It’s official; the new name of OCS is Lync! With the name change comes a number of new features including revamped management interfaces (Topology Builder, Deployment Wizard and CSCP) and a Management Shell with tons of great new scripting capabilities.
With all of these new features available, and a new way to deploy I thought it would be fitting to cover deploying a topology. To start things off easy we’ll jump into a single box Standard Edition pool. Over the next few articles I will add layers to this deployment until it resembles what you may want to use in your environment.
Keep in mind the RC is for lab use only; it is not a good idea to install this into your production domain. Also, please read the reference documents here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2da9fa26-e032-4dcf-b487-da916ddc508f
Now let’s start with a link to the download:
http://technet.microsoft.com/en-us/evalcenter/ff808407.aspx
For this install you’ll need a DC/DNS/CA server (I named mine lyncdc.ocsguy.local), we’ll bypass that portion of the install to keep the article to a reasonable length.
Once you have your Lync Server on the domain we need to install all the pre-requisites:
Here’s a quick ServerManagerCMD script to make that happen, to use this open a Command Prompt (Run As Administrator) and paste the information below. For formatting purposes copy this into notepad and make sure when wordwrap is unchecked it is all on one line.
****Begin Copy Below This Line****
servermanagercmd -i NET-Framework Web-WebServer Web-Common-Http Web-Static-Content Web-Default-Doc Web-Dir-Browsing Web-Http-Errors Web-Http-Redirect Web-Asp-Net Web-ISAPI-Ext Web-ISAPI-Filter Web-Http-Logging Web-Log-Libraries Web-Http-Tracing Web-Security Web-Windows-Auth Web-Client-Auth Web-Performance Web-Stat-Compression Web-Mgmt-Tools Web-Mgmt-Console Web-Scripting-Tools telnet-client rsat-adds
****End Copy Above This Line ****
Now that we have the roles and features necessary we reboot to complete the installation and start the install.
Go to your DVD Drive>Setup>AMD64> and run Setup.exe
Click “OK” to install the vcredist package.
Next you will see the LyncServer 2010 Install screen (sometimes this is hidden behind your explorer window); click Install
After accepting the license agreement the install will begin.
Now we will see the “Deployment Wizard”, we’ll skip over the “Prepare Active Directory” section for the article (but you should do it if you are following along at home) and go right to install of the “Topology Builder”
And onto “Prepare First Standard Edition Server”, this preps our new lyncserver to house the Central Management Store (CMS).
This will take a couple of minutes, so now is a good time to get up and grab some coffee or stretch…
Now our server is ready to host the CMS and we can start out with the Topology Builder.
With Lync Microsoft has built a fantastic deployment configuration utility in the Topology Builder that allows you to create your entire topology all at once, and then it stores this topology in the CMS where each server can access it. After the topology is published, you run the “Deployment Wizard” on each server and its rolls are automatically installed. I must say I really like this utility!
So we open “Lync Server Topology Builder” and choose “New Topology”
We are prompted to select a name and a location to save the Topology Builder XML file to (tbxml). Each time we open the topology builder we will be presented with this same option, after publishing the topology the first time we will choose “Download Topology”. The great part of this is you can make a copy of this file every time you are logging in to make a change, in the event of an issue just grab the previous file and re-publish it.
Now we are creating our topology, we start by defining our SIP domain. In this case I will be using ocsguy.info for the SIP domain, ocsguy.local is the internal domain name and will not be needed.
Now we define our first site
And now we are finished, notice the check box is selected to take us right into the “New Front End Wizard”:
On to the Front End configuration:
Make sure to check “Standard Edition”
We select our features, bypassing CAC and the collocated Mediation server for now.
And bypass the other roles for now
Now we need to create a file share named “Share” on the Front End server
Now we can see our topology in place and are ready to publish it
Once our topology is published, we need to go back into the Deployment Wizard and let the wizard configure our new standard edition server.
We choose “Install Local Configuration Store” first and select “Retrieve directly from Central Management Store” for the replica selection
Now on to step 2, this is almost identical to Step 1, with one exception. You will be prompted to reboot the server and re-start the installation during this step:
Once you have restarted after the prompt you come right back into the deployment and run Step 2 again:
Now we request our certificate, this is a pretty standard process, I haven’t included every screenshot but the important ones are below
We now start the services (step 4)
Before we can enable our first user, we have to add the “Administrator” account to some roles in AD, from ADUC right click the administrative user, go to properties and open the “Member of” tab. Add the Administrator account to the groups shown below.
Next, log off and back on to the Front End server to let the permissions take effect.
