Thursday, January 20, 2011

HOW TO: Use Call Admission Control to actually control a call in Lync Server 2010

So you may have done some reading on what Call Admission Control (CAC) in Lync Server 2010 does and how it can add value in a distributed environment. There are several guides out there on the terminology and overview of CAC but I've found a slight gap in the practical application of it.

Throughout reading the Microsoft documentation on Lync Server 2010 including the CHM file, I've stitched together what I believe is a reference design for CAC and the steps necessary to get it to actually work.

First, you need to make sure you've configured CAC network regions, sites, subnets, policies, links and routes. If you haven't done your reading yet, buckle down and understand the concepts using this link:

At a high level, it looks like this:
  1. Create a CAC Policy Profile (a.k.a. Bandwidth Policy).
  2. Create a Region and make sure you enable the "Enable audio alternate path" option.
  3. Create your Sites, link them to a Region, and assign your Bandwidth Policy (a.k.a. Policy Profile).
  4. Create your Subnets and assign them to a Site.
  5. Optional: If you have multiple Regions, you need to do two things. First, you need to create a Region link stitching together both Regions (i.e. Canada_to_USA_Region_Link). Second, you must create a Region Route even if you have only one Region Link....more on this later.
Enable audio alternate path in your Region

Once you have the network configuration portion complete, you need to make sure you've configured a voice policy for your users which permit rerouting of phone calls and finally enable CAC in your global network configuration.

Enable call admission control in your Global network configuration

Enable PSTN reroute on your voice policy for your users

So with all this configured, let's talk about what happens when you call someone over a link which is bandwidth constrained, has a CAC policy, and doesn't have enough bandwidth. Here's the story:

Jason is in Edmonton where he has a Branch Survivable Gateway.

Anton is in Calgary where he sits next to the Front-End server, Mediation Server, and a Direct SIP connection to Cisco Call Manager.

Both Edmonton and Calgary are connected by a WAN link which is limited to 10Mb.

Jason has a voice policy with the "Enable PSTN reroute" option set to 'enabled' and the "Enable bandwidth policy override" option set to 'disabled'.

Jason calls Anton using his Lync 2010 client.

Both users are in the "Canada" Region which has the option for "Enable audio alternate path" enabled.

The Canada Region contains both the Calgary and Edmonton Site.

The Edmonton site has a bandwidth policy which, based on current bandwidth consumption, is fully consumed. This would normally prevent the call from proceeding.

Instead of the CAC policy stopping the call or sending it to Anton's voicemail, the call is rerouted out Jason's local PSTN gateway as configured in his Lync Server topology.

Nice eh?

Well what happens if "Enable PSTN reroute" isn't turned on in Jason's voice policy? Well the call would end up being answered by Exchange UM or simply denied with a message being displayed to the user.

What if Jason's voice policy has "Enable bandwidth policy override" turned on? Well the call would proceed over the WAN without obeying the CAC policy. You may want to enable this option for special voice policies tied to certain staff members.

What if Anton's voice policy doesn't have the "Enable bandwidth policy override" turned on and Jason calls him and his IS turned on? Well the call will be denied as CAC works both ways. The only way for the call to proceed is if Jason's policy permits PSTN reroute.

Now I'm still learning the underlying framework here and a lot of the "how it works" along with answers to questions in my head remain unanswered. I'll update this post with more detail as it becomes available.


p.s. This ain't your momma's CAC....

Monday, January 17, 2011

RESOLVED: The WS-Management service cannot process the request. The user load quota of 1000 requests per 2 seconds has been exceeded. Send future requests at a slower rate or raise the quota for this user. The next request from this user will not be approved for at least Z milliseconds.

I did some digging around for this one and found a few crafty articles about adjusting throttling policies using PowerShell and making changes through ADSIEdit ( However, none of these seemed to fix my issue.

We had a newly built Exchange 2010 SP1 server which was ready to go into production but kept throwing the error when attempting to use PowerShell. Two other servers appeared to be running fine.

The server had recently received a new SSL certificate using the Exchange 2010 certificate provisioning and assignment process in the GUI. Unfortunately the IIS service hadn't been restarted yet and the URL used for remote PowerShell was using a certificate which wasn't trusted or valid anymore.

A quick "IISRESET" on the server resulted in my fix.


Saturday, January 15, 2011

HOW TO: Change default Lync Server 2010 meeting entry and exit announcements

Back in OCS 2007 R2 when you joined an audio conference as a PSTN participant the server would sound off with a "bong" when a person joined or left the meeting.

