Control how Skype for Business users join meetings

Had an interesting request lately, where a company wanted to control how users join meetings when they click the “Join” on their Skype for Business clients’ calendar tab or when they join Skype for Business meetings from Outlook.

In the client’s options, we have the ability to choose what happens when we join meetings; We can join immediately using the Skype for Business client or choose from four different phone numbers, all of which must be populated in our contact card, and can be seen under Tools -> Options -> Phones.
If your AD is configured right, you should have your Work phone (ideally your Skype for Business line URI), your Mobile phone, your Home phone and maybe even an additional ‘other’ phone.
You can also manually add phone numbers if they’re not automatically updated from AD.

Phones tabNow if you scroll down the tabs to “Skype Meetings”, this is where all the fun begins:

Meetings tab

In the tab above you can choose any of the numbers you have in the ‘Phones’ tab and get to choose whether you’d like to be prompted at the beginning of each meeting which device you’d like to use, or just go with what you chose.

How do you control it?

Like most things, the Registry.
You can make changes to the user’s preferences but not grey-out the options. If the users want to bypass the setting they can, but they’ll be defaulted to your setting at logon.

First, decide if you want the user to be prompted with each call. If yes, we need to tick the “Before I join meetings, ask me which audio device I want to use”.

The registry setting fro this checkbox is located at


The key is


If it’s set to 1 – it means the box is ticked and the user will be prompted to choose which device they’d like to join the meeting from.
If it’s set to 0 – it means the box is unticked, and the user will automatically join via the configured device.

Choosing a device is the next funny setting:
Same registry location as above, look for the following key:


The setting of the last binary bit is as follows, as reflected in the users’ “Phones” tab:

0 – Do not join Audio.
1 – The Skype for Business client.
2 – Work Phone (If different from your Skype for Business line uri).
3 – Mobile.
4 – Home.
5 – Other.

If one of the above is not configured or missing, the client will default to “Do not join Audio”.

For example, if I want to set my users to join from their mobile phones without being prompted, I’ll set the AllowOverridingDeviceAtJoinTime registry key to 0 and the JoinAudioConferenceFrom key to 3.

Registry settings


Lync 2013 and Fax machines over SIP trunk

Welcome to the world of the unknown.

There are many factors in this equation, and each one has its own influence on the final result. I found out what works for most of my implementations, using the following configurations:

  • I use a direct SIP trunk to an ITSP – walking through firewalls and dedicated routes, but no gateways along the way. I found that converting traffic from analogue to digital to analogue is usually a guarantee to break the connection.
  • My ITSP is NOT Microsoft certified. I can use either TLS or TCP SIP, as long as it works.
  • For any analogue device you’re going to connect to Lync, you’ll need an analogue translation and port. an ATA (Analogue Telephone Adapter) is a small box that knows how to do just that. I usually use AudioCodes MP series ATAs.
  • If I do use a gateway to the PSTN, I’d prefer taking all fax calls and redirect them to FXS ports on the gateway before they arrive to the Lync Mediation server. This way it stays analogue all the way. . I’d strongly recommend having these ports on your gateway as there’s always a use for an extra analogue interface. Trust me.

So Basically, in an ideal Lync implementation, you’ll have the following:


So by now you probably have all of the above, just need to make sure it works. As soon as you have the ATA configured as an additional PSTN gateway, you can go ahead and add the analogue device.

First let’s start with adding the fax as an analogue device:

New-CsAnalogDevice -LineUri tel:+35315556789 -DisplayName "Your Fax Description" -RegistrarPool LyncFE.domain.local -AnalogFax $False -Gateway <Gateway IP or FQDN> -OU "OU=LyncDevices,DC=domain,dc=local"

Now you’re not wrong: It says -AnalogFax $False for a reason. I followed James Cussen’s interesting and very detailed post on connecting fax to Lync, and tested all options until I figured out which one works for me.

