Lync Ignite_Lync Top Support Topics and Troubleshooting

Download Report

Transcript Lync Ignite_Lync Top Support Topics and Troubleshooting

Meet Aaron Steele | @steeleaaron
Senior Consultant
• Been with Microsoft for 3 years
• Focused on Lync and specifically voice
• In computers and MS technology for 18+ years
• Started in Higher Education
• Wife and two kids, lives in Chicago, IL
•
Meet Brian Ricks | @bricomp
Lead Architect, BriComp Computers
• Unified communications architect
• Microsoft Certified Solutions Master
• Microsoft MVP since 2006
• Enterprise Microsoft collaboration solution
design, development, configuration, administration
and maintenance
• More than 20 years experience in IT industry
• Network Infrastructure Corp., Resolute, Phelps, Dodge
• Independent since 2009
•
Setting Expectations
• Target Audience
• IT and telecommunications professionals who design,
plan, deploy, and maintain solutions for unified
communications (UC)
• Experienced professionals that are looking to better
understand the new features and capabilities of Lync
2013 introduced since RTM
Suggested Resources
•
Course 20336, Core Solutions of Microsoft Lync Server
2013
— http://aka.ms/CoreLync2013
•
Course 20337, Enterprise Voice and Online Services
with Microsoft Lync Server 2013
— http://aka.ms/VoiceOnlineLync2013
5
Know Your Stuff? Get Certified
•
Microsoft Certified Solutions Expert (MCSE)
– http://aka.ms/MCSE-Lync
•
Exam 70-336: Core Solutions of Microsoft Lync Server 2013
– http://aka.ms/MCSEcoreLync
•
Exam 70-337: Enterprise Voice and Online Services with Microsoft
Lync Server 2013
– http://aka.ms/MCSEentvoiceLync
•
Microsoft Learning Partners—Learn from the Pros!
– http://aka.ms/CPLS
– Find a Class: http://aka.ms/ClassLocator
Course Topics
Lync Top Support Topics and Troubleshooting Tools
01 | Lync Performance Monitoring
04 | Lync Call Generators
02 | Centralized Logging Service
05 | Troubleshooting Tools
03 | Lync Media in Wi-Fi
Lync Performance Monitoring
Lync Performance Monitoring
System Center Operations Manager (SCOM): SCOM is an alerting system providing data on server status
Performance Counters: Feed into SCOM and for general server performance monitoring. Includes active connections, processing of messages, failures
raised by server, latency
Event Logs: Used to report to SCOM, configuration state on server, security policy update, service availability
Synthetic Transactions: Automated tests to detect outages in service features (e.g. , Instant Messaging [IM], registration, presence)
Call Detail Records (CDR): CDR provides telemetry on usage patterns (e.g., call volume), call establishment (e.g., conference join)
QoE Metrics: media, network,
endpoint and connection metrics
collected on endpoint
QoE Metrics: Media, network, endpoint and connection
metrics collected on endpoint
QoE Metrics: Media, network, endpoint and connection
metrics collected on endpoint
UFD: Actionable notifications displayed to user
UFD: Actionable notifications displayed to user.
Network Bars: Indicator providing users with information
when network performance is causing media quality issues
CDR/QoE
SQL Database
Network Bars: Indicator providing users with information
when network performance is causing media quality issues
QoE Data Collection
Front End Server
Lync Storage Service
Data Collection
Queue DB
Unified Contacts
Archival Processing
(IM, WebConf)
Monitoring Processing
(CDR/QoE)
SQL DB
Replication for
HA
What Factors Reduce Media Quality?
