Lync 2010 Network Port Requirements and Summaries

While doing my last buildout of Lync 2010, I included some information showing all the port requirements along with a quick summary for the network team to have all the information they would need to assist in the build.  I thought I should post it here.


Port Requirements

Server Role Enabled Ports DNS LB HLB
A/V Conferencing

Server

5063/TCP used for AV conferencing No No
57501-65335/TCP/UDP – Used for media port range No No
Edge Server 3478/UDP (internal and external interfaces) for STUN/UDP inbound and outbound media communications Yes No
443/TCP (external interface) for SIP/TLS communications for external users accessing internal Web conferences, and STUN/TCP inbound and outbound media communications for accessing internal media and A/V sessions Yes No
4443/TCP used to push configuration data from the Central Management Server to the Edge Server. This port must be opened on every individual Edge Server, not on the load balancer. No No
5061/TCP (internal and external interface) for SIP/MTLS communication for remote user access or federation Yes No
5062/TCP (internal interface) for SIP/MTLS authentication of instant messaging communications flowing outbound through the internal firewall Yes No
8057/TCP (internal interface) for PSOM/MTLS communications from the Web Conferencing Server on the internal interface of the Web Conferencing Server No No
50,000-59,999/RTP/TCP used for inbound and outbound media transfer through the external firewall No No
Director 5060/5061/TCP/MTLS for all internal communication Yes No
Enterprise Edition Server 80/TCP for traffic from the front-end servers to the Web farm FQDNs Yes Yes
135/DCOM/RPC used for DCOM based operations such as Moving Users, User Replicator Synchronization, and Address Book Synchronization Yes Yes
443/TCP for HTTPS traffic from the front-end servers to the Web farm FQDNs Yes Yes
444/TCP for HTTPS traffic between the focus and the conferencing servers Yes No
445/TCP used for replication from central management server to Microsoft Lync Servers No No
448/TCP used for Lync Server Bandwidth Policy Service Yes No
5060/5061/TCP/MTLS for all internal communication Yes No
5062-5065 for IM conferencing, A/V conferencing, telephony conferencing, and application sharing No No
5066/TCP – for outbound E.911 gateway No No
5067/TCP/TLS used for incoming SIP requests from PSTN gateway Yes No
5068/TCP used for incoming SIP requests from the PSTN gateway Yes No
5069/TCP – for QoE Agent on the front end server Yes No
5070/TCP used for listening for SIP traffic for mediation service Yes No
5071-5074 for Response Group, Conferencing Attendant, Conferencing Announcement Yes No
5075/TCP used for incoming SIP requests for the Call Park Service Yes No
5076/TCP used for incoming SIP requests for the Audio Test service Yes No
5080/TCP used for Lync Server Bandwidth Policy Service Yes No
8057/TLS to listen to PSOM connections from Live Meeting No No
8080/TCP used for external IIS for Address Book Server and sharing slides Yes Yes
8404 for internal server communications (remoting over MTLS) for Response Group No No
49152-57500/TCP/UDP for media requests for audio conferencing on all internal servers. Used by all servers that terminate audio. No No
49152-65335/TCP – Used for application sharing port range No No
57501-65335/TCP/UDP – Used for media port range No No
Monitoring Server 135 for MSMQ No No
Reverse Proxy 80/TCP used for connection from ISA to internal Web Services No No
8080/TCP used for external IIS for Address Book Server and sharing slides No No
443/TCP used for listening on the external interface for incoming requests from external users for Web components information, and file downloads, distribution expansion as well as Address Book information. No No
4443/TCP used by Reverse Proxy for distribution group expansion No No
Component Port Protocol Notes
Clients 67/68 DHCP Used by Lync Server 2010 to find the Registrar FQDN (that is, if DNS SRV fails and manual settings are not configured).
Clients

443

TCP (TLS) Used for client-to-server SIP traffic for external user access.
Clients

443

TCP (PSOM/TLS) Used for external user access to web conferencing sessions.
Clients

443

TCP (STUN/MSTURN) Used for external user access to A/V sessions and media (TCP)
Clients

3478

UDP (STUN/MSTURN) Used for external user access to A/V sessions and media (TCP)
Clients

5061

TCP (MTLS) Used for client-to-server SIP traffic for external user access.
Clients 1024-65535 TCP/UDP Audio port range (minimum of 20 ports required)
Clients 1024-65535 TCP/UDP Video port range (minimum of 20 ports required).
Clients 1024-65535 TCP Peer-to-peer file transfer (for conferencing file transfer, clients use PSOM).
Clients 1024-65535 TCP Application sharing.

