Lync 2013 – Move Response Groups from Lync 2010 to Lync 2013

In this blog post are the details whats needed to move you Lync 2010 response group over to Lync 2013. in truth there isn’t much to it really, just a couple of powershell commands.

to start with if you run the Get command to find information from your Lync topology about the response groups.

For Example

Get-CsRGSConfiguration then enter your pool <FQDN of your Lync 2010 Pool> this will bring details back about the Response Group application associated with Lync 2010.

Next Step is to backup the response group information just in case anything goes wrong. In order to back up your Response Groups, you need to make sure you have the Lync 2010 Resource Kit tools installed. After you have the tools installed, within your Lync Management shell, change the directory to where you installed the resource kit and then run:

Import-Module .\RgsImportExport.ps1

This will load the Powershell module so that you can interact with the Response Group service of Lync 2010. The next step is to run the export command in order to export the configuration.

Export-CsRgsConfiguration <service:poolFQDN> -Filename <path and file name for backup>

Example: Export-CsRgsConfiguration ApplicationServer:pool01.northernlync.local -Filename “C:\”

Once this has exported we are now ready to migrate the response groups over from Lync 2010 to Lync 2013

In Lync powershell again we need to run the following commands

Move-CsRgsConfiguration -Source <Lync2010 Pool FQDN> -Destination <Lync2013 Pool FQDN>

eg: Move-CsRgsConfiguration -Source lyncse01.northernlync.local -Destination lync13pool.northernlync.local

Once this is complete, finally run a few commands in Lync Powershell to confirm the migration of the groups

Get-CsRgsAgentGroup  (ensure all the below is now pointing to the Lync 2013 environment 



thats it..



Lync 2013 – RTCSRV Frontend Service failing to start “showing as starting” PART 2 Certificate Store issue

Hello All

Here we are again for another blog post on a similar issue i posted about previous which was the RTCSRV service on the Lync 2013 front ends not starting.

This particular post is relating to the same RTCSRV service but this specific issue is Windows 2012 / r2 server build centric.

Ok so what was the problem.?? in both Standard and Enterprise edition builds you’ve ran through each element without issue, then you come to starting the services and bam, all of services start apart from the RTCSRV service which sits cycling on ‘starting’, so the first port of call for any issue like this is the event logs. At this point i was expecting the same damn issue with the quorum recovery due to the lync build still being RTM (not patched).

So after a quick glance at the event logs i ran in the updates to the topology. Jan 2014 updates. i then tried again with the service starting, and again it was stuck still cycling on the RTCSRV service. At this point i jumped back to the event logs as I’ve found that following the lync RTM build the information becomes a lot more ‘richer’ in content. As it happens this was the case, there was an error in the logs around certificates.? yet my installation was using an internal CA so why should i be getting these errors?

I checked the Internal CA for correct marking and trust, which all ticked out ok and then my next step was around certificates in general and the way windows 2012/r2 sees them differently. What i mean by this is the certs in the personal, intermediate and trusted root stores on windows 2008r2 server could in some cases be totally wrong and the lync services would start without issue. In Windows 2012/r2, Microsoft has done a lot of work around the certificate stores on the 2012 server build and put a lot more strict requirements within them. for example having a intermediate cert in the trusted root will throw an error in the event log. having duplicate trusts in the root trust will throw an error in the event log. etc etc

so what was the issue in my case. ? it was one i had seen before in a deployment and one which was totally unrelated to Lync and the Lync RTCSRV service. 

In the trusted root folder all certificates have to have a matching subject and issuer name or again an error would be thrown.. AND also having such an issue will stop the RTCSRV from starting for Lync.!!! crazy you might say.!

***What does Microsoft say about this.. Below

this is the event error in question

so to find this out there is a simple powershell command to run to identify this mismatched information on the trusted root certs.

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\temp\certinformation.txt”

Once you have the information from your txt file, jump over to MMC and the certificate store and locate these certs in the root CA and move them to the intermediate store. Once you completed this close powershell and reopen to recycle the powershell information and rerun the command again. This time around you should have no information in your txt file.

Now if your running Standard edition simply start your fronted services.. If your running the enterprise edition, i would personally run the quorum recovery command to bring your fronted into sync, this will also start the services.

Thats it. i hope this has help other out 






Lync 2013 – RTCSRV Frontend Service failing to start “showing as starting”

Good Morning

This blog post is one to talk through a situation experienced with a client recently. The scenario was the client had vanilla Lync 2013 Enterprise edition implementation with three front ends and a backend SQL. All of the servers were running Windows 2008r2 standard edition.

The installation had gone by design with no issues with the prior steps. on starting the services though i ran into a issue id personally never seen before with the RTCSRV service stuck recycling on ‘starting’ with no ending. (I left this for 2 days and it still didn’t finish’.

