Lync CU4 Released November 2011

Lync CU4 (cumulative update 4)  has been released.  All components can be found here.

http://www.microsoft.com/download/en/details.aspx?id=11551

Updates that are released for Lync Server 2010
  • Update for Administrative Tools
2467771 Description of the update package for Lync Server 2010, Administrative Tools: January 2011
  • Update for Core Components
2514981 Description of the cumulative update for Lync Server 2010, Core Components: November 2011 
  • Update for Conferencing Attendant
2575872 Description of the cumulative update for Lync Server 2010, Conferencing Attendant: July 2011
  • Update for Conferencing Server
2514978 Description of the cumulative update for Lync Server 2010, Conferencing Server: November 2011  
  • Update for Web Components Server
2514979  Description of the cumulative update for Lync Server 2010, Web Components Server: November 2011  
  • Update for Standard/Enterprise edition Server
2514980 Description of the cumulative update for Lync Server 2010: November 2011
  • Update for Web Conferencing Server
2575871 Description of the cumulative update for Lync Server 2010, Web Conferencing Server: July 2011
  • Update for Mediation Server
2640253 Description of the cumulative update for Lync Server 2010, Mediation Server: November 2011
  • Update for Unified Communications Managed API 3.0 Runtime
2500449 Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: November 2011 
  • Update for Policy Decision Point
2502809 Description of the cumulative update for Lync Server 2010 Policy Decision Point : November 2011

Installation methods

To install updates for Lync Server 2010, use one of the following methods.

Method 1 Cumulative Server Update Installer

To install these updates, you must apply the updates by using Cumulative Server Update Installer.

Note The Cumulative Server Update Installer applies all updates for the appropriate server role in one click.

To use the Cumulative Server Update Installer, follow these steps.

Note If User Account Control (UAC) is turned on, you must start the Cumulative Server Update Installer by using elevated permissions. This makes sure that all updates are installed correctly.
  1. Download Cumulative Server Update Installer. To do this, visit the following Microsoft Download Center Web site:
    Download
    Download the LyncServerupdateInstaller.exe package now.
  2. Run Cumulative Server Update Installer by using the UI or by using a command line.

    Note The UI provides a clear indication of which updates are installed when you click Install Updates.

    To run the Installer by using a command prompt, use the following command, together with the appropriate switches:
    LyncServerUpdateInstaller.exe [/silentmode  [/forcereboot]] | [/extractall]
    Notes

    The /silentmode/forcereboot switch applies all the applicable updates silently and then automatically restarts the server at the end of the installation process if it is necessary.

    The /extractall switch the updates from the installer and puts the updates in a subfolder that is named “Extracted” in the folder in which you ran the command.
  3. On Standard Edition Server and Enterprise Edition – Front end server once you have installed update for core components, the updated sql files will be dropped on the server. Then, run the following cmdlet to apply the changes:
    Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn -UseDefaultSqlPaths
    Notes
    • In a Lync Server 2010 Standard Edition environment, run the cmdlet from the Standard Edition server.
    • In a Lync Server 2010 Enterprise Edition environment in which the archiving/monitoring services are collocated with an Enterprise Edition back-end server, run this cmdlet from the Enterprise Edition back-end server.
    • In a Lync Server 2010 Enterprise Edition environment in which the archiving/monitoring services are not collocated with an Enterprise Edition back-end server , run this cmdlet from the Enterprise Edition front-end server.
    If the RTCDyn databases are removed after you run the cmdlet without the UseDefaultSqlPaths parameter, run the following cmdlet to restore the RTCDyn databases:
    Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn < EEBE.Fqdn > -DatabasePaths ,
    Note The RtcDyn log is located under the path of the rtcdyn.ldf file. The RtcDyn data is located under the path of the rtcdyn.mdf file.

Method 2 Microsoft Update

You can use Microsoft Update to apply the updates for Lync Server 2010.

Note The updates will be available on Microsoft Update in late August, 2011.

