Thursday, December 30, 2010

Problems booting Cisco UCS Server Configuration Utility ISO to update firmware on UCS C Series servers

I’ve been tackling a RAID issue on one of the new Cisco UCS C210 M2 servers we’re adding to our production environment and since I’ve ran out of options, I thought maybe I should try updating the firmware.  What I noticed was that no matter which firmware ISO I downloaded from the Cisco download site:

  1. Server Standalone Host Utilities - standalone-host-utilities.1.2.2d.zip (there’s an ISO within this zip file)
  2. Server Configuration Utility – ucs-cxxx-scu-1.0.1.iso

… I would not be able to get it to boot over the console KVM through CIMC as I would never see the option of booting from the virtual CD/DVD device:

image 

What was interesting was that I tried to mount a Windows Server 2008 ISO and the screen does show the virtual CD/DVD device as being an option:

image

A ESXi 4.1 ISO also doesn’t have this problem and since I wasn’t in the office that day, burning a CD or DVD wasn’t an option so I began trying everything I could think of:

Didn’t work:  Unblocking the file before I tried mounting it.

image

Didn’t work:  Tried to mount the Windows Server 2008 ISO so that the virtual CD/DVD device would show up then map the firmware update ISO to try and boot from it.

Didn’t work:  Disabled all other bootable devices.

------------------------------------------------------------------------------------------------------------------------------------------------------

As I began running out of options and annoyed at the hours I’ve spent troubleshooting this (these servers take forever to reboot), I sat back and thought about what I’ve changed in the BIOS on this server that I haven’t done on the previous servers I’ve updated and after a few minutes of thinking, I realized I’ve disabled the Legacy USB Support in the BIOS because it’s a known issue that ESXi 4.x will have problems booting up if it was enabled. 

image

I went ahead and re-enabled it:

image

Tried booting from the firmware ISO and long behold:

image

image 

As it finally booted into the firmware update Linux kernel, I said to myself: “Who would have thought this legacy USB support would only affect these Cisco firmware update ISOs.”

One of the many reasons why the “Test E-Mail AutoConfiguration” for AutoDiscover fails with “(0x800C8203)”

While troubleshooting a Tanjay issue a week ago, we noticed that AutoDiscover wasn’t working properly when we used Outlook 2007’s Test E-Mail AutoConfiguration feature (simply press and hold the CTRL key and left-click on your Outlook 2007 icon):

image

… as it would continually fail with:

Autodiscover to https://autodiscover.internalDomainName.com/autodiscover/autodiscover.xml FAILED (0x800C8203)

image

Before I continue, let me state that the domain names for the company were:

External: domain.com

Internal: inside.domain.com

What was strange was that if I run the test with the default E-Mail Address as: username@inside.domain.com, the autodiscover test would fail but if I removed the “inside” from the email address, it would pass.  After troubleshooting for an hour and running low on options, I went ahead and logged onto the Exchange 2007 server, navigated to the users window, opened up the user account I was testing with to check the email address and this is what I saw:

image

I know it’s not easy to see since I had to blank out a lot of the fields but what I saw was that the SMTP address listed in the SMTP section only had the public domain name listed and not the inside.domain.com.  This was more or less of a hunch that I had after running out of options so I went ahead and created a username@inside.domain.com email address.

image

Once I created the email address and tried running the Test E-Mail AutoConfiguration feature, the results came back as completed without errors.

image

I did a fair bit of research while troubleshooting this issue and did not find any posts that had this solution to fix the issue so I hope this will help anyone out there that may come across this issue.

Publishing OCS 2007 R2 MOC through Citrix XenApp 6

We have a client that recently upgraded their old Citrix server to the latest XenApp 6 and have published Microsoft OCS 2007 Office Communicator to get an idea how well XenApp 6 can publish this application.  I don’t have a lot of details as to what works and what doesn’t as I wasn’t able to do any thorough testing with the client because we were troubleshooting something else but I’d have to say it was pretty cool to see the published MOC launch.

image

image

image

 image

What I was able to test were:

  1. PSTN call to my cell phone – Audio quality wasn’t great but I’m not sure if it was because I was speaking through my laptop’s microphone or something else.
  2. Desktop Share – I spent 3 hours using MOC published through Citrix to troubleshoot an issue with the client and other than losing control of the session (not sure if it’s Citrix related), the performance was pretty good.

One of the strange things I noticed was that if I hover over the window’s item in the taskbar, I would see “?????” beside the other person’s name.

I also took the time to ask the client if Citrix actually says MOC is supported and he said:

“Sales pitch says it is but the local client has to be version 12 or higher for the multimedia/sound to work.  There’s also a bug in the client with sound because it only uses the Windows’ local default sound devices and therefore isn’t all that useful when you have multiple devices such as a headset or speaker phone.”

Pretty cool stuff nonetheless.