 
 

Andy Quiroz on Twitter Counter

Lync 2010 & Active Directory Schema Changes and Object additions summary

Lync Server 2010 requires several new classes and attributes and modifies some existing classes and attributes. In addition, much configuration information for Lync Server 2010 is stored in the Central Management store instead of in AD DS as in previous versions. The following information is still stored in AD DS in Lync Server 2010:

  • Schema extensions:
    • User object extensions
    • Extensions for Office Communications Server 2007 and Office Communications Server 2007 R2 classes to maintain backward compatibility with supported previous versions
  • Data(stored in Lync Server extended schema and in existing schema classes):
    • User SIP Uniform Resource Identifier (URI) and other user settings
    • Contact objects for applications such as Response Group and Conferencing Attendant
    • A pointer to the Central Management store
    • Kerberos Authentication Account (an optional computer object)

Classes Added by Lync Server 2010

Class Description
msRTCSIP-ConnectionPoint Generic service connection point (SCP) to specify the computer as a server running Lync Server.
msRTCSIP-GlobalTopologySetting The global topology setting object.
msRTCSIP-GlobalTopologySettings Container to hold global topology setting objects.

 

Attributes Added by Lync Server 2010

Attribute Description
msRTCSIP-AcpInfo This attribute stores user audio conferencing provider information.
msRTCSIP-DeploymentLocator This attribute is used in a split domain topology and contains a fully qualified domain name (FQDN).
msRTCSIP-GroupingID This attribute is a unique identifier of a group, used to group address book entries.
msRTCSIP-OwnerUrn This attribute is the Uniform Resource Name (URN) of the owner for the application contact.
msRTCSIP-PrivateLine This attribute contains the device ID of a private line device.
msRTCSIP-TargetUserPolicies This attribute stores name value pairs for target policies for a Lync Server user.
msRTCSIP-TenantId This attribute stores the unique identifier of the tenant. This identifier should be unique across all tenants.
msRTCSIP-UserPolicies This attribute stores name value pairs for user policies.
msExchUCVoiceMailSettings This multi-valued attribute holds voice mail settings. This attribute is shared with Exchange Unified Messaging (UM).

 

Classes Modified by Lync Server 2010

Class Change Class or Attribute
Organizational-Unit add: mayContain msRTCSIP-TenantId
User add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

msRTCSIP-AcpInfo

msRTCSIP-GroupingID

msRTCSIP-OwnerUrn

msRTCSIP-TargetUserPolicies

msRTCSIP-TenantId

msRTCSIP-UserPolicies

msRTCSIP-DeploymentLocator

msRTCSIP-PrivateLine

Contact add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

msRTCSIP-AcpInfo

msRTCSIP-GroupingID

msRTCSIP-OwnerUrn

msRTCSIP-TargetUserPolicies

msRTCSIP-TenantId

msRTCSIP-UserPolicies

msRTCSIP-DeploymentLocator

msRTCSIP-PrivateLine

Group add: mayContain

add: mayContain

msRTCSIP-GroupingID

msRTCSIP-TenantId

msRTCSIP-GlobalTopologySetting add: mayContain

add: mayContain

add: mayContain

msRTCSIP-BackEndServer

msRTCSIP-ExtensionData

msRTCSIP-ServerVersion

Mail-Recipient* add: mayContain msExchUCVoiceMailSettings

 

Objects created during install of Lync Server 2010                                                      

Service groups:

  • RTCHSUniversalServices – includes service accounts used to run Front End Server and allows servers read/write access to Lync Server global settings and Active Directory user objects.
  • RTCComponentUniversalServices – includes service accounts used to run A/V Conferencing Servers, Web Services, Mediation Server, Archiving Server, and Monitoring Server.
  • RTCProxyUniversalServices – includes service accounts used to run Lync Server Edge Servers.

