Lync Room System Account Setup

February 13, 2014 by · 54 Comments 

The official Microsoft Lync Room System Deployment Guide covers in detail the creation of a resource mailbox which  will be dedicated to each Lync Room system, yet it also includes a number of optional steps as well as the use of separate cmdlets for each individual parameter.

Lync MVP Adam Jacobs has boiled the account creation process down into a simplified list of command in fewer steps, but even those instructions can be further compressed into less steps by stacking parameters into the same cmdlets and using the Exchange cmdlets to also configure the Active Directory users account in the same process.  Another Lync MVP Pat Richard has gone so far as to even create a PowerShell script to automate this process.

Account Creation

The following section in this brief article takes the mandatory configuration and combines it into three simple cmdlets.  Some additional optional steps are covered separately in the next session.

Required Steps

The first two steps need to be performed on the Exchange Server Command Shell, which includes the creation of the Active Directory user account, enabling it for authentication, and setting a password on the account.  Also added was the ability to define the target Organization Unit so that the account does not go into the default Users container, possibly needing to be moved later.

  • Create the new resource mailbox replacing the individual parameter values with the desired information specific to the new account.

New-Mailbox –Name "Chicago Meeting Room" –Alias "chicagolrs" –UserPrincipalName "chicagolrs@schertz.local" –sAMAccountName "chicagolrs" –Room -RoomMailboxPassword (ConvertTo-SecureString -String “p@5sw0rD” -AsPlainText -Force) -OrganizationalUnit "ou=Resources,dc=schertz,dc=local" -EnableRoomMailboxAccount $true

  • Enable the Auto Accept Agent for the mailbox and control how meetings will be displayed on the LRS screen for the sake of privacy.  (Technically the AutomateProcessing parameter is optional, but in most cases the mailbox calendar would not be managed manually by an employee.)

Set-CalendarProcessing -Identity "chicagolrs" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false -RemovePrivateProperty $false

The final step must be performed on the Lync Server Management Shell.  These cmdlets will enable the new user account in Lync as well as add the Enterprise Voice capability, if so applicable.  The optional Domain Controller parameter was added to insure that the same DC is used for each cmdlet to eliminate the potential of errors in the event that the individual commands were to be executed against different DCs which might not yet have replicated the previous changes.

  • Enable the account in Lync as a Meeting Room.

Enable-CsMeetingRoom -Identity "chicagolrs" -SipAddress "sip:chicagolrs@mslync.net" -domaincontroller "dc1.schertz.local" -RegistrarPool "lync.schertz.local"

Optional Steps

The following steps are not required but may be needed based on the desired configuration.

  • Using the Exchange Server Management Shell define a Mail Tip to be displayed in Outlook to assist users in remembering that Lync Meetings should be used with this mailbox for the ideal room experience.

Set-Mailbox -Identity "chicagolrs" -MailTip "This room is equipped with Lync Meeting Room (LRS), please make it a Lync Meeting to take advantage of the enhanced meeting experience from LRS”

  • Using the Exchange Server Management Shell define the meeting acceptance response text.

Set-CalendarProcessing -Identity "chicagolrs" –AddAdditionalResponse $TRUE –AdditionalResponse “Enter your desired text here”

  • Using the Lync Server Management Shell enable Enterprise Voice and define a Telephone URI for the account..

Set-CsMeetingRoom -Identity "chicagolrs" -domaincontroller "dc1.schertz.local" -EnterpriseVoiceEnabled $true -LineURI "tel:+15551234567;ext=4567"

About Jeff Schertz
Site Administrator

Comments

54 Responses to “Lync Room System Account Setup”
  1. @patrichard says:

    Great stuff as always, Jeff! I've combined all of the required steps into a script, New-CsLyncRoomSystem.ps1. Check it out at http://www.ehloworld.com/2460

  2. Todd says:

    I have a applied a phone number as stated but the lync room system doesn't ring when I call the number from an external or internal line

    • jeffschertz says:

      If the account is setup like any other Enterprise voice enabled Lync user then this should work no differently.