“Internet Explorer cannot display the webpage” for Exchange 2007 OWA and Autodiscover

Ran into an interesting problem today when I had to reissue a new certificate that an Exchange 2007 CAS (Client Access Server) server was using.  I won’t go into the details as to why we had to reissue the certificate but once the new certificate was imported to the CAS server and the old certificate was deleted, we were no longer able to browse to our OWA webpage and autodiscover.xml page whether it was internal or external.  The error from Internet Explorer didn’t help either as all it displayed was:

Internet Explorer cannot display the webpage

What you can try:

Diagnose Connection Problems

More information

image

After checking all of the obvious, I went ahead and tried opening IIS (Internet Information Services) Manager to check the Site Bindings to see if there was even a certificate assigned for the HTTPS binding.  What I noticed was the following:

image

As shown in the screenshot above, there was no certificate assigned for the HTTPS binding and seeing how all of the directories whether it was owa or autodiscover had the require SSL checkbox selected, it was no wonder we received the error we saw in our browser.  Once we reselected the certificate, everything began working again.

Wednesday, December 29, 2010

New in UCS firmware 1.4 – CIMC Static Management IP assignment

I was told that one of the new features in UCS firmware version 1.4 was that you can now statically assign a CIMC management IP to the blades rather than having the IP randomly assigned from a Management IP Pool you’ve defined.  This definitely deserves a warm welcome as almost all of the clients I’ve worked with who have had B series blades deployed ask if there was a way to static assign the IPs so they match up to the blade slots.  Since I had needed to do a proof of concept with a brand new chassis and blade servers, I started poking around within UCS Manager with firmware version 1.4(1i) to try and find this new feature.  After browsing around for few minutes, I found that to get to the option, you will need to open the the Equipment tab then browse through the nodes: Equipment –> Chassis –> Servers –> Server #.  From there, click on the Inventory tab on the right window then click on the CIMC tab just under it.  Once in this window, you will see the option: Modify Static Management IP.

image

I haven’t read the new firmware 1.4 manual but what I noticed about this new feature are the following:

1. If you’re going to assign a static IP to the blades, do NOT create a pool with the IP or IPs you would like to assign because as soon as you create a Management IP Pool UCS will automatically assign it to a blade server and that IP or IPs will almost always never been sequential respective to the blades.  In the case when I created an IP pool with 1 IP, it was immediately assigned to blade 2. 

image

If you try to assign an IP that’s already assigned, you will receive the following:

MSG_USE_STATIC_FAIL

address is already assigned to sys/chassis-2/blade-#/mgmt/ipv4-pooled-addr

image

2. If you would like to assign a static IP to your blade servers, it would be best to first assign the IP to each blade:

image

image

Then proceed with creating a pool that includes that IP:

image

image

Noticed how the Assigned heading notes that 172.20.5.179 is Yes?

image

You might be wondering why I even chose to create a pool after assigning the static IP and my reasoning is because how else would you be able to keep track of what IPs you’ve used?  Again, I haven’t read the new administration guide so maybe there’s a view to review all the management IPs for each blade but all I found was this which did not appear to include a column for the management IP assigned to the blades:

image

Changing the admin password for Cisco UCS Manager

Yes, I know changing the admin password isn’t rocket science and it’s easy enough to do but what I noticed was that those who are not familiar with what you can left or right click in UCS Manager may have problems getting to the proper window to do it.  Also, I did a quick search on Google for this an noticed that the first 5 results are always about resetting a lost admin password which was when I thought: “Why don’t I write this blog post to help anyone that might be searching for it?”

Changing the admin account password with the GUI

Log into UCS Manager and navigate to the Admin tab, drill down the nodes: All –> User Management –> User Services –> Locally Authenticated Users –> admin and open the General tab:

 image

In the General tab, type in the new password in the Password and Confirm Password text box then click Save Changes button located at the bottom right hand corner.

image

Changing the admin account password with CLI

To disable this via the CLI, SSH to your fabric interconnect’s IP address and login.  Proceed and type the following commands:

  1. scope security
  2. set password
  3. commit

The CLI will ask you to enter the new password, then confirm it after you’ve typed in step #2.  Make sure you issue the 3rd command: commit or else the changes will not take effect.

The output should look something like this:

login as: admin

Cisco UCS 6100 Series Fabric Interconnect

Using keyboard-interactive authentication.

Password:

Using keyboard-interactive authentication.

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license. Certain components of this software are licensed under

the GNU General Public License (GPL) version 2.0 or the GNU

Lesser General Public License (LGPL) Version 2.1. A copy of each

such license is available at

http://www.opensource.org/licenses/gpl-2.0.php and

http://www.opensource.org/licenses/lgpl-2.1.php

wu6120-1-B# scope security

wu6120-1-B /security # set password

Enter new password:

Confirm new password:

wu6120-1-B /security* # commit

wu6120-1-B /security #

image

Fairly simple to do.

Disabling Cisco UCS Manager password strength / complexity check

A colleague of mine recently had to quickly set up a new UCS B series chassis and since we were deploying the new B230 M1 blades, the chassis was actually shipped with UCSM 1.4(1a).  The initial setup of the clustered Fabric Interconnects were pretty much the same but one of the behavior my colleague experienced was that a password strength / complexity check was now enforced (turned on).  He was in sort of a rush and couldn’t find the option to turn it off so he went ahead and set the password to meet the requirements.  Since I’m am now back from vacation and assigned the task to configure the blades to boot from SAN, he asked if I could turn it off.

