This blog post is part 3 of a multi-article series and is a continuation of this previous article:
Lync Server 2010 Deployment – Part 2

Update:  This process is identical to (and has been tested with) the public release version of Lync Server 2010.

The next step is to enable a few existing user Active Directory accounts for Lync so that client connections can be tested to the Standard Edition Front End server.  Notice that ‘existing users’ was stated as the Lync Control Panel can only enable AD user accounts and not create new user accounts; that must first be performed using Active Directory for Users and Computers (ADUC) or whatever similar tool is desired.

  • On the Lync Control Panel select Users and then Enable Users.  Search for the first user account to enable (e.g. Jeff) Select a different user account than the one currently used to logon the Lync Server as an ‘insufficient rights’ error will be returned if an attempt is made to enable the current account.  Assign the user to the single pool in the environment and then generate the SIP address using the desired format (e.g. <SAMAccountName>  Leave the Telephony and other policies at the default setting for now, these setting will be modified later on.
  • Enable additional accounts now so that this test user account will have at least one other account to contact within the Lync client.


  • Sign-in to two separate clients with any of the new accounts and enter the names of the other accounts in the search bar.  Depending on if the previous address book files were downloaded or are still in the process then no results should appear, returning either “No results found” (address book was downloaded but no name was match found) or “The address book is preparing to synchronize”.

image     image

    Now all standard modalities should be available between the clients, including IM/Presence, conferencing, and application sharing.  The next step is to enable these users for Enterprise Voice (EV) and then configure the Voice features in Lync Server so that not only will Communicator calls be available between them but also Enterprise Voice calling.

Enabling Enterprise Voice

Configuring Enterprise Voice is basically the same steps as it was in OCS but some of he individual steps are handled differently in Lync Server.  For example the OCS Location Profile has been replaced with a Dial Plan in Lync which is an expanded scope that is not just a global definition now but can also be assigned at the user, pool, or site level as well.

For the purposes of this lab a single site will be defined (Chicago) and a single block of telephone numbers will be dedicated to internal Lync users (312-555-75xx).  As usual a fully RFC3966 compliant numbering pattern will be used throughout the Lync and Active Directory fields and a basic 4-digit extension pattern will be added to allow for easy 4-digit dialing.

  • Start off by setting the desired phone numbers on each AD user object in the Telephone Number field (telephoneNumber attribute).  Two different formats are shown in the example below.


Regarding the format used for the phone numbers there are two ways this can be approached.  The easiest solution which requires no additional configuration is to populate the numbers directly into RFC3966 format as in +13125557500.  Lync will display these by default as they require no normalization.  But if a more common display format of (312) 555-7500 is used then these numbers will not be normalized by Lync for contacts and require additional configuration of the Address Book service to be displayed in the Lync client.  See this previous blog article for more details on this process.

And in keeping with the running theme of pointing out differences between OCS and Lync another beneficial change can be seen at this point.  In OCS the was no default EV configuration; no location profile, no route, no normalization rules. They all had to be created from scratch.  But in Lync Server the Voice Routing section of the Control Panel will show that number of default configuration object are already defined: a default global dial plan (Global), a default route (Localroute), etc.

So instead of creating all these objects only some minor changes will be applied to customize them for the desired numbering plan.

A logical place to start out would be the dial plan, which will be customized with two new normalization rules.

  • On the existing Global dial plan create a New Normalization Rule which will be used to properly handle many different formats of 10 and 11 digit strings.  This pattern is discussed in detail in one of my older OCS articles.




  • Add another New Normalization Rule which will be used to support direct dial of 4-digit extensions in the 7500-7599 range.  This simple pattern will match against any 4-digit string starting with 75 and then translate it into a normalized RFC3966 pattern (+E.164).




    • Remove the default Prefix All rule and reorder the new rules so that the Extension Dialing rule is at the top.  This will not impact the functionality at this point as the only two records are mutually exclusive and do not overlap. But as a habit more specific records should be placed towards the top of the rules list and more generic rules should be towards the bottom.


    • Save the changes to the Global dial plan and then Commit All changes.


Now a couple of the Lync-enabled user account need to be enabled for Enterprise Voice as well since all enabled accounts were previously only configured for PC-to-PC Communications.