Method 3 Manual installation

If you select to manually install these updates, this article helps you determine the mapping between the updates and the different server roles. However, you should consider the following recommendations for manual deployment:
  • All updates for a role must be deployed. Additionally, all updates on the same server role must be at the latest update level.
  • Lync Server Standard Edition and Lync Server Enterprise Edition Consolidated also require all updates for any roles that are deployed on the server. All updates must also be at the latest update level.
  • Additionally, the following recommendations apply to the Lync Server 2010 Distributed Enterprise Edition:
    • Update the whole topology with the latest cumulative update for each component at the same time. This best practice is highly recommended.  
    • If the previous recommendation cannot be followed, install the latest cumulative update on at least all the pools and the directors at the same time.
List of server roles and the updates that apply to them

Lync Server 2010 – Standard Edition Server

    • Update for Core Components - KB 2571545
    • Update for Conferencing Server - KB 2575870
    • Update for Web Components Server - KB 2571547
    • Update for Standard/Enterprise edition Server - KB 2571546
    • Update for Web Conferencing Server - KB 2575871
    • Update for Conferencing Attendant - KB 2575872
    • Update for Unified Communications Managed API 3.0 Runtime - KB 2571505

Lync Server 2010 – Enterprise Edition – Front-end

    • Update for Core Components - KB 2571545
    • Update for Conferencing Server - KB 2575870
    • Update for Web Components Server - KB 2571547
    • Update for Standard/Enterprise edition Server - KB 2571546
    • Update for Web Conferencing Server - KB 2575871
    • Update for Conferencing Attendant - KB 2575872
    • Update for Unified Communications Managed API 3.0 Runtime - KB 2571505

Lync Server 2010 – Enterprise Edition – Stand-alone A/V Conferencing Server

    • Update for Core Components - KB 2571545
    • Update for Conferencing Server - KB 2575870
    • Update for Unified Communications Managed API 3.0 Runtime - KB 2571505

Lync Server 2010 – Monitoring Server

  • Update for Core Components - KB 2571545
  • Update for Unified Communications Managed API 3.0 Runtime - KB 2571505

Lync Server 2010 – Edge Server

  • Update for Core Components - KB 2571545
  • Update for Unified Communications Managed API 3.0 Runtime - KB 2571505

Lync Server 2010 – Stand-alone Mediation Server

  • Update for Core Components - KB 2571545
  • Update for Mediation Server - KB 2502810
  • Update for Unified Communications Managed API 3.0 Runtime - KB 2571505

Lync Server 2010 – Administration Tools – Topology Builder

  • Update for Core Components - KB 2571545
  • Update for Administration Tools - KB 2467771

Lync CU3 Released July 2011

Eagerly awaited to fix multiple client and server issues.  Mostly around integration with EWS (out of office, visual voicemail etc)
Client KB
Server KB
Core Components KB

WP7 March Update

I've just installed the March 2011 WP7 update to my HTC Trophy, and am now graced with copy & paste functionality.  It's good to see Microsoft acting on the feedback from customers.  Below is the official list of additional features.

 

March 2011

OS version: 7.0.7390.0*
  • Copy & paste. You asked for it—now it's here. Just tap a word and drag the arrows to copy and paste it on your phone. You can copy text from emails, text messages, web pages, and Office Mobile documents, and paste it anywhere you can type. To learn more, see Copy & paste.
  • Faster apps and games. Nobody likes to wait. That's why we've whittled down the time it takes for apps and games to start up and resume. It's all part of our focus on getting you to the things you love, easier and faster.
  • Better Marketplace search. We've streamlined Marketplace search to make it easier to find specific apps, games, or music. Press the Search button in the Apps or Games section of Marketplace and you'll see only apps or games in the results. Press Search in the Music section of Marketplace to search just the music catalog.
  • Other Marketplace improvements. We've improved the stability of Marketplace while you download apps. We've also improved the experience of downloading apps larger than 20 megabytes, upgrading from trial apps to paid apps, sharing links to apps via email, sorting Xbox LIVE games by release date, and creating an Xbox LIVE account from within the Games Hub.
  • Wi-Fi improvements. We now display your phone's Media Access Control (MAC) address in Settings. (You might need this info if you try to connect to a Wi-Fi network that uses MAC address filtering. To learn more, see Connect to a Wi-Fi network.) We've also removed the limit on the number of Wi-Fi profiles that you can store and reduced the time it takes to start your phone if you've stored lots of Wi-Fi profiles.
  • Outlook improvements. We've improved the experience of viewing iPhone photo attachments you receive from a non-Exchange-based email account (such as a Google Mail, Hotmail, or Yahoo! Mail account), using the Global Address List (GAL) when connecting to Exchange Server 2003 using Exchange ActiveSync, and working with email display names that contain brackets (for example, "David Alexander [Contoso]").
  • Facebook integration. We've improved the experience of syncing Facebook accounts.
  • Camera improvements. We've improved the stability of switching between camera and video modes.
  • Audio improvements. We've improved the experience of using a Bluetooth headset to make calls when you're playing music or videos.
  • Other performance improvements. This month's update also includes software from several phone manufacturers that improves the performance of specific models. Naturally, if you don't have one of the affected models, we won't install this portion of the update on your phone.

