#Lync Question 44: What SQL collation should I use

I have been asked this question quite a few time now.

As much as I believe (according to a few SQL administrations) it is best practice to match the server collation with the database collation for performance reasons for Lync you really don’t want to this.

The server collation should be Latin1_General_CI_AS

If you interested all the Lync Server 2013 databases use Latin1_General_BIN collation, this is a case sensitivity collation and if you happen to match the collation then you will probably run into issues with mirroring the archiving and monitoring databases as they their database naming is mixed case.

#Lync Question 42: How do I run the SkypeUI when my administrator want me to run the LyncUI

I am sure this is going to annoy some Lync administrators, however I came into work this morning after running the Skype for Business client for the last few months to the following message


Thus following the restart, I was back the the Lync UI.  “How retro”

Disclaimer: Playing with the registry may result is serious injury or death for your PC so everything be careful out there!

First you will need local administrator rights to do this and also have a read of my previous post #Lync Question 38: How do I control the Lync and Skype UI with the Skype for Business client regarding the registry keys.

Here is the registry with the Skype UI disabled (you might see some other keys in here too)



Lets delete it, or via command line it would be:

reg delete HKCU\Software\Microsoft\Office\Lync /v EnableSkypeUI /f

Next we add back the registry key with the Skype UI enable

reg add HKCU\Software\Microsoft\Office\Lync /v EnableSkypeUI /t REG_BINARY /d 00000001 /f

Next lets change the permissions, select the EnableSkypeUI key and on the Edit menu select Permissions


In here we click on Advanced and then Disable Inheritance and then select Remove all inherited permissions from this object

And then OK, Yes (we are going to denied all users permissions) and finally OK

Then we can launch the client with the SkypeUI

How do I revert?

If you want to revert in the registry edit, select HKCU\Software\Microsoft\Office\Lync in the left pane and then in the Edit menu, Permissions and we will see there is no permissions




Next click on Advanced


And then Enable inheritance followed by OK and OK

There we go…..enjoy the Skype UI again

#Lync Question 41: How I do configure a Polycom SIP Phone (VVX / SoundStructure) as a Lync Common Area Phone

There are already a number of good blog articles on how to get Polycom provision server up and running to provision lots Polycom SIP phones. I would recommend Jeff Schertz blog article [1].

However as I found, most focus on setting up a Polycom SIP phone using a standard Lync user (with a full AD account and password) and not a common area phone, which has just a AD contact object.   Although you could just use an AD user account instead in some environment it is just easier just not have to justify why these accounts have non-expiring passwords.

With the UCS 5.0.2 software it added support Lync PIN authentication and although with a Polycom VVX phone it is easy enough to manually logon the phone using the screen and keypad. As I found with a Polycom SoundStructure this isn’t so easy since there is no screen or keypad and especially since UCS 5.2.0 and later the phone’s (or VoIP Ccrd) web interface is disabled by default.

Although it  is easy enough to re-enable the web interface via some additional lines in the shared.cfg XML file on the provisioning server at which point you can log to VoIP card into Lync as a Common Area Phone (below).


However when you have a large number of Polycom SoundStructure devices to configured or support then this quickly becomes impractical.

After a bit reading and trial and error, here is the syntax for the [MACADDRESS]–Lync.CFG file to

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!--UCS Device Configuration file for Lync-->
<LYNC reg.1.auth.useLoginCredentials="1" reg.1.auth.loginCredentialType="extensionAndPIN" reg.1.address="room101@uctestlab.com" device.logincred.extension="1234" device.logincred.extension.set="1" device.logincred.pin="5551234" device.logincred.pin.set="1" />

Then you just need to reset the VVX/VoIP card for it just automatically logon.


[1] Provisioning Polycom SIP Phones


#Lync Question 39: Creating a Remote PowerShell session to Lync On-Premise

This is a something that comes from customer on most deployments now as the helpdesk, ,voice and network engineers cannot sadly do everything from the control panel. It is usually due to the need to create Common Area Phones or add Location Information Services Subnets or more increasingly the need to enable users for Hosted Voicemail due to using Exchange Online Unified Messaging.

There are two ways I usually recommended to create a remote PowerShell session to Lync Server On-Premise

1. Manually (via specifying the credential manually)
2. Automatically (via reading the secure password from a file)


Below is the PowerShell to create a Remote PowerShell against a production Lync environment which can be done from any workstation

$credential = Get-Credential "DomainID\AdminID"
$session = New-PSSession -ConnectionUri "https://admin.uctestlab.com/OcsPowershell" -Credential $credential
Import-PSSession $session

When manually create a Remote PowerShell session Lync, the credentials are required to be enter via the following dialogue box. This is following line #1


This might not be ideal in term of automation.


If you need automatically create a Remote PowerShell session within a script then first you need to store the password in a secure string in a file via the following:

Read-host -AsSecureString | ConvertFrom-SecureString | Out-File C:\cred.txt

This is entered straight into the PowerShell window as shown below


In case you wondered the file looks like this:


Now we have this we can create the Remote Powershell session to Lync using the password in the file via the following:

$password = Get-Content C:\cred.txt | ConvertTo-SecureString
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "DomainID\AdminID",$password
$session = New-PSSession -ConnectionUri "https://admin.uctestlab.com/OcsPowershell" -Credential $credential
Import-PSSession $session

I’m sure there are other ways too, but these two methods meet the majority of requirements with customers.

#Lync Question 36: How do I request a reverse proxy certificate for Lync

This is a favourite interview question for mine and should be straight forward enough, but you would not believe how many people can’t answer this!

Via the Lync Management Shell:

Request-CsCertificate -New -Type WebServicesExternal -AllSipDomain -verbose -PrivateKeyExportable $true -Output “C:\LyncExternalWebServices.req” -Country US -State “Washington” -City “Redmond” -FriendlyName “lyncwebsrv1.contoso.com” -Organization “Contoso” -OU “IT” -Report “C:\LyncExternalWebServices-CertReq.html” -DomainName “officewebapp1.contoso.com,anotherfqdn.contoso.com”

From the stats on my blog this popular topic as the Reissuing Certificates for Lync Mobile post following Lync Server 2010 CU4 which added Lync Mobility is but far the more hits post on my blog given the ages of the post now.

#Lync Question 35: What certificate providers can I use with Lync

It is generally recommended that supported Unified Communications Certificate Partner public CA is used for all public certificates Lync Server 2013:

Unified Communications Certificate Partners

Also if your running Lync Phone Edition you should be mindful of the public trusted certificates installed by default:

Certificates for Lync Phone Edition

A number of certificate providers are transitioning to the SHA-2 cryptographic hash functions which allow greater levels of encryption. I experienced this recently with a GoDaddy certificate reissue (whereby I needed to change the existing certificate) this causing federation issues with some organisations but not others as the new root certificate wasn’t as widely installed as Edge server are typically on restricted networks and thus might not be getting the root certificate update from Microsoft.

This came into effect with Go Daddy 23 December 2013 and is why there is now a new root certificates (‘Go Daddy Class 2 Certification Authority Root Certificate – G2’).  It is possible (at the moment) via changing the ‘signature algorithm’ during the CSR submission to still do a 2 year certificate using the older root certificate and chain. (See below)


What I will say however Microsoft themselves as well as Office 365 use Cybertrust


So does it matter? Well as long as the computer/device trusted the certificate it should not, although I like others have had certificates issued with previously OCS/Lync deployment from both the UCC partners or other providers not listed.

And Lync is all about certificates…………….


Information About Requiring the SHA-2 Hash Function’ may be helpful to you.

#Lync Question 33: Do PSTN Users know if Lync calls and meetings are being recorded

Another question from a customer on whether a PSTN user is notified or not if a meeting is being recorded.

This was something I had to take away and test.

  • If an existing PSTN user has already joined a Lync meeting, then when a Lync user clicks on ‘Start Recording’ then the PSTN user hears a “This meeting is being recorded” announcement
  • If a PSTN user joins a meeting which is already being recorded, then the conferencing attendant notifies you that the meeting is being recorded upon joining the meeting.

Since Lync meeting recording are local to the Lync client then the PSTN user can not record a meeting or even begin recording via DTMF.

Peer-to-peer recording ONLY works between Lync clients. You cannot record a call between a Lync user and a PSTN user!  If you do need to record PSTN calls or record call for compliance then you need a 3rd party solution.  This is a topic in itself.

Users running Lync are able to see if meetings and calls are being recorded.

The ability to record meetings and peer to peer calls is configurable via the conferencing policy.

#Lync Question 32: How do I dump Lync configuration to text files

Reblog of an old post of mine

When documenting a Lync deployment this PowerShell has been invaluable as I can easily convert the output by copy and pasting into Microsoft Word and then select the content use the Insert Table -> Convert Text to Table and select the Separate text at Other and enter a colon :

Then with minimal effort, I can document the key policies and configuration.

Here is a nice PowerShell one-liner which will dump all the output of the Get-Cs cmdlets to text files. It works with both Lync Server 2010 and 2013.