Audio and video coding
Device
Network performance
Environment
Lync 2010 Metrics
Strong suite of metrics covering
QoE Metrics Added in Lync 2013
Video metrics for multiview
and single-view video
Application Sharing metrics
Audio metrics
Summary
QoE provides metrics for:
Troubleshooting
In Lync 2013, improved video
metrics are aligned to the new video
feature set
Reports will have both audio and
video media performance analysis
New QoE will enable administrators
to better identify problems with
both audio and video
Planning
QoE provides information on
Network performance and problem
identification
Audio performance issues
Video usage and performance issues
QoE data assists in
Network planning (e.g., wired and
wireless access requirements)
Server and general infrastructure
procurement decisions
Centralized Logging Service
Centralized Logging Service (CLS)
New in Lync Server 2013
Replaces Lync Server Logging Tool
Enables IT admin to manage logging and search logs across all
Lync Servers in a deployment centrally
CLS Architecture
CLSAgent
CLSController
Scenarios
Logging is based on scenarios
Built-in scenarios specify a group of components and log levels
to be started and stopped together
Components Logged by Scenarios
Scenario details can be
discovered with the
Get-CsClsScenario cmdlet
Get-CsClsScenario global/<ScenarioName> |
Select -ExpandProperty Provider |
Format-Table Name,Level,Flags -a
For scenario:
IncomingAndOutgoingCall
Component Name
Level
MediationServer
Info
S4
Info
Sipstack
Info
TranslationApplication
Info
OutboundRouting
Info
InboundRouting
Info
UserServices
Info
Using ClsController
.\ClsController (COMMAND) [(OPTIONS)] [(SCOPE)]
COMMAND Description
-start
Starts trace session for given scenario. Mandatory option: scenario. Other valid option: duration
-stop
Stops trace session for given scenario. Mandatory and only valid option: scenario
-query
Query list of scenarios being traced. Valid options: None
-flush
Flush logs and make them available for searching immediately. Valid options: None
-update
Update the duration active (nondefault) scenario needs to be traced for. Mandatory and only
valid option: duration
-search
Search logs. Results are returned in a text file. Valid options: starttime, endtime, components, uri,
callid, phone, ip, loglevel, matchany, matchall, keepcache, correlationids
-?
Will display command line usage along with scenario names
ClsController Options
OPTION
Description
-scenario
Scenario name (Valid scenario names were given earlier)
-duration
Duration (in minutes) to trace the given scenario for. Default duration: 24 hours
-matchall
Specify this to require the search to match all criteria specified
-matchany
Specify this to require the search to match any criteria specified. This is the default.
-starttime
(timestamp) timestamp to search the log entries from
-endtime
(timestamp) timestamp to search the log entries to
-loglevel
(fatal | error | warn | info | verbose | noise)
This is the least severe log level to search on. For example, if 'warn' is specified search will be
limited to 'warn', 'error' and 'fatal'
-components
List of comma separated component names to restrict the search scope
-phone
Phone number scope for search command. This needs to be exact match
-uri
URI scope for search command. This needs to be exact match
-callid
Call id scope for search command. This needs to be exact match
-ip
IP address scope for search command. This needs to be exact match
The “AlwaysOn” Scenario
The special scenario “AlwaysOn” can be on all the time. It logs INFO level for many
common components
When an issue occurs there may be enough info in the AlwaysOn component logs
to debug the issue
This avoids having to turn on logging and repro the issue, which was always
required in Lync Server 2010
If the logs from AlwaysOn are not sufficient, turn on the specific scenario relevant to
your issue, repro the issue, and get a higher level of logging
At any given time, you can have one extra scenario enabled along with AlwaysOn
Sample Commands
Start AlwaysOn logging for entire deployment
Start another scenario for a specific pool
Get the current Sipstack log for a specific pool
Lync Media on Wi-Fi
Lync Media over Wi-Fi
Lync 2013 Wi-Fi support
Goal is to provide general deployment guidance and
recommendations for Wi-Fi deployment
Working with Wireless Local Area Network (WLAN)
infrastructure vendors using Lync in their deployments
Wi-Fi Problem Areas
Shared Medium
Limited band selection in 2.4GHz band
5-GHz band
Wi-Fi Deployment Recommendations for
Lync 2013
Deploy concurrent dual-band AP
Consider quality and features of Wireless NICs
Enterprise Wi-Fi Considerations
Understand usage
requirements
Managed WLAN
infrastructure
High-density AP
deployments
Fast inter-AP handover
support
Select WLAN infrastructure
vendors with voice over Wi-Fi
experience
Lync 2013 Wi-Fi Deployment Guidance
Enterprise
Lync 2013 Wi-Fi Deployment Guidance
Home
Hotspot
Lync Call Generators
Sign-in and authentication
Public Key Infrastructure (PKI) /
TLS Certificates
Signaling and media
establishment
High availability / disaster
recovery (HA / DR)
Lync address book
Lync Call Generators
Sign-in and Authentication Challenges
Lync clients have different requirements because they are limited
by the platform capabilities.
