Preparing for Deployment – Research and Education and Pricing
Deployment of Standard Server & Director Role
Deployment of Edge and Reverse Proxy
Deployment of Lync Voice Capabilities
Configuring Lync PSTN Calling thru Avaya IPOffice
Configure Lync 4 Digit Extension Dialing without DIDs
Configure Asterisk as a SIP Proxy for Avaya IPO and and Lync
Deployment of Lync Client to users
Testing Configuration of Backup Registrar
Continuing the series in our Lync Deployment. As we are approaching the date that we will completely cut over all users to lync we wanted to build in some redundancy to our deployment.
We have done this by licensing a second standard server and configuring it in the topology as a backup registrar. This will allow us to have a fail over server to host all voice calls in the event of a failure to the primary standard edition server (PSE). The Backup Standard Edition Server (BSE) will provide voice capabilities and limited IM capabilities in a production down situation of the PSE.
Note: for calls to be made in a ‘failed over’ scenario backup calling routes will need to be configured for the BSE mediation role as discussed in a future post
So we have configured our backup in the topology (how to in a future post) and configured the failover routes so it is time to test the scenarios. For our testing we want to confirm that the PSE can fail and we can still make calls to the PSTN and if the PSTN is not available make a call out the analog backup lines.
You will want to review the default setting in your topology to set it to the lowest value possible when testing otherwise this test could take 15-20 minutes depending upon your value selected to fail over to a backup registrar.
Our test was to remove the NIC from the PSE, the Lync clients will disconnect, attempt to re-connect and after the specified time connect to the BSE as the fail over registrar and make calls via the PRI and Pots lines.
However after configuring a Backup Registrar Lync Clients wouldn’t login during a failed server. The clients would drop the connection as expected but however, they wouldn’t login to the backup registrar with limited functionality as expected.
Side note… Kudos to @DHannifin helping figure this one out…
check out our awesome buddy Dustin’s blog: http://www.technotesblog.com/ for lots of Uber good Lync goodness.
Even after changing the fail over time to just 30 seconds, the phone handset endpoints would login and calls could be made, but the Lync client would fail to login. After some digging in the trace logs we found client that wouldn’t connect that we were getting an unauthorized error because the newly added BSE server wasn’t in the user certificate issued by the server to the client so the Lync client didn’t trust the backup registrar.
The Lync Client uses a certificate for communications with the front end server. This certificate is not updated very often, in fact the default value to when it will update is 8760 HOURS that’s 365 DAYS! (A little longer than we wanted to wait for our testing…)
You can use the PowerShell command: Get-CSWebServiceConfiguration
to review the current values of your setting for MaxValidityPeriodHours’
Since we didn’t have a year to wait, there are a couple solutions.
1. Change the default value by using the PowerShell command
Set-CSWebServiceConfiguration but this changes the cert settings for all clients and would require time for replication.
2. Delete the certificate on the machine that you are using for testing. This is a little more killing a fly with a sledge hammer, but for this testing appeared to be the best solution.
So in a testing scenario where you don’t want to change the re-issue certificate settings, on the machine you are using to test, simply launch an mmc window add the add-in for certificates and choose to manage users certificates. Next browse to the personal certificates where you should find a certificate named the SIP URI of the user you are logged in as and it is issued by ‘Communications Server’. Delete the certificate and then restart your Lync Client (exit the application not just log off).
Note: After deleting the cert, before you re-launch the Lync Client, you will need your primary front end server online so a new certificate can be issued to the client on the workstation. Otherwise you still will not have valid certificate to connect and since the PSE is offline your client will try to connect to the BSE for which it still doesn’t have a valid cert.
After you re-connect to Lync to the PSE you can then power off the PSE (or remove the virtual nic from the virtual machine as we did.) You will notice the Lync client log off and after your Backup Registrar time out passes Lync will login to the Backup Registrar. You will know this has happed when you see the Lync client display the red bar indicating limited functionality.
If you have correctly configured a backup call route to your gateway, all voice calling will route out the gateway as if your Lync topology was operating normally.
Note: In an actual failover after you have configured all backup routes a call in progress should stay active even while the Lync Client is going thru its log off/log on process to connect to the backup registrar. If you are in an active call during this fail over, your call should stay connected, BUT it will disconnect if you hit cancel on the Lync client during the reconnection process.