Now we can go out to our Communications Server Control Panel (CSCP).
If you haven’t installed SilverLight already you’ll see a prompt to do so now
Now we enable a test account:
Since we haven’t deployed Exchange yet we can’t base the SIP address on the email address so I chose SAMAccountName, make sure to choose your public SIP Domain (in this case ocsguy.info) and not your internal domain.
Now we log into DNS and create A records:
Lyncse.ocsguy.info 172.16.5.151
Dialin.ocsguy.info 172.16.5.151
Meet.ocsguy.info 172.16.5.151
And the SRV record:
_sipinternaltls._tcp.ocsguy.info:
And last but not least, we get to sign in (if the computer you are testing from isn’t joined to the domain you will need to import the root certificate).
After enabling a few more users you can begon testing and learning all of the great new features of Lync. Check back soon as I will be going over the next step in the process, adding external connectivity.
The Lync Guy's Blog 
Great article!
Hello Andrey,
Glad you liked the article, thanks for reading!
-kp
This was very helpful. I cant believe how much it has changed since R2. Thanks for taking the time to include screen shots.
I add my administrator account to the groups u told but still can’t enable users
Hi Waleed,
Are these new users, domain admins, etc? Any errors you can share?
Thanks for reading!
-kp
Pingback: MS Live communication adeta evrimleşerek yoluna devam ediyor: adı OCS olmuştu Şimdi Lync zamanı | Bilişim Teknolojileri
Good walkthrough, thanks. I’m following it in the same order, but get an error in the Publish Topology Wizard:
Error: Error connecting to “tasia.s.local\rtc” while installing “CentralMgmtStore”. Verify that the SQL instance is running, connections are not being blocked by a firewall, and that you have SQL administrator permissions. For details, see the following log file: “C:\Users\Administrator.SLOCAL\AppData\Local\Temp\2\Create-CentralMgmtStore-tasia.s.local_rtc-[2010_10_13][14_07_04].log”
Error: An error occurred: “Microsoft.Rtc.Common.Data.SqlConnectionException” “A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 – Error Locating Server/Instance Specified)”
I’m checking right now if any of the suggested causes can be “The One”, but have found nothing sofar.
Sorry – not in the Topology Wizard, next step: “Prepare first Standard Edition Server”…
Sorry again – delete that remark. Of course it *was* in the Publishing wizard… Failure while Creating Central management Store.
Hi Tommy,
Did you already run the “Prepare First Standard Edition” server step?
Hope this helps!
-kp
Yes, I’m following the steps in order and have green check marks for:
“Prepare Active Directory”
“Install Topology Builder”
“Prepare first Standard Edition server”
Am then trying to publish the topology and get the above mentioned error.
SQL Server 2005 got installed and I can see that RTC is started with Shared Memory/Named Pipes/TCP/IP protocols enabled.
But the log files say:
Running script: C:\Windows\system32\cscript.exe //Nologo “C:\Program Files\Common Files\Microsoft Lync Server 2010\DbSetup\xdssetup.wsf” /dbexists /sqlserver:tasia.s.local\rtc /publisheracct:sLOCAL\RTCUniversalServerAdmins /replicatoracct:sLOCAL\RTCUniversalConfigReplicator /consumeracct:sLOCAL\RTCUniversalReadOnlyAdmins /role:master /verbose
—————
Installed SQL Server 2005 Backward Compatibility version is 8.05.2312
Connecting to SQL Server on tasia.s.local\rtc
Error connecting (
name: Error
description:
number: -2147221504
message:
)
Attempting to start SQL Server and connect…
Error starting SQL Server on tasia.s.local\rtc
Error (
name: Error
description:
number: -2147023840
message:
)
Ensure that tasia.s.local\rtc is a valid SQL instance.
—————
Exit code: ERROR_START_SQLSERVICE (-1)
When running /dbexists, non-zero exit codes are not necessarily errors
—————
Running script: C:\Windows\system32\cscript.exe //Nologo “C:\Program Files\Common Files\Microsoft Lync Server 2010\DbSetup\xdssetup.wsf” /sqlserver:tasia.s.local\rtc /publisheracct:sLOCAL\RTCUniversalServerAdmins /replicatoracct:sLOCAL\RTCUniversalConfigReplicator /consumeracct:sLOCAL\RTCUniversalReadOnlyAdmins /dbpath:C:\CsData\CentralMgmtStore\rtc\dbpath /logpath:C:\CsData\CentralMgmtStore\rtc\logpath /role:master /verbose
—————
Installed SQL Server 2005 Backward Compatibility version is 8.05.2312
Connecting to SQL Server on tasia.s.local\rtc
Error connecting (
name: Error
Error starting SQL Server on tasia.s.local\rtc
Error (
name: Error
description:
number: -2147023840
message:
)
Ensure that tasia.s.local\rtc is a valid SQL instance.
description:
number: -2147221504
message:
)
Attempting to start SQL Server and connect…
—————
Exit code: ERROR_START_SQLSERVICE (-1)
—————
Possibly I will try installing SQL Server 2008 SP1 before continuing.