Next thing would be to configure your AudioCodes ATA. Assuming you’re comfortable with configuring its IP and DNS settings, I’ll only go through the settings relevant for the fax to work:

Configure Lync as your ATA’s next hop. Go to VoIP-> SIP Definitions-> Proxy &Registration and Choose “Use Default Proxy” and click the small arrow beneath it to enter your Mediation server’s details:

Use default Proxy

Then enter your Mediation server’s FQDN and choose TCP for protocol:

Set Proxy

For fax to go through I configure all fax coding to use G.711:

Go to VoIP-> Media-> Fax/Modem/CID Settings and configure Fax Transport Mode to ByPassEnable.
I usually disable all the other settings as a precaution, but you don’t have to do that. Set your Coder type to Alaw or Ulaw, based on your location:

Fax Settings

Next, go to VoIP-> Coders And Profiles -> Coders and set your coder to Alaw or Ulaw based on your location:

Coder profiles

On the same pane, scroll a little down to Tel Profile Settings and configure the Fax signalling Method to G.711:

Fax Signaling Method

And one more on the same pane, go to IP Profile Settings and configure Fax signalling Method to G.711:

Fax Signaling Method2

Now, configure your fax number for the ATA port you’re going to connect it to. On the following screenshot, I configured port 1 to use the number +35315556789. Remember to use the exact same number you used when ran the New-CsAnalogDevice command, as this is the exact number tat will be sent to the ATA. If the number is different – the ATA will reply with “Number can’t be found”. This is done at VoIP-> Hunt Group-> EndPoint Phone Number:

Endpoint phone number

Next, to allow outgoing faxes through Lync, we’ll need to configure where analogue traffic is going to. Go to VoIP-> Routing-> Tel to IP Routing and configure the IP and port of your Mediation server:

Tel to IP Routing

That’s about it. Fax should be going in and out.

AudioCodes uses an INI file to save the configuration of your ATA. Alternatively, you can upload a file with most of the configurations already done for you and only change the relevant settings.
I created an INI file with all the above configurations, all you’ll have to do is change the IP addresses and names and you can upload it to your ATA to only configure the Endpoint numbers.

Open the INI file with a text editor and search for anything that start with <Change Here = >. Replace the existing values with your values and reboot the ATA.

You can download the file here.



Manually configure Outlook for Office 365 Exchange Online -Updated!-

As it appears, one of my most popular posts is “Manually configure Outlook for Office 365 Exchange Online” from August 2011. I wrote that when We were still suing the previous version of Office 365, and quite a lot has changed since.

This post will guide you on how to find the server settings for the latest Office 365 version, so you can manually configure Outlook to connect.

The host name for external access will always be

That was the easy part. To find the ‘internal’ server’s name, we can use Microsoft’s Remote Connectivity Analyzer:

On the Remote Connectivity Analyzer page, choose “Office 365” and “Outlook Autodiscover”:


Fill in your details on the next page and run the test.

On the test results page, start a search on the page and search for <Server>.

The first result will be a string saying something like <Server></Server>:


This is the address of your server. Copy and paste it, and that’s it:


Configure Office 365 UM for on premises Lync Server 2013 and Skype for Business Server 2015

As Office 365 is becoming more and more popular with larger organizations, many Lync \ S4B customers would like to host their voicemail in the cloud. This post will guide you through the steps required to configure Hosted UM on Office 365 for an on premises Lync deployment.

Considering you have a full Lync \ S4B 2013 enterprise voice solution already deployed in you organization, additional prerequisites for this would be:

  • A Lync 2013 Edge server.
  • A spare DDI number for Subscriber Access (Outlook Voice Access).
  • On premises users must be synced to Office 365 by either DirSync or Azure.
  • Office 365 Exchange Online licensing that allows UM.
  • administrative permissions on both the on premises Lync side ad the Office 365 management portal.

It took 7 days to create the world, and seven steps to configure voice mail:

1. Office 365 Admin Center

From the Admin drop-down menu, choose “Exchange”:


Under “Exchange” choose “Unified Messaging”:


In “UM Dial plans”, click the ‘+’ sign to add a new dial plan:

New UM Dial plan

In the new UM Dial Plan window:

  1. Give your dial plan a name.
  2. Configure the extension digit length as used in your organization (In my case: 4).
  3. In Dial plan type: Always choose SIP URI.
  4. Choose your Audio Language.
  5. Enter your country code (No ‘+’, just the code),


Click “Save”, the window will close.

You now have a new Dial plan, click “Configure” to continue:


This will open a new window. View your settings in the “General” page. These are not changeable, so if you made a mistake, now would be a good time to start things over.


