Breaking Down the Lync File Share

March 1, 2013 by · 39 Comments 

This article outlines the default folder structure and permissions created on the File Share when deploying a Lync 2013 Server Front End server or pool.  Optional Lync services (like Persistent Chat) can trigger the creation of additional folders in the directory but for the purposes of this article only the default folders for a Standard Edition server are covered.

The general guidance is to manually create a new file share on the desired server and then set the share permissions to grant Full Control to the Administrators group.  This will insure that the administrator account performing the Lync Server deployment will have sufficient rights to the file share and NTFS Access Control Lists (ACL) so that when publishing the Lync Topology the proper configuration is applied.

For the examples used in this article a single Standard Edition Lync 2013 Front End Server was deployed and the changes were captured to identify the default configuration for Lync.  Although Lync 2010 uses nearly the same configuration there are a few changes to the folder structure among the various Web Services subfolders.

Root Directory

Prior to publishing the initial configuration of the Lync Topology the pool or server file share in this example was created at the root of the C: drive on the desired server.  The Lync Front End server itself was used in this environment which is allowed only for Standard Edition servers, Enterprise Edition pool servers can not be collocated with the file share data as it must be hosed on a separate server or servers.

After every successful instance of publishing the topology (regardless of what has changed) Lync will refresh the correct permissions (if needed) on the directory structure throughout the file share.  Thus if any undesired changes are made to any of the file structure permissions simply re-publish the topology in Lync to repair the configuration.

The following Access Control Entries (ACE) are assigned to the root directory of the Lync file share, in addition to any rights which might already assigned to that specific folder or any inherited from a parent folder.

Principal Access
NETWORK SERVICE Change
RTCHSUniversalServices Change
RTCComponentUniversalServices Change
RTCUniversalServerAdmins Change
RTCUniversalConfigReplicator Change
RTC Local Administrators Change
RTC Local Config Replicator Change
RTC Server Local Group Change
RTC Component Local Group Change

The root of the file share contains three primary folder used to store shared Server Application data, Central Management configuration data, and data used by the various Web Services in Lync. 

image

These folder names are encapsulated in digits which denote the Site and Pool instance that each folder belongs to.  The folder naming convention is <Site ID>-<Service ID>-<Pool ID>. In the above example the minimum folder configuration would reflect a single Site (ID 1) and Pool instance.  If a Director server was later added to the existing site then a new folder would be automatically created as “1-WebServices-2” and if a second pool was deployed then that would be called “1-WebServices-3” and so on.  In the event that a second site was defined and any pools are deployed in that site then new folders starting with “2-“ would be instantiated as well.

Application Server

The “1-ApplicationServer-1 folder contains data utilized by Lync applications like Call Park, Response Groups, and Call Admission Control.  Within the child “AppServerFiles” folder the following three subfolders will exist be default.

image

  • The CPS folder is used by the Call Park Service.

  • The PDP folder name stands for Policy Decision Point and is used by Call Admission Control (CAC) to distribute policies defining some of the CAC rules.

  • The Rgs folder is used by the Response Group Service to store common data like Music On Hold audio files (.wav) configured on a Hunt Group.  The “Rgs\Instances” and “Rgs\Queues” folders should contain a subfolder for each response group that is defined in the topology, but with nonsensical names reflecting a GUID associated to each one.  There may also exist an “Rgs\Temp” folder which seems to store the originally uploaded music file.

The AppServerFiles directory is configured when publishing the topology with the following file permissions.

    • C:\LyncShare\1-ApplicationServer-1\AppServerFiles
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCComponentUniversalServices Modify This folder, subfolders, and files
RTCUniversalServerAdmins Modify This folder, subfolders, and files
RTC Server Local Group Modify This folder, subfolders, and files
RTC Component Local Group Modify This folder, subfolders, and files
 

Central Management

The “1-CentralMgmt-1” folder is used by the Central Management Server to temporarily store replication data sent to and from other active replication partners defined in the topology in the form of data.zip files containing XML data.

image

Under various subfolder (e.g. replicas, working\fta, etc) will be a list of all the Computer objects defined in the Topology which are enabled for replication.  The following screenshots demonstrate how only the 4 objects enabled for replication will have an associated folder.

image

image

The CMSFileStore directory is configured when publishing the topology with the following file permissions.