  3. Josh says:

    Jeff,

    in the Deployment guide, MS offers options to deploy LRS with a disabled resource account, using an MSA or Machine account, and then using the ObjectSID of the Machine in the enable-csMeetingRoom cmdlet. I’m having trouble finding out how to set the machine account in the LRS Lync sign-in settings. It says to enter the resource account as the sip URI, but the UserID and password will be the Machine account or MSA. Problem is, MSA’s and Machine Accounts don’t have passwords. But the password field is a required field. Any ideas?

    I’ve got two LRS systems sitting here ready to be logged in and i’m at a loss…

    • jeffschertz says:

      Josh, if you look at the latest Microsoft deployment guide for LRS they've actually removed that section. According to my sources using Computer Accounts was never officially supported and thus Microsoft has removed that guidance which appeared in earlier releases of the documentation.

  4. ChrisClarkMcGladrey says:

    Would the same cmdlets work with Office 365 (Lync Online – Exchange Online), not using enterprise voice (hybrid)?

  5. @patrichard says:

    And I don't think you can create room accounts in Exchange Online.

    • jeffschertz says:

      Room mailboxes are supported online and the Microsoft deployment guide covers the exact cmdlets used for O365 provisioning. For example the cmdlet parameter for online (-EnableRoomMailboxAccount $true) differs from on-premises (-Room $true) for the New/Set-Mailbox cmdlets.

  6. Bob says:

    Is there a way to set -Room $true on a mailbox without the AD object being disabled (the default behavior), without disabling ActiveSync on the account?

    • jeffschertz says:

      Bob, I'm not sure I follow what you are asking. The guidance for LRS is already to enable the room account, as you should be able to see that the cmdlets do just that. I've never played with the ActiveSync configuration though on these accounts.

  7. Daryl Tomlinson says:

    Hi Jeff. I have a Smart Lync Room System, I am running Lync and Exchange 365 online. I've set my user account up as per the Microsoft Deployment Guide but keep having problems with Lync connecting to Exchange.

    By itself Lync works fine, but I can't see calendar or email the LRS whiteboard.

    I have changed the mailbox back to a "regular" mailbox from a "room" and now Lync and Exchange connect correctly.
    However – I would really like this account to be a Room so it appears like a normal room in the users Outlook.

    Any ideas would be gratefully appreciated.

    • Jeff Schertz says:

      I have not tested that scenario yet but the account should be defined as a Room account and not a regular user so that behavior is odd.

      • David McDowell says:

        Hi Jeff. About 1 year later and I think we’re having the same problem with O365 as Daryl. Set-Mailbox myroom -Type Room and the inability to logon with Room System or CX3000/CX600/CX500 to have the calendar data for the “join” button. As Daryl mentioned, we would like the object to be of type Room so in Outlook it appears in the Room selection list when creating a Lync Meeting. Users unlock the device, go to calendar, click/touch Join and boom, in the Lync Meeting. Best I can tell is even though we have enabled the user in on prem AD, O365 still disables the user in Exchange Online overriding the on prem enabled. (On prem Exchange this works fine, it’s an O365 issue?). We’ve tried various things with the account including forcibly adding \SELF permissions to the mailbox and still we cannot login to Exchange. So far the only way it is working is if the account is -Type User, which means it won’t show up in the list of Rooms in Outlook. Hopefully I provided enough information for the scenario and would love to hear some suggestions. One which hasn’t been done (that I know of) is this switch “-EnableRoomMailboxAccount $true” and whether or not it would help our scenario. thanks so much!

  8. James says:

    I am having the exact same issue with my new LRS with Lync onprem and Exchange online. Did how manage to get an answer on this Daryl?

    Is this topology even a supported scenario? I've looked at the supported topologies, but I personally think the table that MS provides is awful, I'm assuming it's supported but I'm not 100%.

    • Jeff Schertz says:

      This is a supported topology but I've not tested it myself so I can't say how the configuration would be handled. I would assume that a Directory Synchronized account would need to be leveraged and then the Exchange Online configuration of LRS is used in conjunction with the on-premises steps for Lync.

      • James Frost says:

        Yes, it was my original understanding that this configuration is a supported topology. However after raising a ticket with Microsoft partner support, my initial feedback from them has been that in fact this mightn't be a supported configuration after all.

        I am waiting for a formal response from MS, one I have it I will post an update.

