Mino – The UC Guy

Microsoft Unified Communications Blog

Lync 2010 Collocated Mediation Server vs. Dedicated Mediation Server

Posted by Mino on October 11, 2010

Learn why we should collocate or not collocate Mediation Servers onto Front End Servers in Microsoft Lync Server 2010.

via Lync 2010 Collocated Mediation Server vs. Dedicated Mediation Server.

Posted in Uncategorized | Leave a Comment »

Lync 2010 Bandwidth Management (CAC)

Posted by Mino on October 8, 2010

Post by Jens Trier Rasmussen


In this post I will show you how to configure CAC or bandwidth management and describe how the user experience will be when making calls where no bandwidth is available.

Imagine the setup below. Two network segments ( and with a router between. Two sites in the topology – Copenhagen and Odense. One user, a Lync Server 2010 SE box and a PSTN Gateway on both segments and the the user is signed in to the local SE box. Both users are UM enabled in a dial plan hosted on the Exchange 2010 SP1 server in Copenhagen.



I want to configure CAC to disable all audio and video between Copenhagen and Odense. In order to do that I use the PS script below:

# Bandwidth PolicyProfile
New-CsNetworkBandwidthPolicyProfile -Identity AllBlocked -AudioBWLimit 0 -AudioBWSessionLimit 200 -VideoBWLimit 0 -VideoBWSessionLimit 3000

# Network Regions
New-CsNetworkRegion -NetworkRegionID DK1 –CentralSite site:cph1 -Description "Copenhagen"
New-CsNetworkRegion -NetworkRegionID DK2 –CentralSite site:od1 -Description "Odense"

# Network Region Links
$a=New-CsNetworkRegionLink -NetworkRegionLinkID rl1 -NetworkRegionID1 DK1 -NetworkRegionID2 DK2 -BWPolicyProfileId AllBlocked

# Network InterRegion Routes
New-CsNetworkInterRegionRoute -InterNetworkRegionRouteID nr1 -NetworkRegionLinks $a.identity -NetworkRegionID1 DK1 -NetworkRegionID2 DK2

# Creates a new CsNetworkSite and assigns that the bandwidth policy we just created
New-CsNetworkSite -NetworkSiteID Cph -Description "Copenhagen" -NetworkRegionID DK1
New-CsNetworkSite -NetworkSiteID Od -Description "Odense" -NetworkRegionID DK2

# Create new CsNetworkSubnets
New-CsNetworkSubnet -SubnetID -MaskBits 24 -Description "Copenhagen" -NetworkSiteId Cph
New-CsNetworkSubnet -SubnetID -MaskBits 24 -Description "Odense" -NetworkSiteId Od

# Setup bandwidth management
Set-CsNetworkConfiguration –EnableBandwidthPolicyCheck $true

Let’s assume that the above configuration is in effect and that Alice and Bob would like to call each other. There is not enough bandwidth available to setup the call and the call experience of Alice and Bob is therefore controlled by two parameters (EnableBWPolicyOverride and AllowPSTNReRouting) in the voice policy, they have been granted. In the table below I’ve described what the call experience will be given different values for the two parameters.


Posted in Lync Server 2010 | Tagged: , , , | Leave a Comment »

Communicator for Mac 2011 Deployment Guide

Posted by Mino on October 8, 2010

From the Blog of Jonathan McKinney


Features Available

  • Calendar based presence
  • Presence in other Office for Mac applications
  • Outlook Out of office messages in Mac Communicator
  • Invite multiple people to conference
  • Join conf: meetings from an outlook Invite
  • Enterprise Voice supported
  • OCS 2007 R2 support (OCS 2007 RTM is not)

Not available

  • Access Level for Contacts
  • Call forwarding
  • Receiving calls on mobile devices
  • Voicemail access from Mac Communicator
  • Scheduling of conferences in Outlook
  • Desktop sharing
  • No mention of Live Meeting

I am extremely pleased with the progress the Mac Communicator team has made. I expect the user experience with Lync to fill in some of the holes above with the Reach client. Finally, the Mac user can join the rest of the Unified Communications fun!