If it’s ok – continue to “dial codes” and enter your country\region code. In my case: 353.


Continue to Outlook Voice Access.
Keep the default greeting and announcement unless you have a pre-recorded file, and go to “E.164 routing numbers for your SIP server”. This is where you enter your Subscriber Access number in an E.164 format. In my case: “+35315556789”.
On the next box, “Outlook Voice Access numbers”, enter the number you entered for the previous box, and the regular display number (e.g. 015556789). Reason is that Outlook voice Access will only correspond to matching numbers, and you would like to have this configured as well:


Next, go to “Settings” and configure as desired:


Continue to Dialing rules: You can leave this as it is, or add a rule to allow Outlook to play on phone:
Click the ‘+’ sign to add a new dialing rule:

Dialing rules Add

In the new Dialing rule window:

  1. Name your rule.
  2. Add ‘*’ in “Number pattern” and “Dialed Number”:

New Dialing Rule

Click “OK” to save and go to “Dialing Authorization”. Click the ‘+’ button to add:

dialing auth new

And choose the previously created rule:

select dialing rule gruops

In “Transfer and Search”, I normally change the “Allow callers to search…” to “In the entire organization”:


Click “Save”, and this part of the configuration is done!

2. On premises Lync Server

We’ll be using mostly PowerShell (Lync Management Shell) to configure this. Not a big deal, just make sure you double-check everything for typos…

Start with finding out your current configuration. From an elevated Lync Management Shell, run the following command:
You’re looking for the following parameters:

  1. AllowFederatedUsers (Should be set to True).
  2. EnablePartnerDiscovery (Should be set to True).
  3. RoutingMethod (Should be set to UseDnsSrvRouting)

Should look like this:


If one of the parameters is missing, run the following command:
Set-CsAccessEdgeConfiguration -AllowFederatedUsers $true -EnablePartnerDiscovery $true -UseDnsSrvRouting

Now, add Office 365 Exchange Online as a new hosting provider:
New-CsHostingProvider -Identity “Exchange Online” -Enabled $True -EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFqdn “” -IsLocal $False -VerificationLevel UseSourceVerification

This has configured your Edge server to be able to communicate with Office 365.
Verify that it’s replicated to the Edge server by running:
Get-CsManagementStoreReplicationStatus (If replicated to all, should be “UpToDate: True” on all servers),
and last, check that it’s configured and displayed correctly by running:
Get-CsHostingProvider -LocalStore, this should be the result:


3. Office 365 Management Shell

To continue configuring Lync on premises, we need some details about the Office 365 domains and tenants.
To do so, open a new elevated PowerShell window and connect to Office 365 using the following steps:

Run: $cred = Get-Credential and press Enter.
This will pop up a credential prompt, enter your Office 365 administrator credentials and press Ok:


Next, run the following command:
$365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic –AllowRedirection
This will connect you to Office 365. You might receive a warning saying “WARNING: Your connection has been redirected to the following URI: “, This is normal.

Last, run:
$importresults = Import-PSSession $365

You should end up with an output similar to this:


Now that you’re connected to Office 365, run: Get-Mailbox, to see you recognize what’s going on, and then run: Get-AcceptedDomain. Now let’s pause here for a second:

Take a good look at your domain list. What we’re looking for is the original “” domain. This is the one we’re going to use to communicate with Office 365.
Find that domain and mark it:


Whatever your domain is (for example:, this is what we’ll use in the following steps:

4. Back to Lync Management Shell

Now that we know our “OnMicrosoft” domain, we can configure Lync to communicate with it:

First, we’ll create a new Hosted Voicemail Policy. From Lync Management Sell, run the following:
New-CsHostedVoicemailPolicy -identity Office365UM -Destination -Description “Office 365 Voicemail” -Organization “”

Make sure you replaced “YOURDOMAIN” with your domain!