  • Search for and edit the properties of the two primary test accounts in the Lync Control Panel under Users.  Select Enterprise Voice for the Telephony setting and enter the user’s telephone number using the proper Line URI format.  Commit the changes to each user (e.g. tel:+13125557501).

image     image

  • Sign-out and back into both Lync clients with the two updated test accounts and the first indication of the change should be the addition of the Call Forwarding menu at the bottom of the Lync client.


  • To test Enterprise Voice calling for internal users as well as the extension-specific normalization pattern enter a 4-digit extension into the search bar and notice that both the normalized number and the resolved internal user are returned in the results.

image     image

Now would be a good time to define a phone number for the Conferencing Attendant, which can be performed using the Control Panel and is similar to the configuration used by OCS.  But before a Dial-In Access Number can be created a region must first be defined.

  • Edit the Global Dial Plan under Voice Routing and enter a descriptive name for the Dial-In Conferencing Region (e.g. Chicago).  Then Commit All changes to apply the change to Lync Server.


  • Under the Conferencing options select Dial-In Access Number and create a new entry, using a unique Line URI and SIP URI.  The Display Name and Display Number will be displayed on the Lync contact for this number.

Display Number

(312) 555-7555


Display Name

Conference Bridge


Line URI





  • Add an Associated Region and select the region created in the previous step (e.g. Chicago).


  • Manually update the address book files using the process detailed in this previous article.
  • Search for 7555 from the Lync client to show the new contact object (it is normal for it to appear Offline as the presence is not active on contact objects).


Deploying a Media Gateway

As this walkthrough is meant primarily for test usage in a lab this media gateway will be configured in a unique, yet applicable scenario.  As SIP Trunking becomes more common (which may be addressed in a future article) media gateways will be used less for a default route to the PSTN and more often to bridge Lync Server to an existing legacy PBX system.  So in this lab the routing configuration will be sending only calls to numbers in the r(312) 555-77xx range.  Later on a SIP Trunk will be configured with a default route to handle any calls outside of the defined 75xx and 77xx ranges.

A step which was skipped during the initial deployment in Part 1 must first be addressed: specifying a PSTN gateway. In my lab there is a NET Tenor AF configured on and the Lync Topology must now be updated to reflect this.


  • Launch the Topology Builder , download the topology from the existing deployment, and then save the latest configuration data to a .tbxml file.
  • Locate PSTN Gateways and select the action to create  a New IP/PSTN Gateway and enter the IP address of the desired media gateway, changing the default port and protocol options to allow for TCP connections to the default listening port on the media gateway of TCP 5060. Normally a secured (certificate-based) TLS connection would be used and is recommended for all production deployments, but for the purposes of this article and the lab a TCP connection is used. Also some older media gateways do no have the ability to have certificates imported on them and thus cannot supported TLS connections.


    • Edit the properties of the existing Mediation Pool and select Enable TCP Port on the Mediation Server and leave the default TCP port of 5068 which is the where the Mediation Server will listen for incoming TCP connections for the media gateway.


  • Also click Add to associate the Mediation Server with the newly defined PSTN Gateway.


  • Publish the topology to apply the changes for the Mediation Server configuration to the Lync environment.


  • Modify the Global Voice Policy and create a new PSTN Usage Record (e.g. TenorAF), and add a new Associated Route using the setting in the following section.


Analog Phones



Routes calls to 77xx numbers to internal analog phones.


Match this Pattern



Associated Gateways



  • Enter a sample telephone number (in it’s normalized end-state) within the route’s defined range to test the pattern match.


  • Apply and Commit All changes.


At this point +E.164 numbers in the +131255577xx range will be routed to the Tenor gateway but the normalization rules will need to be updated to allow for 4-digit dialing of these numbers within Lync (e.g. 7701).  The simplest approach may seem to be to just create a new normalization rule to handle (7700-7799) digits, but because the internal Lync numbering plan is so similar (7500-7599) then the existing rule can be slightly tweaked to handle both ranges.

  • In the Global dial plan edit the Extension Dialing normalization rule and edit the pattern.  Replace the 5 with [5,7] which will expand this regex rule to apply to both 75xx and 77xx (but not include 76xx) as the comma means to match either 5 or 7.