April 2011 Lync Updates

April 2011 Lync updates have today been made available.  Details are below.
 

Lync 2010 (64bit)
Lync 2010 (32bit)
Lync 2010 Phone Edition (Tanjay)
Lync 2010 Phone Edition (Aries-Aastra)
Lync 2010 Phone Edition (Aries-Polycom)
Lync 2010 Attendee (Admin Install)
Lync 2010 Attendee (User mode install)
Lync 2010 Attendant (32 & 64 bit are a combined patch)
Lync 2010 Group Chat Client
Lync 2010 Group Chat Server
Lync 2010 Group Chat Admin

Some links are still working their way through the system and will become available within a week from today.
Some of the KBs are still in process. These should be available by 4/8.

Additional Notes:
Lync Client and Group Chat build number is 4.0.7577.253
Lync Attendee/Attendant build number is 4.0.7577.254
The Phone Editions build number is 4.0.7577.250

Server patches will be available soon. 
Both client and server patches will tentatively be available on Microsoft Update the second Tuesday of May.

BES 5 Service Pack 3

RIM have now released BES 5 SP3, which includes native functionality for OCS and Lync.  This means there is no longer the requirement to install an OCS 2007 R1 CWA server to achieve connectivity with a Blackberry handset.

http://swdownloads.blackberry.com/Downloads/entry.do

http://docs.blackberry.com/en/

Using OpenSSL to secure and encrypt your SabNZBd server traffic with self signed certificates

If you are planning on (or already have) externally published your SabNZBd server, it’s a good idea to implement SSL certificates to securely encrypt traffic going in and out of your network.  This will prevent any overzealous network admins, or even your ISP from snooping on your traffic and seeing what you are downloading.  It also makes sure things like your username and password aren’t sent in plain text traffic over network devices you aren’t in control of.

To begin with, you need access to an instance of OpenSSL.  The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.  It can be used to create self-signed certificates at no cost.  Many Linux distributions come with pre-compiled OpenSSL packages, if you have a favourite, go with that!

I didn’t have access to a linux distro, so choose to install and fire up a virtual instance of Ubuntu Desktop (ubuntu-10.04.1-desktop-amd64.iso),using a copy of VMWare server I had installed locally on my laptop.  It only takes a few minutes to install, and can be shutdown again afterwards.
Once you are in your chosen Linux distro, drop to a console/command prompt.



Launch your instance of Ubuntu and drop to a terminal prompt
Once you have a terminal session open, create yourself a working folder and CD into it.


We can then generate the SSL’s using the following commands

openssl genrsa 1024 > host.key



openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert

After running the req –new command you will be prompted to enter required information.  Most isn’t mandatory; the only one you really need to get right is the Common Name.  It is important to note, whatever common name you choose for your certificate, must match the public dns record or hostfile entry you are using to access your instance on from the internet.