Hi Tommy,
Im getting the same error did u find out any solution for this??
rgds
Donald Ambrose
Go to the Sql server configuration manager –>
sqlserver network configuration –>Protocol for yourDB–> enable the tcp/ip
I ran into the same issue as described above. I tried uninstalling all of my SQL installations, messing with the server config mgr, preparing first SE server multiple times and none of those worked.
What my problem turned out to be was where I defined my primary front end pool. The pointer didn’t have the server name in properly.
When SQL Browser service was manually started the error message changed to BAD_VERSION. Seems the cause of the problem is an old installation of SQL Server 2005 Xpress. When it was present, the installation program didn’t install any SQL Server, and Lync can’t work with Xpress. So it’s uninstall and installation of SQL Server 2008 SP1. I wonder if it’s then just to continue with Publish Topology or if (parts of) the already done Lync installation has to be redone?
Yes, uninstall + install of SQL Server 2008 + rerun of “Prepare first Standard Edition server” fixed that problem and the Topology Publishing wizard completed with success. On to next step.
Tommy,
It sounds like you already had SQL installed ahead of time and that coule have been the root cause (please correct me if I’m wrong there). It is a good idea to only have the OS and any 3rd party apps (like Backup and AV) on the server and let the Lync installer handler the rest moving forward.
Thanks for sharing what you’ve run into and how you corrected it!
-kp
Yes, we missed the uninstall of SQL Server and the installation routine didn’t check for that the existing RTC instance was from a too old server version. It’s a lab server and I didn’t know if I could uninstall everything.
The “next steps” went well, until Enable/edit user. Four of the six users (including me) weren’t possible to move to the Registrar pool. However I found the post below and the last of the three suggestions worked 🙂
http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/6f81684c-e56a-40e4-9053-8dd010aad6c9
unable to republish the topology after doing changes…getting below error…
“cannot publish the topologu changes, conference still exist on one more delted service”
Can any body help on this?
Guy’s,
We have ocs 2007 r2 deployed and would to upgrade to lync 2010.
Can i install a new lync 2010 server into the existing sip domain?
our current sip domain is sip1.net doamin is domain.local.
Rather than have to reconfigure all the external connectivity it would be great if we could install a lync server using the current sip domain name.
Thanks.
Andy,
Lync isn’t available yet (unless you use a time bombed version), but once it is GA you will definitely be ablle to install it into your existing SIP domain and migrate from OCS 2007 R2 to Lync. I’ve run through that scenario a number of times and it works well. There should be some great documentation availably shortly that will help you plan this. Keep a close eye on Technet.
Thanks for reading!
-kp
Hi all,
It’s very userful blog,I am very happy to read this blog.
It’s helped a lot.
Hi,
When publishing topology I am getting the following error:
Error: An error occurred: “System.UnauthorizedAccessException” “Access is denied. (Exception from HRESULT: 0×80070005 (E_ACCESSDENIED))”
Am I missing something?
Hi Joshua,
Have you run the “Prepare First Standard Edition” wizard and also logged off and back on after granting your install account the permissions show above?
Hope this helps!
-kp
Pingback: Deploying an Edge Server with Lync « The OCS Guy's Blog
Im getting this error “Upload C:\Program Files\Microsoft Lync Server 2010\Deployment\Setup\ExternalSchema.ldf fails. The exit code is “8206”.” how i can solve this problem?
Fernando,
Please make sure your account is a domain admin, enterprise admin and schema admin. Also, try rebooting the box after adding these permissions.
Hope this helps!
-kp
I had this same error message and the user account had all of these permissions. What ended up being the problem for me was that I had an old domain controller still in active directory that it was unable to contact or replicate to. To resolve it in Windows 2008 I went into ADUC and deleted the DC. For Windows 2003 you will need to refer to the Microsoft documentation on how to delete an old DC.
Sorry to bother you…I’m trying to deploy LYNC on server 8 beta and am also having the 8206 exit code. I’ve checked my account, enabled remote registry changes, enabled schema manipulation with no luck…any other ideas?
