Another Lync 2010 MP Configuration Guide

After spending some time configuring the Lync 2010 MP at a customer site, I decided to share my experience. It is a simple MP, until you start configuring the Synthetic Transactions monitoring. Lync is a complex product as well, so, it is fair enough. Not know Lync a lot doesn’t really help either, so had to study it a little bit.

The Scenario

Customer had two different sites and two different pools, along with a legacy Lync 2010 standard edition still in the environment. Site 1 had two FE Servers and one edge server in the DMZ(1). Site two also has the same config. The names were changed to protect the innocent.

Site 1 – Pool: PoolS1.domain.com

Two FE (front end) servers: S1Front1.domain.com, S2Front2.domain.com

SQL Server

Edge Server

Monitoring Server

Watcher Node: LyncWatcher.domain.com

Site 2 – Pool: PoolS2.domain.com

Two FE (front end) servers: S2Front1.domain.com, S2Front2.domain.com

SQL Server

Edge Server

Note: before you start following this guide, read it through. You may need to cut change management tickets for many items, like changing Lync topology, creating users, rebooting servers, adding software,so, be prepared. Also be careful when you copy and paste PowerShell from the web: quotes may not be quotes, dashes may not be dashes.

Install Agents – make sure all Lync related servers have the agents installed BEFORE you install the management pack.

Once you have them in, set the Proxy setting to all of them (just in case) BEFORE you install the MP.

Then you are ok to install the management pack from:

http://www.microsoft.com/en-ca/download/details.aspx?id=12375

Make sure you enable the Enable Servers Edge Discovery – To turn it on override value of DiscoverEdgeServerRole property of LS Central Topology Discovery object to ‘True’.

QoE Monitoring

If you have the Lync Monitoring and Reporting server in place, you can enable and verify the QoE monitoring (Media Quality and Call

Check Discovery

Start by checking the Lync Discovery folder under the Lync Server 2010 folder in the SCOM Console. The algorithm will pick the servers on the first installed pool (where the Central Management is) and select one to run the discovery. Once you see a server there, make sure the LS Discovery script is healthy. If you see that, you’re in a good path.

Wait until everything is discovered and then you can proceed.

Synthetic Transactions

Now that the Higgs boson seems to have been discovered, little remains to be unravelled about the universe besides how to configure the Lync MP Synthetic Transactions. But fear not. I hope that it will solve your problem.

One thing that I found missing in most of the guides is what you use when:

– Is is an enterprise installation

– You have multiple pools

– If you want external monitoring (from the Edge server perspective).

So, let’s dive in: If you have a Standalone edition, you have only one server to run the following from. If you are running an enterprise Lync organization, you have to pick one of the front end servers. So, to use the same logic as the MP discovery, I picked the same server the discovery was running from. I believe it can be done from any server, since it is referring to the pool, but just to be safe, I run the following from S1Front.domain.com:

Setup a new trusted app pool and trusted application for the watcher node

1. Create external application pool with synthetic transaction watcher node machine as a member. While creating use machine FQDN as pool FQDN. To create the pool you can run the following cmdlet from the Lync Server Management Shell:

New-CsTrustedApplicationPool -Identity <PoolFQDN> -Site <SiteID> -Registrar <RegistrarPoolFQDN> -Verbose

Watcher Node: LyncWatcher.domain.com

Chosen FE Server: S1Front.domain.com

New-CsTrustedApplicationPool -Identity LyncWatcher.domain.com –Site 1 -Registrar PoolS1.domain.com -Verbose

Where

<PoolFQDN>: Is the FQDN of the external application pool to be created. Use watcher node machine FQDN as Pool FQDN

<SiteID>: The ID of the site where the application pool belongs to. If you don’t know the ID, run Get-CSPool. Also, it seems you don’t have to create different application pools for the different lync pools. Is is basically to which Pool the watcher node appPool will belong to. In this case, Site 1.

<RegistrarPoolFQDN>: The FQDN of the registrar pool that the external application pool depends on. Is the name of the pool. Some guides I found confuse you, since there is a name of a server here as the name of the pool.

2. Verify that external application pool has been added by running Get-CsPool

3. Create an external application service entry in topology by using following cmdlet from the Lync Server Management Shell:

New-CsTrustedApplication -ApplicationId <AppID> -TrustedApplicationPoolFqdn <externalAppPoolFQDN> -Port <PortNumber> -Verbose

New-CsTrustedApplication -ApplicationId “LyncWatcherNode” -TrustedApplicationPoolFqdn LyncWatcher.domain.com -Port 9999 -Verbose

Where

<AppID>: Is an ID for the application. For example, you can use “LyncWatcherNode” or anything if you appropriate.

