How to Configure Lync Server 2010 Mobility Service
Overview
Lync Server 2010 Service Mobility is the new service for Lync Server. This service must be installed to support mobile clients:
- Apple iOS
- Android
- Windows Phone
- Nokia Symbian
With this service customers will be able to send and receive IM, see the contact list and presence. Follow the link to Comparison Table Customer Service Mobility.
For configuration of the service have a machine called Hm01.home.intranet as a Domain Controller and Certificate, called a virtual machine that is Hm02.home.intranet the Front End, I have only one SIP domain home.com.br. All servers are running Windows Server 2008 R2 Service Pack 1
http://4.bp.blogspot.com/-Oj_c-Cr7hpE/TvPiSz9lyHI/AAAAAAAACf0/777xVSZWJOY/s320/mob02.jpg
The connection structure of customers mobiles and the ports used for communication with the service is installed at the front end is as follows
http://4.bp.blogspot.com/-bnB1SmOgIYg/TvPiSnYga-I/AAAAAAAACfs/e9h-oQewu9k/s320/mob01.jpg
Components of Mobility Services
- Mobility Service: supports client connections, this service must be installed on all Front Ends.
- Autodiscover Service: Service that allows customers to identify the location and address Mobility service. This service supports connections using HTTP or HTTPS, this environment set up the connection using this HHTPS and Reverse Proxy in the certificate should be amended and new rules published in the firewall should be created. This service must be installed on all Front Ends and directors of the pool
- Push Notification Service: this service is based on the cloud and uses the services of Office 365. When Lync Client Apple iOS or Windows Phone is dead they do not respond to new events and new IM or missed calls. In such cases a notification called Push Notification is sent to the customer by the service Lync Online.
Prerequisites
Cumulative Update 4
All Front End pool servers must be upgraded to the Cumulative Update November Lync Server.
The update can be downloaded from the Microsoft website http://www.microsoft.com/download/en/details.aspx?id=11551 .
In this article demostro steps to upgrade the server pool Pool Update Lync Server with Cumulative Update 4. There is no need to upgrade customers to activate this service but is recommended to keep the structure updated.
DNS
To support customers in Autodiscovery is necessary to create a record in DNS. The record can be of type Address (A) or Alias (CNAME), and should be created for each SIP domain supported by both the pool and in the Internet DNS Internal DNS
For this article I will create the CNAME record in DNS in the inner and external DNS.
For the configuration of the internal DNS, I created a CNAME record LyncDiscoverInternal. <domain SIP> pointing to the internal FQDN of the Front End
http://4.bp.blogspot.com/-x7K0MaaBxvw/TvPiVO8ltqI/AAAAAAAACf8/KIQosZIt8Ec/s320/mob04.png
Alias Name: LyncDiscoverInternal
The FQDN for Target Host: Hm02.home.intranet
http://1.bp.blogspot.com/-Q-KFc6U54uY/TvPiVhLtGaI/AAAAAAAACgE/TWBLV8iCICU/s320/mob05.png
For the configuration of external DNS, I created a CNAME record LyncDiscover. <domain SIP> pointing to external URL configured in the Front End
Alias Name: LyncDiscover
The FQDN for Target Host: LyncPortal.home.com.br
http://2.bp.blogspot.com/-UD-lt1yj7dQ/TvPiWE7odnI/AAAAAAAACgM/RC1xfrd-4j0/s320/mob06.png
To check which URL set to External Site start the Topology Builder and access the properties of the Front End Pool , and check the configuration of External Web Service.
http://3.bp.blogspot.com/-2su7cQvirMg/TqIiRpYKkHI/AAAAAAAABtc/MybOMOCkI24/s320/rev03.png
Configuring Ports for Mobility Service
The Mobility Service requires the creation of two additional ports on the Front End Web Service For the configuration of the doors start Lync Server Management Shell.
