Lync 2013 – Adding QOS to Lync Servers, Lync Clients and Lync Phone Editions

Evening all

Not so much a black art to enable QOS for Lync 2013, but out on the internet there is to be honest alot of rubbish how NOT to do it.

In this blog post is the correct way to implement QOS for Lync 2013.

All in all its not a difficult job to undertake but you do have to make sure all your ports are correct it simply wont work.

Like many other blog post i will break this down into step by step instructions as a guide to help you along your way.

Information you might find useful can be found here from Microsoft. Personally i think this is more of a hinderance than a help.QoS on Lync 2013

ok lets start with basics which are needed for QOS.


Before starting you need to decide on the port ranges you are going to deploy as part of the QOS settings. Whatever you decide ensure these ports arent being used by other areas within your business.

For this blog, im going to use the standard port which are documented by Microsoft.Also as part of this blog guide i will also use the recommended DSCP setting again by Microsoft.

Media Type Classification
Queuing and Dropping Notes
Audio EF (DSCP 46) Priority Queue Low loss, low latency, low jitter, assured bandwidth (BW)
Video AF41 (DSCP 34) BW Queue + DSCP WRED Pair with WAN Bandwidth Policies on constrained links
SIP Signalling CS3 (DSCP 24) BW Queue Class 4. Low drop priority

Its also worth noting that whatever DSCP classification you choose needs to be mirrored on your core network and switches.

Scenario Starting port Ending port
Client audio 20000 20199
Client video 20200 20399
Client application sharing 20400 20599
Client File Transfer 20600 20799
Client Media 20800 20999
Server application sharing 40800 41000
Server audio 49000 55000
Server video 57000 60000

Now onto Step 2

Lync 2013 Powershell to add the Port ranges. This is whats known in the Lync world as Inband Provisioning.

Im going to add these items piecemeal into the sections relevant to lync, starting with the Lync Server estate

For me this will be my Lync Standard Edition. However for you, you need to add this to each of your Lync Servers (FE’s, Director’s, Etc)

For the Lync Pool enter the following powershell command within the Lync Management Shell.

Set-CsConferenceServer -Identity lyncse2.northernlync.local -AppSharingPortStart 40800 -AppSharingPortCount 200

Set-CsConferenceServer -Identity lyncse2.northernlync.local -AudioPortStart 49000 -AudioPortCount 6000

Set-CsConferenceServer -Identity lyncse2.northernlync.local -VideoPortStart 57000 -VideoPortCount 3000

——————- Now for the Application Servers————————-

Set-CsApplicationServer -Identity lyncse2.northernlync.local -AppSharingPortStart 40800 -AppSharingPortCount 200

Set-CsApplicationServer -Identity lyncse2.northernlync.local -AudioPortStart 49000 -AudioPortCount 6000

Set-CsApplicationServer -Identity lyncse2.northernlync.local -VideoPortStart 57000 -VideoPortCount 3000

NOTE: Change the -identity to the Pool name of your server

Next the powershell commands are for the Lync Client to communicate using QOS using GPO (ensure you add the same GPO port ranges to each Lync client machine)

Set-CsConferencingConfiguration -ClientAudioPort 20000 -ClientAudioPortRange 199 -ClientVideoPort 20200 -ClientVideoPortRange 199 -ClientAppSharingPort 20400 -ClientAppSharingPortRange 199 -ClientFileTransferPort 20600 -ClientFileTransferPortRange 199 -ClientMediaPort 20800 -ClientMediaPortRange 199

then again enable it via powershell

Set-CsConferencingConfiguration -ClientMediaPortRangeEnabled $True

and last up now for the in band provision for the Lync Phone Edition

Set-CsUCPhoneConfiguration -identity global -VoiceDiffServTag 46

STEP 3 – Adding group polices onto the Windows Machines and the Lync Servers

this is a simple but time consuming piece (And take note, ensure you get it correct as it will stop QOS from working if there is an error)

Lync Server GP First (Also ensure if your running separate Mediation and SBA gateways you will also need to ensure you add the GP’s onto them)

Audio & Video entries for the Lync Servers inc mediation, SBA’s using GPO on the servers

