Deploying Lync2013 Preview 19 Sep 2012
A Step-by-Step guide to deploying Lync2013 Preview on an existing Lync2010 Standard Edition environment
Microsoft has released the public preview of Lync2013 and it is available at http://technet.microsoft.com/en-US/evalcenter/hh973393.aspx?wt.mc_id=TEC_118_1_4. Most of us who want to install this preview will already have Lync2010 deployed. This article provides a step-by-step guide on how to deploy Lync2013 Preview side-by-side with Lync2010 in a coexistence scenario. It also provides basic test results and findings after Lync2013 is up and running, including how it interops with Lync2010 users, devices and video endpoints from Polycom. Below are the overview of the steps:
Step 1: Preparing Lync2010 for Coexistence
Step 2: Preparing the server for Lync2013 Installation
Step 3: Configure IIS
Step 4: Preparing AD
Step 5: Prepare and Run Topology Builder for Lync2013
Step 6: Install Lync2013 Components
Step 7: Start Lync2013 Services
Step 8: Use the Lync2013 Control Panel to add users
Step 1: Preparing Lync2010 for Coexistence
Step 2: Preparing the server for Lync2013 Installation
Step 3: Configure IIS
Step 4: Preparing AD
Step 5: Prepare and Run Topology Builder for Lync2013
Step 6: Install Lync2013 Components
Step 7: Start Lync2013 Services
Step 8: Use the Lync2013 Control Panel to add users
Step 1: Preparing Lync2010 for Coexistence
In order to install Lycn2013 alongside Lync2010, the Lync2010 server must be updated with at least the Feb 2012 Cumulative Updates or higher. to upgrade your Lync2010 servers, visit the Updates Resource Centre for Lync at http://go.microsoft.com/fwlink/p/?linkid=232630. If you have Lync2010 Archiving and Monitoring Servers, note the following: ·
- Archiving data and monitoring data are not moved to the Lync Server 2013 Preview deployment. The data you back up prior to decommissioning the legacy environment will be your history of activity in the Lync Server 2010 environment.
- The Lync Server 2010 version of Archiving Server and Monitoring Server can be associated only with a Lync Server 2010 Front End pool. The Lync Server 2013 Preview version of Archiving Server and Monitoring Server can be associated only with a Lync Server 2013 Preview Front End pool.
- During the time that your legacy and Lync Server 2013 Preview deployments coexist, the Lync Server 2010 version of Archiving Server and Monitoring Server gather data for users homed on Lync Server 2010 pools. The Lync Server 2013 Preview version of Archiving Server and Monitoring Server gather data for users homed on Lync Server 2013 Preview pools.
Step 2: Preparing the Server for Lync2013 Preview Installation
Lync2013 Preview Standard Edition can be installed on Standard and Enterprise Editions of Windows Server 2008 R2 SP1 or latest service pack and Windows Server 2012.
Install the operating system software on the server and apply all updates in order to bring the operating system up to the latest updates. Then install Windows PowerShell command-line interface 3.0, and the 64-bit edition of Microsoft .NET Framework 4.5. The .NET Framework 4.5 is available at http://www.microsoft.com/en-us/download/details.aspx?id=30653.
If you are using Windows Server 2008 R2 with SP1, the Lync2013 Preview setup prompts you to install .NET Framework 4.5 and it automatically installs it if it is not already installed on the computer.
For Windows Powershell 3.0, download and install the 5/31/2012 release from http://www.microsoft.com/en-us/download/details.aspx?id=29939. You should download the file Windows6.1-KB2506143-x64.msu uninstall any previous version of Windows PowerShell 3.0 before installing this release.
Lync Server 2013 Preview requires the installation of Windows Identity Foundation in order to support server to server authentication scenarios. To check to see if it has already been installed on your computer, go to Control Panel, click
Programs and Features, View installed updates, and look under Microsoft Windows. For details about installing Windows Identity Foundation, see http://go.microsoft.com/fwlink/p/?linkId=204657.