        • James Frost says:

          Microsoft have confirmed this is a bug. An on-premise Lync deployment with LRS cannot query calendar infformation from a room mailbox in O365.

          Going through the support channels now, I've no idea what form the bug fix will take yet.

          • Erik says:

            Hi James,

            We do have the exact same issue as you.

            We are running Lync on-prem (Enterprise Voice) and all mailboxes are in Office 365/Exchange Online.

            We sync on-prem AD users to Office 365 using DirSync.

            When we create a mailbox in Exchange Online for a user using Enable-RemoteMailbox with the –Room flag that account won’t be able to get calendar information from Exchange Online (we are using Polycom CX7000 devices).

            Also, it fails the test ‘Synchronization, Notification, Availability, and Automatic Replies’ at https://testconnectivity.microsoft.com.

            The only way for us to get it to work is by creating a room mailbox on our on-prem hybrid Exchange server and then migrate the mailbox to Exchange Online. Then everything works.

            But it is a lot of extra work to provision room mailboxes this way. We want to be able to create them by using Enable-RoomeMailbox.

            Since two weeks I have an open case with Microsoft support regarding this. The technician working with us on this case is about to close the case saying this is expected behavior.

            Today I found this blog post and your comments. I even showed the support technician and he asked if there is any chance you could share the support case ID so he could have a look at it?

            What is the current status of the case you have? Have you heard anything more regarding a fix?

          • James says:

            Sorry Erik for the relayed response,

            I thought I t was monitoring replies to this thread, but clearly not.

            We're still having the problem. I had this ticket escalated out of partner support (similar to you they closed it citing "known issue") as I wasn't satisfied with the response. It's now being managed through premier support which is the good news. The bad news is that there's still no word on when the fix will be due, or even what form it will take.

            To be honest, I've been CC'd on some of the email interactions between the various Microsoft teams, the dialogue isn't particularly encouraging. There was a lot of debate about even where the issue resided, whether it was Exchange Online or Lync on-prem or ADFS issues etc.

            I'm not particularly confident of there being a resolution this year. In the meantime, we're still running the mailbox as a Regular user mailbox, and I have a PC running Outlook on a desk set to automatically accept meeting requests… this is far from a satisfactory solution.

            If you want the MS case ID, please email me jfrost@icomm.com.au .

            I'll post back with any updates.

            Regards, James.

          • Daryl Tomlinson says:

            Thanks James – if you do get any more information or a fix – I would appreciate any info.. I haven't been able to progress this solution despite hours on the phone to Microsoft.

          • Daryl Tomlinson says:

            The issue with not being able to connect to the calendar from LRS is now resolved at our premises.

            We were using Lync Online and Exchange Online. We have an Exchange 2010 Hybrid Server on premises which was used as part of our migration process to O365 Online.

            The LRS could connect to Lync and make video calls, but could not connect to exchange and display meetings on the screen.

            By changing the meeting room's user account to a Regular user resolved the issue, but we need it to be a Resource account, so this wasn't a good fix.

            I'm not exactly sure what the single point of resolution was – but here are the steps I took, and I can confirm that calendar updates and emailing whiteboard content are now working.

            1. Move the mailbox back on-premises to our 2010 Hybrid server.
            2. Grant Full Access permission to the mailbox user account (ignoring the Self permission which was already in there)
            3. Migrate from Hybrid server back to Office 365 online.

            The LRS connectivity to Exchange suddenly then works!!

          • James Frost says:

            Cheers Daryl, that's good info.

            We don't have an on-prem infrastructure anymore unfortunately, but that's good to know, cheers.

  9. Aki says:

    We have the same issue with Onprem Lync and exchange online with DIRSYNC

  10. James Frost says:

    I can confirm that Microsoft Premier Support have provided me a workaround to this issue (LRS with Lync on-premises connecting to O365 for calendar), and I’ve successfully tested it. Unfortunately this does require setting up a new resource mailbox in O365, and consequently losing an existing bookings which isn’t ideal.

  11. Jeff Schertz says:

    I have not tested this configuration yet myself but I would guess that maybe the LRS mailbox cannot be migrated and it must be created in Exchange Online manually?