Audio: DSCP 46 for all applications on source TCP/UDP ports 49000:55000

Video: DSCP 34 for all applications on source TCP/UDP ports 57000:60000

For Edge Servers (if applicable), again using GPO

Client audio:   DSCP 46 for MediaRelaySvc.exe on destination TCP/UDP ports 20000:20199

Client video:  DSCP 34 for MediaRelaySvc.exe on destination TCP/UDP ports 20200:20399

Server audio:  DSCP 46 for MediaRelaySvc.exe on destination TCP/UDP ports 49000:55000

Server video: DSCP 34 for MediaRelaySvc.exe on destination TCP/UDP ports 57000:60000

Audio & Video Entries for the Windows client. Pass this information onto your network/deployment team to push the GPO out to all the windows clients

Audio: DSCP 46 for lync.exe on source TCP/UDP ports 20000:20199

Video: DSCP 34 for lync.exe on source TCP/UDP ports 20200:20399


– I would now recommend running wireshark from the Windows machines running Lync 2013, and also all the Lync Servers to ensure the packets are being marked. Also once you’ve confirmed this is working, do a audio call (peer to peer) and check QOS from both ends to ensure the core switches/routers are allowing the QOS markings and not dropping them on-route. Then do a Audio/Video call and so on until you’ve checked scenarios are working with QOS.

So at the end to summarise, you should have the following

Running Get-CSService -ApplicationServer & Get-CSService -ConferencingServer  will tell you the configured ports on the servers. Now on each of your Lync servers, these ranges need to match what you entered into the GPO setting on the servers.

— Lync Clients

Running get-CSConferencingConfiguration will tell you the port ranges the Lync Clients need to communicate on. Now ensure each Lync Client Machines GPO matches the port range details from the get-CS command.

Thanks Iain Smith

Lync 2013 – Sennheiser Presence UC Full Review

Evening All

On the 1st August we will see the introduction of the Sennheiser UC Presence bluetooth device. Although ive had a beta version of this product since March, two weeks ago Sennheiser sent me a official rtm version of the headset. On face value there seems to be nothing cosmetically different from the previous version i was using, however for those reading my previous ‘bluetooth headset’ review i stated that i found the headset perfect and clear on audio but found the device awkward to wear for long periods of time. With this in mind when i received the new rtm version i was keen to retry and test the new device.

The first thing which was different from the beta i got was that within the box there was numerous ear pieces and ear loops of different sizes. once I got settled on the one that fitted my ear and ear cannel i set about giving the device a run through it paces. Below is the results and synopsis of my findings.

Audio Quality

As stated in the other blog post the audio from this device and in truth all optimised Sennheiser devices for Lync the audio is exceptional. I think this is due to the digital mics within the headset which other vendors bluetooth options dont have.

I have the UC Presence linked up with Lync and with my mobile phone and from both items the audio is excellent.

Headset Comfort Factor

With the correct ear pieces in place i have worn and used the UC Presence for the last 2 weeks full time with making an asserted effort to keep it on my ear even when im not expecting a call. I have to say it became second nature and felt natural and comfortable. If you purchase one of these headsets when they become available be sure that you test each ear and loop piece options correctly.

Battery life

On full charge the battery life states 10 hours of talk time. I usually spend a couple of hours a day minimum on calls each day, and last week in 5 days i put the device on charge on the friday morning for 30 minutes and at this moment its still going without the need for charging.

Bluetooth Connection Distance

The literature stats 25mtrs from the mini bluetooth usb dongle, which in this day and age i think is enough but that said the latest Jabra Motion has a 125mtr range so you would think a 100mtr difference is massive so i did a litmus test against both devices on the distance.

My findings were that the Sennheiser was getting a distance around 22mtrs away then the voice was dropping its audio. whereas the Jabra Motions alleged 125mtrs is massively over stated in my test. I found that at best on the two tests i did, the motion got to 33mtrs away but the audio became ‘blocky’ and distorted at 27mtrs. (its worth noting that my tests were carried out within a business organisation).


The UC Presence is a really well made device, with audio which hands down beats the rest of the field in my opinion. At the time of writing im unsure of the exact price point but i would expect around £149rrp. If i was asked by my clients which bluetooth device i would recommend the UC Presence right up there at the top of my list. If there was any negativity from me it would be i do like the auto answer option that is available on the other vendors bluetooth device which the Sennheiser UC Presence doesn’t have.