Creation of the door to the Internal Web Site
Set-Identity-CsWebServer Name> Pool> McxSipPrimaryListeningPort-5086
http://3.bp.blogspot.com/-ECVZOSfO0VY/TvPoCcXr6zI/AAAAAAAACgY/osBtT0kvd7Y/s400/mob07.png
Creation of the door to the external Web Site
Set-Identity-CsWebServer Name> Pool> McxSipExternalListeningPort-5087
http://2.bp.blogspot.com/-nlPsYZEkPxY/TvPoCyZcvXI/AAAAAAAACgg/_XOBs1nhZl8/s400/mob08.png
To publish your changes of topology use the cmdlet: Enable-CsTopology-verbose
http://3.bp.blogspot.com/-onInNAODbdQ/TvPoDRzuSuI/AAAAAAAACgo/j6CkRMvdLnI/s400/mob09.png
IIS
The Mobility Service component uses Dynamic Content Compression IIS is not a prerequisite for the installation of the Front End
Logue in Front End server and add the IIS component
http://2.bp.blogspot.com/-vSvpk25MEl4/TvPrB_fFTjI/AAAAAAAACg0/K49FdNPjEPs/s320/mob10.png
Installing the Mobility Service
Download the Mobility Service
McxStandalone.msi Copy the file to the Front End in the folder *C: \ ProgramData \ Microsoft \ Lync Server \ Deployment \ cache \ 4.0.7577.0 \ setup *
http://3.bp.blogspot.com/-z5qFZP7if1U/TvUGKMuC1xI/AAAAAAAAChA/o2AvTHhVAME/s320/mob11.png
Start Lync Server Management Shell and go to the folder C: \ Program Files \ Microsoft Lync Server 2010 \ and run the Deployment bootstrapper.exe
http://3.bp.blogspot.com/-KDnczlPc7Sk/TvUGKS3XqjI/AAAAAAAAChI/O9sZq97ptbQ/s400/mob12.png
Check the end of the wizard and make sure the Autodiscover and Web Component have been successfully installed.
http://1.bp.blogspot.com/-0fCRWuTdipQ/TvUGL2O5r1I/AAAAAAAAChQ/h4zH1ZudKY0/s320/mob13.png
The log file shows all the features were installed.
http://2.bp.blogspot.com/-2FfYenJ3Zp8/TvUGM-OE4aI/AAAAAAAAChY/f-SwnFgd5cw/s320/mob14.png
Two virtual folders were created in IIS
http://3.bp.blogspot.com/-pcw7CiTuFWM/TvUKRoFZBtI/AAAAAAAAChk/XNlkp7mOtok/s320/mob15.png
Certificates
To support the connection of devices is necessary to change the digital certificate installed and add the new names FQDN's created for the Mobility of the Autodiscover Service. Run the installation wizard Lync Server and replace the certificate used by a new certificate that contains the FQDN of Discover's Service. Run the installation wizard and run the Lync Server Request Step 3, Install or Assign Certificates
*http://4.bp.blogspot.com/-jFn9ZUD5TPc/TvUQZV11nPI/AAAAAAAAChw/iEG20Y1Q3Bg/s320/mob16.png *
Select the installed certificate and click Request
http://3.bp.blogspot.com/-886MwZ5vCG8/TvUQaI_xyJI/AAAAAAAACh4/ZwEGGBqiWwU/s320/mob17.png
Go to start requesting the new certificate and select the option to Send Request Immediately to an certification authority
http://1.bp.blogspot.com/-nfVnmlqLJFQ/TvUUV6oDonI/AAAAAAAACiM/1y0fP_5cwSk/s320/mob17_1.png
http://2.bp.blogspot.com/-puZa6jsh7eo/TvUUWaOctpI/AAAAAAAACiU/MQ5CuKFWX2s/s320/mob17_2.png