 

Administration groups:

  • RTCUniversalServerAdmins – allows members to manage server and pool settings.
  • RTCUniversalUserAdmins – allows members to manage user settings and move users from one server or pool to another.
  • RTCUniversalReadOnlyAdmins – allows members to read server, pool, and user settings.

 

Infrastructure groups:

  • RTCUniversalGlobalWriteGroup – grants write access to global setting objects for Lync Server.
  • RTCUniversalGlobalReadOnlyGroup – grants read-only access to global setting objects for Lync Server.
  • RTCUniversalUserReadOnlyGroup – grants read-only access to Lync Server user settings.
  • RTCUniversalServerReadOnlyGroup – grants read-only access to Lync Server settings. This group does not have access to pool level settings, only to settings specific to an individual server.

Forest preparation then adds service and administration groups to the appropriate infrastructure groups, as follows:

  • RTCUniversalServerAdmins is added to RTCUniversalGlobalReadOnlyGroup, RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
  • RTCUniversalUserAdmins is added as a member of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
  • RTCHSUniversalServices, RTCComponentUniversalServices and RTCUniversalReadOnlyAdmins are added as members of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.

Forest preparation also creates the following role-based access control (RBAC) groups:

  • CSAdministrator
  • CSArchivingAdministrator
  • CSBranchOfficeTechnician
  • CSHelpDesk
  • CSLocationAdministrator
  • CSResponseGroupAdministrator
  • CSServerAdministrator
  • CSUserAdministrator
  • CSViewOnlyAdministrator
  • CSVoiceAdministrator

BlackBerry and the misery of a IT sys admin

Nothing against people who have chosen BlackBerry for their smartphone, what I have to say is against the peeps who make them…RIM software. Now these guys have made a fortune with their isolated phones and software but for the most part the way the iOS is designed is just so “overwhelming”.  Have you ever had a chance to dig into the menus?  It is just one big steamy pile of menu options and choices!  Nothing is simple nor obvious, and that is what the user needs, the owner needs simple choices, simple options, they don’t need to choose what type of security certificate they need when connecting to a wireless network.  Really RIM?  Why torture your users?  Just pointless.  But what is my favorite?  The BES software.  Worst thing ever.  Don’t get me wrong, when it works it works great.  But the phones do not always connect and when they don’t it aint very easy to fix them.  RIM says most the time to just wipe the phone to fix it.  Really RIM..really?  Wiping the phones is not the only option.

Sometimes RIM has secret options for you to do in the phones software.  Like this one.  When your calendar or contacts or emails are all duplicated, how to fix them?  Reset them.  But sadly there is no reset button to find.  RIM has put that in a secret option.  Very Area51’ish.  So what you do is go to your calendar, contacts, or inbox then open the menu and choose OPTIONS.  At the OPTIONS screen you type RSET  Thats it, those 4 letters does a reset but wipes what is there which is the service book.

Then it resyncs the book and boom, no more duplicates!  Now this takes like 15 or 20 minutes to finish but it still works.  Now why couldn’t RIM make that an choice on the screen, why some secret option?  To probably keep the users from reseting their folders right?  Well obviously they want to do that so why not give them the option?  Just silly if you ask me.  Anyways, there are way more things that get me going about BlackBerry devices, but I will save those for another post.

all BB should end up like this

MS-TecEd 2011 the aftermath

so i have had a few days to think back and really soak in all that i learned and saw at Tech-Ed.  i know i hae been blogging about Tec-Ed lately but i promise this is the last post directly blogging about MS-TechEd 2011.  So, rather than type away about all the  good and bad things, i have decided to narrow it down to the top 10 things about the conference.  and here we go!