All in all im really pleased with the device and its fair to say that the UC Presence is my mobile device of choice at the moment.


Iain Smith

Lync 2013 – August Lync client Update .1504

Hello All

Yesterday Microsoft released a new Lync client update as part of the windows update. (its also available via a download here. there doesn’t seem to be much of information about the update apart from in also has the other patches within it..

The issue this patch is fixing is

– After you wake up the computer from hibernation mode, Lync 2013 becomes very slow and unusable.

Ive been running the update for a day now with no issues.


Iain Smith


Lync 2013 – Configuration Guide for using JetNEXUS Appliance as Reverse Proxy


A couple of weeks ago i created a detailed blog about life after TMG and what offerings there are in the way of a reverse proxy for Lync going forward. In that blog posting i mentioned IIS AAR and KEMP as options, but failed to mention JetNEXUS. Sorry JetNexus. !! So for that reason as a small ‘sorry’ ive given headspace to building one of their appliance’s in my lab to use as a RP against Lync 2013.

Also the people in the UK who are unsure on supportability of other vendor appliances I can confirm that JetNEXUS are primary based within UK with their HQ in Buckinghamshire.

Thanks to Gary Christie for supplying me with the license and details needed.

as usual the below is the lowdown on my Lab environment for the blog

DC = Win2008r2, AD level 2008r2

Lync 2013 SE, running on Windows2012

Windows 7, running the Lync 2013 Client

Peripheral devices for testing iphone 5 running IOS7beta5, Windows Phone 8

STEP 1 – creating the Virtual Jet Appliance. For this i, running the HyperV version of the Appliance

In your Hyper-V Manager, client right click on the server and select > Import Virtual Machine


Once you’ve selected the import option goto the Folder containing the ALB-X subfolders which in my case is C:\Users\SMITIAI\Downloads\jetNEXUS ALB-X VA\ ****NOTE: if you dont unpack the folder first you wont find the VMs!

next through the screen until you get to the import type screen. At this point Click “Copy the virtual machine (create a new unique ID)”


‘Next’ through the rest of the screens until you can select the finish button.

Once your Jet appliance is import select to connect and start the VM


STEP 2 – Configuration of IP’s base config

The simplest way to configure the initial install is to use the Jet Discovery software which comes with the appliance. Simply open the .exe and it will find your running appliance (Jdiscover.exe is in the same folder as the VM’s and at the time of writing the version is 3.6.1)

****Just to point out something completely bizarre at this point. On start up of the appliance it automatically selects an IP address from DHCP, which in my case it did find DHCP and subsequently associated itself and IP of which was/is the same IP to which my Lync 2013 SE was/is running on.!!?? odd. for me to get round this i had to down the SE to allow the appliance to finish starting up then i could change the IP on the appliance.. Look out for this little gotcha

Back to running the .exe, as stated it will find the Rp automatically and at this point you can add the necessary changes to the base config


once you’ve applied the required settings, right hand click and select connect to webportal

At this point the installation is complete. Next step is the RP configuration

STEP 3 – Setting up the RP as a Lync Reverse Proxy

Navigate to the IP address you specified PLUS the :PORTNUMBER 27376 ie:


then apply the username and password (default is admin, password is jetnexus)

you will then jump into the jetnexus portal. The first thing im going to do in the portal is to update the password into a more sensible one. to do this you need to navigate to configure, security on the left hand pane


now onto further config work. Going to the Setup>appliance on the left hand pane i want to make sure my IP address for the RP is attached to the eth0 port.


If you did need to make any changes you just double click into the IP, Subnet etc to amend. Nice feature! (dont forgot to press update)

Im now going to add the default gateway into the RP


At this point nothing to taxing has taken place, so onto loading a jetpack. <A jetpack is a prebuilt configuration pack which you can get for Lync Frontend load balancing, Lync edge load balancing (both internal and External), exchange 2010, 2013 load balancing and last of all Lync Reverse Proxy )

Now to add the jet pack to my RP. to do this navigate to advance Software update. Of course you will have needed to created/download a jetpack first!.