Here is the link to the Mac Communicator Deployment Guide. Enjoy!

Posted in Uncategorized | 3 Comments »

Lync 2010 Address Book Normalization

Posted by Mino on October 1, 2010

As always, a perfectly written and extremely valuable post by the MVP Jeff Schertz , such great posts put a wide smile on my face 🙂 Great work Jeff.


As discussed in a past article the Address Book Normalization process of OCS is a barely-documented and often misunderstood process.  The objective of this blog article is to explain how this process works now in Lync Server 2010.

Overall the process is generally the same, but with a few minor changes that impact both how it is configured and how normalization functions.

Default Behavior

Firstly, just as in previous versions of the client any telephone numbers stored in Active Directory phone attributes directly in RFC3966 complaint formats (+E.164) will be displayed by the Lync Client.  The number will appear both on the contact call menu and the contact card details.  For example the pattern +13125557501 is populated on the following AD user account and appears in Lync.


Secondly, following the same basic principals of previous versions the Lync client will also not display any phone numbers on contacts which fail to normalize into a +E.164 pattern.  For example the pattern (312) 555-7505 is populated on the following AD user account and does not appear in Lync.


In order to display number formats in the second example Lync Server will need to be manually configured to properly normalize these numbers.  As a general best practice the format should be pretty uniform among all AD users and contacts but if they are not then multiple rules can be added to match and normalize various numbering formats.

Configuring Address Book Normalization

By default normalization is already enabled in Lync Server which can be verified by the viewing the Lync Server’s current Address Book configuration.

  • From the Lync Server Management Shell execute the cmdlet Get-CsAddressBookConfiguration and note that theUseNormalizationRules value should already be set to True.


But this setting in and of itself does nothing yet as the normalization file needs to be configured first.  Just as with OCS the Address Book does not leverage any Enterprise Voice normalization patterns which may have been created to support EV calling.  Note that if the value is set to ‘False’ (Set-CsAddressBook –UseNormalizationRules $false) then even numbers already entered in +E.164 format will not appear in the Lync client.

  • Locate the Lync Server’s shared directory which was configured during the initial server deployment.  The file server FQDN and share name can be identified in the Topology Builder under File Stores


Browse to the share directory on the server and locate the ABFiles subdirectory.


Create a new text file named Company_Phone_Number_Normalization_Rules.txt in the ABFiles directory.  This normalization rules file must be stored in this location and not down a few directories where the actual address book files are stored as it was in OCS.


Edit the file with Notepad and enter the following example normalization and translation patterns.  This rule will apply to  the users configured with phone numbers in this standard 10-digit format: (312) 555-7500.  (The first three lines are commented out and are not required in the text file.)



Up until this point anyone familiar with Office Communications Server should recognize that everything is about the same, other than the required location of the normalization text file.  An improvement in Lync Server’s address book normalization process is instantly noticeable when looking at the simplicity of the example pattern above.  In the past long, complicated regular expressions (regex) were required to filter-out any non-digit information which could be potentially stored in the telephone field.

But now Lync Server automatically ignores non-telephony related digits in the strings and only looks at the continuous 0-9 numerical digits (and also recognizes the + symbol).  So there is no longer a need to include regex code like [\s()\-\./]* in patterns to ignore spaces, parenthesis, dashes, etc.

  • Execute Update-CsAddressBook to import the new settings configured in the text file and apply them to numbers stored in the address book files.


At this point the contacts previously not displaying phone number information should now be working.


Posted in Uncategorized | 2 Comments »

OCS / Lync Server Normalization Rules

Posted by Mino on September 30, 2010

This is a very good post by Jonathan McKinney about Normalization Rules , what I loved in it is the simplicity of explanation. Please appreciate this post young folks , we learnt it the hard way by practice and projects because there was no one to explain it to us this way 🙂

Thanks Jonathan https://www.t2mdev.com/jonmck/Lists/Posts/Post.aspx?ID=6

When normalization rules were first explained to me in an Office Communications Server 2007 training class, I left thoroughly confused.