10.  with the attendance up near 10k, it was nice to see our industry thriving again and proving to be very strong on all fronts (system administration and programing)

9.  the availability of the MVP’s and Microsoft engineers at The Learning Center this year.  Last year it was not difficult but some of the better engineers were not around much but this year there were plenty to go around.  validating my MS Lync 2010 design and talking shop about Exchange 2010 was a hue bonus for me at the event.

8.  the vendor floor was strong but it was nice to see that more serious vendors at the conference this year, and they showed their dedication and allegiance to Microsoft products.

7.  great foods.  even thou this topic deserves some attention, i wont boast about the food to much because i am not a food expert like my friends are.  she always trips me out about things she tastes and sees in foods that i dont.  i am sure at this event, the food was a decent 5 outta 10 stars, but the vendor party had GREAT food, i don’t know what happened for the rest of the week.  me and “harlems finest” had to foot patrol it out of the event on the last day to get some southern cooking food. it was totally worth it.

6.  reuniting with the UMD OIT crew.  it was awesome to see these fella’s again.  we got to talk shop, validate rumors and i had to confirm that i am not coming back to UMD.  but other than that it was great catching up with the following: Rob “big sexy” Williams; Patrick “im always looking for a job even thou i wont leave umd” Nemil; Steve “one time almost former employee of wintel” Tender; Steve “machine gunz” Gunzburg;  Gus “harlems finest” Sam

5.  the after party events.  wow, they are difficult to get invited to but if you get in, the foods and open bars are off the hook!  much love to the Unified Communication Round Table i attended on Wednesday.  The 3 mac and cheese and open bar was awesome

4.  Marriott Marquis in downtown Atlanta.  one word, NICE.  i enjoyed my stay, and the building was by far really impressive.  i had a blast at the restaurants and bars in there and the staff there was great.

3.  powershell.  powershell. powershell.  get it?  the future of the industry and my career is really clear now.  i really need to get better at doing some fancy powershell stuff.  i give it about another few years but it will soon be a requirement for my job to have high level powershell skills.  i need to keep reading, practicing and using powershell on a daily basis.  if i really try and make an effort for 4 weeks to use powershell a lot i think it will set th path for my success.

2.  the merge of lync, sharepoint, and exchange.   i see it coming and it wont be far ahead when microsoft merges these 3 technologies together.  as an exchange admin i know and see exchange is a dying horse.  i need to adapt to sharepoint and lync so that i can secure my place in the upcoming unified communication foundation.

1.  the after party!  i mean come on!  does Microsoft know how to party or what?  the entire Georgia aquarium, the coca cola museum and plus open bars and great food everywhere, they really take care of us.  there was not one disappointed member of the Microsoft army that night cause the band that performed was awesome as well.  i had a great time and it was by far one of the best tech-eds ever.

@MSTechEd

so i have been at Microsoft’s tech-ed conference for the last 4 days.  on this last day of tech-ed, i have tried to begin to sum up my experiences that i have learned and witnessed here.  so here are some personal highlights.

  • powershell is not a front-runner as it should be but most speakers are pushing it very much to the front, another year or two, powershell will dominate the side of Microsoft engineering that i am involved in.
  • lync 2010 server is really becoming the new “exchange” for Microsoft
  • soon i believe that Microsoft will have to merge exchange, lync, and sharepoint all into one product for unified communications software
  • windows phone new update that is going to be released this fall is gonna make a huge impact on the enterprise.  they might even surpass blackberry hold on the market.
  • explaining the “private” and “public” cloud using Microsoft products is exciting but also a glimpse of what is in store for us veteran engineers future if we stick with a heavy investment in all these Microsoft products.

so among all the hoop-la and all the give-aways, free stuff, and other various prize things, i am thinking that this year tech-ed has been not only more fun than last year but it has been a huge learning step for me to get me motivated and excited to use this stuff back in the work place.  last year i was taking a lot of tests trying to get certified and everything (which i did) and not having to do that this year has left me to enjoy all that tech-ed has to offer.

i hope i get to come back next year in Orlando, should be a good one.