I’m going to use the standard Lync RP jetpack then tweak to suit my needs


Now onto tweaking the appliance for my Lync environment

back to setup and IP services


lets now move onto importing our SSL cert to bind to the RP

to do this you need to navigate to the configure, then SSL

select import and selct your cert.


now lets bind the cert to the RP. now back to the setup, Ipservices and then select the actions TAB, then select SSL and use the dropdown to add your cert


now back to look and check your connection


and Finish

I must say the easiest of all the Reverse Proxy Appliances to set up for Lync. Using the LyncRP template was a breeze. Well done JetNexus, it was a simple setup and one i would recommend in the future.


Iain Smith

MVP Event – Cloud OS, Microsoft Offices London Cardinal Place

Hello All

Ever wondered what cloud OS is and how it can compliment your existing organisation. Well on the second week of September (9th through to the 13th Sept), the Microsoft MVP’s are putting on a event to tell/show you just that. The event is split into different formats for each day, so you can either attend all the days or cherry pick the one which is most relevant to you.

I hope you can attend as the event should be great. The event is open to everyone including MVPs, IT Professionals, Developers and Technical Decision Makers! 

Clicking the link before you can register your details to Microsoft.


9th to 13th September, join the MVP community

in London for a ‘real world’ look at the Microsoft Cloud OS



Monday 9th September at the Microsoft Office, Victoria, London

Join leading MVPs for a two track one day event that tackles the delivery of Enterprise data platforms and analytics solutions.


Please register to attend either track 1 or track 2:

  • Track 1 will focus on building the modern enterprise data platform. In a series of three presentations we will tackle the issues of architecture, application frameworks, data integration and data exchange; learning all about the challenges faced by the modern data tier developer. Most importantly, we will learn how to creatively overcome them by enhancing our processing efficiency and analytical capability. Register to attend


  • Track 2 will focus on the creation of Business Intelligence and advanced analytics solutions that utilise both structured and un-structured data. We will demonstrate the use of data mining and predictive analytics technologies and also demonstrate how advanced visualisation technologies can be used by business users to deliver the insight and action required to drive real value from data.

Register to attend



Tuesday 10th September at the Microsoft Office, Victoria, London

Join leading MVPs for a one day event to assist management and virtualization experts to understand the advances in the modern datacentre.


Each session will demonstrate how to:

  • Deliver best practices with Windows Server 2012 R2 and System Center 2012 R2
  • Lower costs through effective management of VMware and Hyper-V
  • Enable management of datacentres of any size!
  • Drive automation of complex applications with service templates


Register to attend



Wednesday 11th September at the Microsoft Office, Victoria, London

Join leading MVPs for a one day event focusing on technology that make up the Microsoft Integration Platform.  Allowing organisations to leverage a combination of cloud and on-premise applications through the hybrid integration pattern.


Sessions will include:

  • Windows Azure Service Bus
  • Windows Azure BizTalk Services
  • Microsoft BizTalk Server (both on-premise and Cloud Virtual Machine)


Register to attend



Thursday 12th September at the Microsoft Office, London, Victoria

Join leading MVPs for a one day event to understand how to manage your client devices in a single tool while reducing costs and simplifying management. Best of all, you can leverage your existing tools and infrastructure.


Sessions will include:

  • Helping with data security and compliance
  • Unified device management
  • What powers people-centric IT with Cloud OS?
  • Real World customer examples


Register to attend



Friday 13th September at Microsoft Office, Victoria, London

The explosion in devices, connectivity, data and the Cloud is changing the way we develop and deliver software.  New infrastructure services permit existing server applications to be “lifted & shifted” into theCloud.  Attend a one day event to hear from MVPs about how Microsoft’s data platform and development tools enable you to develop, test, and deploy applications faster than ever.


Sessions will include:

  • Infrastructure services,
  • Media services,
  • Service Bus  & Mobile services


Register to attend


Lync 2013 – Deploying Topology Error – Failed to save persmission of the fileshare (ACLError: Access permissions error)


Welcome to your Friday Lunchtime 1 a day blog post

This is something i see a few times within a Lync deployment. ive never got the bottom of why it sometimes happens and sometimes doesn’t.? I would be happy for comments on this.

The scenario is when you publish your topology into a site (greenfield or other) you are presented with a warning on the successful publishing stating that the topology failed to save the permissions.? You might have already selected ‘everyone’ on the share full control but that still doesn’t seem enough.