With Lync Server 2010 you don't get an audible notification of participants at all. As a meeting organizer you can configure entry/exit announcements using the Online Meeting Options page:

However, when you do this, the conference changes from using your assigned conference ID to a random ID each time you book a meeting. Additionally I've noticed the meeting plugin has a bug where the formatting is lost on a change of any kind using the meeting options. Hopefully this is changed soon.

Instead of messing about on the client side, you can modify the Global policy to turn on these announcements or create separate pool or site-based policies. You can configure these using the "Set-CsDialInConferencingConfiguration" command as follows:

"Set-CsDialInConferencingConfiguration -Identity Global -EntryExitAnnouncementsEnabledByDefault:$True"

You can also create different policies depending on each site, for example:

"New-CsDialInConferencingConfiguration -Identity Site:Edmonton -EnableNameRecording:$False"
"New-CsDialInConferencingConfiguration -Identity Site:Calgary -EntryExitAnnouncementsType ToneOnly"

Well that's all for today.


Friday, January 14, 2011

HOWTO: Change video settings in Lync Server 2010

Previously with OCS 2007 R2 the Administrator had the option of setting the maximum video resolution on a 'per pool' basis. This was done by right-clicking the server or pool and choosing the properties of the front-end server.

BEFORE (OCS 2007 R2)

With Lync Server 2010 this setting is now only accessible through PowerShell. To view the media configuration for Lync, run "Get-CsMediaConfiguration".

AFTER (Lync Server 2010)

You'll notice from the above screenshot that mine is set to use HD video; the default in Lync Server 2010 is VGA quality. To change this, use the "Set-CsMediaConfiguration -Identity Global -MaxVideoRateAllowed Hd720p15M". Possible options are Hd720p15M, VGA600K, and CIF250K.

You can also create new media configurations on a per site or per service. For example, "New-CsMediaConfiguration -Identity Site:Edmonton -EnableQoS:$True".

Just remember that you need two quad core PC's to do HD video! For a complete list of requirements, visit:

Thursday, January 13, 2011

HOWTO: Grant a dial plan to a common area phone in Lync Server 2010

I suppose you have to read between the lines sometimes. I found this to be extremely frustrating.

To create a new Common Area Phone:

New-CsCommonAreaPhone -LineURI "tel:+17805551212;ext=5001" -RegistrarPool "" -DisplayName "Common Area Phone" -SipAddress "" -OU "OU=Common Phones,OU=Lync Objects,DC=contoso,DC=com"

I typically like to set the SIPURI in the command so it shows a human readable name instead of a long GUID.

Create a new Common Area Phone client and voice policy as follows:

New-CsClientPolicy HotDeskPhonesPolicy -EnableHotdesking $True -HotdeskingTimeout 00:30:00

New-CsVoicePolicy -id CAPvoicepolicy -AllowSimulRing $False -AllowCallForwarding $False -Name CAPVoicePolicy -EnableDelegation $False -EnableTeamCall $False -EnableCallTransfer $False

Create a special conferencing policy for the phone as follows:

New-CsConferencingPolicy -id CAPconferencingpolicy -AllowIPAudio $False -AllowIPVideo $False

Now, after you've been though all can't dial numbers which need to be normalized. Do fix this, perform this step below. Personally I'd create a special dial plan for these phones but you can reuse an existing one if you wish.

Get-CsCommonAreaPhone "Common Area Phone" | Grant-CsDialPlan -PolicyName "CAPDialPlan"

To validate the phone indeed has this policy:

Get-CsCommonAreaPhone "Common Area Phone" | Select DialPlan

There seems to be a step missing in the Microsoft documentation which leads a person to believe you're done when you set the policies to the object you've created. Also, when you view the common area phone object through the "Get-CsCommonAreaPhone | FL" command, it doesn't show anything about a dial plan like the "Get-CsUser | FL" does.

Wednesday, January 12, 2011

VIDEO: How to enable call park and set music on hold


Here is a quick video on how to enable call park in Lync Server 2010. Couple of things to note:

  1. When using WMA files, they need to be version 9 format encoded at 44khz, 16-bit, mono, CBR, 32kbps.
  2. When configuring a call park range, don't create a dial plan to normalize the numbers. Simply type in the range you want and the Lync client/server will understand what you're trying to call.
  3. You can use Microsoft Expression Encoder 4 ( to record or re-encode files you want to upload for both call park and the announcement service.


