites list 32
6.2.1.4        Step 2 – Provision Accounts for Lync. 33
6.2.1.4.1     Create disabled user accounts in the Lync resource forest 33
6.2.1.4.2     Enable the Lync disabled user accounts. 33
6.2.1.4.3     Configure disabled user accounts for Exchange Online UM.. 33
6.2.1.4.4     Enable the disabled user accounts to receive UM messages. 33
6.2.1.4.5     Synchronize Lync resource forest disabled user account with Customer user forest account 33
6.2.1.4.6     Optional: Enable OWA for IM integration. 34
6.2.1.5        Confirm Attribute Mapping (Customer user forest to Lync resource forest) 34
6.2.1.6        Step 3 – Provision Mailbox Accounts for Exchange Online. 35
6.2.1.6.1     Create enabled user accounts in the Exchange Online resource forest 36
6.2.1.6.2     Configure the Exchange enabled user accounts. 36
6.2.1.6.3     Create an Exchange mailbox. 36
6.2.1.6.4     Synchronize Exchange Online resource forest enabled user account with the corresponding enabled user account in the Customer user forest 36
6.2.1.6.5     Enable Lync EUM routing. 36
6.2.1.6.6     Confirm Attribute Mapping (Customer user forest to Exchange Online resource forest) 36
6.2.1.6.7     Confirm Attribute Mapping required for Exchange Rich Coexistence (Customer user forest) 38
7      Scenario B – Lync Server with Exchange Hybrid (Online Multitenant with on-premises) 39
7.1      Initial Forest Configuration. 39
7.1.1      Step 1 – Make Changes to Global DNS Settings. 40
7.1.1.1        Create / Modify Internal DNS Records. 40
7.1.1.2        Create / Modify External DNS Records. 41
7.1.2      Step 2 – Configure Customer User Forest 43
7.1.2.1        Update Root CA. 43
7.1.2.2        Configure the Customer user forest for SSO with Exchange Online. 43
7.1.2.3        Establish Directory Synchronization with the Lync Resource Forest Active Directory  44
7.1.2.4        Automate Lync Identity Management Process. 44
7.1.2.5        Establish Directory Synchronization with the Exchange Online resource forest Active Directory  44
7.1.2.6        Automate Exchange Identity Management Process. 45
7.1.2.7        Order Certificates for Lync and Exchange. 45
7.1.2.8        Configure DNS to locate services in the Lync and Exchange Online resource forests  46
7.1.3      Step 3 – Configure Lync Resource Forest 46
7.1.3.1        Establish Trust 46
7.1.3.2        Update Root CA. 47
7.1.3.3        Configure DNS to locate services in the Customer User Forest and Exchange Online resource forest 47
7.1.3.4        Prepare the Lync Resource Forest Active Directory for Lync. 47
7.1.3.5        Install and Configure Lync Server Using Microsoft Best Practices. 48
7.1.3.6        Install and Configure PSTN connectivity. 48
7.1.3.7        Configure the Lync Resource Forest for Exchange Online UM.. 48
7.1.3.7.1     Configure the Edge Server for Integration with Exchange Online UM.. 48
7.1.3.7.2     Create Hosted Voice Mail Policy. 49
7.1.3.8        Configure the Lync Resource Forest for Exchange on-premises UM.. 49
7.1.3.8.1     Prepare Exchange for Active Directory. 50
7.1.3.8.2     Apply ACLs to Lync resource forest Active Directory containers. 50
7.1.3.8.3     Import the Active Directory modules for Windows PowerShell 50
7.1.3.8.4     Manually create Exchange UM Dial Plans in the Lync resource forest 50
7.1.3.8.5     Manually create Exchange UM Server objects in the Lync resource forest 51
7.1.3.8.6     Manually associate the UM Server object with the UM DialPlan object 51
7.1.3.8.7     Manually create an Exchange Auto Attendant in the Lync resource forest: 52
 