PowerShelling for kids

So I have been doing some  powershelling lately, found this one line that is helping me out.  It is from Eric Woodford and the focus of the line is to gather the mounted disks for a windows server.  Basically it is like this, I have an Exchange 2007 server using a CCR cluster and the server uses DAS so the LUNS carved out for this are 15 disks for logs and 15 disks for databases.  Now the disks are volume mounted disks so they don’t show up as E drives or D drives.  But they do show up in the disk manager on the server.  So in order to monitor space on all 30 mounted volumes I could either use the disk manager or find a way to get all the disk information and export it out to view and analyze in excel.  This script is perfect.  It gathers all mounted volumes and then reports them onto a html file which I open in excel.  Now the powershell that gathers this info is called GetMountPointInfo.  It returns a lot of great info like freespace and Percentage Free, but the freespace data numbers it gives is in BYTES and not KB or GB.  So since my boss needs to know how many GB we use and are available then I had to do some excel formula’s to convert the BYTES into GB’s.  Not a biggie but it works.  Thanks to Eric for posting this like 3 years ago.

#Get-MountPointInfo.PS1 Script
#Eric Woodford
#Scripts@ericwoodford.com
#Nov 11, 2008
#Discover and detail volume mount points on a specified Windows server.
#

function Get-MountPointInfo($ServerName) {
        $Summary = @()
      
        $objFSO = New-Object -com Scripting.FileSystemObject
        $MountPoints = gwmi -class “win32_mountpoint” -namespace “root\cimv2” -computername $ServerName
        $Volumes = gwmi -class “win32_volume” -namespace “root/cimv2” -ComputerName $ServerName| select name, freespace
        foreach ($MP in $Mountpoints) {
                $MP.directory = $MP.directory.replace(“\\”,”\“)       
                foreach ($v in $Volumes) {
                        $vshort = $v.name.Substring(0,$v.name.length-1 )
                        $vshort = “””$vshort””” #Make it look like format in $MP (line 11).
                        if ($mp.directory.contains($vshort)) { #only queries mountpoints that exist as drive volumes no system
                                $Record = new-Object -typename System.Object
                                $DestFolder = “\\”+$ServerName + “\”+ $v.name.Substring(0,$v.name.length-1 ).Replace(“:”,”$”)
                                #$destFolder #troubleshooting string to verify building dest folder correctly.
                                $colItems = (Get-ChildItem $destfolder |  where{$_.length -ne $null} |Measure-Object -property length -sum)
                                #to clean up errors when folder contains no files.
                                #does not take into account subfolders.
                              
                                if($colItems.sum -eq $null) {
                                        $fsize = 0
                                } else {
                                        $fsize = $colItems.sum
                                }
                              
                                $TotFolderSize = $fsize + $v.freespace
                                $percFree = “{0:P0}” -f ( $v.freespace/$TotFolderSize)
                                $Record | add-Member -memberType noteProperty -name Name -Value $V.name
                                $Record | add-Member -memberType noteProperty -name FileSize -Value $fsize
                                $Record | add-Member -memberType noteProperty -name FreeSpace -Value $v.freespace
                                $Record | add-Member -memberType noteProperty -name PercFree -Value $percFree
                                $Summary += $Record
                        }
                }
        }
        return $Summary
}

$ServerName = “YourServerNameHere”
Get-MountPointInfo($ServerName) | convertto-html -title $ServerName > c:\Report-DriveSpace_for_$ServerName.html

andys Blog

So I started to write a blog on my MSN spaces site and there was a link saying that my Spaces blog stuff is being migrated to this WordPress.com site.  It is all integrated but I am not sure just how much traffic or public my blog may get.  But I will try anyways.  First I am going to post powershell lines that I use for Exchange 2007 and I am not going to try to educate the general population, I just want to put them out there and share them because that is pretty much how I obtained them.  I grabbed them from other admin blogs and mutated them to fit my needs.  I will give credit to the authors as I can remember them and that is it.  I will also blog about music, sports and other random IT stuff because I am a IT guy.  Okay, that is it for now.  Tomorrow I will post some new stuff.

Oh yea, I am gonna blog bout relationships and comic book hero’s .  Standard geek stuff.