  12. Sandra Adams says:

    Hi. I don’t speak Tech so I would be grateful if you could dumb the answer to this down for me as much as possible. And, I’m not really sure if I should be here or on some less tech-savvy website but here goes. Do I have to be part of an organisation to be a part of Microsoft Lync, or can I just be an individual on the platform?

    • Jeff Schertz says:

      Sandra, in order to use Lync your company needs to have it deployed or be a subscriber of Lync Online in Office 365. Alternatively you can purchase your own Office 365 subscription.

  13. John says:

    Hi Jeff,
    I have my CX8000 setup OK for O365 and Lync 2013 onprem but i also have three HDXs and a Group that I want to be able to use the calendar also. I used the same steps as for the CX8000 – the HDX and Group register ok to O365 but don’t display any calendar invites.
    Is this a supported scenario? is there a specific guide for HDX and Groups on O365
    Thanks

    • Jeff Schertz says:

      John, assuming you are leveraging Exchange Online with Lync On-Premises then only the CX8000 is fully supported in that topology today. The HDX and Group are not able to connect directly to mailboxes on Exchange Online; an on-premises Exchange server would be required to support those systems.

      • John says:

        Thanks Jeff,
        That’s what I thought – just needed to be sure; is there o365 support for the Group coming in the near future?
        Thanks Again
        John

  14. Ak says:

    Hi Jeff,

    I recently setup a cx8000 and I have a few challenges.

    1.Whenever I try to share a PPT, i get a certificate error prompt and the PPT doesn’t come up.

    2. I cant seem to get any audio while sharing my PC using the HDMI – HDMI connection from my PC to the Codec. Just visuals.

    Just to add this, I have earlier uploaded the Lync root certificate and I have tested Lync Calls with regular desktop clients,also

    i am not using the USB-HID connection from the CX8000 to the display as the display Iam using doesn’t support USB-HID connection,only USB-USB( My assumption is that the USB-HID connection is for control purposes when using dual displays,please correct me).

    Any quick response to my issue is highly appreciated

  15. Suresh says:

    Hi Jeff, We are testing Video calls between Polycom Group Series 700 and SMART LRS. We are unable to connect from Polycom to LRS using SIP address , Polycom call stat shows Audio only connected ( The problem is One way Audio and NO video on both ends). But other way VIDEO and AUDIO works fine( From SMART LRS to Polycom using SIP address).Can you please give your input on this issue?

    • Jeff Schertz says:

      You most likely do not have the Lync Interoperability license applied to your Group Series endpoint, which is required for enabling Lync features like X-H264UC compatibility. Without it then only audio calls will function as there is no compatible video codec available.

  16. Kunal says:

    Hello Jeff,

    I have enabled LRS account in the Lync 2013 using Enable-csmeeting room. It picks up the settings like LineURI, Conference policy etc… But not to be seen as get-csuser cmdlet or it seems user is no longer part of the Lync 2013 pool.

    We are not able to login to Lync Room syste,m with these reource accounts, but with normal accounts it works fine.
    Certificates, Hostfiles are in place.

  17. Thomas Berkowitz says:

    Hello all,
    some Infos from me, what we have learned by LRS implementation.

    if you want to connect a LRS with federated Partners it is necessary to set the following settings:
    – “TNEF” on both domains (https://technet.microsoft.com/en-us/library/bb310786%28v=exchg.150%29.aspx)
    – Set-CalendarProcessing -identity “LRS-ResourceAccount” -ProcessExternalMeetingMessages $true (https://technet.microsoft.com/de-DE/library/Dd335046%28v=EXCHG.150%29.aspx); Microsoft will change the manuel for install LRS
    – Make sure that the LRS Resource Account has the right for internet connectivity

  18. Hi Jeff,

    First, I want to thank you for sharing your knowledge with us . I think a lot of you have helped us and saved many Lync deployments.

    Lync Room System does not require any additional installation, as some .exe as the Lync client ? and second , you will not have any tutorial for tuning interface Lync ?