7.1.3.8.8     Run the Exchange UM Integration tool ocsumutil.exe. 52
 
7.1.3.8.9     Validate Successful Creation of Exchange UM DialPlan and UM Server objects  52
7.1.4      Step 4 – Configure Exchange Online Resource Forest 53
7.2      Ongoing Identity Management 53
7.2.1      Step 1 – Create New Active Directory Account(s) 53
7.2.1.1        Create new Active Directory user accounts from an authoritative source. 53
7.2.1.2        Add attributes manually. 53
7.2.1.3        Add Exchange Online URL to IE Trusted Sites list 53
7.2.2      Step 2 – Provision Accounts for Lync. 53
7.2.2.1.1     Create disabled user accounts in the Lync resource forest 53
7.2.2.1.2     Enable the Lync disabled user accounts. 54
7.2.2.2        Configure disabled user accounts for Exchange Online UM.. 54
7.2.2.3        Enable the disabled user accounts to receive UM messages. 54
7.2.2.4        Synchronize Lync resource forest disabled user account with Customer user forest account 54
7.2.2.5        Optional: Enable OWA for IM integration. 54
7.2.2.6        Confirm Attribute Mapping (Customer user forest to Lync resource forest) 55
7.2.3      Step 3 – Provision Mailbox Accounts for Exchange Online. 56
7.2.3.1.1     Create enabled user accounts in the Exchange Online resource forest 57
7.2.3.1.2     Configure the Exchange enabled user accounts. 57
7.2.3.2        Create an Exchange mailbox. 57
7.2.3.3        Synchronize Exchange Online resource forest enabled user account with the corresponding enabled user account in the Customer user forest 57
7.2.3.4        Enable Lync EUM routing. 57
7.2.3.5        Confirm Attribute Mapping required for Exchange Rich Coexistence (Customer user forest) 57
7.2.4      Step 4 – Provision Mailbox Accounts for Exchange on-premises. 58
8      Appendix A. 59
8.1      Resources. 59
8.2      Lync Resource Forest Modifications Required to Support Hosted UM.. 60
8.2.1      Lync Hosted Voice Mail policy. 61
8.3      Claims Based Authentication Example. 62
8.4      How Single Sign on (SSO) Works in Office 365. 62
 
8.5      Manual Account Creation Process. 65

 

Lync Server 2013 Cumulative Update KB 2809243 (Septiembre 2014)

marzo 11th, 2015 | Posted by Santiago Buitrago in Lync Server - (0 Comments)

Microsoft ha liberado otra actualización acumulativa para Lync Server 2013, aquí os dejo el enlace para su descarga (Lync Server 2013 Cumulative Update KB 2809243 ) y el KB​ (KB2809243)

  • Actualización para el servidor de Administración Central
    2910244

    (http://support.microsoft.com/kb/2910244/)

    Descripción de la actualización acumulativa 5.0.8308.577 para el servidor de Administración Central de Lync Server 2013: enero de 2014

  • Actualización de servicio de Backup
    2910243

    (http://support.microsoft.com/kb/2910243/)

    Descripción de la actualización acumulativa 5.0.8308.577 de servicio de copia de seguridad de Lync Server 2013: enero de 2014

  • Actualización para el servidor Standard Edition o Enterprise Edition (servidores frontales y servidores perimetrales)
    2987510

    (http://support.microsoft.com/kb/2987510/)

    Actualización acumulativa de septiembre de 2014 5.0.8308.815 de Lync Server 2013 (servidor Front-End y servidor Edge)

  • Actualización para la API administrada de comunicaciones unificadas 4.0, en tiempo de ejecución de Core 64-bit
    2995717

    (http://support.microsoft.com/kb/2995717/)

    Septiembre de 2014 actualización acumulativa 5.0.8308.815 de Lync Server 2013, Unified Communications, API administrada 4.0 en tiempo de ejecución