Select the certification of the network and go in this case use an enterprise certificate installed on a network server
http://2.bp.blogspot.com/-wCDRG8RbMdI/TvUUW_jIAvI/AAAAAAAACic/tpMl3CboEBo/s320/mob17_3.png
You do not need any account if you are running the wizard with an account that has permission to issue certificates
http://3.bp.blogspot.com/-J_r20sw6I8w/TvUUXfu8DTI/AAAAAAAACik/IfFLvlSLWr0/s320/mob17_4.png
Do not change the template of the certificate
http://3.bp.blogspot.com/-PslwDwX2krs/TvUUX7FNFCI/AAAAAAAACis/dT8Of0wLNiU/s320/mob17_5.png
Set Friendly Name of the certificate and check the Mark the certificate's private key exportable
http://2.bp.blogspot.com/-k1HBBWx7A2k/TvUUYepMSsI/AAAAAAAACi0/gqK9ADvltRQ/s320/mob17_6.png
Fill in the geographic information of the certificate
http://2.bp.blogspot.com/-2slz0ZwTOOM/TvUUZGTTvRI/AAAAAAAACi8/9RZ1hL1S8D4/s320/mob17_7.png
In the Subject Name of the FQDN's Discover are automatically included
http://1.bp.blogspot.com/-wP-rOFiVz-o/TvUQamiQnaI/AAAAAAAACiA/DpAegKQrWdg/s320/mob18.png
Select the SIP domain that will be supported by the certificate
http://2.bp.blogspot.com/-N-iosNRF0sA/TvUWSalS0tI/AAAAAAAACjI/XZwe_yMp7PE/s320/mob19.png
If you support multiple SIP domains add the FQDN's in ccertificado
http://1.bp.blogspot.com/-EjB5OjyIBto/TvUWSlrtN8I/AAAAAAAACjQ/v0D37VY2Q3o/s320/mob20.png
Verify the certificate information and advance
http://2.bp.blogspot.com/-j_G3lmVY3yA/TvUWTT7Z-VI/AAAAAAAACjY/JLeNI95e-Cg/s320/mob21.png
Check that the certificate was issued successfully
http://1.bp.blogspot.com/-TBbzGp1n6rI/TvUWTz1sP4I/AAAAAAAACjg/0BgL7rJx-rU/s320/mob22.png
Select Assign this certificate to Lync Server certificate usages
http://4.bp.blogspot.com/-F2XDmTwrJuc/TvUWUux6sKI/AAAAAAAACjo/CP7crfeiEEU/s320/mob23.png
Proceed to begin installation of the certificate
http://3.bp.blogspot.com/-Y2y9llKwWj4/TvUWUzheP7I/AAAAAAAACjw/tobipxppHAs/s320/mob24.png
Check the FQDN's set and go
http://1.bp.blogspot.com/-U-ZSdqLZVLc/TvUWVdoqUFI/AAAAAAAACj4/pQRgHA-P1Yg/s320/mob25.png
Finish the wizard
http://2.bp.blogspot.com/-mxHhvSMMQyw/TvUWWKnSQLI/AAAAAAAACkA/xA80pXujkoo/s320/mob26.png
Open the properties of the certificate and make sure that all names are correct;
http://3.bp.blogspot.com/-aiNZd64axEM/TvUWWq_qOnI/AAAAAAAACkI/DrBzeT2lvdI/s320/mob27.png
Published in Reverse Proxy
The publication process of the Mobility Service is similar to the publication of the Front End services with Reverse Proxy. To provide the service to external customers need to create a new digital certificate with the FQDN of the Discover Service, LyncDiscover.home.com.br and change the publishing rule Reverse Proxy.
Setting the Reverse Proxy is the rule in Article Published Lync Reverse Proxy Server Forefront TMG in 2010. Make the following changes in the publishing rule and the digital certificate.