Windows Desktop Experience: All Front End Servers and Standard Edition servers where conferencing will be deployed must have the Windows Media Format Runtime installed, which, except for Windows Server 2012 is installed as part of the Windows desktop experience. Install this component from Server Manager->Add Features
Message Queuing. Message Queuing (also known as MSMQ) role components and Directory Service Integration should be installed on the Front End Server. The Message Queuing components can be found in Server Manager->Add Features or can be deployed by using servermanagercmd.exe
Lync2013 Preview requires the installation of Windows Identity Foundation in order to support server to server authentication scenarios. To check to see if it has already been installed on your computer, go to Control Panel, click Programs and Features, View installed updates, and look under Microsoft Windows. If not, install Windows Identity Foundation from http://www.microsoft.com/en-us/download/details.aspx?id=17331.
Last but not least, the following Remote Server Administration Tools (RSAT) are required. Install the role features as shown the diagram below and reboot the server when prompted to:
Install the operating system software on the server and apply all updates in order to bring the operating system up to the latest updates. Then install Windows PowerShell command-line interface 3.0, and the 64-bit edition of Microsoft .NET Framework 4.5. The .NET Framework 4.5 is available at http://www.microsoft.com/en-us/download/details.aspx?id=30653.
If you are using Windows Server 2008 R2 with SP1, the Lync2013 Preview setup prompts you to install .NET Framework 4.5 and it automatically installs it if it is not already installed on the computer.
For Windows Powershell 3.0, download and install the 5/31/2012 release from http://www.microsoft.com/en-us/download/details.aspx?id=29939. You should download the file Windows6.1-KB2506143-x64.msu uninstall any previous version of Windows PowerShell 3.0 before installing this release.
Lync Server 2013 Preview requires the installation of Windows Identity Foundation in order to support server to server authentication scenarios. To check to see if it has already been installed on your computer, go to Control Panel, click
Programs and Features, View installed updates, and look under Microsoft Windows. For details about installing Windows Identity Foundation, see http://go.microsoft.com/fwlink/p/?linkId=204657.
Windows Desktop Experience: All Front End Servers and Standard Edition servers where conferencing will be deployed must have the Windows Media Format Runtime installed, which, except for Windows Server 2012 is installed as part of the Windows desktop experience. Install this component from Server Manager->Add Features
Message Queuing. Message Queuing (also known as MSMQ) role components and Directory Service Integration should be installed on the Front End Server. The Message Queuing components can be found in Server Manager->Add Features or can be deployed by using servermanagercmd.exe
Lync2013 Preview requires the installation of Windows Identity Foundation in order to support server to server authentication scenarios. To check to see if it has already been installed on your computer, go to Control Panel, click Programs and Features, View installed updates, and look under Microsoft Windows. If not, install Windows Identity Foundation from http://www.microsoft.com/en-us/download/details.aspx?id=17331.
Last but not least, the following Remote Server Administration Tools (RSAT) are required. Install the role features as shown the diagram below and reboot the server when prompted to:
Step 3: Configure IIS
The Lync2013 Standard Edition server needs the IIS7.5 and the following IIS Role Services installed:
Role Heading Role Service
========================= ================
Common HTTP features installed Static content
Common HTTP features installed Default document
Common HTTP features installed HTTP errors
Application development ASP.NET (Windows Server 2012 also requires ASP.NET4.5)
Application development .NET extensibility
Application development Internet Server API (ISAPI) extensions
Application development ISAPI filters
Health and diagnostics HTTP logging
Health and diagnostics Logging tools
Health and diagnostics Tracing
Security Anonymous authentication (installed and enabled by default)
Security Windows authentication
