1.   Log on to a DNS server as follows: ·      To create an internal DNS record, log on to a DNS server in your network as a member of the Domain Admins group or a member of the DnsAdmins group. ·      To create an external DNS record, connect to your public DNS provider. 2.   Open the DNS administrative snap-in: Click Start, click Administrative Tools, and then click DNS. 3.   Do one of the following: ·      For an internal DNS record, in the console tree of the DNS server, expand Forward Lookup Zones for your Active Directory domain (for example, contoso.local). Note: This domain is the Active Directory domain where your Lync Server Director pool and Front End pool are installed. ·      For an external DNS record, in the console tree of the DNS server, expand Forward Lookup Zones for your SIP domain (for example, contoso.com). 4.   Verify that a host A record exists for your Director pool as follows: ·      For an internal DNS record, a host A record should exist for the internal Web Services fully qualified domain name (FQDN) for your Director pool (for example, lyncwebdir01.contoso.local). ·      For an external DNS record, a host A record should exist for the external web services FQDN for your Director pool (for example, lyncwebextdir.contoso.com). 5.   Verify that a host A record exists for your Front End pool as follows: ·      For an internal DNS record, a host A record should exist for the internal Web Services FQDN for your Front End pool (for example, lyncwebpool01.contoso.local). ·      For an external DNS record, a host A record should exist for the external Web Services FQDN for your Front End pool (for example, lyncwebextpool01.contoso.com). 6.   For an internal DNS record, in the console tree of your DNS server, expand Forward Lookup Zones for your SIP domain (for example, contoso.com). Note: If you are creating an external DNS record, Forward Lookup Zones is already expanded for your SIP domain from step 3. 7.   Right-click the SIP domain name, and then click New Alias (CNAME). 8.   In Alias name, type one of the following: ·      For an internal DNS record, type lyncdiscoverinternal as the host name for the internal Autodiscover Service URL. ·      For an external DNS record, type lyncdiscover as the host name for the external Autodiscover Service URL. 9.   I Fully qualified domain name (FQDN) for target host, do one of the following: n ·      For an internal DNS record, type or browse to the internal Web Services FQDN for your Director pool (for example, lyncwebdir01.contoso.local), and then click OK. ·      For an external DNS record, type or browse to the external Web Services FQDN for your Director pool (for example, lyncwebextdir.contoso.com), and then click OK.  Note: If you do not use a Director, use the internal and external Web Services FQDN for the Front End pool, or, for a single server, the FQDN for the Front End Server or Standard Edition server. Important: You must create a new Autodiscover CNAME record in the forward lookup zone of each SIP domain that you support in your Lync Server 2010 environment.

1.   Log on to a DNS server as follows: ·      To create an internal DNS record, log on to a DNS server in your network as a member of the Domain Admins group or a member of the DnsAdmins group. ·      To create an external DNS record, connect to your public DNS provider. 2.   Open the DNS administrative snap-in: Click Start, click Administrative Tools, and then click DNS. 3.   Do one of the following: ·      For an internal DNS record, in the console tree of the DNS server, expand Forward Lookup Zones for your Active Directory domain (for example, contoso.local). Note: This domain is the Active Directory domain where your Lync Server Director pool and Front End pool are installed. ·      For an external DNS record, in the console tree of the DNS server, expand Forward Lookup Zones for your SIP domain (for example, contoso.com). 4.   Verify that a host A record exists for your Director pool as follows: ·      For an internal DNS record, a host A record should exist for the internal Web Services FQDN for your Director pool (for example, lyncwebdir01.contoso.local). ·      For an external DNS record, a host A record should exist for the external Web Services FQDN for your Director pool (for example, lyncwebextdir.contoso.com). 5.   Verify that a host A record exists for your Front End pool as follows: ·      For an internal DNS record, a host A record should exist for the internal Web Services FQDN for your Front End pool (for example, lyncwebpool01.contoso.local). ·      For an external DNS record, a host A record should exist for the external Web Services FQDN for your Front End pool (for example, lyncwebextpool01.contoso.com). 6.   For an internal DNS record, in the console tree of your DNS server, expand Forward Lookup Zones for your SIP domain (for example, contoso.com). Note: If you are creating an external DNS record, Forward Lookup Zones is already expanded for your SIP domain from step 3. 7.   Right-click the SIP domain name, and then click New Host (A or AAAA). 8.   In Name, type the host name as follows: ·      For an internal DNS record, type lyncdiscoverinternal as the host name for the internal Autodiscover Service URL. ·      For an external DNS record, type lyncdiscover as the host name for the external Autodiscover Service URL. Note: The domain name is assumed from the zone in which the record is defined and, therefore, does not need to be entered as part of the A record. 9.   In IP Address, type the IP address as follows: ·      For an internal DNS record, type the internal Web Services IP address of the Director (or, if you use a load balancer, type the virtual IP (VIP) of the Director load balancer). Note: If you do not use a Director, type the IP address of the Front End Server or Standard Edition server, or, if you use a load balancer, type the VIP of the Front End pool load balancer. ·      For an external DNS record, type the external or public IP address of the reverse proxy. 10. Click Add Host, and then click OK. 11. To create an additional A record, repeat steps 8 through 10. Important: You must create a new Autodiscover A record in the forward lookup zone of each SIP domain that you support in your Lync Server 2010 environment. 12. When you are finished creating A records, click Done.

1.   Log on to the server you are upgrading as a member of the CsAdministrator role. 2.   Download the latest installation package from the Microsoft Download Center and extract it to the local hard disk. 3.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 4.   Stop Lync Server services. At the command line, type: Stop-CsWindowsService 5.   Close all Lync Server Management Shell windows. 6.   Stop the World Wide Web service. At the command line, type: net stop w3svc 7.   Install the cumulative update for Lync Server 2010: November 2011 by running LyncServerUpdateInstaller.exe. Note: Restart the computer if you are prompted to do so. 8.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 9.   Stop Lync Server services again to catch Global Assembly Cache (GAC) –d assemblies. At the command line, type: Stop-CsWindowsService 10. Restart the World Wide Web service. At the command line, type: net start w3svc 11. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 12. Apply the changes made by LyncServerUpdateInstaller.exe to the SQL Server databases by doing one of the following: ·      If Enterprise Edition Back End Server databases are not collocated with any other databases, such as Archiving or Monitoring databases, at the command line, type the following: Install-CsDatabase –Update –ConfiguredDatabases –SqlServerFqdn <SQL Server FQDN> ·      If Enterprise Edition Back End Server databases are collocated with other databases, such as Archiving or Monitoring databases, at the command line, type the following: Install-CsDatabase –Update –ConfiguredDatabases –SqlServerFqdn iws-db.iwstech.com  -ExcludeCollocatedStores ·      For Standard Edition, type the following: Install-CsDatabase –Update -LocalDatabases 13. Restart the Lync Server services. At the command line, type: Start-CsWindowsService

1.   Log on to the computer as a user who is a member of the RTCUniversalServerAdmins group. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   Set the port for the internal Web Services. At the command line, type: Set-CsWebServer –Identity <name of pool> –McxSipPrimaryListeningPort 5086 For example: Set-CsWebServer –Identity pool01.contoso.com –McxSipPrimaryListeningPort 5086 Where pool01.contoso.com is the pool where the Mobility Service will be installed 4.   Set the port for the external Web Services. At the command line, type: Set-CsWebServer –Identity <name of pool> –McxSipExternalListeningPort 5087 For example: Set-CsWebServer –Identity pool01.contoso.com – McxSipExternalListeningPort 5087 Where pool01.contoso.com is the pool where the Mobility Service will be installed Note: The Set-CsWebServer cmdlet runs Publish-CsTopology to publish the updated topology. 5.   At the command line, type the following: Enable-CsTopology -verbose

1.   Log on to the computer as a user who is a member of the CsAdministrator group. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   For Windows Server 2008 R2, at the command line, type: Import-Module ServerManager Add-WindowsFeature Web-Server, Web-Dyn-Compression 4.   For Windows Server 2008, at the command line, type: ServerManagerCMD.exe –Install Web-Dyn-Compression

1.   Log on to the server as a local administrator. 2.   Use a text editor such as Notepad to open the applicationHost.config file, located at C:\Windows\System32\inetsrv\config\applicationHost.config. 3.   Search for the following: <Add name="CSExtMcxAppPool" 4.   At the end of the line, before the ending angle bracket (>), type the following: CLRConfigFile="C:\Program Files\Microsoft Lync Server 2010\Web Components\Mcx\Ext\Aspnet_mcx.config" 5.   Search for the following: <Add name="CSIntMcxAppPool" 6.   At the end of the line, before the ending angle bracket (>), type the following: CLRConfigFile="C:\Program Files\Microsoft Lync Server 2010\Web Components\Mcx\Int\Aspnet_mcx.config"

1.   Log on to the computer as a user who is a member of the CsAdministrator group. 2.   Download the latest installation package from the Microsoft Download Center and extract it to the hard disk. 3.   Copy McxStandalone.msi to C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup. 4.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 5.   Run C:\Program Files\Microsoft Lync Server 2010\Deployment\Bootstrapper.exe. 6.   If you want to restrict mobility services to the internal corporate network, at the command line, type the following: Set-CsMcxConfiguration –ExposedWebUrl Internal

1.   Log on to the computer using an account that has local administrator rights and permissions. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   Find out what certificates have been assigned to the server and for which type of use. You need this information in the next step to assign the updated certificate. At the command line, type: Get-CsCertificate 4.   Look in the output from the previous step to see whether a single certificate is assigned for multiple uses or whether a different certificate is assigned for each use. Look in the Use parameter to find out how a certificate is used. Compare the Thumbprint parameter for the displayed certificates to see if the same certificate has multiple uses. 5.   Update the certificate. At the command line, type: Set-CsCertificate –Type <type of certificate as displayed in the Use parameter> -Thumbprint <unique identifier> For example, if the Get-CsCertificate cmdlet displayed a certificate with Use of Default, another with a Use of WebServicesInternal, and another with a Use of WebServicesExternal, and they all had the same Thumbprint value, at the command line, type: Set-CsCertificate –Type Default,WebServicesInternal,WebServicesExternal –Thumbprint <Certificate Thumbprint> Important: If a separate certificate is assigned for each use (the Thumbprint value is different for each certificate), it is important that you do not run the Set-CsCertificate cmdlet with multiple types. In this case, run the Set-CsCertificate cmdlet separately for each use. For example: Set-CsCertificate –Type Default –Thumbprint <Certificate Thumbprint> Set-CsCertificate –Type WebServicesInternal –Thumbprint <Certificate Thumbprint> Set-CsCertificate –Type WebServicesExternal –Thumbprint <Certificate Thumbprint> 6.   If an Autodiscover Service subject alternative name is missing, do the following: ·      For a missing internal Autodiscover subject alternative name, at the command line, type: Request-CsCertificate –New –Type WebServicesInternal –Ca dc\myca –AllSipDomain –verbose If you have many SIP domains, you cannot use the new AllSipDomain parameter. Instead, you must use DomainName parameter. When you use the DomainName parameter, you must use an appropriate prefix for the SIP domain FQDN. For example: Request-CsCertificate –New –Type WebServicesInternal –Ca dc\myca –DomainName “LyncdiscoverInternal.contoso.com, LyncdiscoverInternal.contoso.net” -verbose ·      For a missing external Autodiscover subject alternative name, at the command line, type: Request-CsCertificate –New –Type WebServicesExternal –Ca dc\myca –AllSipDomain –verbose If you have many SIP domains, you cannot use the new AllSipDomain parameter. Instead, you must use DomainName parameter. When you use the DomainName parameter, you must use an appropriate prefix for the SIP domain FQDN. For example: Request-CsCertificate –New –Type WebServicesExternal –Ca dc\myca –DomainName “Lyncdiscover.contoso.com, Lyncdiscover.contoso.net” -verbose