  • C:\LyncShare\1-CentralMgmt-1\CMSFileStore
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCUniversalConfigReplicator Modify This folder, subfolders, and files
RTC Local Config Replicator Modify This folder, subfolders, and files
 

Web Services

From the introduction of web service applications in LCS to the latest release of Lync the amount of new features and functionality provided by IIS has grown steadily.  In Lync Server 2013 the following subfolders will appear by default under the “1-WebServices-1” folder.

image

  • The ABFiles folder is probably the most familiar of all the web services as this folder stores the Lync Address Book files for distribution to many different Lync client types (e.g. Windows, Lync Phone Edition).  At minimum a singe subfolder will exist using the default msRTCSIP-TenantID of all zeros (00000000-0000-0000-0000-000000000000).  In a multi-tenant environment each unique tenant ID will have an associated folder of its own.  The next level down will include another folder name with a string of zeros for the msRTCSIP-GroupingID which is used to create different address book file groups within the same tenant ID.  Finally this folder will store the various *.lsabs and *.dabs files which are downloaded directly by Lync clients.  Additionally the Invalid_AD_Phone_Numbers.txt file can be found in this directory.

image

  • The CollabContent, CollabJournal, and CollabMetadata folders are all used to store data associated with Lync multi-party conferences.  Any attachments or PowerPoint files which are uploaded by Lync or Lync Web App attendees are stored by the server in the CollabContent directory underneath a subdirectory associated with the specific conference’s Focus ID.

image

  • The DataConf folder is new in Lync 2013 and stores conferencing data like whiteboarding information.

image

  • The DeviceUpdateLogs folder contains various types of logs files for Lync Phone Edition devices.  The Client subfolder contains Windows CE (.clg1)  and Dr.Watson (.log & .kdmp) files which are uploaded from Lync Phone Edition devices.  These files are primarily meant to be used by Microsoft PSS as they require special tools (e.g. readlog.exe) to open and read.  The Server subfolder contains daily log files created by the RequestHandler web application which report whenever a device queries the server for any new potential firmware update files.

image

  • The DeviceUpdateStore folder is where Lync saves any device update files which are published using the Import-CsDeviceUpdate cmdlet.  There are two potential subfolders names depending on if any updates have been imported for any Lync phones.  For all Lync Phone Edition devices the subfolder UCPhone is used to store each update package for every individual manufacturer, model, hardware revision, locale, and firmware version.  For Lync Qualified devices a subfolder called 3PIP will be automatically created when importing any updates for these devices. (3PIP is shorthand for Third Party Interoperability Program).

image

image

  • The LMStaticData folder is another folder which can be used to store web conferencing related data.

  • The StorageService folder is new in Lync 2013 and is used by the Lync Storage Service (LSS) to store data that it uses with Exchange Server 2013 for a back-end data store.

  • The WebAuthStore folder stores copies of previously issued server certificates.

image

The following directories are configured when publishing the topology with the following file permissions.

    • C:\LyncShare\1-WebServices-1\ABFiles
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCHSUniversalServices Modify This folder, subfolders, and files
RTCComponentUniversalServices Read & Execute This folder, subfolders, and files
RTC Server Local Group Modify This folder, subfolders, and files
RTC Component Local Group Read & Execute This folder, subfolders, and files
 
    • C:\LyncShare\1-WebServices-1\DeviceUpdateLogs
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCComponentUniversalServices Modify This folder, subfolders, and files
RTCUniversalServerAdmins Modify This folder, subfolders, and files
RTC Server Local Group Modify This folder, subfolders, and files
RTC Component Local Group Modify This folder, subfolders, and files
 
    • C:\LyncShare\1-WebServices-1\DeviceUpdateStore
Principal Access Applies To
NETWORK SERVICE Read & Execute This folder, subfolders, and files
RTCComponentUniversalServices Read & Execute This folder, subfolders, and files
RTCUniversalServerAdmins Modify This folder, subfolders, and files
RTC Server Local Group Modify This folder, subfolders, and files
RTC Component Local Group Read & Execute This folder, subfolders, and files
 