While the this task is seemingly trivial, it did take me a few minutes to find the checkbox so I figure I’d write a post in case someone needs to find a quick answer through searching it with Google.

Disabling Password Strength / Complexity Check with the GUI

Log into the UCSM:

image

Navigate to the Admin tab, drill down the nodes: All –> User Management –> User Services –> Locally Authenticated Users and in the right window, uncheck the Password Strength Check checkbox:

image

Once you’ve unchecked the checkbox, proceed with clicking the Save Changes button on the bottom right hand corner.

Disabling Password Strength / Complexity Check with the CLI

To disable this via the CLI, SSH to your fabric interconnect’s IP address and login.  Proceed and type the following commands:

  1. scope security
  2. set enforce-strong-password no
  3. commit

The output should look something like this:

login as: admin

Cisco UCS 6100 Series Fabric Interconnect

Using keyboard-interactive authentication.

Password:

Using keyboard-interactive authentication.

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license. Certain components of this software are licensed under

the GNU General Public License (GPL) version 2.0 or the GNU

Lesser General Public License (LGPL) Version 2.1. A copy of each

such license is available at

http://www.opensource.org/licenses/gpl-2.0.php and

http://www.opensource.org/licenses/lgpl-2.1.php

wu6120-1-B# scope security

wu6120-1-B /security # set enforce-strong-password no

wu6120-1-B /security* # commit

wu6120-1-B /security # show enforce-strong-password

Password Strength Check: No

image

Pretty simple right?

New 1.4(1i) Cisco UCS Firmware for B Series Servers

I was recently told by my practice lead that we need to update our internal UCS B series chassis firmware version to version 1.4 earlier in the month.  I have to say that I’m terrible with keeping up with the “what’s new” or “what’s coming” for all of the products I work with because I’m always on deployments so unless I stumble across it during a deployment or hear it from a colleague, I usually don’t know until it’s released.  I’m sure my practice lead knows this and he was not surprised when I responded to his email about only knowing about the 1.3(1o) release (as of December 14, 2010).  Fast forward to 2 weeks later and being back from vacation, I noticed that 1.3(1p) has been released:

http://www.cisco.com/cisco/software/release.html?mdfid=282567938&flowid=7208&softwareid=282596409

image

After navigating around the download site, I finally found 1.4(1i) under:

Products –> Unified Computing –> Cisco UCS Infrastructure Software –> Unified Computing System (UCS) –> Infrastructure Software Bundle –> 1.4(1i)

http://www.cisco.com/cisco/software/release.html?mdfid=283612660&flowid=22121&softwareid=283655658&release=1.4(1i)&rellifecycle=&relind=AVAILABLE&reltype=latest

image

Note:  You won’t find this under the Cisco UCS Manager section.

So what does the UCSM GUI look like now?  Pretty much the same but with extra nodes!

image

Microsoft Lync Server 2010 Virtualization Requirements - Thinking out loud

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Update – February 26, 2011

A new virtualization guide has been made available!  Please see the following post:  http://terenceluk.blogspot.com/2011/02/new-server-virtualization-in-microsoft.html

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Update – January 27, 2011

I’ve noticed that I’ve received many hits on this post ever since I published it and to be honest, I actually questioned myself whether I’ve added any value to the topic because I was pretty much just going through the guide line by line and making interpretations with the content available.  I’d have to say that I wasn’t satisfied with how much text was in the post when I read through it again and I will try to make a better effect in laying Part #2 out in a better and easier to read format (if only I had the type of features and controls I have with Word).  I hope everyone who have read this finds more value than me. :)

You might be wondering right now what I meant by Part #2 and by that I mean that there’s going to be a new updated version in the following months.  There’s currently no ETA as of yet and since I’m not sure how much information I should provide about it, I’m just going to say that it’ll be much better and clearer than what we had to work with thus far.  In addition to the new guide, there will also be a new tool to assist in sizing the requirements for different physical and virtual topologies.  I was extremely stoked when I received this information today and I’m sure the guide and tool will provide us with a clear understanding of how to properly spec out our hardware.

In the meantime, I’ve already began scoping out the requirements for a few clients so if you don’t have anything to work with (the guide’s no longer available), I believe what we have below should provide a good starting point.

Stay tuned for Part #2 when the new guide becomes available!

------------------------------------------------------------------------------------------------------------------------------------------------------------------

I had a bit of time today to finally review the Microsoft Lync Server 2010 virtualization planning documentation from Microsoft and as I read through the document, I found myself lost at times. Since I had to deliver a report to one of our managers to get approval for procuring hardware, I began taking notes to try while interpreting what the requirements were. The following information I am going to post are my interpretation of what is required and may not be completely accurate so please don’t take this as an official Microsoft documentation on what is supported. With that being said, for those who don’t want to plow through the planning guide can probably use the following information to get an idea of what virtualizing Microsoft Lync Server 2010 looks like:

The document I was reading can be downloaded here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2da9fa26-e032-4dcf-b487-da916ddc508f

I’ve also checked the Microsoft Server Virtualization Validation Program here: http://www.windowsservercatalog.com/svvp.aspx?svvppage=svvpwizard.htm but it looks like Microsoft has updated it so Microsoft Lync Server 2010 isn’t listed as of today on December 29, 2010.