Next step: create a Lync-Exchange contact:
New-csexumcontact -displaynumber <E.164Number>–sipaddress <> -registrarpool <LyncFE> -ou “<YourDesiredOU>"
So for example, these are my details:

  1. Display Number: +35315556789 (This is the Subscriber Access Number we used on Exchange Online earlier)
  2. Contact’s SIP address:
  3. Lync registrar: LyncFE01.y0av.local
  4. OU: Lync Devices

My command would look like this:
New-csexumcontact -displaynumber +35315556789 –sipaddress -registrarpool LyncFE01.y0av.local -ou “OU=Lync Devices,DC=y0av,DC=local"

Once running this command, you’ll get an output with the contact’s details. Note the contact’s GUID:


This is also found in Active Directory where you created it:
I usually add a description to this contact, as Sys Admins sometimes delete strings they’re not familiar with…


Copy the contact’s identity from PowerShell and use it in the following command to grant the policy you created earlier to the user you just created:
Grant-cshostedvoicemailpolicy –identity “CN={92011efc-5608-4c7e-88ed-d79e035c39e6},OU=Lync Devices,DC=y0av,DC=local” –policyname Office365UM

So now we have a UM Policy, and a UM Contact that’s configured with that policy. You can run Get-CsExUmContact to check that:


5. Back to Office 365 Management Shell…

Last thing we need to do before it works, is connect the on premises and the cloud voice policies.
So from the previously used Office 365 Management Shell window, run the following:
Set-UMmailboxpolicy -identity “CloudUMPolicy” -SourceForestPolicyNames “OnPremUMPolicy”
In this scenario we used the same name for both policies – that’ll work too:
Set-UMmailboxpolicy -identity “Office365UM” -SourceForestPolicyNames “Office365UM”
But if you have a different name for each policy – configure that as desired.

6. Back to Lync Management Shell – last time!

The only thing left to do now is grant Lync users with the new hosted voicemail policy and enable them for hosted UM.
You can use any pipe known to humanity to do this, but here’s the basics:

To grant the policy to a user, run:
Grant-cshostedvoicemailpolicy –identity LocalDomain\y0av –policyname Office365UM

To enable the user for Hosted Voicemail, run:
Set-csuser –identity LocalDomain\y0av –hostedvoicemail $true

7. Enable the user for UM

Log on to the Office 365 admin center and enable the user for Unified messaging:


Assign the UM policy you created earlier:


Verify the details on the next screen and that’s it. You’ve voice mail configured.


If you’re having issues enabling users, you might want to check the “Notes from the field” post I published after getting some feedback on this post.

Installing and configuring IIS ARR Reverse Proxy on Windows Server 2012 for Lync Server 2013 \ Skype for Business External access

As Forefront TMG 2010 is becoming end of life, Microsoft’s official and at the moment only supported Reverse Proxy solution for Lync Server 2013 is IIS ARR.
For Skype for Business Server the only supported solution is Server 2012 WAP, but IIS ARR 3.0 will also work for you.

Doing this is rather simple, and this post will demonstrate the steps to publish Lync 2013 External Web Services using IIS ARR on Windows Server 2012.

First things first, an installation and two downloads:

– OR –

  • Install IIS on Windows Server 2012 with all defaults, nothing too smart.
  • Download Hotfix for Microsoft Application Request Routing Version 2.5 for IIS7 (KB 2732764) (x64), we’ll use that later.
  • Use Microsoft Web Platform Installer to install IIS ARR 2.5.

Whichever platform you choose (ARR 2.5 or ARR 3.0), it’s an identical installation and configuration process:

You’ll get the first installation screen, telling you it will install 2 features:

first installation screen

Hitting “Install” will show you the features you’re about to install. That’s 4 components all together:

Installation list

Click “I Accept” and enjoy the commercial content from Microsoft whilst the installation is taking place:

Installation in progress

When the installation is finished, You’ll see it has installed four components:

Installation OK

If your server can’t access the internet for some reason, you’re up for a real treat:

Checking Windows 2012’s Programs and features will show you these exact 4 items. This is all you need for IIS ARR to work:

Installed components

Open IIS Manager, and you’ll see you have two new features:

  • “Server Farms” under the server node.
  • “Web Platform Installer” in the management node.

New IIS features

Configuring the website:

Import your Lync 2013 external certificate to the server:

Certificate list

Navigate to your default website in IIS Manager and click “Bindings”:

Website Bindings

You’ll see it has only the HTTP binding. Click “Add” to edit the HTTPS binding:

Add Bindings

In the next window, choose “HTTPS” from the drop down menu, then choose your Lync external certificate, and press “OK”:

Choose Certificate

This completes the configuration of the web site.