So what was causing the problem. This is what i did to track down the issue and resolve the problem. <Its probably worth noting that their is a lot on the tech net and other blog sites around this issue, and in some cases some of the suggestions i found are crazy and would break your Lync environment if ran>

  1. First step was to check event error logs for information..  > this proved fruitless as nothing in the way or a error or warning was showing against the start of the services.
  2. Check the binding of the trust on the certificate including the intermediately chain. > This checked out ok and the certificate was good to use.
  3. Get snooper running. Add SIP Stack and S4 all tracing and stop and start the service for the front-ends again while you have snooper running. NOTE: you will need to kill the RTCSRV process off by command. (first cmd, sc queryex RTCSRV, this will give your the process number. then run taskkill /f /pid <process number>)  > I ran this and again it checked out ok with no errors to be seen.
  4. Run some powershells command just to check the status of this Lync 2013 implementation just to ensure it did actually go ok.

These command were

  • Get-CSManagementstoreReplicationStatus > Check that the readings are true 

  • Get-CSpoolreadinessstate > this was ready

So what was my next step… After consulting other internal consultants on this (Thanks to the Modality Systems Guys), the next natural step was to patch the lync 2013 environment even with the issue. this is something i don’t usually do as i don’t like to muddy the water with patching until I’m happy that the implementation is working as expected. HOWEVER as Tom Arbuthnot mentioned there had been changes in the way things worked within Lync 2013 internally in patch CU4 so it was worth a shot to see if patching fixed this odd issue.

I patched all three Lync FEs and the Backend SQL upto CU January 2014 patch, and still NO the service was stuck on recycling. As with all things as a consultant you follow the same trodden path on investigation so again i set about looking in event logs and snooper. This time though in event logs there was a lot more information to view and one key line of relevance was the below warning showing.


Server startup is being delayed because fabric pool manager has not finished initial placement of users.


Currently waiting for routing group: {63BB8586-A9D8-5AF2-83FF-B5CE680594C0}.

Number of groups potentially not yet placed: 1.

Total number of groups: 1.

Cause: This is normal during cold-start of a Pool and during server startup.

If you continue to see this message many times, it indicates that insufficient number of Front-Ends are available in the Pool.


During a cold-start of a large Pool it can take upto an hour for the placement process to finish as it needs to populate all the Front-End databases with data from the Backup Store. If the Pool is running and the Front-End is just started, this is normal for some time. If this repeats for a long time, ensure that all the Front-Ends configured for this Pool are up and running. If multiple Front-Ends have been recently decommissioned, run Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery to enable the Pool to recover from Quorum Loss and make progress


What interesting about this is why has quorum got itself in a  twist.?? yes the servers have been rebooted but the issue was already showing before the reboots.? No servers have been removed from the pool so again this shouldn’t have affected the quorum state.

Anyhow i ran the quorum lossRecovery command.

Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery

 AND BOOM.. the frontend services started as expected.



  1. Always follow the same process in investigation work even after your patched your Lync environment. 
  2. DONT aways follow what people write on tech net forum and either you will end up chasing your tail, or more drastically breaking your already not working Lync environment.

Thats it for this blog post




Sonus SBC setup and Configuration VIDEO guide to Lync 2013, including PureIP SIP Trunking, T1/E1 Configuration


Hello All

Its been a couple of weeks since my last video guide. On request from other people within the UC community it was requested that i complete a installation guide around Sonus’s SBC Media Gateway appliance.

In this video guide details information on how to configure the gateway with a SIP trunk. (courtesy of PureIP). and also connection with T1 and E1 trunks.

NOTE: For those people who are interested in the T1/E1 element only this start 54 minutes

Please leave any comments of feedback as well as further guides which you might like to see.



Lync 2013 – Force the Lync client to always ‘show User Picture’ – video guide


Good Morning

This blog post and video guide describes how to force the Lync 2013 client to always show the end users Lync picture even after the user might have changed the setting not to show the picture.


To but a little bit of background around this, as with Lync 2010, Lync 2013 does not have the ability to block or stop a user from deselecting the option of showing their Lync picture.  This picture element is something I’m asked many times while working with customers.

I know this is something which we all would like as a option but as of today and as far as I’m aware this isn’t something close to Microsoft’s heart in fixing or providing a solution.

Also to confirm there isn’t any policies you can assign OR and registry setting to can associate to block the user changing their setting. So what solution and where is this setting stored….. Well its not in the xds database and actually its started within the front ends rtclocal database.

So to confirm before you go any further in the blog, I’m pretty certain that this solution will be one thats unsupported from Microsoft and also one that as we are going to change the rtclocal will be seen as a ‘borderline’ hack. Also i would like to point out I’ve ran this within my lab without issue for sometime, however i would suggest you test it within your lab area before you embark on using it in your production environment. <remember I hold no responsibility> 🙂

Ok no the small print is out of the way, what is the fix.. ?? Within the rtclocal there is a table called publishedstaticinstance which has a field that holds a massive binary value. As part of the challenge is to convert the binary into something thats readable and something we can update


Under the covers what this binary code states is DisplayADPhoto true/false.