General Requirements

Question: Is virtualization supported for Microsoft Lync 2010 Server?

Answer: Yes

Microsoft Documentation Notes: Page 4

“Microsoft Lync Server 2010 communications software supports virtualization topologies that support all Lync Server 2010 workloads—instant messaging (IM) and presence, conferencing, and Enterprise Voice.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What virtualization platform is supported for Microsoft Lync 2010 Server?

Answer: Hyper-V (R2 version) and VMware 4.0

Microsoft Documentation Notes:

Page 4: “Windows Server 2008 R2 is required, and both the Hyper-V and VMware virtualization platforms are supported.”

Page 5: “Both the Windows Server 2008 R2 Hyper-V and VMware ESX 4.0 virtualization platforms are supported.”

Assumptions: I’m assuming only Hyper-V R2 is supported because of the improvements over the R1 version (i.e. memory, disk, network). Since the documentation doesn’t state VMware vSphere 4.1, I’m assuming it’s best to deploy this on 4.0.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What additional virtualization platform requirements should we be aware of?

Answer: If Hyper-V is being used as the virtualization platform, the software update described in Microsoft Knowledge Base article 981836 should be applied even though the KB states otherwise.

Microsoft Documentation Notes:

Page 5: “Both the physical host server and the virtual machine must run Windows Server 2008 R2 with the software update described in Microsoft Knowledge Base article 981836, "Network connectivity for a Windows Server 2003-based Hyper-V virtual machine is lost temporarily in Windows Server 2008 R2," at http://go.microsoft.com/fwlink/?LinkId=201212.”

Question: What additional guest virtualization requirements should we be aware of?

Answer: Whether Hyper-V or vSphere is the virtualization platform, Windows Server 2008 R2 should be used. Additionally, the software update described in Microsoft Knowledge Base article 981836 should be applied even though the KB states otherwise.

Microsoft Documentation Notes:

Page 5: “Both the physical host server and the virtual machine must run Windows Server 2008 R2 with the software update described in Microsoft Knowledge Base article 981836, "Network connectivity for a Windows Server 2003-based Hyper-V virtual machine is lost temporarily in Windows Server 2008 R2," at http://go.microsoft.com/fwlink/?LinkId=201212.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What network virtualization requirements should we be aware of?

Answer:

1. Each virtual machine should have its own physical adapter for network traffic in an Enterprise Edition deployment. In a Standard Edition deployment, the virtual machine should have two physical adapters.

2. Enable network adapters for VMQ (Hyper-V), NetQueue (ESX 3.5 & 4.0) or possibly VMware vSphere 4.x VMDirectPath for Microsoft Lync Server 2010 virtual machines. The reason why I stated “possibly” for “VMware vSphere 4.x VMDirectPath” is because the documentation does not specifically state it’s supported and I believe the older NetQueue technology from VMware is closer to Microsoft’s VMQ since VMDirectPath is much more advanced.

3. Increase the send/receive buffers to at least 1024 for each dedicated physical network adapter for the virtual machines.

Microsoft Documentation Notes:

Page 11: “On each host machine, install one network adapter for each virtual machine on the host server. Each network adapter must be dedicated to one of the virtual machines.”

Page 11: “Use network adapters enabled for Virtual Machine Queue (VMQ). VMQ is a virtualization technology for the efficient transfer of network traffic to a virtualized operating system. VMQ allows the VMs to filter the queue of packets within the network adapter, resulting in improved efficiency of network traffic. If you use these network adapters, you can enable VMQ for each virtual machine using the hypervisor’s management console.”

Page 11: “For each network adapter dedicated to virtual machines, increase the send/receive buffers to at least 1024. This helps to avoid packet loss.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: Can I collocate directory services infrastructure servers with Microsoft Lync Server 2010 roles?

Answer: No.

Microsoft Documentation Notes:

Page 8: “In addition to these virtualized components, your topology must also include Active Directory servers, DHCP and Domain Name System (DNS) servers, and certification authorities (CAs). These should run on different servers from those hosting the virtualized Lync Server components.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Standard Edition Requirements

Question: What is the supported Standard Edition topology?

Answer: Each Standard Edition server will support up to 2000 users. You can deploy additional Standard Edition servers on separate physical hosts which does not host other roles for more users.

Microsoft Documentation Notes:

Page 4: “Standard Edition server topology for proof-of-concept, pilot projects, and small businesses. This topology supports up to 2,000 users per virtual Standard Edition server.”

Page 4 & 5: “The user capacity for a single virtualized Standard Edition server is 2,000 users. You can add more user capacity by adding more virtualized Standard Edition servers. If you do so, each virtualized Standard Edition server must run on a separate physical host server, which does not host virtual machines running other Lync Server roles.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum hardware requirements for Standard Edition server?

Answer:

CPU: At least 4 cores per virtual machine running a Lync Server role. Next-generation 2.26 Gigahertz or greater processor recommended for best performance.

Memory: At least 15 gigabytes (GB) per virtual machine running a Lync Server role.

Disk: SAS drive with at least 500 GB.

Network: Two 1 gigabit per second (Gbps) network adapters (for details, see information later in this topic).