Create Server Farms:


  • We need to create a server farm for each name we’re publishing.
  • The Internal root CA (The one that’s used for signing the internal Lync certificates) must be placed in the “Trusted Root Certification Authorities” container in your IIS ARR machine.
  • The Internal names of your Lync servers and WAC servers must be resolvable from this server, so don’t forget to add them to your hosts file.

To build the first Server Farm, right click “Server Farms” and choose “Create Server Farm”:

Create server farm

In “Server Farm Name” enter the external FQDN of the service you want to publish.

This can be “”, “”. etc. After you enter the name of the server farm, click “Next”:

Meet Farm

On the “Add Server” window, type the name of the server you want to publish and then click “Advanced settings”:

Add Server and advanced settings

Remember to click “Advanced settings” BEFORE you click “Add”. You need to add the server to the farm only after you set the advanced settings for the server.

“Advanced settings” is where we set the port bridging rules from 443 to 4443, just like we used to do with TMG 2010.

Set the HTTP port to 8080 and the HTTPS port to 4443, then click “Add”:

*** For the Office Web Apps farm leave the ports 443 and 80, as these are redirected directly to the server’s website.

Advanced Settings

Now you can see the server in the server farm:

Server ok

Once you click “Finish”, you’ll get a prompt asking if you would like to create a URL rewrite rule:

Rewrite prompt

Choose “Yes”. This will come in very handy in just a few more moments.

Do the same steps for every external address you want to publish.

Eventually, you’ll end up with enough farms to publish all your external addresses:

All Farms

Now, a few adjustments to make this work right with Lync. For each server farm, do the following steps:

Step 1:

Click each server farm and choose “Caching”:

Meet Caching

In “Caching”, uncheck the “Enable disk cache” box:

Disable Caching

Step 2:

Click each server farm and choose “Proxy”:

Meet Proxy

In “Proxy”, change the Time-out to 200:


Step 3:

Click each server farm and choose “Routing Rules”:

Meet Routing

In “Routing Rules”, uncheck the “Enable SSL offloading” box:

Disable SSL offloading

After completing these three steps for all server farms, go to the IIS Server Home and click “URL Rewrite”:

URL Rewrite button

The next window will show you all the Server farms with the url rewrite rules that were created earlier (Remember that button?):

URL Rewrite main window

Clicking the ‘+’ sign on the left of each of the server farms will show you the existing URL Rewrite options. One of them is for HTTP, the other for HTTPS:

URL rewrite with HTTP

Since we are not using HTTP, you can remove the HTTP rule (the one that does NOT have the “_SSL” suffix). This will leave you with only the HTTPS rewrite rule.

Click “Add” to add a condition to the HTTPS rule:

URL rewrite only HTTPS

Start typing ‘{HTTP_‘ and choose the {HTTP_HOST} option from the drop-down menu. at the pattern, type the beginning of the FQDN followed by a star, e.g.: “Meet.*”, or “DialIn.*”:


The result should be like this:

URL Rewrite completed

Repeat these steps for each server farm on your list.

Important note regarding WAC:

One option is to publish it as a server farm as described above.

Another option is described in Koen Wagenveld’s great article on TechNet, to use a regular expression. Please refer to the article if you would like to use this option.

That’s about it! IIS ARR is now publishing your Lync 2013 services.

Download: Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide

Microsoft has Announced the Release of Lync Server 2013 Multitenant Hosting Pack Deployment Guide.
The Lync Server 2013 Multitenant Hosting Pack enables service providers to sell value-added, Lync-based solutions to small and midsized customers. The hosting pack topology, based on Lync Online, enables partners to offer a more cost-effective topology to manage a large number of tenants with fewer users, which makes the offering compelling to small-to-midsized customers.

What’s Available in the Lync Server 2013 Multitenant Hosting Pack?