I spent quite a lot of time trying to understand how normalization rules work. First, I found that normalization rules are .Net Expressions. A quick search of the Internet for .Net Expression primers and help guides did not help with understanding how they worked.

I finally found a piece of software called RegEx Designer that allowed me to see what is happening in a .Net expression and more importantly a normalization rule.

Let’s start with why we need telephone numbers (straight from the IETF/ITU standards).

  1. A telephone number is a string of decimal digits that uniquely indicates the network termination point.

  2. The number contains the information necessary to route the call to the termination point.

A Normalization Rule modifies the user input and presents a fully routable telephone number that can be used by Office Communications Server (OCS) / Lync Server and the PSTN to delivery a voice call to the intended termination point. To OCS / Lync Server, your telephone number is effectively meaningless if it is not presented in E.164 format.

Humans are inconsistent, especially with how we write phone numbers down. People use parens, dashes, dots, and spaces for example. Users in a business might only know a 4 digit extension to call another employee. Normalization Rules help the humans enter the phone number in the format they are used to and then translate that to the pattern that OCS / Lync Server is expecting.

There are three main processes happening when a normalization rule is used.

  1. Does the Phone Pattern Regular Expression match the input?

  2. What is captured in the Phone Pattern Regular Expression to be used by the Translation Pattern Regular Expression?

  3. What is the Translated number?

Example Normalization Rule

Phone Pattern Regular Expression: ^(2\d\d\d)$
Translation Pattern Regular Expression: +1425555$1

The "^" specifies that the match must occur at the beginning of the string.

Anything between parens is captured into a group. If there are more than one set of parens then there are multiple groups.

Any letter that is after "\" is considered a language element and has a special function. For example \d is a single digit wildcard. \D is a single character wild card.

"$" Specifies that the match must occur at the end of the string.

In the above example we are matching against any 4 digit number that starts with a 2. We are capturing the 2 into group 1 plus any other 3 digits that follow. If a number is 5 digits it will not match. If a number starts with any other number than 2 it will not match.

Now that we have captured group 1 we can take a look at the Translated Pattern Regular Expression

Phone Pattern Regular Expression: ^(2\d\d\d)$
Translation Pattern Regular Expression: +1425555$1

The +1425555 are absolute digits and will be inserted before the captured digits in group 1 "$1". Each group is represented by a $ and a digit for the order in which they were captured. The second group captured would have a "$2" in the Translation Pattern Regular Expression.

If we entered 2345 then the translated pattern would be +1425552345.

What if we wanted to match against 5 digits and only capture 4 for example?

Phone Pattern Regular Expression: ^6(\d\d\d\d)$
Translation Pattern Regular Expression: +1425555$1

The above rule would match any 5 digit number that started with a 6. But, because the 6 is not within the Parens we will not capture the 6 into group 1.

If we entered 62345 then the translated pattern would be +1425552345.

Is there an easier way to specify multiple digits rather than writing\d\d\d\d?

Phone Pattern Regular Expression: ^6(\d\d\d\d)$
Translation Pattern Regular Expression: +1425555$1

is the same as

Phone Pattern Regular Expression: ^6(\d{4})$
Translation Pattern Regular Expression: +1425555$1

The {x} specifies the number of matches for the preceding Language Element. In this case we are looking for 4 digits. If I specified \D{4} then it would be 4 characters.

If we entered 62345 then the translated pattern would be +1425552345.

What does a normalization rule look like capturing multiple groups of numbers?

Phone Pattern Regular Expression: ^(\d{3})(\d{4})$
Translation Pattern Regular Expression: +1425$1$2

In the above Phone Pattern there are two sets of parens. Each set of parens captures into a different group. The first three digits are captured into group 1 "$1" and the next 4 digits are captured into group 2 "$2".