To get past this issue is to add the following extra groups to the fileshare permissions

– RTCHSUniversalServices

– RTCComponentUniversalServices

– RTCUniversalServerAdmins

– RTCUniversalConfigReplicator

make all full control


Simple fix


Iain Smith

Lync 2013 – Enabling Sharepoint SkillSearch within the Lync Client

Happy Lunchtime

Thursdays 1 a day Lunchtime blog post

In this blog we will look at how to enable SharePoint searching within the Lync 2013 client. This is super simple to implement as its only 4 powershell commands

step 1

Login into one of your frontend Lync server/s (if you are EE).

open up Lync Management Shell

Firstly what we will do is do a simple get command to get an understanding of whats already within the client policy

using PS type Get-CSClientPolicy


you will see the information associated with each identity. For this blog post I will be adding the sharepoint setting to the global policy

with this in mind run the bellow PS command specifying your sharepoint portal information
Set-CSClientPolicy -identity global –SPSearchInternalURL http://<server>.<domain>/_vti_bin/search.asmx
Set-CSClientPolicy -identity global –SPSearchExternalURL http://<server>.<domain>/_vti_bin/search.asmx
Set-CSClientPolicy -identity global –SPSearchCenterInternalURL http://<server>.<domain>/SearchCenter/Pages/PeopleResults.aspx

Set-CSClientPolicy –SPSearchCenterExternalURL http://<server>.<domain>/SearchCenter/Pages/PeopleResults.aspx

***Its worth running the URL into IE before you run these powershells into the policy.

Once you’ve completed this, using your lync client, logout and kill the lync process for the client then log back in. Now using CTRL-right click open up the lync configuration option

ensure that the paths are being picked up by the client.

now in the lync client type a search ie: Application Development and select ‘Skills’

if you return a lot of entries you will see the option at the bottom of the Lync client to open the results within SharePoint

And that’s it…

Sametime for tomorrow for Fridays Lunchtime blog

Lync 2013 – Enabling and Configuring Call Park


Wednesday’s 1 a day lunchtime blog post for this week

For this blog post its fairly straight forward, but I thought I would document it as the TechNet article I think doesn’t give you the full picture on what the config should be.

We will do a 80/20 split of the config with the main part of the setup being completed in the Lync Control panel and the remaining 20% part being completed in the Lync Management Shell.

Without further a do. lets start..

open up the Lync control panel and navigate to the Voice Routing selection on the left, then select the VoicePolicy area on the top panel.


Now Select your Voice Policy


Now select to enable call park, then select OK and then Commit your change

now select Voice Features from the left hand pane, then select call park from the top option


Now we will add the telephone number range,

select new, then give your call park a name, add the number range and also the pool to which associate the call park with. Now select OK


last thing we need to do is amend our dial plan as reteriving a parked call will ring between 1000 and 1005 WITHOUT a + at the start and therefore it will fail to connect. So what we need to do is add another dial plan rule to cater for the call park numbers.

Goto Voice Routing, select Dial Plan, then your dial plan. Now click new on the associated normalization rule.]


let now add the new rule for the call park numbers


DONT forget to test your rule and also move it up to the right order within the rule base.

thats it. set up. You can take the Call park a little bit further by running the powershell command Get-CSCpsConfiguration, instead of the Get you can do Set and change the amount of attempts to pickup the call, the amount of time the call will hold for before reverting back to the callee and also to allow music on hold. (if you wanted custom music on hold you would need to amend the CsClientPolicy path for music on hold)

Thats it for this lunchtimes blog posting


Iain Smith

Lync 2013 – KEMP Appliance as a Reverse Proxy WITH HIGH AVAILABILITY – Configuration Guide

Morning All

Following on from the previous post on using a KEMP Appliance as a reverse proxy, for this post im going to continue and run through how you set up multiple KEMP appliances in a HA scenario for Reverse Proxy’ing for Lync 2013. <It will also work for Lync 2010 as well>

As usual in my lab i will be using Lync 2013 SE. I will also be using 2x KEMP VLM100 Virtual Appliances with thanks to KEMP for the Licensing.