Security Client Certificate Mapping authentication
Security Request filtering
Performance Static content compression
Performance Dynamic content compression
Management Tools IIS Management Console
Management Tools IIS Management Scripts and Tools
Ensure that the above roles and installed using Server Manager->Add Roles Services as shown in the diagram
below:
Role Heading Role Service
========================= ================
Common HTTP features installed Static content
Common HTTP features installed Default document
Common HTTP features installed HTTP errors
Application development ASP.NET (Windows Server 2012 also requires ASP.NET4.5)
Application development .NET extensibility
Application development Internet Server API (ISAPI) extensions
Application development ISAPI filters
Health and diagnostics HTTP logging
Health and diagnostics Logging tools
Health and diagnostics Tracing
Security Anonymous authentication (installed and enabled by default)
Security Windows authentication
Security Client Certificate Mapping authentication
Security Request filtering
Performance Static content compression
Performance Dynamic content compression
Management Tools IIS Management Console
Management Tools IIS Management Scripts and Tools
Ensure that the above roles and installed using Server Manager->Add Roles Services as shown in the diagram
below:
After installing the necessary IIS roles, I would recommend restarting the IIS services by using the command "iisreset"
Step 4: Preparing AD
Now that the server is prepared for Lync2013, its time to start the setup process. First step is to make sure all the required Lync2010 services are up and running. On the existing Lync2010 front end server or standard edition server,
verrify that the following services are running:
verrify that the following services are running:
Next, we need to prepare AD for Lync2013 and this is done using the Lync2013 setup program. Insert the Lync2013 Preview DVD and run setup.exe from \Setup\amd64. In most cases, the following window will popup prompting you to install the Visual C++ Runtime. Click "Yes" to continue. You should then see the setup screen as shown below:
Click "Install" and accept the licence agreement to continue. once completed, you should see the folllowing familiar screen:
Click on "Prepare Active Directoy" to . In the next screen, click on the "Run" on Step
1: Prepare Schema to begin extension of the AD schema.
1: Prepare Schema to begin extension of the AD schema.
Once Step 1 has completed, click on "Run" on Step 3: Prepare Current Forest. Choose to create Universal Groups in the local domain:
Once completed, Run Step 5: Prepare Current domain. When finished, click Back to return to the main deployment wizard window.
Step 5: Prepare and Run Topology Builder for Lync2013
At Deployment Wizard screen, click on "Install Administrative Tools" to install Topology Builder on the server. Next, start Topology Builder by selecting Start, click All Programs, click Lync Server 2013 Preview, and then click Lync Server Topology Builder.
In Topology Builder, select Download Topology from existing deployment. You are prompted for a location and file name for saving the topology. Give the topology file a meaningful name and accept the default extension of .tbxml. Click OK:
In Topology Builder, select Download Topology from existing deployment. You are prompted for a location and file name for saving the topology. Give the topology file a meaningful name and accept the default extension of .tbxml. Click OK:
It is important to download the topology from the existing deployment so that Lync2013 will coexist with Lync2010. Once Topology Builder open, you should see the existing Lync2010 depoyment together with the new Lync2015 deployment as shown in the diagram below:
We are now ready to deploy a Lync2013 Preview pool for coexistence with Lync Server 2010 deployment. You should deploy the same features and workloads in your Lync2013 Preview pool that you have in your Lync2010 pool. If you deployed Archiving Server, Monitoring Server, or System Center Operations Manager for archiving or monitoring your Lync2010 environment, and you want to continue archiving or monitoring throughout the migration, you need to also deploy these features in your pilot environment. The version you deployed to archive or monitor your Lync2010 environment will not capture data in your Lync2013 Preview environment.