In the Translation Pattern we use $1 and $2 after the +1425.

If we entered 5552345 then the translated pattern would be +1425552345.

What if we wanted to handle dashes, spaces, dots, and whatever else users dream up?

Phone Pattern Regular Expression: ^(\d{3})\D(\d{3})\D(\d{4})$
Translation Pattern Regular Expression: +1$1$2$3

In the Phone Pattern Regular Expression we are matching for 3 digits, then a single character. Then another three digits, and a single character. Then a final four digits. Since the \D is not within the parens we match against it, but are not capturing it. The result is the Translation Pattern has no dashes, dots, spaces, or any other character the user can dream up.

If we entered 425-555-2345 or 425.555.2345 then the translated pattern would be +1425552345.

Why do you use \D instead of [\s()\-\./] ?

Simple. It does the same thing and more! \D will match any non-digit. [\s()\-\./] will only match space, parens, dash or dots.

Is there a way to do optional matches?

Phone Pattern Regular Expression: ^9?(\d{3})\D(\d{3})\D(\d{4})$
Translation Pattern Regular Expression: +1$1$2$3

In the Phone Pattern Regular Expression above we start of with a "9?". This means the expression will match if there is a 9 or not a 9. The key is using the question mark after the number (or character). This is handy if you want to be allow users to still dial a 9 like they used to on a PBX. They can type it in or not, we simply don’t care because it is optional and we are not capturing that digit into a group.

If we entered 9425-555-2345 or 425-555-2345 then the translated pattern would be +1425552345.

How would I do a wild card for any number of characters/digits?

Phone Pattern Regular Expression: ^\D*(\d{3})\D*(\d{3})\D*(\d{4})$
Translation Pattern Regular Expression: +1$1$2$3

The above Phone Pattern Regular Expression will look for any amount of characters until it matches against 3 digits. Then any amount of characters until it matches against another 3 digits. Then a match against the last four digits.

The benefit of this is that we can handle "(425) 555-1234" or "425-555-1234" or "4255551234" and to be honest we can handle this too "Your grandma 425 has white 555 hair 1234". All the examples would be translated to +14255551234

How about logical OR?

Phone Pattern Regular Expression: ^\D*(303|720)\D*(\d{3})\D*(\d{4})$
Translation Pattern Regular Expression: +1$1$2$3

A logical OR is very handy if you need to handle multiple area codes, or NXXs (the second set of 3 digits for non-voice people). The pipe sign is what does the logical OR within the parens. The above Phone Pattern Regular Expression would look to match the first three digits to 303 or 720, but not both.

If we entered 303-555-2345 or (720) 555-2345 then the translated pattern would be either +1303552345 or +17205552345.


In my experience the above examples will help with 90% of the needs for Normalization Rules. There are much more complicated Normalization Rules that could be written, but I’ll leave that to another post. If you want to play around with Normalization Rules I strongly encourage downloading RegEx Designer so that you can visibly see how Normalization Rules work.

Posted in Uncategorized | 6 Comments »

How to allow domain users to connect to Lync 2010 or OCS 2007 from Clients running on non-domain computers

Posted by Mino on September 15, 2010

I had a situation in our company where we have exceptional few users who got Domain credentials but they are working on Computers that are not joined to the domain.

However these computers run over the LAN or WAN, can communicate with the internal DNS and got the certificate chain of the CA imported to them and they use DOMAIN\UID and password credentials to login to mail , MOSS and everything is working fine.

When I installed the OCS 2007 R2 client on their machines and tried to login with the same behavior as mail using DOMAIN\UID , I was not able to log in and I received the below event log warning:

"Communicator was unable to authenticate because an authenticating authority was not reachable.”
The server may be asking for Kerberos authentication and Communicator is not able to find the Kerberos Domain Controller in order to generate credentials and authenticate.  The network administrator will need to change the configuration on the server to utilize only NTLM authentication before Communicator can login from this location properly, or connectivity will need to be made available to an authenticating authority"


also as for testing I removed the OCS 2007 R2 client and installed the new Lync RC client on the same machine , I know it is not supported scenario but I was just testing it. Now the user was able to login but it disconnects after 10 seconds then reconnects again , it keep in this loop. I also found the same warning in the event log.