Microsoft Documentation Notes:

Page 5: See table.

Page 5: “For all of the virtualization topologies in this document, a next generation 2.26 Gigahertz or greater processor is recommended. These refer to processors reflecting the latest performance improvements, built after January 2009. We do not guarantee scalability on earlier-generation processors.”

Assumptions: I’m assuming this means any processors released by Intel or AMD after January 2009.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: How many concurrent users are supported for an A/V conference with the minimum hardware requirements stated in the planning guide for a Standard Edition server deployment?

Answer: Up to 100 concurrent users are supported.

Microsoft Documentation Notes:

Page 5: “This topology supports up to 2,000 users, with as many as 100 users concurrently connected to an A/V conference. Performance begins to degrade if more users than this are connected.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Enterprise Edition Requirements

Question: What is the supported Enterprise Edition topology?

Answer: Each virtualized Enterprise Edition front end server will support up to 5000 users and each A/V Conferencing server will support up to 10,000 users. You can deploy additional front end and A/V Conferencing servers on the same physical but additional resources will be required.

Microsoft Documentation Notes:

Page 4: “Data center topology, for larger deployments. This topology supports up to 5,000 users per virtual Enterprise Edition Front End Server.”

Page 7: “If you need to support fewer users, you can scale down, with one virtual Front End Server for every 5,000 users and one virtual A/V Conferencing Server for each 10,000 users.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: Can we deploy all server roles as virtualized servers in an Enterprise Edition topology?

Answer: Yes

Microsoft Documentation Notes:

Page 4: “The data center topology includes two options—one option with all server roles virtualized, and another that supports a mixing of physical and virtualized servers.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: Can we deploy a mix of virtual and physical servers for the server roles in an Enterprise Edition topology?

Answer: Yes

Microsoft Documentation Notes:

Page 4: “The data center topology includes two options—one option with all server roles virtualized, and another that supports a mixing of physical and virtualized servers.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Front End Server role in an Enterprise Edition deployment?

CPU: A 4 core next-generation 2.26 Gigahertz or greater processor.

Memory: At least 15 gigabytes (GB).

Disk: The document does not specifically state the storage requirements so the assumption is the same as Standard Edition where a SAS drive with at least 500 GB is required.

Network: One 1 gigabit per second (Gbps) network adapter (for each server role).

Microsoft Documentation Notes:

Page 6: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role” and “Virtual machines running on this host” as “Four Front End Servers” which appears to suggest that each physical host can have more than one front end server role hosted.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized A/V Conferencing Server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role.

Microsoft Documentation Notes:

Page 6: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role” and “Virtual machines running on this host” as “Four A/V Conferencing Servers” which appears to suggest that each physical host can have more than one A/V Conferencing server role hosted.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Director Server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role.

Microsoft Documentation Notes:

Page 6: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role” and “Virtual machines running on this host” as “Two Directors” which appears to suggest that each physical host can have more than one Director server role hosted. This differs from the front end and A/V conferencing server roles where 4 are allowed for those and only 2 are allowed for the Director.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Edge Server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role.

Microsoft Documentation Notes:

Page 7: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role” and “Virtual machines running on this host” as “Two Edge Servers” which appears to suggest that each physical host can have more than one Edge server role hosted. This differs from the front end and A/V conferencing server roles where 4 are allowed for those and only 2 are allowed for the Edge server role.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Monitoring Server and Archiving Server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role (per Monitoring and Archiving server).

Microsoft Documentation Notes:

Page 7: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role” and “Virtual machines running on this host” as “One server running collocated Monitoring Server and Archiving Server” which explicitly suggests that each physical host can have both Monitoring and Archiving server hosted.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Backend Server and File server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role (per backend and file server).

Microsoft Documentation Notes:

Page 7: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role” and “Virtual machines running on this host” as “One Back End Server and one file server” which explicitly suggests that each physical host can have both backend and file server hosted.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the server role collocation requirements for a virtualized Enterprise Edition deployment?

Answer: Although the requirement examples listed above show that the same Lync server roles are hosted on the same physical host, Microsoft states that you are allowed to combine different server role virtual machines on different physical hosts EXCEPT for the Edge server. While you can run multiple Edge servers on a single physical host, you cannot collocate these Edge server virtual machines on other physical hosts running other Lync roles.

Microsoft Documentation Notes:

Page 7: “Although in this example each host server runs virtual machines that are all running the same server role, you can combine virtual machines that are running different server roles on a single physical host, except for Edge Server. Multiple virtual Edge Servers can run on the same physical host, but cannot run on the same physical host as virtual servers running other Lync Server server roles. If you do combine virtual machines running different server roles on one host, follow the resource requirements of each role.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What if I want to scale down the deployment? How do these requirements change since they’re recommended for 5,000 users in an Enterprise Edition deployment?

Answer: I could not find any reference in the document about scaling down hardware requirements. It looks like the information provided only allows you to scale down to as low as 5,000 users.

Microsoft Documentation Notes:

Page 7: “If you need to support fewer users, you can scale down, with one virtual Front End Server for every 5,000 users and one virtual A/V Conferencing Server for each 10,000 users.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What if I want to scale up the deployment? How do these requirements change since they’re recommended for 5,000 users in an Enterprise Edition deployment?