1.   Click Start, point to Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management. 2.   In the left pane, expand ServerName, right-click Firewall Policy, point to New, and then click Web Site Publishing Rule. 3.   On the Welcome to the New Web Publishing Rule page, type a display name for the new publishing rule (for example, LyncDiscoveryURL). 4.   On the Select Rule Action page, select Allow. 5.   On the Publishing Type page, select Publish a single Web site or load balancer. 6.   On the Server Connection Security page, select Use SSL to connect to the published Web server or server farm. 7.   On the Internal Publishing Details page, in Internal Site name, type the fully qualified domain name (FQDN) of your Director pool (for example, lyncdir01.contoso.local). If you are creating a rule for the external Web Services URL on the Front End pool, type the FQDN of the Front End pool (for example, lyncpool01.contoso.local). 8.   On the Internal Publishing Details page, in Path (optional), type /* as the path of the folder to be published, and then select Forward the original host header. 9.   On the Public Name Details page, do the following: ·      Under Accept Requests for, select This domain name. ·      In Public Name, type lyncdiscover.<sipdomain> (the external Autodiscover Service URL. If you are creating a rule for the external Web Services URL on the Front End pool, type the FQDN for the external Web Services on your Front End pool (for example, lyncwebextpool01.contoso.com). ·      In Path, type /*. 10. On Select Web Listener page, in Web Listener, select your existing SSL Listener with the updated public certificate. 11. On the Authentication Delegation page, select No delegation, but client may authenticate directly. 12. On the User Set page, select All Users. 13. On the Completing the New Web Publishing Rule Wizard page, verify that the web publishing rule settings are correct, and then click Finish. 14. In the Forefront TMG list of web publishing rules, double-click the new rule you just added to open Properties. 15. On the To tab, do the following: ·      Select Forward the original host header instead of the actual one. ·      If your deployment has a Front End pool, select Requests appear to come from the original client. If your deployment has a single Front End Server or Standard Edition server, select Requests appear to come from the Forefront TMG computer. 16. On the Bridging tab, configure the following: ·      Select Web server. ·      Select Redirect requests to HTTP port, and type 8080 for the port number. ·      Select Redirect requests to SSL port, and type 4443 for the port number. 17. Click OK. 18. Click Apply in the details pane to save the changes and update the configuration. 19. Click Test Rule to verify that your new rule is set up correctly.

1.   Click Start, point to Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management. 2.   In the left pane, expand ServerName, right-click Firewall Policy, point to New, and then click Web Site Publishing Rule. 3.   On the Welcome to the New Web Publishing Rule page, type a display name for the new publishing rule (for example, Lync Autodiscover (HTTP)). 4.   On the Select Rule Action page, select Allow. 5.   On the Publishing Type page, select Publish a single Web site or load balancer. 6.   On the Server Connection Security page, select Use non-secured connections to connect to the published Web server or server farm. 7.   On the Internal Publishing Details page, in Internal Site name, type the internal Web Services FQDN for your Front End pool (for example, lyncpool01.contoso.local). 8.   On the Internal Publishing Details page, in Path (optional), type /* as the path of the folder to be published, and then select Forward the original host header instead of the one specified in the Internal site name field. 9.   On the Public Name Details page, do the following: ·      Under Accept Requests for, select This domain name. ·      In Public Name, type lyncdiscover.<sipdomain> (the external Autodiscover Service URL). ·      In Path, type /*. 10. On Select Web Listener page, in Web Listener, select a Web Listener or use the New Web Listener Definition Wizard to create a new one. 11. On the Authentication Delegation page, select No delegation, and client cannot authenticate directly. 12. On the User Set page, select All Users. 13. On the Completing the New Web Publishing Rule Wizard page, verify that the web publishing rule settings are correct, and then click Finish. 14. In the Forefront TMG list of web publishing rules, double-click the new rule you just added to open Properties. 15. On the Bridging tab, configure the following: ·      Select Web server. ·      Select Redirect requests to HTTP port, and type 8080 for the port number. ·      Verify that Redirect requests to SSL port is not selected. 16. Click OK. 17. Click Apply in the details pane to save the changes and update the configuration. 18. Click Test Rule to verify that your new rule is set up correctly. 19. Verify that the external Autodiscover Service URL is not defined on any other web publishing rule.

1.   Log on as a member of the CsAdministrator role on any computer where Lync Server Management Shell and Ocscore are installed. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   At the command line, type: Test-CsMcxP2PIM -TargetFqdn <FQDN of Front End pool> -SenderSipAddress sip:<SIP address of test user 1> -SenderCredential <test user 1 credentials> -ReceiverSipAddress sip:<SIP address of test user 2> -ReceiverCredential <test user 2 credentials> –v You can set credentials in a script and pass them to the test cmdlet. For example: $passwd1 = ConvertTo-SecureString "Password01" -AsPlainText -Force $passwd2 = ConvertTo-SecureString "Password02" -AsPlainText -Force $tuc1 = New-Object Management.Automation.PSCredential("contoso\UserName1", $passwd1) $tuc2 = New-Object Management.Automation.PSCredential("contoso\UserName2", $passwd2) Test-CsMcxP2PIM -TargetFqdn pool01.contoso.com -SenderSipAddress sip:UserName1@contoso.com -SenderCredential $tuc1 -ReceiverSipAddress sip:UserName2@contoso.com -ReceiverCredential $tuc2 –v