I know why this is happening and I know it would have been solved from the beginning if i forced the OCS to use NTLM only rather than Kerberos but this was not something i can force.

So in the end the Solution was this problem was simple :

Ensure that the users when singing in to communicator 2007 or Lync 2010 to include the ".local" in the domain.local\username part of the authentication and not DOMAIN\username.

Posted in Common Errors, communicator client, Lync 2010 Client | Tagged: , , , | 3 Comments »

Microsoft Lync Server 2010 Media Bypass

Posted by Mino on September 14, 2010

What is it?
  • Media Bypass allows for Lync clients to communicate directly with a qualified PSTN voice gateway or qualified IP-PBX without traversing the Mediation server for media transcoding

  • When clients use Media Bypass, the Lync client uses the G.711 codec over SRTP

What are the benefits?
  • Greatly simplifies topology
    • Allows for Mediation server to collocate with Front End server or SBA because of low CPU intensity
    • Greatly reduces the amount of servers needed in deployment resulting in lower TCO
  • Optimizes media flow and quality
    • Eliminates unnecessary hops and potential points of failure
    • Saves WAN bandwidth
    • Improves voice quality with use of G.711 codec

However to enable Media Bypass ,you must ensure that either the Media Gateway ( SBA ) or the IP-PBX does support the Media Bypass feature.

Below are some different scenarios for the Media bypass between 2 sites:

First Scenario :

In this scenario the Client in the main data center dials a PSTN number, so the client communicates directly with the gateway using G.711 codec without the need to used the mediation for transcoding from RTaudio to G.711 Codec.


Second Scenario :

In this scenario the client is located in the branch site where there is no Lync Servers installed , when the client places a PSTN call it communicates directly with the IP-PBX over G.711 without the need for getting back to the Data Center pool mediation for transcoding. However this scenario is only applicable if your IP-PBX does support the new Media Bypass feature.


Third Scenario :

In this scenario we have two clients placing the call , one from the Data Center and the second is in Branch site. you will typically have this case in the international sites where you want to enable the least cost routing for international numbers. Lets say the Main Data Center is in US and the branch Site is in Egypt , and both Clients will dial the same number which is a US number.

So the first client who is in the US data center will communicate to the mediation server directly over G.711 , then the mediation will place the call through the Hosted SIP trunk to the PSTN also over G.711 since there is no local PBX available in the Data Center.

The Second Client who is in the Egypt branch site will dial the US number , the client will communication with the Mediation server place in the US Data center over RT Audio then the mediation will talk to the PSTN over G.711. In this second scenario we used RT Audio because it has got lots of features over the G.711 which consumes more bandwidth  , RT Audio gives much better quality over WAN due to correction mechanisms and the ability to overcome lost packets.


Forth Scenario :

In this scenario we have the same case like the last one , however we have also enabled Call Admission Control ( CAC ) which is a new great feature in Lync Server 2010. It allows call control over WAN to assure the accepted number of call over the allocated bandwidth and to refuse any extra calls over the allowed limit . What makes this CAC feature great also is not only to control calls over the WAN , but also to give alternate route for calls over the PSTN rather than using the WAN.

Ok let me explain it , the Client in the Egypt branch site is placing an international call to US number , so the client tries to place the call through the mediation placed in the US data center over the WAN , however due to WAN full usage and the CAC control ( call admission control ) so the call is not allowed to be placed over the WAN , however in spite of dropping the call we find that the client is redirected with alternate route to his local GW to place the call as international number from his PSTN gateway.