Answer: Each virtualized Enterprise Edition front end server will support up to 5000 users and each A/V Conferencing server will support up to 10,000 users. You can deploy additional front end and A/V Conferencing servers on the same physical but additional resources will be required.

Microsoft Documentation Notes:

Page 4: “Data center topology, for larger deployments. This topology supports up to 5,000 users per virtual Enterprise Edition Front End Server.”

Page 7: “If you need to support fewer users, you can scale down, with one virtual Front End Server for every 5,000 users and one virtual A/V Conferencing Server for each 10,000 users. You can also scale up by adding more Front End pools and virtual machines running other server roles.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What’s an example of a 80,000 topology deployment?

Answer: The following servers will be deployed:

  • Sixteen Front End Servers (split into two Front End pools)

16 * 5,000 (users per front end server support) = 80,000.

  • Two Back End Servers (one for each Front End pool)

Since the document does not specifically states how many users each back end server supports, my assumption would be that one back end server either supports:

a) 1 pool

b) 40,000 users

I believe the reason is most likely a) rather than b).

  • Eight A/V Conferencing Servers

8 * 10,000 (users per A/V Conferencing server support) = 80,000.

  • Four Directors

Working out the math as 80,000 / 4, this appears to suggest that each Director server supports at least 20,000 users.

  • Four Edge Servers

Working out the math as 80,000 / 4, this appears to suggest that each Edge server supports at least 20,000 users.

  • One Monitoring Server and Archiving Server

This appears to suggest that each Monitoring and Archiving server will support at least 80,000 users.

Microsoft Documentation Notes:

Page 7 & 8: See list.

Assumptions: The list does not list the file server so I will assume you need another virtualized file server on a host hosting any other role except for the Edge servers as well as having enough cores, memory and disk to support it.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the physical processor, cores and memory considerations in an Enterprise Edition deployment?

Answer: Each virtualized Enterprise Edition server roles MUST have 4 dedicated cores and 16GB of dedicated memory. Since I’m more familiar to VMware terms than Hyper-V, I will use VMware terminology for this:

This appears to suggest that CPU affinity, CPU and memory reservations for each virtual machine hosting a Microsoft Lync Server 2010 server role.

Microsoft Documentation Notes:

Page 8: “Each virtual machine must have 4 dedicated cores and 16 GB of dedicated memory.”

Assumption: These assumptions are based on my experience with the Cisco Unity supported configuration in a VMware virtualized environment.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What is the total amount of users supported concurrently to an A/V conference in a virtualized data center topology?

Answer: As many as 125 users are supported for concurrently connected to an A/V conference.

Microsoft Documentation Notes:

Page 8: “The virtualized data center topology supports as many as 125 users concurrently connected to an A/V conference. Performance begins to degrade if more users than this are connected.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Mixed Data Center Topology - Enterprise Edition Requirements

Question: What is the requirement for the front end server role in a mixed physical and virtual topology?

Answer: If a mixed server topology is to be deployed, all front end servers must be virtualized.

Microsoft Documentation Notes:

Page 8: “In the topology for a mixing of physical and virtual servers, all Front End Servers must be virtualized. All other server roles can be a mix of physical and virtual.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Front End Server role in an Enterprise Edition deployment?

CPU: A 4 core next-generation 2.26 Gigahertz or greater processor.

Memory: At least 15 gigabytes (GB).

Disk: The document does not specifically state the storage requirements so the assumption is the same as Standard Edition where a SAS drive with at least 500 GB is required.

Network: One 1 gigabit per second (Gbps) network adapter (for each server role).

Microsoft Documentation Notes:

Page 8: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role”.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized A/V Conferencing Server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role.

Microsoft Documentation Notes:

Page 9: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role”.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Director Server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role.

Microsoft Documentation Notes:

Page 9: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role”.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Edge Server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role.

Microsoft Documentation Notes:

Page 9: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role”.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Monitoring Server and Archiving Server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role (per Monitoring and Archiving server).

Microsoft Documentation Notes:

Page 9 & 10: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role”.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What are the minimum requirements for a virtualized Backend Server and File server role in an Enterprise Edition deployment?

CPU, Memory, Disk, Network: Same as front end server role (per backend and file server).

Microsoft Documentation Notes:

Page 10: See table.

Assumptions: The table listing the requirements states “For each virtual machine running a Lync Server Role”.

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What if I want to scale up or down the deployment? How do these requirements change since they’re recommended for 5,000 users in an Enterprise Edition deployment?

Answer: I could not find any reference in the document about scaling down hardware requirements. It looks like the information provided only allows you to scale down to as low as 5,000 users which is the same as a completely virtualized Enterprise Edition topology.

Microsoft Documentation Notes:

Page 8: “. If you need to support a different number of users, you can scale up or down, with one virtual Front End Server for every 5,000 users and one virtual A/V Conferencing Server for each 10,000 users.”

------------------------------------------------------------------------------------------------------------------------------------------------------

Question: What’s an example of a 40,000 topology deployment?

Answer: The following servers will be deployed:

  • Eight Front End Servers (does not specify amount of Front End pools so assume one). All front end servers need to be virtualized.