1.   Log on to a computer where Lync Server Management Shell and Ocscore are installed as a member of the RtcUniversalServerAdmins group. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   Add a Lync Server online hosting provider. At the command line, type: New-CsHostingProvider –Identity <unique identifier for Lync Online hosting provider> –Enabled $True –ProxyFqdn <FQDN for the Access Server used by the hosting provider> –VerificationLevel UseSourceVerification For example: New-CsHostingProvider –Identity "LyncOnline" –Enabled $True –ProxyFqdn "sipfed.online.lync.com" –VerificationLevel UseSourceVerification Note: You cannot have more than one federation relationship with a single hosting provider. That is, if you have already set up a hosting provider that has a federation relationship with sipfed.online.lync.com, do not add another hosting provider for it, even if the identity of the hosting provider is something other than LyncOnline. 4.   Set up hosting provider federation between your organization and the Push Notification Service at Lync Online. At the command line, type: New-CsAllowedDomain –Identity "push.lync.com"

1.   Log on to the Edge Server as a member of the RtcUniversalServerAdmins group. 2.   Click Start, click All Programs, click Administrative Tools, and then click Computer Management. 3.   In the console tree, expand Services and Applications, right-click Microsoft Office Communications Server 2007 R2, and then click Properties. 4.   On the Allow tab, click Add. 5.   In the Add Federated Partner dialog box, do the following: ·      In Federated partner domain name, type push.lync.com. ·      In Federated partner Access Edge Server, type sipfed.online.lync.com. ·      Click OK.

1.   Log on to a computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   Enable push notifications. At the command line, type: Set-CsPushNotificationConfiguration –EnableApplePushNotificationService $True –EnableMicrosoftPushNotificationService $True 4.   Enable federation. At the command line, type: Set-AccessEdgeConfiguration -AllowFederatedUsers $True

1.   Log on to a computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   Test the federation configuration. At the command line, type: Test-CsFederatedPartner –TargetFqdn <FQDN of Access Edge server used for federated SIP traffic> -Domain <FQDN of federated domain> -ProxyFqdn <FQDN of the Access Edge server used by the federated organization> For example: Test-CsFederatedPartner –TargetFqdn accessprox.contoso.com –Domain push.lync.com –ProxyFqdn sipfed.online.lync.com 4.   Test push notifications. At the command line, type: Test-CsMcxPushNotification –AccessEdgeFqdn <Access Edge service FQDN> For example: Test-CsMcxPushNotification –AccessEdgeFqdn Accessproxy.contoso.com

1.   Log on to any computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   Turn off access to mobility and Call via Work globally. At the command line, type: Set-CsMobilityPolicy –EnableMobility $False –EnableOutsideVoice $False Note: You can turn off Call via Work without turning off access to mobility. However, you cannot turn off mobility without also turning off Call via Work.

1.   Log on to any computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   Create a site level policy, and turn off access to mobility and Call via Work by site. At the command line, type: New-CsMobilityPolicy –Identity site:<site identifier> –EnableMobility $False -EnableOutsideVoice $False Note: You can turn off Call via Work without turning off access to mobility. However, you cannot turn off mobility without also turning off Call via Work.

1.   Log on to any computer where Lync Server Management Shell and Ocscore are installed as a member of the CsAdministrator role. 2.   Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3.   Create user level mobility policies and turn off mobility and Call via Work by user. At the command line, type: New-CsMobilityPolicy –Identity <policy name> -EnableMobility $False -EnableOutsideVoice $False Grant-CsMobilityPolicy –Identity <user identifier> -PolicyName <policy name> You can turn off Call via Work without turning off access to mobility. However, you cannot turn off mobility without also turning off Call via Work. For example: New-CsMobilityPolicy "tag:disableOutsideVoice" –EnableOutsideVoice $False Grant-CsMobilityPolicy –Identity –MobileUser1@contoso.com –PolicyName Tag:disableOutsideVoice