The features that integrate with other components and applications include the following:

  • Presence   A collection of attributes that provides an indication of a person’s status, activity, location, willingness to communicate, and contact information.
  • Instant messaging (IM)   A form of real-time text-based communication.
  • Data and desktop sharing   A feature that allows users to share files, use whiteboard, and display their desktop to a meeting or to conversation participants.
  • Conferencing   Two-way video and audio transmissions between users in multiple locations.
  • Unified Messaging   This feature is available only in combination with Microsoft Exchange Server. An application that consolidates a user’s voice mail, fax, and email into one mailbox, so that the user only needs to check a single location for messages, regardless of type. The email server is the platform for all types of messages, making it unnecessary to maintain separate voice mail and email infrastructures.
  • Private branch exchange (PBX) replacement   UC integration with Voice over Internet Protocol (VoIP) systems can replace traditional phone exchange systems.

Lync Server Multitenant Hosting Pack partner feature set includes:

  • Appliances   Hand and head set I/O devices.
  • Conferencing server gateway video   Real-time IP video, voice, and data services.
  • Audio conferencing provider   Integration with hosted conferencing systems.
  • Short Message Service (SMS)   Text messaging systems used by phones and mobile communication systems.


Lync 2013 Monitoring Server errors…

When you’re trying to view different reports in Lync Server 2013 monitoring, you might get the following error:

WebPage Error

“Report processing stopped because too many rows in summary tables are missing in the call detail recording (CDR) database. To resolve this issue, run dbo.RtcGenerateSummaryTables on the LcsCDR database.”

Additional parameters might appear instead of “dbo.RtcGenerateSummaryTables”, depending on the report you wish to view.

To fix this problem, start SQL Management Studio on your SQL server and choose the Lync Monitoring instance:

SQL Connection

Once connected, expand “Databases”->”LcsCDR”->”Programmability”:


In “Programmability”, expand “Stored Procedures”:

Stored Procedures

And scroll down until you find the procedure mentioned in the error:

Generate Summary

Right-click the procedure and choose “Execute Stored Procedure”:


A new “Execute Procedure” window will open, Press “OK”:

Execute Screen

A script will run and will (hopefully) return a ‘0’ value, meaning everything went ok:

Script ran

That’s it! Return to your reports webpage and refresh:

Reports OK

Good Luck!

How to enable and configure Lync Server 2013 Group Call Pick-up

Lync Server 2013 CU1 brought great news with it: Finally, Lync users can now pick-up calls on behalf of  other users, when these are either away from their desk or in a call.

The configuration is done mostly (Forget it, entirely) by PowerShell and Command prompt.

To begin, you’ll need two major components:

  • The Lync Server 2013 CU1 installed on your servers. (Download)
  • The Microsoft Lync Server 2013 Resource Kit Tools. (Download)

Let’s start with the simple stuff:

Call pick-ups uses the same mechanism as Call parks to enable other users to fetch the call. So we’ll have to create a “Call Park Orbit”. The great advantage here is that we don’t have to use actual extensions, and anyway users are used to dial weird combinations like “#1250” or “*001” to fetch calls.

We now can assign numbers beginning with “#” or “*”, as long as we have at least three digits to follow, e.g: “#100”, or “*555”.

To create a new Call pick-up orbit, run the following command from Lync 2013 Management Shell:

New-CsCallParkOrbit -Identity "<Give it a name>" -Type GroupPickup -NumberRangeStart "#100" -NumberRangeEnd "#110" -CallParkService "<FEPool.doamin.local>"

Note you can assign any numbers you want to “NumberRangeStart” and “NumberRangeEnd“.

It should be something like this:


If you did it right you should see event ID 31054 in the Lync Server event viewer:

Event 31054

Now the fun begins:

The application we use to configure the Call Pick-up can be found in the Lync Server 2013 Resource Kit. It’s called “SEFAUtil.exe” (Secondary Extension Feature Activation) and has to be run as a Trusted Application. This is where things get a little messy – We cannot use our Front-End severs for that (You wouldn’t want to configure your FE server as a Trusted Pool, nor it is supported by Microsoft), so you’ll have to use another server for that.