Want to see more videos? Let me know and I'll do my best to post them.

Tuesday, January 11, 2011

Troubleshooting steps: No audio, video, or desktop sharing with Lync Server topology

We recently stood up our Lync 2010 Edge server and found a problem with audio/video functionality. The issue appeared to be related to firewall ports but we had recently swapped out our OCS 2007 R2 Edge for the Lync 2010 Edge server and none of the firewall port requirements have changed.

We ended up doing a trace using the Lync Server 2010 Logging Tool. Here are the step-by-step instructions for troubleshooting it:

  1. Install the Lync Server 2010 Resource Kit if you haven't already (
  2. From the Lync Server 2010 Edge, open the Logging Tool.
  3. Enable S4, set the Level to "All", and turn on "All Flags" for the Flags section.
  4. Enable SIPStack and set the Level and Flags to the same as above.
  5. Get ready to place a call and be sure you have one test subject inside your network (behind the Edge server) and another person outside the organization (in front of the Edge server).
  6. Click the Start Logging button.
  7. Place the phone call or start a sharing session.
  8. Wait for it to fail and then click the Stop Logging button
  9. Click the Analyze Log Files button
  10. Click the Analyze button
You should now have a capture of the SIP messages which will tell you how the call was trying to be established. 

  1. In the search window at the top, type in "INVITE" and hit Enter.
  2. Click on the INVITE sip:
    in the trace and scroll down the window on the right.
  3. Locate the area in blue where it states "a=candidate". You should see a 'candidate' entry for each IP bound to your local PC along with the Edge server's audio/video conferencing IP. 

The Lync client will attempt to 'nail up the audio' between the path of least resistance. For example, if someone was on the same subnet (172.16.130.x) then a direct connection would be made between the two of us for audio/video and desktop sharing. If not, the next IP is tried. If you have your Edge server configured properly you should see the public IP. In my case I did not. My issue stemmed from a topology configuration which was incorrect. 

When building the topology for your Lync Edge server, you'll be asked if your public IP is using NAT. In the section where this is discussed, other options are available which lead a person to believe the public IP they're talking about has to do with the Access Edge role and not A/V Edge. 

My SIP trace showed the INVITE with a candidate IP of my Access Edge role which lead me to realize the issue and change it. Specifically I had to open Topology Builder, expand the Edge Pool section, click on the Edge server, then click Edit Properties. The top section has a checkbox for "NAT enabled public IP address used". This is very poorly worded and should be changed for future builds. The text should read "Use NAT for your Audio/Video Edge public IP" or "Enter the public IP for your Audio/Video Edge role if you're using NAT".

Thinking about it more and more I understand why there is only one entry for a public IP and not one for Access Edge or Web Conferencing Edge. It's just not very clear.

Anyway, I hope this helps a few of you out there with Lync Server 2010 Edge implementations.


Unable to sign into Lync with MOC client (Windows XP and 7)

I came across an interesting problem recently where some Windows XP and Windows 7 clients running Communicator 2007 R2 couldn't sign in over a Lync 2010 Edge server. We had migrated our environment from a 2007 R2 Edge to a Lync Edge server and all Lync 2010 clients were fine.

After making a few calls and doing some research I found this article:,-NTLM,-and-Edge-server-login-problems.html

As it turns out we had to disable the requirement for 128-bit encryption on the Edge and Front-End Lync 2010 servers for it to be resolved. No reboot was required. See the above link for instructions on how to do so.

Wednesday, January 5, 2011

No audio, video, or desktop sharing in Lync Server with OCS 2007 R2 Edge

Recently I built up our own internal Lync 2010 Server and thought I had done all the necessary configuration changes to integrate the product with our OCS 2007 R2 platform.

After moving my account over to the Lync 2010 environment and performing a few tests I could quickly see there were a few features which didn't work. I did remember to set the Federation Route at the site level but missed a step at the server level.

If you're running into an issue with remote audio/video and desktop sharing, this might be the fix for you:

  1. Open Lync 2010 Topology Builder
  2. Expand the section containing your Lync 2010 server (standard or enterprise)
  3. Click on the server you want to modify and choose 'Edit Properties' from the right side of the console
  4. Scroll down to the associations section and make sure you have a checkbox in the 'Associate Edge pool (for media components)' section. 
If you don't have an option to choose anything for the Edge pool, you haven't specified the OCS 2007 R2 edge server when you merged your topology. If you haven't merged your topology at all, you're reading the wrong article. Go here: