Microsoft recently announced their support to third party smartphones such as iPhone, iPad, Android, and Nokia devices. This support allows users to run IM clients on their third party mobile devices in addition to their desktop, OWA and Mac OS X clients. To allow support for devices mentioned above, you must make a few changes to your Lync 2010 environment. Microsoft introduced a new feature called Mobility Service. Extra components and configuring is required in your Lync environment to support this new service. Mobility Service is an MSI installer that needs to run on Lync 2010 FrontEnd servers and extra SAN certificate name is required. Below is a walkthrough of the installation of this new service.
Microsoft introduces two new services: Mobility Service and Autodiscover Service to support these additional third party devices. This new Autodiscover service is URL based just like Exchange 2010 ) and it’s different from DNS auto discovery process in that it is introduced in RTM version of Lync 2010. Autodiscover service allows third party Lync mobile clients to autodiscover Lync servers. Autodiscover virtual directory is automatically created just like Exchange 2010. This virtual directory is created under both internal and external site but only external site should be used. Mobility service allows for push notification for iPhone and iPad clients, which do not support processes to run in the background. This is not a problem with Android devices. New virtual directory (Mcx) for Mobility service is automatically created within IIS sites (both sites, 443 and 4443).
Requirements to support iPhone, iPad, Android and other devices
- New DNS name for autodiscover service (this need to be added to SAN Certificate also)
- As mentioned above, you will need to reissue certificates for TMGs and Lync FrontEnd servers to include the new autodiscover DNS name
- If you are using hardware loadbalncers such as F5, use cookie-based persistence.
- New rule on TMG or ISA to allow autodiscover service.
- Create internal and external autodiscover DNS records.
- Add these autodiscover DNS records to SAN Certificate.
High Level Overview of Lync 2010 Mobility Service Installation
- Create Internal and External DNS records for Autodiscover service.
- Install Lync 2010 Nov. cumulative update.
- Configure IIS Ports for Mobility Service.
- Add SAN names for newly created DNS records on certificates used on reverse proxy (TMG or ISA) and Lync FrontEnd servers.
- Run Lync 2010 Mobility Service Installer.
- Add listener on reverse proxy (TMG) for autodiscover service.
- Configure Edge Server for push notifications
Create Internal and External DNS records for Autodiscover service
- Create a new internal DNS record ( lyncdiscoverinternal.sipdomain.com ) that points to internal IP of FrontEnd Server pool.
- Create a new external DNS record ( lyncdiscover.sipdomain.com ) that points to external IP of reverse proxy ( TMG or ISA).
Install Lync 2010 Nov cumulative update.
- Download update from go.microsoft.com/fwlink/?LinkID=208564.
- Logon to Lync Server:
run Stop-CSWindowsService (this will stop all the services)
run “net stop w3svc”
- Install the update by running LyncServerUpdateInstaller.exe
- run “Stop-CSWindowsService” again
- Run “net start w3svc” after the install.
- Run “Install-CSDatabase –Update –ConfiguredDatabases –SqlServerFqdn sqlservername.domain.com” (This will apply changes to the lync database)
- Run “Start-CsWindowsService” ( to start Lync services)
Configure IIS Ports for Mobility Service
- Run “Set-CsWebServer –Identity fepool-1.domain.com –McxSipPrimaryListeningPort 5086”
- Run “Set-CsWebServer –Identity fepool-1.domain.com –McxSipExternalListeningPort 5087”
- Run “Enable-CsTopology”
Add SAN names for newly created DNS records on certificates used on reverse proxy (TMG or ISA) and Lync FrontEnd servers.
- Logon to Lync FrontEnd servers and run below commands.
- Use built-in Lync Wizard or Request-CsCertificate command to request the certificate.
- Use below commands to assign the certificate.
- Run “Get-CsCertificate” ( This will return the certificates that is assign to this server )
- Run “Set-CSCertificate –type default,webservicesinternal,webservice***ternal –Thumbprint C3RtThumbprint”
Run Lync 2010 Mobility Service Installer
- Download the McsStandalone.msi from Microsoft (microsoft.com/download/en/details.aspx?displaylang=en&id=28356 )
- Run the installer on all FrontEnd Servers. (note: if you running IIS 7.0 instead of 7.5, you must make additional config to applicationHost.config file)
- Copy above MSI installer to C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup
- Open Lync Management Shell and run below command
Run cd "C:\Program Files\Microsoft Lync Server 2010\Deployment\"
- Add listener on reverse proxy (TMG) for autodiscover service.
- Open TMG Console, aka Forefront TMG Management
- Under ServerName > Firewall Policy > click NEW > Web Site Publishing Rule
- Select “Rule Action page” and select “Allow”
- Select “Publish a single Web site or load balance” from “Publishing Type” page.
- Select “Use SSL to connect to the published Web server or server farm” from Server Connection Security page.
- In “Internal Site name”, enter the full fqdn name of lyncfrontEnd server pool (example: lyncpool1.tinydomain.net)
- Enter “/*” in the path field and select “Forward the original host header”
- In “Public Name Details” page, Under Accept Requests for, choose “This domain name”. In “Public Name”, enter lyncdiscover.yourSIPdomain.com, under “Path” enter “/*”
- In “Select Web Listener” page, under “Web Listener”, choose SSL Listener with newly created certificate.
- In “Authentication Delegation” page, choose “No delegation, but client may authenticate directly”.
- In “User set” page, select “All Users”.
- Finally, click Finish.
- Now, open the properties of newly created rule and configure below settings.
- check “forward the original host header instead of the actual one”.
- For frontend pool configurations, choose “requests appear to come from the original client”
- In “Bridging” page, choose “Web server”, choose “Redirect requests to HTTP port” and use “8080” as the port, choose “Redirect requests to SSL port” and use “4443” as the port.
- Click OK, Apply the configuration and test the rule.
Configure Edge Server for Push Notifications
- Log on to your Lync Edge server and open Lync Management Shell
- Run below command to add Lync Server hosting provider
New-CsHostingProvider -Identity "MSLyncPush" -Enabled $True -ProxyFqdn "sipfed.online.lync.com" -VerificationLevel UseSourceVerification
- Run below command to setup hosting provider federation to Lync Online Push notification service.
New-CsAllowedDomain -Identity "push.lync.com"
- Run below commands to enable Push notifications:
Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $True -EnableMicrosoftPushNotificationService $True
Set-AccessEdgeConfiguration -AllowFederatedUsers $True
- Use below command test the configuration (optional)
Test-CsMcxPushNotification -AccessEdgeFqdn EdgeserviceFQDN