To configure the trusted application pool, run the following command from one of your Front-End servers:

New-CsTrustedApplicationPool -Identity "<Chosen Servers' Name>" -Registrar "<FEPool.doamin.local>" -Site "<Your site's name>"

The server will ask you to run “Enable-CsTopology“. Hang on with that…

Within the trusted application pool, you have to configure the trusted application. The name of the application MUST be “SEFAUtil”, as the command shows:

New-CsTrustedApplication –ApplicationId "sefautil" –TrustedApplicationPoolFqdn "<The server from the previous stage>" -Port xxxx

You can use any port you’d like. (Try not to use 25, 80, 443, etc…)

Now, run “Enable-CsTopology” and wait for the replication to occur.

Now – we’re ready to assign users with the new feature:

On the server that you have designated as the Trusted application pool, install the Lync Server 2013 Resource Kit.

From an elevated Command prompt or PowerShell, go to “C:\Program Files\Microsoft Lync Server 2013\ResKit“.

First: let’s test SEFAutil.exe. Gladly, it works in a very simple way: If it works – It will give you an output. If it’s not working – You’ll get a blank new line… That’s all there is to it. So to test, run the following command:

sefautil.exe /server:<Your Registrar> <user's SIP address>

To be clear: let’s say your user’s sip address is “” and he’s located on registrar “”, your command should be as follows:

sefautil.exe /

Always use the user’s sip address, not their UPN.

If you typed the command correctly and the application is trusted, you’ll get a reply from the server looking like this:

PS C:\Program Files\Microsoft Lync Server 2013\ResKit> .\SEFAUtil.exe /
User Aor:
Display Name: Donald Duck
UM Enabled: True
Simulring enabled: False
User Ring time: 00:00:20
Call Forward No Answer to: voicemail
PS C:\Program Files\Microsoft Lync Server 2013\ResKit>

If you got no output – Check your trusted apps or typing.

Now: Let’s say you want to enable all users to fetch calls directed to the user “”. Just use the following command:

SEFAUtil.exe /enablegrouppickup:"#110" /

Your output’s last line should say: Group Pickup Orbit: sip:#110;;user=phone

Now, try calling this user, and from another phone, dial #110. The call will be redirected and automatically answered by you.

You’re good to go!

Lync Server 2013 WAC (Office Web Apps Server) – Part 2: Publishing

In part 1 of this post, we learned how to install and configure the Lync Server 2013 WAC Server.

In this part, we’ll publish it to enable external users access to our conference resources.

Add External Access url:

In part 1, we used the following command:

New-OfficeWebAppsFarm -InternalURL “https://LyncWAC.YourDomain.Local” –CertificateName “My WAC Server”

For external access, use the same command, but add -ExternalURL “<WAC server external DQDN>”. So if you want to run is together, the command would be:

New-OfficeWebAppsFarm -InternalURL “https://LyncWAC.YourDomain.Local” -ExternalURL "" –CertificateName “My WAC Server”

That’s all the configuration needed on the Lync side.

Next step is to configure a publishing rule in TMG 2010. Unfortunately, you cannot use your External web url, since Lync traffic is bridged to port TCP 4443, and Office Web Apps Server works HTTPS, meaning TCP 443.#


Since TMG is end of life, You can now use IIS ARR to publish Lync Server 2013.

Refer to this post if you want to use IIS ARR.

Publish your server with Forefront TMG 2010:

Form your TMG cosnsole, select “New Web Publishing Rule”. Give your rule a name and click “Next”:

In the “select Rule Action window, choose “Allow” and click next:

In the “Publishing Type” windows choose “Publish a single Web site or load balancer”:

Then choose “Use SSL”:

In the next window, enter you Internal site name – That’s the one entered earlier in the command. If your TMG cannot resolve this name to an IP, you might enter it it in the field below:

In the Internal Publishing Details window, Enter /* in the path field, and remember to check the “Forward the original host header…” checkbox:

In “Public Name Details” enter the external FQDN of your WAC server. This is the name you entered earlier in the -ExternalURL command:

In the “Select Web Listener” window select “New”:

Name your listener and click next:

Choose “Require SSL” in the Client Connection Security window:

Choose your listener IP:

Choose your listener’s certificate:

(Must contain you external FQDN)

In the “Authentication Settings” window select “No Authentication”:

Click “Next” on the SSO settings page, review your listener’s settings and click Finish:

The new listener is now selected for your rule:

In the next window, choose “No delegation, but client may authenticate directly”:

Leave the user sets with “All Users”:

In the last window, review your settings and click Finish:

Locate your rule in the TMG console and right click to edit it:

Navigate to the “Traffic” tab, click “Filtering” and “Configure HTTP”:

Uncheck the “Verify normalization” box and click OK:


Apply the changes to your Forefront TMG 2010 Server.