When you deploy a pilot pool, you use the Define New Front End Pool wizard by right-clickiing on Lync Server
2013->Standard Edition Front End Servers and select New Front End Pool:
When you deploy a pilot pool, you use the Define New Front End Pool wizard by right-clickiing on Lync Server
2013->Standard Edition Front End Servers and select New Front End Pool:
In the Define New Front End Pool Wizard, click next and specify a new Front End Pool name for Lync2013. The name of this new pool or server fully qualified domain name (FQDN) must be unique. It cannot match the name of the currently deployed Lync Server 2010 pool, or any other servers currently deployed. In my lab, I use lync15se.apbeta.local as the FQDN:
Next, select the workloads to match your existing Lync2010 deployment and click Next:
Next, tick the checkbox to collocate the Mediation Server with the Front End Server:
Next, On the Associate server roles with this Front End pool page, during pilot Lync2013 pool deployment, do not choose the Enable an Edge pool to be used by the media component of this Front End pool option. This is a feature you will enable and bring online in a later phase of migration. Keep this setting cleared for now:
Next, in the Define the SQL Store, all options are greyed out so just click next to continue:
Next, define the file store for Lync2013. I just accept this defaults and ensure this share is created on the server:
Next, define the internal and external web services FQDN for the Lync2013 Front End Server. For Standard Edition, the internal FQDN is fixed and cannot be changed. For the external web services FQDN, define as appropriate for your organization and make sure the DNS records are updated accordingly. If you are not sure, just accept the default and click next:
Next, in the Select an Office Web Apps server, click on the "New" button and specify the FQDN and Discovery URL. If you plan to deploy Office Web Apps in the internet then tick the check box and specify the HTTP Proxy URL. In my
environment, I do not have this enabled:
environment, I do not have this enabled:
Finally, click Finish to return to the main Topology Builder window. You are now ready to publish the topology. To publish your topology, right-click the Lync Server 2013 Preview node, and then click Publish Topology. When the publish process has completed, click Finish:
Once publishing is complete, you should see the screen below. Click Finish, and close the Topology Builder:
Step 6: Install Lync2013 Components
Now that the topology has been defined and published, we can return to the Deployment Wizard and start the installing the Lync2013 components. Click on "Install or Update Lync Server System" to start the wizard. you should see the following wizard which comprises of 4 main steps:
First step is to install the Local Configuration Store. Click on the first "Run" button to start the wizard and select to Retrieve directly from the Central Management store" as shown below:
Once that is completed then click Run on the next step "Setup or Remove Lync Server Components". At the wizard click Next to start the installation which could take a while. Once finished it should then complete as shown in the
screen below:
screen below:
The next step is to request and install the necessary X.509 certificates for Lync2013 to work. Each Lync2013 Standard Edition server or Front End Server requires up to four certificates: the oAuthTokenIssuer certificate, a default certificate, a web internal certificate, and a web external certificate. However, it is possible to request and assign a single default certificate with appropriate subject alternative name entries as well as the oAuthTokenIssuer
certificate. oAuth is a new standardized method for server-to-server authentication used by Lync2013 and other servers such as Exchange2013 and Office365 servers. With OAuth, user credentials and passwords are not passed from one computer to another. Instead, authentication and authorization is based on the exchange of security tokens; these tokens grant access to a specific set of resources for a specific amount of time. oAuth is needed if you want to use some of Lync2013's new features, such as the "unified contact store." With unified contact store, Lync2013 contact information is stored in Exchange2013 instead of in Lync Server; this enables users to have a single set of contacts that is readily accessible from within Lync, Outlook, or Outlook Web Access. Since we will be deploying Exchange2013 later in this environment, we will create a certificate for oAuth.
To begin, click on the Run button for Step 3: Request, Install or Assign Certificates. In the wizard that comes up, with the Default certificate automatically selected, Click on Request and then on the Certificate Request page, click Next:
certificate. oAuth is a new standardized method for server-to-server authentication used by Lync2013 and other servers such as Exchange2013 and Office365 servers. With OAuth, user credentials and passwords are not passed from one computer to another. Instead, authentication and authorization is based on the exchange of security tokens; these tokens grant access to a specific set of resources for a specific amount of time. oAuth is needed if you want to use some of Lync2013's new features, such as the "unified contact store." With unified contact store, Lync2013 contact information is stored in Exchange2013 instead of in Lync Server; this enables users to have a single set of contacts that is readily accessible from within Lync, Outlook, or Outlook Web Access. Since we will be deploying Exchange2013 later in this environment, we will create a certificate for oAuth.