8 * 5,000 (users per front end server support) = 40,000.

  • Four A/V Conferencing Servers. 4 if virtual and 2 if physical. This appears to suggest that if 2 physical servers are used, it will be sufficient for 40,000 users. Unfortunately, the table does not specify the hardware requirements for the physical servers which I believe are located in another planning guide.

4 * 10,000 (users per A/V Conferencing server support) = 40,000.

  • Two Directors. 2 if virtual and 1 if physical. This appears to suggest that if 1 physical server is used, it will be sufficient for 40,000 users. Unfortunately, the table does not specify the hardware requirements for the physical servers which I believe are located in another planning guide.

Working out the math as 40,000 / 2, this appears to suggest that each Director server supports at least 20,000 users.

  • Two Edge Servers. 2 if virtual and 2 if physical. This appears to suggest that if 2 physical server is used, it will be sufficient for 40,000 users. Unfortunately, the table does not specify the hardware requirements for the physical servers which I believe are located in another planning guide.

Working out the math as 40,000 / 2, this appears to suggest that each Edge server supports at least 10,000 users but this differs from what the math works out for the fully virtualized topology. My guess is that the reason for 2 servers is not calculated by the amount of users.

  • One Monitoring Server and Archiving Server. 1 if virtual and 1 if physical. This appears to suggest that a physical server also supports 40,000 users.

This appears to suggest that each Monitoring and Archiving server will support at least 40,000 users.

  • One Back End server and one file server. The table does not explicitly state the differences between virtual and physical but based on what is stated for a completely virtualized topology, my assumption would be if the 2 servers are to be virtualized, we will need to have 4 cores, 15GB memory and required disk space allocated for each role (back end and file server). If the servers were to be physical, 2 servers will be required since it’s not best practice to user a SQL server as a file server coming from a Windows best practice perspective.

Since the document does not specifically states how many users each back end server supports, my assumption would be that one virtualized or physical back end and file server will support at least 40,000 users.

Microsoft Documentation Notes:

Page 10, 11 & 12: See list.

------------------------------------------------------------------------------------------------------------------------------------------------------

Tuesday, December 28, 2010

How to automate the removal of the values for a user’s msExchUMDtmfMap attribute

We’ve finally completed a company wide migration from a Nortel BCM PBX to OCS 2007 R2 with Exchange UM as their auto attendant and voicemail solution just before the holidays and with migration of all the users to their new telephony solution comes a problem that the manager there and I knew we would need to address. 

Problem

This particular client I’ve been working with over the past year is a law firm that focuses on a variety of services.  One of the practices a partner manages is a group that deals with clients who constantly call for an update on their case and most of the time there are no updates because cases get dragged on by the courts.  In the old Nortel BCM solution, the manager there was able to fully control who the auto attendant can look up when a caller uses the dial by name feature but with Exchange Unified Messaging, the process of generating these lookup entries are automatic.  So what do I mean by automatic?  The way that Exchange Unified Messaging performs lookups for users is actually through the attribute: msExchUMDtmfMap as shown in the following screenshot:

image

image

This can be found using the ADSIedit utility bundled with the Windows Support Tools that allows you to edit the Active Directory database.  All you need to do is open this utility, connect to the domain containing the user object, navigate to the OU and open up the properties window:

image

The process of removing the values this way are quite straight forward but the behavior of Exchange Unified Messaging is to run the GAL Grammar generation according to a schedule and this happens every night.  To see the schedule, you can execute the following PowerShell cmdlet:

Get-UMServer | fl

…which will output something similar to this:

[PS] C:\Documents and Settings\tluk>Get-UMServer | fl

Name                      : UM01
MaxCallsAllowed           : 100
MaxFaxCallsAllowed        : 100
MaxTTSSessionsAllowed     : 50
MaxASRSessionsAllowed     : 50
Status                    : Enabled
Languages                 : {en-US}
DialPlans                 : {someDialPlan}
GrammarGenerationSchedule : {Sun.2:00 AM-Sun.2:30 AM, Mon.2:00 AM-Mon.2:30 AM,
                            Tue.2:00 AM-Tue.2:30 AM, Wed.2:00 AM-Wed.2:30 AM, T
                            hu.2:00 AM-Thu.2:30 AM, Fri.2:00 AM-Fri.2:30 AM, Sa
                            t.2:00 AM-Sat.2:30 AM}
IsValid                   : True
OriginatingServer         : dc03.someCompany.com
ExchangeVersion           : 0.1 (8.0.535.0)
DistinguishedName         : CN=UM01,CN=Servers,CN=Exchange Administrative Gro
                            up (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=
                            Company,CN=Microsoft Exchange,CN=Services,CN=Confi
                            guration,DC=someCompany,DC=com
Identity                  : UM01
Guid                      : 0e5f2012-af0e-4d95-9206-1633deebf38c
ObjectCategory            : someCompany.com/Configuration/Schema/ms-Exch-Exchange
                            -Server
ObjectClass               : {top, server, msExchExchangeServer}
WhenChanged               : 11/10/2010 10:54:27 AM
WhenCreated               : 12/6/2007 12:27:23 AM

[PS] C:\Documents and Settings\tluk>

image

The idea of having to go in and removing the attribute via ADSIedit everyday wasn’t exactly all that appealing to the client so the 2 ideas I had in mind where:

1. Is there a way to disable a specific user during the generation process?

2. Somehow script the removal process with ldifde or csvde.

The answer to question #1 is that there isn’t after confirming it with Microsoft so I followed up with them about using one of the commands for #2 and I got an answer which I fully tested confirming it works.