Changes from the legacy client platform have necessitated a
“fallback” approach to client DNS lookup.
Secure connectivity required for passing authentication.
Certificate-based authentication requires obtaining a certificate
via the web services.
Seldom will you see two deployments with the identical
network/infrastructure requirements.
So what causes it to break?
DNS Complexity
Network Infrastructure
Other things to be aware of…
Securing External Access
ABS / PIM
Sign-in and Authentication – Actions!
Consider all possible client scenarios even when they don’t fit into the initial
deployment plans.
Diagram all network access points and document what DNS records point to
where so future modality expansion can be achieved.
Educate local administrators on how mobility differs from external desktop
clients, from federation, Public IM Connectivity (PIC), and so on.
Document test scenarios and results so customers have a baseline to work
from. Customers who generate support incidents rarely have anything
documented and proclaim they have no test plan or results to compare to.
Fully test all modalities before completing a deployment.
Lync Call Generators
PKI and Certificate Challenges
PKI is everywhere in the product.
Correct use of certificates for internal roles, public certs from well known CAs for
external users, PIC, federation, Office 365, mobility, and reverse proxy.
Certificates used for antivirus encryption and authentication are NON-public.
Internal namespaces on external facing certificates are increasingly under scrutiny
because of new PKI standards.
Oauth is a new way to ensure intra-role communication is simplified. Server to
server; prevents trust issues between Lync and other trusted roles.
Be Aware Of…
All connections in Lync use TLS or MTLS with the exception of antivirus
Avoid wildcards in certificate names
Supported as Subject Alternative Name (SAN) on Web Services (RP)
Many public CAs won’t allow a direct import of a certificate request; names are
often added or certs recycled from other modalities because of the cost factor.
Only external services need public CA-issued certs.
No internal namespace on public certificates.
DNS must succeed for proper trust. Edge DNS pointers to internal split domain
namespace.
Scaled Edge servers share identical certificates (private)
Trust Model
Transport Layer Security (TLS) is used not only to secure traffic but
also to establish a trusted relationship between SIP proxies.
Secure Real-time Transport Protocol-User Datagram Protocol
(SRTP-UDP) cannot provide TLS with the certificates. However, it
can still scramble a packet payload.
Oauth provides a framework for authorizing components to
interoperate and reduces the trust model management through
certificate replication.
PKI / TLS Certificates – Actions!
Use wizards for certificate requests
Primary SIP domain = public namespace
No wildcard certificates
Use internal CAs for internal roles and access points
Avoid all-in-one certificates
Lync Call Generators
Signaling and Media Establishment
Challenges
Media Relay Authentication Service (MRAS), Interactive Connectivity
Establishment (ICE), Session Description Protocol (SDP) candidates
Edge server as a functional firewall device
Media bypass, hair pinning, mediation
Bandwidth management / Call Admission Control (CAC) / Quality of
service (QoS)
Monitoring / Quality of experience (QOE)
Signaling and Media Establishment (cont.)
External registrar SIP proxy users and federation
External conference proxy (SIP signaling still traverses Access)
All audio, video, and media sharing using Real-time Transport
Protocol (RTP)
Uses ICE (Session Traversal Utilities for Network Address Translation
(STUN) / Traversal Using Relay NAT (TURN) – secure using MRAS (is
not TLS)
No user services (that’s the reverse proxy role)
HTTPS connection for mobility clients, ABS, Meeting Lobby, etc.