    • C:\LyncShare\1-WebServices-1\CollabContent
    • C:\LyncShare\1-WebServices-1\CollabJournal
    • C:\LyncShare\1-WebServices-1\CollabMetaData
    • C:\LyncShare\1-WebServices-1\DataConf
    • C:\LyncShare\1-WebServices-1\LMStaticData
    • C:\LyncShare\1-WebServices-1\StorageService
    • C:\LyncShare\1-WebServices-1\WebAuthStore
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCComponentUniversalServices Modify This folder, subfolders, and files
RTC Component Local Group Modify This folder, subfolders, and files
 

About Jeff Schertz
Site Administrator

Comments

39 Responses to “Breaking Down the Lync File Share”
  1. Ed McKinzie says:

    If the LyncShare is located on a DFS share, we will lose the ability to assign the RTC Component Local and RTC Server Local Groups to the share permissions. Are they still required in for the Address Book and other Lync Services to function? Thanks. Ed M.

    • jeffschertz says:

      Ed, good question. I haven't tested this yet with DFS so I'm unsure on the behavior. Maybe someone else who's tested this can share their observations.

      • Sune T. says:

        Hi,
        Great article, lots of greasy details. 🙂 But this problem doesn't really relate to DFS does it? It more relates to Lync Enterprise, where the LyncShare cannot be placed on the Frontend. Furthermore, several of the Lync servers in the farm has RTC local groups of some sort.
        So the question is, I guess, if the RTC local groups are required at all, and if so how are we supposed to assign them if the share is not on a Lync server.
        Thanks.

        /Sune T.

        • jeffschertz says:

          Correct, I haven't even touched on the subject of using DFS for hosting the Lync File Share. But you typically should not have to set any of this stuff manually as publishing the topology should do all the work. This article was meant as a reference and not a how-to.

  2. Jeff Colvin says:

    Hi Jeff,

    Great article. I enjoy the detail and knowledge you share. A few suggested edits…

  3. Shaun Titus says:

    Hi Jeff,
    Thanks for the great post. We've actually run into an issue where one of our workflows wouldn't accept calls while the file share is offline. It turns out that we had custom on hold music configured for that workflow. If the file share (which was stored on our non-HA lync database server) went down, calls to that workflow would fail. We removed the custom hold music and were able to successfully put a call through while the file share was offline.

    It appears that custom hold music creates more of a dependency on the file share. Hope this helps you and your readers.

  4. Jason Skyberg says:

    You can pre-configure the SHARE permissions, you will however get the following error when publishing your topology.
    Warning: Unable to access share permissions for "\<dfsnamespace>dfslsshare". This is expected if you are not an administrator on the file server, or if this is a Distributed File System (DFS) share. If the share permissions have already been configured, this warning can be ignored. If it is a new share, refer to the documentation for details on manually configuring share permissions.

  5. Jan Dye says:

    Can you tell me where Lync 2013 stores the \userrid\meetingid for iis?

    • jeffschertz says:

      I'm not sure what you are looking for, but the Focus IDs are created by the Lync server and stored (most likely) somewhere in the SQL databases.

  6. Iceman says:

    Nice article, Jeff! My company has multiple Lync servers (1 at each site) and is wanting to present videos and other large content across the offices for global meetings. We're running into a problem where Lync will fail to upload anything over ~12 Mb. Is there a way to configure the webapps? settings to allow large files to be presented to other sites? Thanks!

  7. Iceman says:

    Thanks Jeff. I've actually applied those settings in that article but wasn't sure if it needed to be applied to all sites in our org. I guess what I'm really asking is if it is feasible to configure Lync to allow for presentations with large videos embedded to other offices in our org. We're trying to workaround not having the proper codecs to play across the internet, so in this case, the videos are cached locally, no need for codecs. 🙂

  8. ross says:

    Hello,
    i have a question regarding "ABFiles" Folder.
    All Clients are using only LDAP direct search, for my understanding it's not nessesary to queue address-book-files…
    Additional in this folder are a lot of temporary files
    a.e.:
    F-130cdaba.tmp
    F-130b.dabs.tmp

    These files are permantly in use, so i cant take a look into it…
    What is the aim of there files?
    thanks for any further information
    ross

    • jeffschertz says:

      LDAP connectivity is completely different than the Lync Address Book service. Any LDAP searches are requested placed directly to an Active Directory domain controller and has nothing to do with the Lync Servers. The files you see in the address book folder are only for use by Lync clients and interoperable devices. The various files are different formats of initial full and periodic delta files used by either soft clients and Lync Phone Edition devices.