To begin, click on the Run button for Step 3: Request, Install or Assign Certificates. In the wizard that comes up, with the Default certificate automatically selected, Click on Request and then on the Certificate Request page, click Next:
Next, on the Delayed or Immediate Requests page, you can accept the default Send the request immediately to an online certification authority option by clicking Next. The internal CA with automatic online enrollment must be available if you select this option:
Then, on the Choose a certificate Authority (CA) page, select the Select a CA from the list detected in your environment option, and then select a known (through registration in Active Directory Domain Services (AD DS)) CA from the list:
Next, on the Certificate Authority Account page, click Next and on the Specify Alternate Certificate Template page, to use the default Web Server template, click Next:
On the Name and Security Settings page, specify a Friendly Name that should allow you to identify the certificate and purpose. If you leave it blank, a name will be generated automatically. Set the Bit length of the key, or accept the default of 2048 bits. Select the Mark the certificate’s private key as exportable if you determine that the certificate and private key needs to be moved or copied to other systems, and then click Next:
On the Organization Information page, optionally provide organization information, and then click Next. On the Geographical Information page, optionally provide geographical information, and then click Next. On the Subject Name / Subject Alternate Names page, review the subject alternative names that will be added, and then click Next:
On the SIP Domain setting page, select the SIP Domain, and then click Next:
On the Configure Additional Subject Alternate Names page, add any additional required subject alternative names, including any that might be required for additional SIP domains in the future, and then click Next. In our case this will
be left blank:
be left blank:
On the Certificate Request Summary page, review the information in the summary. If the information is correct, click Next. If you need to correct or modify a setting, click Back to the proper page to make the correction or modification.
On the Executing Commands page, click Next:
On the Executing Commands page, click Next:
On the Online Certificate Request Status page, review the information returned. You should note that the certificate was issued and installed into the local certificate store. If it is reported as having been issued and installed, but is
not valid, ensure that the CA root certificate has been installed in the server’s Trusted Root CA store. Refer to your CA documentation on how to retrieve a Trusted Root CA certificate. If you need to view the retrieved certificate, click View Certificate Details. By default, the check box for Assign the certificate to Lync Server certificate usages is checked. If you want to manually assign the certificate, clear the check box. In our case, leave it checked and then click Finish:
not valid, ensure that the CA root certificate has been installed in the server’s Trusted Root CA store. Refer to your CA documentation on how to retrieve a Trusted Root CA certificate. If you need to view the retrieved certificate, click View Certificate Details. By default, the check box for Assign the certificate to Lync Server certificate usages is checked. If you want to manually assign the certificate, clear the check box. In our case, leave it checked and then click Finish:
On the Certificate Assignment page click Next. Then on the Certificate Assignment Summary page, review the information presented to ensure that this is the certificate that should be assigned, and then click Next. When commads have finished executing click Finish:
You should now see that the Default Certificate has been assigned as shown below:
The next step is to obtain a certificate for the oAuth TokenIssuer. Since we will need this when we setup Exchange2013, select the oAuth TokenIssuer and click Request. Then on the Certificate Request page, click Next. Follow the exact same steps as you did for the Default Certificate until the Name and Security Settings page. Here, enter a different friendly name and click Next:
The remaining steps are exactly the same as before so just accept the defaults and click Next on each page until the process is complete as shown below:
On the Certificate Wizard you should now see that both certificates have been assigned. Click Close to return to the Deployment Wizard:
Step 7: Start Lync2013 Services
The last step is to start the Lync2013 services. In the Lync Server Deployment Wizard, click Run next to Step 4: Start Services. On the Start Services page, click Next to start the Lync Server services on the server. Finally, on the
Executing Commands page, after all services have started successfully, click Finish:
Executing Commands page, after all services have started successfully, click Finish:
That's it! You have now successfully installed Lync2013 server alongside an existing Lync2010 deployment. One final thing to do before we start testing is to udpate the RBAC roles stored in the CMS. To do this, start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2013 Preview, and then click Lync Server Management Shell. Use the Update-CsAdminRole cmdlet to update the role-based access control (RBAC) roles stored in the Central Management Server.
Step 8: Use the Lync2013 Control Panel to add users
When starting the Lync2013 Control Panel, you will see a URL Selection Window which allows you to specific whch server you want to administer. Select the Lync2013 URL and click OK. This will then prompt you for the administrator
credentials:
credentials:
After entering the administrator credentials, you will then see the Lync2013 Control Panel as shown below. If Silverlight is not installed, you will be notified and prompted to install Silverlight first before the CP will start successfully. Use the Lync2013 CP to view the topology and for administering the Lync2013 server features just like you would the Lync2010 Control Panel. The immediate step is to add or move users to Lync2013. Then login with those user accounts and test to ensure all the functionality is working and that Lync2010 users and communicate with Lync2013 users:
That's all for this article. I hope it was helpful as a step-by-step walkthrough of how to get Lync2013 deployed side-by-side with a Lync2010 deployment.