Hi Ricardo, I’m not sure it is currently supported to install Lync on the server Beta and I haven’t tried. May be best to deply on server 2008 R2 until MSFT has documentation on what is required for Server 8.
HTH
-kp
Thanks so much.
Unbelievably helpful
I Have the problem that when i want to publish the topology following error occures:
can´t find a domain controller in the domain “test.local”
thats strange because i am loged in with a domain user…
hoping for help
Laxy,
Please try a DCDiag and double check that you are logging in as test.local\administrator and not just administrator.
Hope this helps!
-kp
Hi there, I’m having trouble migrating from LCS2005. I’ve managed to hurdle the idiosyncrasies through 99% of this (thank you so much!) but I’m struggling on the DNS section as none of my clients can log in. I’m effectively disabling live communications for everyone, then re-enabling (I’ve moved servers) using the lync server manager.
any ideas?
also, your ip: 172.16.5.151 – where is that from?
Cheers,
James
James,
Do you have an SRV record of _sipinternaltls._tcp.domain.com matching your SIP domain?
the 172.16.5.151 was just a fee IP in my lab space at work that I assigned to the server.
Thanks for reading!
-kp
I do yes – however that’s a side that I didn’t initially set up so I haven’t changed a great deal (we used to have LCS2005 with Windows messenger which is due to be decommissioned due to a Win7 upgrade).
I’m looking through to see if there are any conflicts with an existing (stopped) server for LCS2005. The ports set up for that are [_rvp @ 80], [_sip @ 5061] & [_sipinternaltls @ 5061] – could this be the issue? Everything else seem sto check out ok.
Hi,
I did exactly what you did, but the Client shows “cannot sign in to Lync – There was a problem verifying the certificate from the server”
I´ve copied the certificate already from the CA to the Client.
Any ideas?
Please make sure the name listed in your SRV record is in the SAN fields on your certificate applied to your pool.
Hope this helps!
-kp
Thank you for this fantastic article!
I was really having some difficulties with this installation as it is very different to the Communication Server installations that I’ve done previously.
Everything was fine until I recieved the error “Automatic collection of configuration data failed.” and have spent several hours trying to resolve this with really no luck.
You have saved me hours of further headaches. Cheers!
Adrian,
Glad this article helped!
-kp
It Works!
Thanks a lot:D
Rob
Hi, I am new in Microsoft Lync 2010 and all about Communicator. I have recently installed Lync 2010 to evaluate (Evaluation 180 days) and I installed it in my corporate network. My boss ask about to configure to can connect from internet and capabilities to sharing witth other clients like msn messenger or google. Otherwise we have two Mac clients that we want to connect.
Questions: I need some procedures as easy possible to carry on Lync internet connection and I want to connect Mac clients.
My configuration is one servers with Microsoft Lync 2010. I have a DC, DNS.
We will appreciate your help
Jose,
You will have to at the least deploy an additional edge server for public connectivity to work.
This article covers most of the details:
http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
Hope this helps!
-kp
Hi,
Great guide. I have one question hopefully someone can help me with. I installed this inside a resource forest and everything is working except the fact that I can’t see outside of a single OU. I stood this up next to a 2007 R2 install, and want to move everyone to the new pool.
We have multiple OU’s and the only one i can see when i try to move users from the control panel is the default OU of “Users” and only the users within that OU. My work around is to move the user from their current OU to the default “User” OU, and then move them to 2010.
After I move them I then move them back to their original OU. Again, just a work around but painful for over 100 users. I’m looking for a fix moving forward that will allow me to see the entire Domain and not just the “User” OU. Any ideas? (I checked security over and over, in OCS 2007 this wasn’t an issue because of the snap in, I could just do it right from the user account). Any help would be appreciated.
Thanks in advance,
-fs
I had an error in ” Publish Topology ” step.
I cann’t create Central Management Store (Status : failure).
View Logs
Error: An error occurred: “Microsoft.Rtc.Management.Deployment.DeploymentException” “Cannot determine where to install database files because Windows Management Instrumentation on the database server is unavailable from your computer or user account. To continue, you can resolve this issue, or you can specify where you want to install the files.”
tw,
Please review these links:
http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/fee3f743-6027-4644-b5e8-153da3ab63df/
http://support.microsoft.com/kb/2422384
Hope this helps!
-kp
Can be done using “Lync Server 2010 Control Panel” under “Users” where you have option “Enable Contacts”.
If I use this option, no contact from AD will show up.
Please, Help me.