    Regards.
    L.I Eduardo Rojas

  19. Jim Smith says:

    Jeff,
    The Crestron room system LRS connect via lync meeting invites.
    Is there a way to send a lync meeting from a different domain to a LRS that has the LRS account accepting internet email?
    I am Lync federated with one of my customers.
    I had them send me a Lync invite
    I can receive the message.
    I can get it on the LRS calendar.
    The LRS doesn’t recognize that it is a Lync meeting that it accepted.
    Thanks,
    Jim

  20. Sean says:

    We have a On-Premise Skype for business Server and Exchange online.
    We have LRS account and it works fine without any issues, but when we use that LRS lync account to login Polycom device CX5500 it failed. But, normal Lync account works fine on the same Polycom device without any issues.
    So, here is my question… Can we able to login Lync on Polycom CX5500 device using the LRS Lync account? If yes do we have any step by step article?

    • Jeff Schertz says:

      No, the CX5500 and any other UCS-based devices like the VVX or Trio phones use a standard Lync/SfB user account. They are no setup with the special ‘Meeting Room’ accounts like the LRS or a Group Series video system would be.

  21. Danny says:

    great article as always Jeff!

    we have this setup and working fine, only problem I have is I want to assign a voice policy to allow international calls to be dialled from the meeting room. How can you assign a voice policy I can see the value isn’t populated with a get-csmeetingroom and it doesn’t accept the parameter Voicepolicy with set-csmeetingroom , any ideas?

    also what are the disadvantages of me just enabling the mailbox resource using enable-csuser ?

    many thanks

  22. Danny says:

    its ok found it you need to grant-csvoicepolicy !?!? obvious I guess 🙂 would be good if it could be added in for people like me.

  23. Tamas Dobos says:

    Hi Jeff,

    The CX8000 is working properly, however I cannot see any details in the LRS admin page. Everybody can create a video conf., but I’m still unable to manage it from the LRS Admin portal. I’ve added the device, and I can see the room in the portal, but without details. (No “next meeting”, no “LRS version”, no “Manufacturer” etc.)
    What did I miss? Maybe a FW port is missing?

    • Richard Carre says:

      Hi Jeff,
      I first would like to thank you since you saved my life more than once just by reading your blog.
      But this time, I cannot solve my issue – same as Tamas Dobos faced. Indeed, I can see the room in the portal but no details available at all. Hard to troubleshoot since I have neither logs in %Program Files%\Microsoft Lync Server 2013\Web Components\Meeting Room Portal\Int\Handler\MeetingRoomPortalLogs nor in the Diagnostic Logs setup by the portal.

      I also switched on OCSLogger “MeetingPortal” Logging Option. I only see the command request … but what about the replies ? See here enclosed OCS Logger traces for details.

      Many thanks

      • Jeff Schertz says:

        I assume that you have domain-joined the individual LRS systems as that is a requirement for them to work with the web management tool.

        • Richard Carre says:

          Thanks for your reply Jeff.

          Yes, my LRS device is domain-joined to the Resources Domain i.e. SfB2105 servers domain.

          Moreover, LRS device always respond with a “SIP/2.0 481 Call Leg/Transaction Does Not Exist” error message when, as an example, LRS Web Administrative Portal initiates “SRS->Room->Settings->RoomTag->Update” request by the mean of SIP INFO request.

          Do you confirm that all informations displayed in portal are retrieved by the mean of SIP INFO requests sent from FE to LRS device ?

          Many thanks

  24. Ian says:

    Hi Jeff,

    Fantastic article as always.

    I have an issue (may be by design), that when the room is booked it doesn’t show as “in a meeting”. When the user goes into the room and joins the conference it correctly states “in a conference call”, “away” also seems to work.

    It is useful to show presence information when the room is actually booked, even if the user does not join a conference call.

    Cheers

    • Jeff Schertz says:

      The LRS’s presence will only reflect the active call state, it doesn’t update its presence from Outlook calendar events in the way that a desktop client does (e.g. In a Meeting).

  25. Jose Esposito says:

    We have one of these, but cant seem to get it call users via their phone numbers. The default call method when using “Find a contact” ends up in a Lync/Skype video call. Is there any other way to call a contact? Some users dont have a audio device set up to their desktop client so cant answer these calls. Not all users we have are Enterprise Voice, but the unit can call a user’s phone # if you know the number and dial it.

    We’ve tried a Polycom Trio and it allows you to choose from a contacts phone numbers.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!