  • Actualización de componentes Web server
    2995718

    (http://support.microsoft.com/kb/2995718/)

    Septiembre de 2014 actualización acumulativa 5.0.8308.815 de Lync Server 2013, del servidor de componentes web

  • Actualización de componentes básicos
    2987511

    (http://support.microsoft.com/kb/2987511/)

    Septiembre de 2014 actualización acumulativa 5.0.8308.815 de componentes básicos de 2013 de Lync Server

  • Actualización para el servicio de parques de llamada
    2881703

    (http://support.microsoft.com/kb/2881703 /)

    Descripción de la actualización acumulativa 5.0.8308.556 para Lync Server 2013, servicio de parques de llamada: octubre de 2013

  • Actualización para el anuncio de conferencias
    2881701

    (http://support.microsoft.com/kb/2881701/)

    Descripción de la actualización acumulativa 5.0.8308.556 de Lync Server 2013, el anuncio de conferencias: octubre de 2013

  • Actualización para el operador de la conferencia
    2995716

    (http://support.microsoft.com/kb/2995716/)

    Actualización acumulativa de septiembre de 2014 5.0.8308.815 para Lync Server 2013, operador de conferencia

  • Actualización para el servidor de mediación
    2881699

    (http://support.microsoft.com/kb/2881699 /)

    Descripción de la actualización acumulativa 5.0.8308.556 para 2013 de Lync Server, servidor de mediación: octubre de 2013

  • Actualización de herramientas administrativas
    2967485

    (http://support.microsoft.com/kb/2967485/)

    Actualización acumulativa de agosto de 2014 5.0.8308.738 de Lync Server 2013, herramientas administrativas

  • Actualización para el servidor de conferencia Web
    2937314

    (http://support.microsoft.com/kb/2937314/)

    Actualización acumulativa de agosto de 2014 5.0.8308.738 para 2013 de Lync Server, servidor de conferencia Web

  • Actualización para las API de 3.0 de flujo de trabajo de API administrada de comunicaciones unificadas
    2835438

    (http://support.microsoft.com/kb/2835438/)

    Descripción de la actualización acumulativa 5.0.8308.420 de Lync Server 2013, API de flujo de trabajo de UCMA 3.0: julio de 2013

  • Actualización de Conferencing server
    2835434

    (http://support.microsoft.com/kb/2835434/)

    Descripción de la actualización acumulativa 5.0.8308.420 para 2013 de Lync Server, Conferencing Server: julio de 2013

  • Actualización para el servidor de charla persistente
    2835433

    (http://support.microsoft.com/kb/2835433/)

    Descripción de la actualización acumulativa 5.0.8308.420 de Lync Server 2013, Chat persistente: julio de 2013

  • Actualización para Windows Fabric
    2967486

    (http://support.microsoft.com/kb/2967486/)

    Actualización acumulativa de agosto de 2014 5.0.8308.738 de 2013 de Lync Server

Update-Lync-CU7-SEP.png

 

Work Smart: Lync 2013 for Windows Phone 8

marzo 11th, 2015 | Posted by Santiago Buitrago in Lync Server - (0 Comments)

​Microsoft ha publicado  una guía básica de utilización del cliente Lync Móvil en Windows Phone 8: Work Smart: Lync 2013 for Windows Phone 8

 

Lync 2013 for Windows Phone 8.JPG

 

9 Posibles esquemas de red para nuestras implementaciones de Lync Server

marzo 11th, 2015 | Posted by Santiago Buitrago in Lync Server - (0 Comments)

Espero que alguno de estos nueve esquemas de red os haya resultado familiar o que pueda seros útil en algún momento, he tratado de reproducir algunos de los escenarios más comunes en la actualidad …

Topologías Lync 2013_10.jpg

Como os comentaba, espero que os sean de utilidad, simplemente he reflejado los escenarios más comunes que nos podemos encontrar pero siempre en relación a infraestructuras de red (Switching, Routing, VPN, VLAN, etc…). Otra cosa bien distinta ya son las diferentes configuraciones de Lync, que aunque vienen bastante prefijadas en el diseño de la topología también tienen margen para tener varios diseños muy especiales.