So as part of the update we change for the status and update accordingly when the status is false.

As this is running on rtclocal, the way the guide runs this is via a scheduled task running a .ps1 powershell command. Also the SQL only checks the last 15 minutes of changes to reduce locks and database processing. Also the scheduled task I’ve created runs every 15 minutes so with the two you will never be out of sync with what a user is doing. (you could run this script more regular than every 15 minutes but given the requirement i think 15 is a good medium to use).

As for the SQL command some thanks go out to the tech net community as understanding the converts within the SQL was a slight challenge.

PS1. Script

function Enable-UserPhotos ($Domain, $OffSet) {(Get-CsPool (Get-CsComputer “$(hostname).$Domain”).Pool).Computers | % {Invoke-Sqlcmd -Query “update rtc.dbo.PublishedStaticInstance Set Data = CONVERT(image,convert(varbinary(4000),REPLACE(convert(varchar(4000),convert(varbinary(4000),Data)),'<displayADPhoto>false</displayADPhoto>’,'<displayADPhoto>true</displayADPhoto>’))) where [LastPubTime] >= DATEADD(mi,-$($OffSet),getdate()) AND convert(varchar(4000),convert(varbinary(4000),Data)) like ‘%<displayADPhoto>false</displayADPhoto>%’;” -ServerInstance “$($_)\RTCLOCAL”}
} Enable-UserPhotos -Domain ‘your domain name here’ -OffSet 15


Remember the script is changing the rtclocal database on the fronted and this will be seen as not supported by microsoft.!

Video guide below.


Iain Smith

Lync 2013 – Adding an Trusted Application using Johan’s SefaUtil GUI as the Demostration


Hello All

This blog post details how you would go about adding a trusted application to your Lync 2013 topology.

For this example I’m going to add the trusted application built by Johan Veldhuis which allows for configuration of the SefaUtil commands at a GUI level.

For the people who are unaware of what the Sefautil is. This is the extension features which is part of the Lync 2013 resource kit which allows for remote configuration of users call forwarding, sim ringing and call pickup group option. So essentially you can administer a users settings without whiteout actually visiting the users desk.

Johan has created a great utility which is GUI based as apposed to the powershell commands which is default to the sefautil running.

You can find details on Johan GUI here.

ok back to the trusted application piece. Creating a trusted application is the same process contrary to what the software application is which you are wanting to use.

Starting the trust..


Creating the new trusted application pool. For this we do need to initially run some powershell commands to get us going, but before we do that we need to find some information about our pool to add to the powershell command. to do this we need to run the following  PS Command

– Get-CsSite

New-CsTrustedApplicationPool -id <Pool FQDN> -Registrar <Pool Registrar FQDN> -site Site:<Pool Site>

eg: New-CsTrustedApplicationPool -id lyncse.northernlync.local -Registrar lyncse.northernlync.local -site Site:1

Once this has successfully completed, we then need to run our second powershell command

New-CsTrustedApplication -ApplicationId sefautil -TrustedApplicationPoolFqdn <Pool FQDN>  -Port 7489

eg: New-CsTrustedApplication -ApplicationId sefautil -TrustedApplicationPoolFqdn lyncse.northernlync.local  -Port 7489

Note: you will be prompted at both PS commands to run the enable-cstopolgy command. its at this point now you need to run it



We are now complete with the Lync management shell and the powershell commands for setting up a trusted application. (its also worth noting if you went into your Lync control panel or the Lync topology the application trust will now be showing within these areas)

So to complete our blog now we need to download the sefautil.exe which is part of the Lync 2013 resource kit which can be found here

go ahead and install it using the default locations etc. <default location \Program Files\Microsoft Lync Server 2013\Reskit.>


Now lets check that our commands do actually work from a cmd line approach. To do this we need to open up the normal command prompt but as Administrator and navigate to the default location path of the sefautil. (ABOVE Path).

Once you are within the Reskit folder run this command line

SEFAUtil.exe <user SIP address> /server:<Lync Server/Pool FQDN>

eg: SEFAUtil.exe /server:lyncse.northernlync.local

Running this will bring back the current call settings for the user.


Now the final piece of running Johan’s SefaUtil GUI.

to do this we need to head back to the Lync Management shell as Administrator and select Johan’s Powershell script. To do this navigate to the script (NOTE: you need to unzip the .zip file first)

Once your with the folder where the .ps1 file is located run the following command

start-sefautil -pool poolfqdn

eg: start-sefautil -pool lyncse.northernlync.local

<You will/might be prompt for a execution policy issue before the .ps1 will run.> If you are type this command set-executionpolicy Unrestricted. Then run the .ps1 command again.


Once the GUI is open you will have the ability to administer your users call settings.



Thank you for looking and below is the videoCast of me doing the above in my lab.

AND massive thanks from the Lync Comminitity goes to Johan for the excellent SefaUtil GUI.! You can find more information about Johan and the things he’s working on at his blog site.


Iain Smith