Certified
Send and install a new digital certificate with SAN configured with the FQDN LyncDiscover.home.com.br. The certificate must be installed in the container from the local computer.
http://2.bp.blogspot.com/-GlP8RRMLKzo/TvkfBBJBoRI/AAAAAAAACkU/RfPBHYxDxWo/s320/mob28.png
Altering of Published Rule
Open the console TMG 2010 and access the properties of the publishing rule web site of the Front End
http://1.bp.blogspot.com/-t6omSra8kyc/TvkfBgDhs4I/AAAAAAAACkc/1AvRKU0sdKk/s320/mob29.png
In the properties tab of the rule go to the Listener and click Properties
http://2.bp.blogspot.com/-v8f01cNicy8/TvkfCB0lOmI/AAAAAAAACkk/4KdipvvIeg4/s320/mob30.png
In the properties of the Listener tab to access the Certificates , and then click Select Certificate
http://4.bp.blogspot.com/-IuecNND0F4w/TvkfChxQLfI/AAAAAAAACks/F8MN3FACvr8/s320/mob31.png
Select the new certificate with the FQDN's updated
http://1.bp.blogspot.com/-vs4_Cc50lns/TvkfDHEvCVI/AAAAAAAACk0/KlUcxLsuyfg/s320/mob32.png
With the new certificate installed finalize the assistant
http://3.bp.blogspot.com/-aewGceSkv3o/TvkfDhBclyI/AAAAAAAACk8/BefXOn1hxT8/s320/mob33.png
Back in the publishing rule to access the tab Public Name and click Add
http://2.bp.blogspot.com/-_2BeUmRLfNY/TvkfEN6RCUI/AAAAAAAAClE/yNxtAa6L9l4/s320/mob34.png
Add the FQDN of the Discovery Service in this case is LyncDiscover.home.com.br
http://4.bp.blogspot.com/-WpGjig0MIpE/TvkfEl8IkiI/AAAAAAAAClM/C2WCRVjH8KY/s320/mob35.png
Finish the wizard and apply changes to console GMT
http://1.bp.blogspot.com/-pz26erhWgqc/TvkfFKGE7AI/AAAAAAAAClU/pVmeSlRe6CQ/s320/mob36.png
Configuring Push Notifications
Push Notifications are alerts sent by the Edge Server Online routed by Lync Lync to the client installed on the iPhone and Windows Phone users to notify events for new IM, missed calls and voice mails. Push To configure, start Lync Management Shell and run the cmdlet:
New-CsHostingProvider -Identity "LyncOnline" -Enabled $True -ProxyFqdn "sipfed.online.lync.com" -VerificationLevel UseSourceVerification
http://3.bp.blogspot.com/-du2aPLpBD20/T6XwucxqvjI/AAAAAAAADjQ/wbTBCf-M0K0/s320/mobCl20.png
To create the federation of the domain push.lync.com run
New-CsAllowedDomain -Identity "push.lync.com"
http://4.bp.blogspot.com/-f8LR8ygNA1g/T6XwvNW6MaI/AAAAAAAADjY/MR5EIQS1YZY/s320/mobCl21.png
To enable notificação
Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $True -EnableMicrosoftPushNotificationService $True
http://2.bp.blogspot.com/-S-UVKMFkkwM/T6XwvbFVPBI/AAAAAAAADjg/LvajoqDskiQ/s320/mobCl22.png
Enable the domain field
Set-CsAccessEdgeConfiguration -AllowFederatedUsers $True
http://1.bp.blogspot.com/-h4n89e7Bq_A/T6Xwvz2WpFI/AAAAAAAADjo/P2LpR1YzFSM/s320/mobCl23.png
Connection Test
To verify that the services of the Mobility Services were published successfully run the browser on a machine on the Internet and access the URL LyncDiscover.home.com.br. The browser should show a file download
http://3.bp.blogspot.com/-ZHd9e9l08XI/TvqAQ3sMsKI/AAAAAAAAClg/GHoGNo6LIg4/s400/mob37.png