Lo dicho espero que os hayan gustado y que os sean de utilidad!!!

Actualizaciones de Seguridad y Estabilidad para Lync Server 2010/2013 y el Cliente Lync 2013

marzo 11th, 2015 | Posted by Santiago Buitrago in Lync Server - (0 Comments)

 

​Microsoft ha liberado nuevas actualizaciones para cliente (Lync 2013) y servidor Lync Server 2010 y Lync Server 2013)
 

 

 

 

This update resolves the following issues:

  • When you sign in to Lync 2013 by using an Office 365 account, Lync 2013 prompts you for Open Authorization (OAuth) credentials.

    Note To resolve this issue, you must also install the following update KB2881001:

    2881001

    (http://support.microsoft.com/kb/2881001/ )

    September 9, 2014 update for Office 2013 (KB2881001)

    After you install updates KB2889860 and KB2881001, Lync 2013 will enable Active Directory Authentication Library Single Sign-On (ADAL SSO) in an Office 365 environment.

  • 2881001

    (http://support.microsoft.com/kb/2881001/ )

    Bad password count is incremented when Lync 2013 VDI plug-in pairs with a Lync 2013 client

  • 2992447

    (http://support.microsoft.com/kb/2992447/ )

    Lync 2013 crashes when a user switches shared desktop from full-screen view to actual size

  • 2992448

    (http://support.microsoft.com/kb/2992448/ )

    Desktop sharing or application sharing issues during a conversation in Lync 2013

Additionally, this update resolves the Lync 2013 issues that are described in the following KB articles:

  • 2881070

    (http://support.microsoft.com/kb/2881070/ )

    August 2014 update for Lync 2013 (KB2881070)

  • 2881013

    (http://support.microsoft.com/kb/2881013/ )

    MS14-036: Description of the security update for Microsoft Lync 2013: June 10, 2014

  • 2880980

    (http://support.microsoft.com/kb/2880980/ )

    Update 2880980 for Lync 2013: May 2014

  • 2880474

    (http://support.microsoft.com/kb/2880474/ )

    Description of the Lync 2013 update: April 2014

  • 2863908

    (http://support.microsoft.com/kb/2863908/ )

    Description of the Lync 2013 update 2863908: March, 2014

  • 2817430

    (http://support.microsoft.com/kb/2817430/ )

    Description of Microsoft Office 2013 Service Pack 1 (SP1)

  • 2825630

    (http://support.microsoft.com/kb/2825630/ )

    Description of the Lync 2013 update 15.0.4551.1005: November 7, 2013

  • 2817465

    (http://support.microsoft.com/kb/2817465/ )

    MS13-054: Description of the security update for Lync 2013: July 9, 2013

  • 2768004

    (http://support.microsoft.com/kb/2768004/ )

    Description of the Lync 2013 update 15.0.4481.1004: May 2013

  • 2760556

    (http://support.microsoft.com/kb/2760556/ )

    Description of the Lync 2013 update 15.0.4481.1000: March 2013

  • 2760512

    (http://support.microsoft.com/kb/2760512/ )

    Description of the Lync 2013 update: February 2013

Ahora toca actualizar en cuanto hayáis revisado los problemas que corrige, pero es importante prestarle atención a la de Lync Server 2013:

Se ha detectado un problema de seguridad en un producto de software de Microsoft Lync que podría afectar al sistema. Para proteger los sistemas, instale esta actualización de Microsoft. Para obtener una lista completa de los problemas que resuelve la actualización, consulte el artículo de Microsoft Knowledge Base asociado. Una vez instalada, es posible que tenga que reiniciar el sistema.

Espero que os sea de utilidad!