To test your WAC publishing, open a web browser and type: https://<ExternalFQDN.Domain.Com/hosting/discovery

You should get a XML output similat to this:

<?xml version="1.0" encoding="UTF-8"?>
-<wopi-discovery>-<net-zone name="internal-https">-<app name="Excel" checkLicense="true" favIconUrl="https://lyncwac.mydomain.local/x/_layouts/images/FavIcon_Excel.ico"><action name="view" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" default="true" ext="ods"/><action name="view" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" default="true" ext="xls"/><action name="view" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" default="true" ext="xlsb"/><action name="view" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" default="true" ext="xlsm"/><action name="view" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" default="true" ext="xlsx"/><action name="edit" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?edit=1&<ui=UI_LLCC&><rs=DC_LLCC&>" ext="ods" requires="update"/><action name="edit" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?edit=1&<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsb" requires="update"/><action name="edit" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?edit=1&<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsm" requires="update"/><action name="edit" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?edit=1&<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsx" requires="update"/><action name="editnew" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?edit=1&<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsx" requires="update"/><action name="interactivepreview" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlpreview.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" default="true" ext="xlsb"/><action name="interactivepreview" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlpreview.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" default="true" ext="xlsm"/><action name="interactivepreview" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlpreview.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" default="true" ext="xlsx"/><action name="mobileView" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xls"/><action name="mobileView" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsb"/><action name="mobileView" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsm"/><action name="mobileView" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlviewerinternal.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsx"/><action name="embedview" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlembed.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsb"/><action name="embedview" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlembed.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsm"/><action name="embedview" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlembed.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsx"/><action name="formsubmit" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlform.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsb"/><action name="formsubmit" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlform.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>" ext="xlsm"/><action name="formsubmit" urlsrc="https://lyncwac.mydomain.local/x/_layouts/xlform.aspx?<ui=UI_LLCC&><rs=DC_LLCC&>"

Note you will have two “net zones”: “internal-https” and “external-https”, each with the following applications offered:

  • Excel
  • OneNote
  • PowerPoint
  • Word

Your Lync 2013 WAC Server is ready.

Install Lync Server 2013 prerequisites on Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2

Updated: Dec 16, 2012

Lync 2013 is out, along with a new set of demands to install it right on your Windows Server.

Here’s how to get it done:

Windows Server 2008R2:

First, install the roles and features required:
Import-Module ServerManager
Add-WindowsFeature Web-Dyn-Compression,desktop-experience,RSAT-ADDS,Web-Server,Web-Scripting-Tools,Web-Windows-Auth,Web-Asp-Net,Web-Log-Libraries,Web-Http-Tracing,Web-Stat-Compression,Web-Default-Doc,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Http-Errors,Web-Http-Logging,Web-Net-Ext,Web-Client-Auth, Web-Filtering,Web-Mgmt-Console,Msmq-Server,Msmq-Directory

Then, Install .Net 4.5 Framework (Download).

Next, install Windows Identity Foundation (Download) and Windows Management Framework 3.0 (Download) that contains PowerShell 3.0.

You might also have to download and install KB2646886.

Windows Server 2012 and Windows Server 2012R2:

Make sure you have the Windows Server installation CD or source. It’s required to install ,Net 3.5 Framework.

Then, from an elevated PowerShell, run the following command:

Note: You don’t need to run “Import-Module ServerManager”, Windows 2012 loads the modules automatically

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Windows-Identity-Foundation, Telnet-Client, BITS -Source D:\sources\sxs

If your Windows Server 2012 installation source is not your D drive, change it to your desired location.

On Windows Server 2012R2 you should install Lync Server 2013 with at least CU3 (Download the latest here).

To avoid Event IDs 32402, 61045 on Lync 2013 Front End Servers (See KB2901554), run the following from an elevated command prompt:

Reg Add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel" /V "EnableSessionTicket" /D 2 /T REG_DWORD /F

Now you’re all ready to install Lync Server 2013.