  9. Jonathan Massa says:

    Hi, Nice Article!

    Is it possible to create a second central site and select the central site A’s File Share location to see a 2-applicationserver-1 for example?

    I am not able to select the previously defined file Share in the second central site when I am in the Front End Pool Wizard and defining a new one is just a hassle. Why do you need a second file share for Central Site B instead of sharing the Fileshare.

    Any clues on this one on how to share the same file share location for two central sites?

    Thanks!

    • Jeff Schertz says:

      The file share is part of the pool and should be located with it (same site). Also the FQDN must be unique in the Lync Topology which is why you are unable to use the same one again in the second pool.

  10. Swati singh says:

    Hi ,
    Very Nice article on Fileshare . Very helpfull for beginners.

  11. ijwrighty says:

    Hi Jeff,

    Lovely article. Do the clients need access to the file share or is this purely for the servers?

    • Jeff Schertz says:

      The servers will access the file share via SMB, client access to any files stored there for read (e.g. download device firmware) or write (e.g. upload logs) are performed via HTTP/HTTPs access through Lync Web Services.

  12. Marius says:

    Hi Jeff can I ask what will basically happen if my Lync File Share went down. What features or services will be affected.

    • Jeff Schertz says:

      The file share is critical as several components need to read/write to this to function. Not sure exactly what the server behavior would be as I’ve not tested it.

  13. Rafiq Akhoon says:

    Hi Jeff nice information, i have a question, if we are migrating from Lync 2010 to 2013/SFB do we create a new fileshare folder or we use the old one used by Lync 2010? In case we don’t use old one it doesn’t allow us to publish the topology on Lync 2013/SFB doing side by side migration. What i did is removed the configuration store location in AD using the cmdlet remove-csconfigurationstorelocation. Is this what is suppose to do or simply use the same fileshare folder used by Lync 2010 FE? Please through some light on it.

    • Jeff Schertz says:

      You can reuse the existing file store as long as it’s on a server that will be retained. Otherwise define a new file share location in the Topology when installing the newer server pool and use that.

  14. Alex says:

    Hi Jeff,
    I intend to use a temporary Skype-Share folder and deploy Skype for Business servers and after providing the new server for DFS move the share-folder on it, would you please let me know, how should I do that? only create a shared folder based on DFS procedures and then copy the files and change the skpe share address?

    I will be appreciated to reply me.

    Thanks.

  15. CypherBit says:

    Great article, do you perhaps have any information if SMB Signing can be enabled on a Lync/Skype for Business server? Does it work, is it even supported?

  16. Valentin says:

    \1-WebServices-2\StorageService\DataExport has 7 Gb of information for the last 3 1/2 months. Can I delete or is there a command or config that can limit the amount of space in use?

  17. Seymen Efe says:

    Thanks for this valuable article. Resolved my powerpoint sharing issue.

Trackbacks

Check out what others are saying about this post...
  1. […] another colleague pointed me to Jeff Schertz’ recent blog post on the File Store, http://blog.schertz.name/2013/03/breaking-down-lync-file-share/. As he Points out, there are some local (to the server) Security Groups that needs to be enabled […]

  2. […] account currently being used to perform the installation.  These permissions will be more granularly defined when the Topology is published in a later […]

  3. […] administrator account currently being used to perform the installation.  These permissions will be more granularly defined when the Topology is published in a later […]

  4. […] Define a new File Store (Different to the Lync 2010 store). This needs to be pre-created and the permissions set correctly. I am using my SQL server, ideally you will want to use a file server (can be a DFS share). As this is just a lab, I have given write access to the authenticated users group. Important: In a production environment, the file share/security must be locked down. (Jeff Schertz has a fantastic article here) […]

  5. […] and then checked the path was corrected in IIS. After review all the permissions (you can see here) and the replication was back to […]

  6. […] Jeff Schertz’s Blog: Breaking Down the Lync File Share TechNet: DFS Namespaces and DFS Replication Overview TechNet Blogs: DFS Replication in Windows Server 2012 R2: If You Only Knew the Power of the Dark Shell TechNet Blogs: DFS Replication in Windows Server 2012 R2: Revenge of the Sync […]

  7. […] share permissions to the local Administrators group .  The permissions on this share will be more granularly defined when the Topology is published in a later step, so this step is just to ensure that the later […]



Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!