<externalAppPoolFQDN>: Is the FQDN of the external application pool that you created in step 1

<PortNumber>: Any unused port number.

Watcher Node (LyncWatcher.domain.com )

Add the Lync Watcher Node Computer to the RTCUniversalReadOnlyAdmins

Restart the Watcher Node server after the group change, so the membership takes effect.

Install the Lync core components – that can be a bit complicated to find, inside the UCMA package. However, it seems you can find it in the ISO file, so, install it from there.

OCSCore.MSI

Install Lync components from the ISO (run setup now). While running setup, select the option to install Lync Components, then options 1 and 3 (not 2), as follows:

1. Download Topology (Step 1) – This will do a lot of small steps, including installing a local instance of SQL Express! If that is an issue from a Change Management process for you (in case you’re using an existing server), please cut a ticket!

2. Skip step 2, I just told you.

3. Request and Install Certificate (Default) (Step 3) – This will require your PKI to be in place and will put a request against your PKI, will ask you a bunch of questions, including what type of certificate (usually, web server), friendly name,etc. Typical Certificate Request stuff. Then all you have to do is install the certificate.

Make sure your Lync components are patches to the same level as your server.

To manual test if ST Watcher node is configured correctly, please open a Lync Server Management Shell window and execute a Microsoft Lync Server 2010 cmdlet (example: Get-CSTopology). If this succeeds, then the watcher node has required bits installed.

Enabling Lync on the computer: open a powershell windows and run

Import-module lync

Enable-CsComputer –Verbose

Then Start Replication:

Invoke-CSManagementStoreReplication

Get-CSManagementStoreReplicationStatus

On the watcher node add the following registry keys:

New-Item -Path “HKLM:SoftwareMicrosoftReal-Time CommunicationsHealth

New-ItemProperty -Path “HKLM:SoftwareMicrosoftReal-Time CommunicationsHealth” -Name “IsSTWatcherNode” -Value true | Out-Null

New-ItemProperty -Path “HKLM:SoftwareMicrosoftReal-Time CommunicationsHealth” -Name “LogOpsMgr” -PropertyType DWord -value 2

New-ItemProperty -Path “HKLM:SystemCurrentControlSetServicesHealthServiceParameters” -Name “Thread Pool CLR Max Thread Count Min” -propertytype DWord -value 200

Create Two users, enable them for Lync in the usual way on the pool you want to test (you need two users per pool you are going to test and enable them for Lync).

In my case, the users were:

SCOMLync1@domain.com, SCOMLync2@domain.com, scomlync3@domain.com, scomlync4@domain.com

Users 1 and two were assigned to monitor PoolS1 and users 3 and 4 to monitor PoolS2.

In your Lync configuration panel, enable the users that you just created as Enterprise Voice. Verify that these two users have well received the Conferencing Policy and the External Access Policy but executing the following command :

Get-CSUser username1

Get-CSUser username2

etc…

Note, any tests will respect these users Voice Policies (for example Test-CSPSTNPeertoPeerCall)

Define these users to be used as the CSHealthMonitoringConfiguration for the Pool (Lync uses Cert Auth to impersonate the users for the tests)

New-CSHealthMonitoringConfiguration PoolS1.domain.com-FirstTestUserSipUri “sip:scomlync1@domain.com” –SecondTestUserSipUri “sip:scomlync2@domain.” -Verbose

New-CSHealthMonitoringConfiguration PoolS2.domain.com -FirstTestUserSipUri “sip:scomlync3@domain.com” –SecondTestUserSipUri “sip:scomlync4@domain.” -Verbose

Enable-CSComputer the Watcher Node again:

Enable-CSComputer -Verbose

From the Watcher Node, check you can register to the pool (powershell):

Import-module lync

Test-CSRegistration PoolS1.domain.com –Verbose

Test-CSRegistration PoolS2.domain.com -Verbose

Restart the System Center Management Service

Get-service HealthService | Restart-Service

After 5 minutes, you should start seeing the results on the console.

If you don’t, check the Operations Manager event log on the Watcher Node for 2xx event IDs. They will show what could be wrong.

Sorry for the lack of screenshots. This was all done at a customer site, where I was not driving, so, no way to collect the evidence. But believe, it worked.

Please make sure you read the MP configuration guide as well and that you enable (or not) the optional features.

References:

http://www.vnext.be/2011/03/06/scom-opsmgr-lync-2010-management-pack-deploying-synthetic-transactions-sts/

http://lyncdup.com/2013/01/how-to-setup-lync-2010-scom-management-pack-and-synthetic-transactions/#comment-16923