Solution

The solution I got from Microsoft was to use the ldifde command with a ldf file used for importing.  Start by opening notepad and enter the following:

dn: CN=Terence Luk,OU=Systems Consultants,OU=SomeOU,OU=Employees,DC=someDomain,DC=com

changetype: modify

delete: msExchUMDtmfMap

-

image

**Note that you don’t need the spaces in between the 4 lines above.  They’re there because Windows Live Writer automatically inserted them.  Also note that the dash “-“ is required or the ldifde command will error out.

Save the file as an .ldf file (in this example, I used: RemoveDTMF.ldf).

To test whether you had your syntax and distinguished name entered correctly, you can execute the following command:

ldifde -i -f C:\RemoveDTMF.ldf

image

Once you hit enter, you should see something similar to the following output:

Connecting to "someDC.someDomain.com"

Logging in as current user using SSPI

Importing directory from file "C:\RemoveDTMF.ldf"

Loading entries..

1 entry modified successfully.

The command has completed successfully

C:\>

image

Now when you browse the properties of the user object, you should see the variable with the value set as <Not Set>:

image

image

If you want to retest this again, you can force Exchange to regenerate these values for the users in the dialplan by executing:

galgrammargenerator.exe -d dialPlanName

This command can be found in the <drive where you’ve installed Exchange>\Program Files\Microsoft\Exchange Server\Bin.  Once executed, this will generate the DTMF mappings for all the UM enabled users within the dial plan you’ve specified and output something similar to the following:

E:\Program Files\Microsoft\Exchange Server\Bin>GALGRAMMARGENERATOR.exe -d officeDialPlan

======================

GalGrammarGenerator started. Time: 12/27/2010 8:00:02 PM

GalGrammarGenerator finished. Time: 12/27/2010 8:00:03 PM

E:\Program Files\Microsoft\Exchange Server\Bin>

image

From here on, you should be able to create a batch file that executes this command with the .ldf file you’ve created to remove the DTMF mappings for as many users as you like through scheduling this with Windows Scheduled Tasks:

image

It’s important to note that in order to execute this ldifde command, you will need the appropriate permissions to the domain so the account you specify for the scheduled task will need permissions to remove the values of this attribute for users.

Potential problems you may encounter

While testing this ldifde command out, I ran into 3 problems that I thought is worth mentioning here:

Potential Problem #1 – Incorrect Distinguished Name entered

If you did not type in the distinguished name properly for the ldf file, you will receive the following output when executing ldifde command:

C:\>Ldifde -i -f C:\RemoveDTMF.ldf

Connecting to "someDC.someDomain.com"

Logging in as current user using SSPI

Importing directory from file "C:\RemoveDTMF.ldf"

Loading entries.

Add error on line 1: No Such Object

The server side error is "Directory object not found."

0 entries modified successfully.

An error has occurred in the program

No log files were written. In order to generate a log file, please

specify the log file path via the -j option.

C:\>

image

If you receive this error, you probably have the incorrect DN (distinguished name) specified for the user object in your ldf file. To avoid errors especially when the domain has a lot of OUs nested, I would suggest opening up the user object’s properties to copy and paste the distinguishedName attribute value:

image

Potential Problem #2 – Missing “-“ in the ldf file

image

If you forget to include the “-“ at the end of the the 3 lines entered in the ldf file, you will receive the following error:

C:\>ldifde -i -f c:\RemoveDTMF.ldf

Connecting to "someDC.someDomain.com"

Logging in as current user using SSPI

Importing directory from file "c:\RemoveDTMF.ldf"

Loading entries.

There is a syntax error in the input file

Failed on line 3. The last token starts with 'm'.

The change-modify entry is missing the terminator '-'.

0 entries modified successfully.

An error has occurred in the program

No log files were written. In order to generate a log file, please

specify the log file path via the -j option.

C:\>

image

Simply include the “-“ (without the quotes) at the end of the 3 lines you’ve specified for the user and this error will go away.

Potential Problem #3 – There are no values for the msExchUMDtmfMap attribute

You will receive the following error from the ldifde command if the user object you specify does not have any values in the msExchUMDtmfMap attribute:

C:\>Ldifde -i -f C:\RemoveDTMF.ldf

Connecting to "someDC.someDomain.com"

Logging in as current user using SSPI

Importing directory from file "C:\RemoveDTMF.ldf"

Loading entries.

Add error on line 1: No Such Attribute

The server side error is "The attribute specified in the operation is not presen

t on the object."

0 entries modified successfully.

An error has occurred in the program

No log files were written. In order to generate a log file, please

specify the log file path via the -j option.

C:\>

image

While there really isn’t any harm done here, you should try to schedule this task sometime after the attribute values have been created for the user.