Signaling and Media Establishment (cont.)
Media Relay Authentication Service (MRAS) - (5062) Internal via SIP
proxy
Allocate (3478) and ‘Are you there ping’ to ensure connectivity?
Open ports on NAT host | Reflective | Relay
Deep packet inspection – XOR
UDP and TCP open port ranges are largely overrated as a security
threat
DNS Load Balancing vs. Hardware Load Balancers
Other things to be aware of…
Certificates
TLS everywhere but media exchange.
Internal / external namespace depends on DNS pointing the right direction.
Networks
No logical sub-netting to prevent physical isolation.
Routing to Internet and internal networks should never overlap and will require
manual management of the networks in most cases
Signaling and Media Negotiation - Actions!
Define static routing
DNS to public, host to internal
Test port ranges for TCP and UDP 50k, 443, 5061, 3478, 5062,
8057
Network isolation
Public-facing IPs for A/V!
DNS load balancing preferred
Lync Call Generators
High Availability and Disaster Recovery
Don’t confuse High Availability and Disaster Recovery
Scenarios
No limited functionality
Pool pairing
RPO/RTO - Recovery point objective / Recovery time
objective
Windows Fabric – Known Issue!
Windows Server 2012 with Lync 2013 - known issues with
Windows fabric
All servers hung in “starting” state
Reset -CsPoolRegistrarState -ResetType QuorumLossRecovery -PoolFQDN <FQDN>
Reset-CsPoolRegistrarState -ResetType FullReset -PoolFQDN <FQDN>
HA/DR – Actions!
No Legacy design!
No cross network deployments
HA solution improves with each server you add to the pool
Don’t mix HA and DR features
Define and adhere to Recovery time objectives / Recovery
point objectives
Lync Call Generators
Address Book Service Challenges
Changes in Active Directory Properties
Pushed to the Lync Back End servers every 60 seconds
Default Setting for Address Book Service =
WebSearchandFileDownload
Get-CsClientPolicy … -AddressBookAvailability
FileDownload in Lync has all the same caveats as R2. Delay in updating,
differential files, 24-hour updates, and so on.
Managing Contacts
Personal Information Manager (PIM)
Relies on Exchange web services (EWS) to obtain Outlook contacts and also
synchronize Outlook calendar entries with presence state in the database; this is a
client-side process
Unified contact store (UCS)
Introduces a host of potential caveats with contact loss. but relies on FE process to
proxy contact storage to the users mailbox. This is not PIM, but gets access to
Exchange using the same process.
Presence and Federation
Configuring Presence
Subscribe to presence
HA/DR real-time presence across all Front End servers and backup registrars
Lync Federation
Privacy relationship
Trust with Office 365
ABS and Presence – Actions!
Deploy reverse proxy
Enable EWS
Turn on WebSearchOnly
Migrate to UCS
Prep for federation
Troubleshooting Tools
Troubleshooting Tools
Lync Debug tools
Lync Network Monitor with Lync Parsers
Snooper
Remote connectivity analyzer
TRIPP (Transport Reliability IP Probe)
Lync 2013 BPA
Telnet
Event logging (Capi2)
HLB isolation
Resources
Lync Server 2013 Protocol Poster
http://www.microsoft.com/en-us/download/details.aspx?id=39968
Microsoft Lync Server 2013 Resource Kit Tools
http://www.microsoft.com/en-us/download/details.aspx?id=36821
Lync Server 2013 Best Practices Analyzer
http://www.microsoft.com/en-us/download/details.aspx?id=35455
Microsoft Lync Server 2013 Debugging Tools
http://www.microsoft.com/en-us/download/details.aspx?id=35453
Troubleshooting Lync Server using Snooper – Part 1 (links to 2, 3 & 4 inside article)
http://blogs.technet.com/b/nexthop/archive/2012/04/16/troubleshooting-lync-server-2010-with60snooper-part-1.aspx