lync 2013

Posted on 2016-11-22
Medium Priority
Last Modified: 2017-01-17
Dear Experts

I have a lync environment set for DEMO purposes and I need to install patches. I am new to LYNC technology and I need your help please

I have 2 FrontEnd Pool servers both Enpterprise Editions ( I know it is not a recommended approach) and Mediation roles available on them. and Also 2 persistent chat Pool serves with 2 SQL backend servers.  I need to patch FrontEnd and Persistent chat server as 4 VMs were never patched. could you please let me know what the steps are in sequence please?

I believe this is the latest updates


I have 2 issues reported which I believe these patches may fix. If Not I still need to resolve the issues: User presence is in updating and never shows the status and location..

could you please let me know where to start?

Question by:kuzum
  • 4
  • 3

Author Comment

ID: 41897339
status and location is not working for some users only not for every one. At the moment 100 users using it
LVL 28

Expert Comment

by:Ryan McCauley
ID: 41898499
So presence is working for some users are not for others? Can you tell if there's anything different between the users that are working and those that aren't? I'm not too familiar with Lync, but in situations where one group is seeing issues and another isn't, I usually see a configuration issue of some kind. For example:

1. Are there multiple network segments involved, where some have access to the servers and some don't (or have access limited by a firewall)?
2. Is one server working properly and one not (since you mentioned you have two)? If you turn one of them off (or stop the service) and then log people out and back in, do you see any changes in behavior?

If you're not using the newest patch level, I'd encourage you to apply it as part of your troubleshooting - trying to resolve an issue where there are open patches you don't have in your environment could be a waste of effort. Apply the current patches (as long as there are no complaints about them that you can find online) to make sure you're troubleshooting with a full deck.

Author Comment

ID: 41899059
thanks Ryan, I would like to know

1. Are there multiple network segments involved, where some have access to the servers and some don't (or have access limited by a firewall)?  "

  they are on the same VLAN on the same segment.

 2. Is one server working properly and one not (since you mentioned you have two)? If you turn one of them off (or stop the service) and then log people out and back in, do you see any changes in behaviour?
this is what I want to test to begin with before the patches but need to know how to stop users from accessing one server and direct them to second server for testing?
there is no hardware load balancer and DNS round robin is set to serve both frontend servers. my concern is that one of the servers could be problematic and as you suggested this is the best way to test in my opinion too?  

I also been informed that certs on the servers were expired and when it was renewed presence and location issue started. before that, it was all ok.  I checked the certs on the certificate store under personal on both front end servers and I Can see that in IIS, it bound to site name under port 443.  only difference I Can see from certificates that old certificates are issued by "forest level CA" and old certs were issued by "domain level CA". within the certificates-->Details tab->issuer field,   CN and DC details are not matching? COuld this be the reason? what do I need to look for from certificate site of the setup please?
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

LVL 28

Expert Comment

by:Ryan McCauley
ID: 41899242
If they're on the same network segment, at least you ran rule out the complications of firewalls and filtering. It's possible it's certificate-related, especially if one of the servers has valid certificate details and the other does not. Do the certificates match on both servers, or are those details different?

If you can modify the DNS to only refer to one server, that may work, although I'm not sure if Lync does any kind of internally load-balancing where a busy server attempts to hand off connections. However, turning off one of the servers may cause issues if clients are still being referred there. You may want to consider something like Windows NLB, which can do round-robin when both servers are online, but handle all the request internally when one node is down:


That said, I think testing the servers in isolation is the only way to know for sure if one is causing the issues - I'd start with changing DNS to route to a single server (make sure you test both servers, though) and see if that resolves your issues (or makes them appear in 100% of cases), as then you'll know which server has the configuration issue.

Author Comment

ID: 41899491

both servers seems identical for the certificates. frontend servers aren't using VIP so URL is pointing to 2 DNS records in AD which belongs to both servers.  what I know is that frontend server do have a function built in called pairing where both servers updates itself at the front end without need help of SQL backend servers. it moves users from one pool to another.

I need to confirm that turning off or removing DNS entry for one of them  would not cause any other issues? there should be steps to follow if we need to take one server out of pool?
LVL 28

Accepted Solution

Ryan McCauley earned 2000 total points
ID: 41899698
I've never done it before, but removing a server from the pool looks pretty straightforward and may even be worth trying before you modify the DNS records:


Author Closing Comment

ID: 41907113
removed the node's DNS record in AD and updated it and added it back

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question