Open the file in Notepad. It should contain the URLs and addresses posted external access to the pool
http://2.bp.blogspot.com/-sP16VE4Xk28/TvqAReTbdUI/AAAAAAAAClo/5QH61gGkOgI/s400/mob38.png
Clients Configuration
Installing Root Certificate
Before you start setting up the customer on the phone you need to import the root certificate on mobile. Start the browser
http://4.bp.blogspot.com/-dJAqejv3ytw/T6SLdakKCbI/AAAAAAAADgo/PNWxQeDyRv4/s320/mobCl01.png
Visit the Web Enrolement address this infrastructure https://hm01.home.intranet/certsrv
http://1.bp.blogspot.com/-2m5einrBLZM/T6SLedEEc_I/AAAAAAAADgw/-LcSAzCurug/s320/mobCl02.png
The certificate warning should be issued, click Continue
http://3.bp.blogspot.com/-qSJqTaUh7ao/T6SLe7f1H5I/AAAAAAAADg4/lP20hGFo0S8/s320/mobCl03.png
No. authentic portal
http://4.bp.blogspot.com/-bL6Enx74aDw/T6SLfUSEiGI/AAAAAAAADhA/h0lpO1Kn9DI/s320/mobCl04.png
Click Download a CA certificate, certificate chain or CRI
http://1.bp.blogspot.com/-ZtFJgWn7ZK8/T6SLgfLRwXI/AAAAAAAADhI/mFehmj6nIK0/s320/mobCl05.png
Then click Install CA certificate
http://4.bp.blogspot.com/-gLAb12mhj2s/T6SLhbTkw7I/AAAAAAAADhQ/xdgXkfjtUC4/s320/mobCl06.png
Set a name for the certificate and click OK
http://4.bp.blogspot.com/-pQNncID9SM0/T6SLh_dU9yI/AAAAAAAADhY/nrQDWiZsqCs/s320/mobCl07.png
The message that the certificate is installed should be displayed
http://4.bp.blogspot.com/-8iPykm-EMN4/T6SLiqBAD6I/AAAAAAAADhg/rkCEnPHhK_8/s320/mobCl08.png
To verify that the certificate was properly installed to access any URL *Lync Pool, * used in this example the URL of dialin. Click on the image of Lync with cadiado.
http://3.bp.blogspot.com/-BMXjgK2adws/T6SLjRQi4DI/AAAAAAAADho/agBXH2pfvsQ/s320/mobCl09.png
Click the View certificate
http://4.bp.blogspot.com/-9PEM4bOVCt8/T6SLkLycd-I/AAAAAAAADhw/e-HcChtz0y0/s320/mobCl10.png
It must be shown that the certificate is valid
http://1.bp.blogspot.com/-aShlEtThe_o/T6SLk1LURoI/AAAAAAAADh4/e7Lw_dVwSec/s320/mobCl11.png
Logon Lync Client
Execute Lync Client 2010
http://4.bp.blogspot.com/-OyBt3Ew4vUM/T6SLl8yA8SI/AAAAAAAADiA/Op0ktjNqQ7s/s320/mobCl12.png
Enter the SIP address and password, if your SIP domain is equal to the internal FQDN of the domain you can click Sing-but in this case my FQDN of the domain is home.intranet and my SIP domain home.com.br this case click Options.
http://4.bp.blogspot.com/-x4anoTyT2xQ/T6SLni5Rh4I/AAAAAAAADiQ/t1YmkQY0ryQ/s320/mobCl14.png
Select the User Name
http://1.bp.blogspot.com/-9tV7MDCmB-k/T6SLoOHW3gI/AAAAAAAADiY/ljyNvcjrPpQ/s320/mobCl15.png
Configure the user *Netbios \ UserName *
http://4.bp.blogspot.com/-DDjMi0H-Gp0/T6SLoslXCMI/AAAAAAAADig/bp4DSUG400g/s320/mobCl16.png
Configured with the user click Sign In
http://2.bp.blogspot.com/-RtG093XyT6Q/T6SLpaKvK2I/AAAAAAAADio/Gzc757dC_dw/s320/mobCl17.png
After the initial configuration and status messages can be configured
http://1.bp.blogspot.com/-8x5gGdkDjGc/T6SLp-p7vLI/AAAAAAAADiw/ClguZZ5mTls/s320/mobCl18.png
http://4.bp.blogspot.com/-Rp5fL6eVhlk/T6SLqkMudnI/AAAAAAAADi4/5tRIV7Df3aY/s320/mobCl19.png