Just open the Lync Server Management Shell create a new empty directory and change directory into it and run the cmdlet

foreach($i in Get-Command Get-Cs*) { if($i.CommandType -eq "Cmdlet"){if (($i.name -eq "Get-CsAdminRoleAssignment") -or ($i.name -eq "Get-CsClientCertificate") -or ($i.name -eq "Get-CsClientPinInfo") -or ($i.name -eq "Get-CsRgsConfiguration") -or ($i.name -eq "Get-CsUserPoolInfo") -or ($i.name -eq "Get-CsBackupServiceStatus") -or ($i.name -eq "Get-CsClientAccessLicense") -or ($i.name -eq "Get-CsDatabaseMirrorState") -or ($i.name -eq "Get-CsEffectivePolicy") -or ($i.name -eq "Get-CsPersistentChatEligiblePrincipal") -or ($i.name -eq "Get-CsPoolBackupRelationship") -or ($i.name -eq "Get-CsPoolFabricState") -or ($i.name -eq "Get-CsTestUserCredential") -or ($i.name -eq "Get-CsWebTicket")){} Else {. $i.Name | out-file $i".txt"}}}

And for Skype for Business here

foreach($i in Get-Command Get-Cs*) { if($i.CommandType -eq "Cmdlet"){if (($i.name -eq "Get-CsAdminRoleAssignment") -or ($i.name -eq "Get-CsClientCertificate") -or ($i.name -eq "Get-CsClientPinInfo") -or ($i.name -eq "Get-CsRgsConfiguration") -or ($i.name -eq "Get-CsUserPoolInfo") -or ($i.name -eq "Get-CsBackupServiceStatus") -or ($i.name -eq "Get-CsClientAccessLicense") -or ($i.name -eq "Get-CsDatabaseMirrorState") -or ($i.name -eq "Get-CsEffectivePolicy") -or ($i.name -eq "Get-CsPersistentChatEligiblePrincipal") -or ($i.name -eq "Get-CsPoolBackupRelationship") -or ($i.name -eq "Get-CsPoolFabricState") -or ($i.name -eq "Get-CsPowerShellEndPoint") -or ($i.name -eq "Get-CsTestUserCredential") -or ($i.name -eq "Get-CsWebTicket")-or ($i.name -eq "Get-CsPersistentChatAddin")-or ($i.name -eq "Get-CsPersistentChatCategory")-or ($i.name -eq "Get-CsUser")-or ($i.name -eq "Get-CsUserAcp")-or ($i.name -eq "Get-CsAdUser")-or ($i.name -eq "Get-csAdPrincipal")-or ($i.name -eq "Get-CsPersistentChatRoom")-or ($i.name -eq "Get-CsBusyOptions")-or ($i.name -eq "Get-CsGroupPickupUserOrbit")-or ($i.name -eq "Get-CsSlaConfiguration")){} Else {. $i.Name | ConvertTo-Html -As List | Set-Content $i".htm"}}}

Thanks to Pat Richard for the comments and the PowerShell optimisation and saving a couple bytes of command line which I ignored but was noted.

#Lync Question 31: How do I Enable QoS for Exchange UM Media

Reblog of an old post of mine

I’m not going to cover setting up Quality of Service (QoS) in a Lync environment, Elan Shudnow’s Blog already covers this really well:

Enabling QOS for Lync Server 2010 – Part 1
Enabling QoS for Lync Server 2010 – Part 2

During your QoS planning you should have already planned your audio port ranges, i.e. Audio 49152 to 57500

On your Exchange UM server you need to open either:

  • C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeUM.config for Microsoft Exchange Server 2010
  • C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeUM.config for Microsoft Exchange Server 2013

Within the file you will find the following section, then update according with the correct port range for audio:

<!-- The min/max ports to use for RTP media. If the values are invalid, or max < min, the default will be used -->
<add key="MinimumRtpPort" value="1025" />
<add key="MaximumRtpPort" value="65535" />

Then restart the Exchange UM service.

Finally then either as a local policy or group policies (depending on how many UM servers you need to deploy the setting to)

Under Computer Configuration -> Windows Settings -> Policy-based QoS, create QoS policy with the following settings:

  • Policy Name: Exchange UM Media
  • DSCP Value: 46
  • Specify Outbound Throttle Rate: Unchecked
  • Only applications with the following executable name: UMWorkerProcess.exe
  • Source IP: Any Source Address
  • Destination IP: Any Destination Port
  • Source Port: 49152:57500 (as according to audio port range)
  • Destination Port Range: To any destination port

#Lync Question 30: Can you make a Lync/Skype call to an Xbox One Console

For businesses with travelling users it is an important use case to provide a means of communicating with friends/family whilst away from home.

Today (March 2014) the Skype/Lync integration (V1) is limited to audio calling only and yes peer-to-peer audio calling works to Xbox One!  both initiated from Lync and from the Xbox One.

During Lync Conference 2014 it was announced V2 integration will be released later in CY2014 and will introduce video calling.

During the Q&A in “Technical deep-dive into Lync-Skype Video” session by Carl Olivier and William Looney at Lync Conference 2014 it was asked whether video calling would work to the Xbox One and yes it will!