For example: If you create your certificate with a common name of “sabinstance.davesimm.com” but you then access that instance at http://89.23.233.51/sab the certificate will fail as the names do not match.  The easiest way to ensure the names on your certificate match is either to utilise a static IP and your own domain name, or use a dynamic DNS service such a dyndns.com.  You would then match the certificate name to your chosen dyndns record.
Extract the .key and .cert files from your Ubuntu/openssl instance and copy them to whatever machine is running Sabnzbd.  An easy way to do this is run “view host.key” / “view host.cert” and just clipboard copy the information to a txt file on your host machine.
Copy the 2 files into the correct location for Sabnzbd files depending on which OS you are running.
WinXP:
%localappdata%/sabnzbd/admin/server.cert
%localappdata%/sabnzbd/admin/server.key
Linux:
~/.sabnzbd/admin/server.cert
~/.sabnzbd/admin/server.key

Depending on your current setup you may need to select the certificate files in Sab, enable HTTPS, and choose your SSL port.



At this point, remember, your certifcates haven’t been issued by a public trusted certificate authority, such as Verisign or Geotrust.  This means that any machine or device you use to access your sab instance will not trust your SSL certificate.  You can work around this by installing the certificate into any remote machines “trusted root authority” certificate store.  I have also installed my certificate into the certificate store of my Windows Mobile 7 phone to enable secure encrypted connection from my handset.  I will cover both below.

To install your certificate in windows XP / Windows 7 do the following.
Click start/run
Type MMC
File Add/Remove snap in
Choose Certificaes
Click Add
Click Computer Account
Click Next

Click Local Computer
Click Finish
Click OK
Expand the certificate management console and expand the Trusted Root Certificate Authorities folder.

Right click, choose all tasks and chose import.   Browse to your host.cer file and import.
To install the SSL certificate on your WP7 device do the following
There are a few documented ways to install SSL certificates on WP7 devices, the easiest way I found was the email method.  Take the host.cert  file we created earlier, rename it to host.cer and email it to yourself on an email address you can retrieve on the WP7 device.  When the email arrives, open the attachment and follow the onscreen prompts to install the certificate.
When you attempt to access your instance on the common name you specified earlier, you should have an error free encrypted connection to your instance.

Lync enabling or making Lync changes to a user who is or was a member of the Domain Admins security group

There are already a number of forums posts floating around on this, but it’s something I found out about the hard way, so i’ll blog it in the hope it helps someone else out.

While attempting to make a change to my own Lync user (on a sandpit development environment I’d like to add!) I was presented with the following operation failed error...


Active Directory operation failed on . You cannot retry this operation: “Insufficient access rights to perform the operation 00002098: SccErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS RIGHTS), data O”.
You do not have the appropriate permissions to perform this operation in Active Directory. One possible cause Is that the Lync Server Control Panel and Remote Windows PowerShell cannot modify users who belong to protected security groups (for example, the Domain Admins group). To manage users In the Domain Admins group, use the Lyric Server Management Shell and log on using a Domain Admins account. There are other possible causes. For details, see Lync Server 2010 Help.

I also found the following errors in the application event log...

Login failed for user 'OS\Dave.Simm'. Reason: Failed to open the explicitly specified database. [CLIENT: 89.31.238.2]

At this point it’s convenient to mention that I was going against all best practise and Microsoft security models known to man. This is a sandpit/development Lync environment with no other products installed and with only a handful of IT users on it. What had I done that was against best practise? I had added my own everyday Lync sip enabled user into the Domain Admins and CSAdministrators group. Any active directory administrator worth their salt will frown heavily upon this. Admins/Engineers should always have 2 accounts, a normal everyday user account, for Lync, Exchange, Sharepoint, and an admin account with escalated privileges to run admin procedures with.


So, realising the error of my ways, and being pointed in the right direction by the fairly helpful error messages. I took my account out of the Domain Admins group, logged out, and back in using my LyncAdmin user. This user isn’t Lync enabled and is purely an admin account. Only to hit exactly the same issue.
Adding a user account into the Domain Admins group makes changes to the way advanced security permissions are propagated and inherited by a user account. In order to reverse these changes you have to re-inherit these permissions. From dsa.msc (Active Directory Users & Computers) make sure that you are viewing advanced features; from the view menu select Advanced Features.


Find the user in question, edit the users properties, click the security tab, then click advanced. You need to tick the “Include inheritable permissions from this object’s parent” tick box to re propagate the required permissions.




Retry any Lync user changes and this time they should be successful.