***If you are looking on how to set up a single KEMP Appliance as a RP please revert back to my previous blog posting here

Ok to set the scene. As i have a stated a Lync 2013 SE running on windows 2012. My DC is 2008r2, My Lync client machine is Win7.
I have my single KEMP appliance running and moving forward im now going to add a second appliance into the mix for HA.


Spin up the VLM of the second appliance and provide another IP address


The above image is the appliance on start up of the VM. Using the IP address specified on the image, using Firefox, Safari or Other navigate to that IP address and login using the username bal and password 1fourall. Then if needed add you license.


you will then be prompted with the home page of the appliance


–field notes

IP address of KEMP1 is and KEMP2 is

Now lets jump back to the first KEMP1 appliance and select system configuration, miscellaneous then HA parameters


select single HA in the drop down option, then accept the OK, and all the messages including the reboot option.


on reboot re-log back in using the same ip address which you set before. (in my case 1928.168.1.223)

Once logged into you will see a couple of new symbols stating that the first server is primed as HA1 applicance


now selecting the eth1 again we will go ahead and select/add our Ip addresses for both the first and second KEMP applicance

in my lab case i have set my IP address to (think of this as a sudo IP address which you set to administrator your appliances as once they are completely set up in HA mode you never go back into a individual appliance you set them from the .240 IP and this replicates to both Appliances)


At this point im happy with the first KEMP1 appliance and also im happy with my sudo IP. so know its time to add the second KEMP2 appliance into the HA pairing.

again using IE or other, navigate to the IP address you have for the second appliance. (in my case its


now like we did with the first appliance we need to select system configuration, miscellaneous, HA perimeters.

Then using the drop down select seconds HA


accept the prompt to add the second appliance into HA


now lets jump back to our sudo IP address and once the second appliance is rebooted you will see two green symbols stating the HA is set up, configured and working.


thats it.. I must say its slick and simple to set up. Well done KEMP

My lab is fully HA for Lync Reverse Proxy

Thanks for looking

Iain Smith

Lync 2013 – Configure Voicemail Escape

Hello All

Tuesday’s 1 a day lunchtime blog post for this week

For todays lunchtime blog posting, we are going to look at setting up and configuring Voicemail Escape.

What’s voicemail escape.??? well this is when you have simultaneous ringing set on your Lync 2013 with calls routing to both the Lync client and also to your Mobile/Cell via PSTN.

Why do I need voicemail escape.??? The gotcha and need is if your Mobile/cell is out of range OR busy OR turned off OR out of juice the call will get picked up straight away by the voicemail on the mobile/cell. What the voicemail escape does is it allows for this and ignores the mobile/cell trying to pick the call up instantly and sending it the the Mobile VM.

Adding the required powershell command will mean that if your mobile/cell is off etc, the call will continue to ring on your Lync client then it will route to the LYNC Voicemail as part of the Lync installation.

Using the Lync powershell command we need to add further config information to the Lync voice policies as part of the Lync installation.

Start the Lync Server Management Shell: <thanks to MS for the copy/Paste below>

Click Start, click All Programs, click Microsoft Lync Server 2013, and then click Lync Server Management Shell.

  • Specify the following parameters to Set-CsVoicePolicy:
    • EnableVoicemailEscapeTimer – Enables or disables the escape timer.
    • PSTNVoicemailEscapeTimer – Specifies the timeout value in milliseconds. The default value is 1500 milliseconds, and the value can range from 0 milliseconds to 8000 milliseconds.

<2000 milliseconds = 2 seconds>

Example of the powershell Command

Set-CsVoicePolicy <UserVoicePolicy> -EnableVoiceMailEscapeTimer $true – PSTNVoicemailEscapeTimer 2000

NOTE: its worth testing the milliseconds from smallest to higher number ie: 2000ms > 2500ms > 3000ms


once this is done, you can still in the powershell type Get-CSVoicePolicy ~ fl which will give you all the information/settings for the voice policies in Lync

That’s it for this blog posting. For your understanding now. Any calls to a user who has sim ringing enabled to their mobile/cell and to which there mobile/cell is turned off, the call will continue to ring and ignore the mobile/cell VM trying to pick up the call.

***Added note: you can take it a step further and add custom on-hold music etc as part of the voice policy etc. For information on this follow the TechNet article on configuring voice policies.


Iain Smith