Thank you
tw
taywin_erpi@hotmail.com
hi. i installed lync and a lync mediation server. i have an audio codes mp-118 and i want to know how i can configure lync with my pstn system. i tried many steps and not have luck still
Hello kp,
while preparing standerd edition server i have got the following problem could u plz help in this
failed catching file D:\Setup\amd64\Setup\speech\es-MX\MSSpeech_TTS_es-MX_Hialda.msi,
Error msg:Incorrect function.
and while publiching topology it’s giving error like xxxx\rtc is not a valid instance
Thanks,
vignan
Hi Vignan,
Have you already run “Prepare First Standard Edition Server” for the first server? If so please verify the RTC instance of SQL express is running and maybe try turning off the firewall as a test.
Hope this helps!
-kp
Hi there, fantastic article and it helped a lot with our installation of Standard edition!
I made it all the way through the install with no problems, configured the SRV record, but none of our users can log it. It just says (Communicator) the password is incorrect or the sign-in name does not exist. Any ideas as to what might be causing this problem?
Hi Chris,
By chance are your users using XP or Vista?
-kp
Great article. Just followed it to build my own Lync VM. Many thanks.
I like this post, is a very comprehensive article. However, in my implementation I get an error when publishing the topology.
The error I get is:
“error script failed code error_need_major_upgrade_use_imp_exp when installing centralmgmtstore”
I hope that maybe you could help me.
Greetings and thanks
Jose,
Have you read this thread?
http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/8cb950c4-a34b-41fc-8dd3-bc1ffc49cb08/
HTH
-kp
Hi Kevin Peters, great post. Worked out perfectly on my 1st attempt at deploying our 1st Lync server.
I have a query, you have clearly mentioned “And last but not least, we get to sign in (if the computer you are testing from isn’t joined to the domain you will need to import the root certificate).”
Please explain to me the procedure to import the root certificate.
Thank in advance.
Kind Regards
Philip
Hi, thanks for this document.
I have a problem for connect to a Lync panel control.
IE message “you are not authorized to view this page because header authentication invalid.”
I can not find a solution.
you have an idea?
thank you
Are you trying from the server? Maybe try browsing to the website https://servername/CSCP from a client computer.
HTH
-kp
I resolv my problem with KB896861 “Erreur http 401.1 Unauthorized”
http://support.microsoft.com/default.aspx?scid=kb;EN-US;896861
I Could use your help at three things:
1. What are the permissions that the user that installs Lync are needs?
2. What are the user permissions needed to install a second Lync server to a domain other than the one that hosts the CMS?
3. What are the permissions needed for the shared folder created? I know that Lync installation is setting these permissions, but is it like Full right for installer user and read only for others, or is it something more specific?
Thanks.
Awesome article. Thanks so much. I had zero experience setting up OCS/Lync, and this totally set me up.
Hello Kevin ,
Really appreciate the effort on it , I am deploying lync 2010 in my organization. Please let me know what exactly SIP domain ? If my domain name is example.com.qa , can I use same for SIP domain ..
Hi Shakkeer,
Your sip domain in most cases will match your email addresses. You can use example.com.qa from your example above assuming you own that domain publicly.
HTH
-kp
Kevin , I have followed the same steps which you described here but I am unable to create a new user. When Search for users it says ” search result 0″ and when I search for LDAP user it says ” Active Directory Operation Failed on “example.com”. You cannot retry operation: ” The Search Invalid”
Any help on this highly appreciated.
Thank you soo much Kevin , I just deployed fully functional lync 2010 and I got appreciation mail form my Manager 😀 ..I didn’t even read a single article apart from this ..I was able to achieve this without even a single technical road block ..this blog is really helpful ..looking forward to publish Lync in internet..
ignore this , I figured it out.. 😀
hi Kevvin,
i have setup everything on my lyncsetup. all my lync features are working fine except dialin.domain.com is not opening. i have public dns entery and also nating for the same.
please see the below error when i am open https://dialin.domain.com
403 – Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
if same url i opened with https://dilain.domain.com/dialin its working fine. not sure how to redirect this and work externally.
when i setup online meeting, my users are not able to change the PIN because of not working on this URL :
https://dialin.domain.com
please help
I’m not sure if you covered this but I have an error when publishing my topology. The error shows Creating Central Management Store- Failure. I’ve re-created the topology , opened ports on the internal firewall. What am I doing wrong?
Hi Michael,
Did you run the “Prepare First Standard Edition Server” step on the main screen of the deployment wizard?
HTH
-kp
So I figured it out. I thought I named the topology the server name but didn’t (mail instead of mail1) Duh! Great blog!