Fifth Scenario :

In this scenario the Client who is placed in the branch site places a call to a PBX legacy endpoint which is placed in the main site data center , this endpoint is connected to the IP PBX where this IP-PBX does not yet support direct Media bypass.

So the Client communicates over the WAN to the mediation server over RT Audio , then the call is routed after transcoding from the Mediation to the IP-PBX over G.711 , and finally the IP-PBX sends the call to the end point directly over G.711.


Posted in Lync 2010 Client | Tagged: , , , , , | 6 Comments »

You may encounter problems when you use the Absconfig.exe tool

Posted by Mino on February 2, 2010

When you install OCS 2007 RTM resource kit and you try to run the ABSconfig.exe, you get the below error

ABS Configuration Tool -Error
Exception: System.ArgumentOutofRangeException: Value of ‘6/17/2008 6:30 AM’ is not valid for Value.  Value should be between ‘MinDate’ and ‘MaxDate’.  
Parameter name: Value

at System.Windows.Forms.DateTimePicker.set_Value(DateTimeValue)

at ABSConfig.MainForm.WMIConfigInit().

and then also you get the error  :ABS is not enabled or activated on this server (to enable set the WMI outputlocation to null)

The problem is explained in the KB Article 954749  and Hotfix for the ABSConfig.exe is available for download.

Posted in Common Errors, OCS Tools Kit, Uncategorized | Tagged: , , , , | Leave a Comment »

OCS 2007 R2 Traffic Flow of protocols and ports used in each workload

Posted by Mino on January 27, 2010

You know that song saying “At last, my love has come along, My lonely days are over, And life is like a song, Ohhh at last” !!!

This is exactly how I felt when I saw the announcement today of Microsoft for the availability of the OCS traffic flow , Finally something official and no more rumors or some individual efforts .

You can Find it here

“This poster of Office Communications Server 2007 R2 describes the traffic flow of protocols and ports used in each workload. Communications Server 2007 R2 supports the following workloads: IM and Presence, Conferencing, Application Sharing, and Enterprise Voice. These filtered views can assist you in architecting your deployment of Communications Server 2007 R2. The different server roles are described along with server certificate requirements. Firewall and DNS configuration requirements are also described.”

Posted in A/V Edge Server, Consolidated Edge, Edge Server, OCS 2007 R2 | Tagged: , , , , , , , , , | 3 Comments »

OCS Response Group Service failed to start with Error event ID 31193

Posted by Mino on October 14, 2009

We have OCS 2007 R2 Pool with 2 front end servers enterprise edition, let us say that the FQDN of the servers are OCSFE01.contoso.com, OCSFE02.contoso.com and the Pool name is OCSPOOL.contoso.com.

I created the certificate request for the front end servers using the OCS wizard where I added the Pool name in the CN and in the SAN also , then I clicked the check box of add local machine name to the SAN certificate.

Then I try to enable the OCS Services and I found that the OCS Response Group Service failed to start with the below error:

Log Name:      Office Communications Server
Source:        OCS Response Group Service
Event ID:      31193
Task Category: (2001)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      OCSFE01.contoso.com
The provided certificate is not valid.

There was a problem validating certificate: Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘OCSPOOL.contoso.com’ but the remote endpoint provided DNS claim ‘OCSFE01.contoso.com’. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity ‘OCSFE01.contoso.com’ as the Identity property of EndpointAddress when creating channel proxy.


How to Resolve:

The problem is in SAN certificate for the frontend servers you need to make sure that the last DNS entry in the SAN list matches the certificate subject name, which should be your pool name.

And since I clicked the checkbox of add local machine name to the SAN , so it added the FQDN of the machine as the last entry in the SAN and this was the problem.

So make sure that the CN should be the pool name ocspool.contoso.com and the last name in the SAN should also be pool name ocspool.contoso.com


Update : this is a known issue that  has been fixed with Hotfix in KB 969695

Posted in Certificates, Common Errors, Front End Server, OCS 2007 R2 | Tagged: , , , , , , | Leave a Comment »