  • Commit the changes and tests both 75xx and 77xx extensions from the Lync client (a restart of the client may be required if testing immediately).


Well, that wraps up Part 3 of this series and nearly every feature on Lync Server has been activated for use.  Upcoming articles may focus on configuring Conferencing features, deploying currently available Lync Phone Edition devices (e.g. CX700/Tanjay), and finally Edge Server deployment to allow external access to all these features.  Exchange Integration for UM and IM features will also be covered.

By Jeff Schertz

Site Administrator

47 thoughts on “Lync Server 2010 Deployment – Part 3”
  1. Great Article. I tried it with Tenor AS Series and outbound calls working well but did you try the inbound calls?!

    I tried it with no Luck. I checked if the call reach the Mediation Server (collocated with the FE) using wireshark and i catched the VOIP Call from the PSTN to user DID but the LYNC Client didn't ring and no errors appears in the event viewer on the server side and client side!!!!!!!!11

    Any Idea?!

    1. Fady,

      Interesting that you bring that up 🙂 I actually have the same issue on my lab with inbound calling (FXS to Lync) but haven't had time to look into it yet. I assumed it was a configuration issue with the Tenor but since the AF doesn't support the Tenor viewer app I have been putting off troubleshooting the issue for now. I'll fire up a Lync trace and see if the calls are actually even hitting Lync inbound and report back.

      1. You are lucky guys, because you have got outbound call at least 🙂

        In my lab, SIP trace shows 503 Service unavailable errors for outgoing call. I analyzed previous SIP messages to ensure that call is routed properly, so the most probable reason is gateway misconfiguration… I've spent two days of investigating what's wrong with my Tenor config, with no result 🙁 Does it have any log I could look at to troubleshoout the issue?

      2. Hi Jeff,

        Did you ever have chance to follow this up. We have gone down the unsupported route of updating our test RC install to a full blown release and cannot get inbound calling to work. We can take a packet capture from our gateway and see the call hitting the LYNC server but the response we get back in the trace from the LYNC server is "Destination port unreachable". We have telnetted to the port and used netstat to verify the port is opent and even tried changing it to something else but the issue remains the same.

        Any help is appreciated.



      3. Hi Jeff,

        Appreciate all if the technical walk through you published here, very supportive!

        I have a case that our telecom team will change their session manager ips (Avaya sm). Thus we have to make the change in Lync 2010 mediation server pstn gatway/trunk to point to new IPs they provided.

        I know it is not a simple change in Lync 2010 mediation server to create new trunk/pstn gateway with the new provided IPs.

        Can you give some instruction where else in Lync 2010 we need to update to reflect the new session ip change? Such routing or dial plan… must now bound or point to new pstn/gateway Ips?

        Thanks a bunch in advance!

    2. dear fadi


      i need your help to configure my Lync server , i want to connect it to a Tenor Fxo Af series for outbound calls

      and i have problem about configuring the tenor device

      could you please help me to find an step by step how to about tenor configuration




    3. Hi Fady

      I know this is a very old post but I was wondering if you ever got this issue resolved ? I am busy with a Lync 2013 deployment and I am experiencing the same issue with inbound calls to Lync. On the Lync traces and Netmon traces I can see the call coming in but the call is never handed over to the FE server where the user is hosted.

  2. When I tried to access to Lync Server Control Panel from any computer using admin.[fqdn].local, it asked for an user and login, I used one created that is member of CSAdministrator and RTCUniversalServerAdmin but it gave the follow internet explorer´s screen:

    401 – Unauthorized: Access is denied due to invalid credentials.
    You do not have permission to view this directory or page using the credentials that you supplied.

    Do you have any idea…??

    Thanks for your help.

  3. Jeff:

    Great articles, great explainations!! You need to write a text book!! 🙂 Let me know when you are coming out with an edge server deployment (part 4?)


    1. Thanks, it's comments like this that help keep me motivated to continue to write new articles. And funny you mentioned this as I was taking screenshots of an Edge deployment process just this morning for part 4 😉

  4. Hey Jeff,

    Thanks for the wonderful articles, they've really helped me setting up a Lync server.
    Considering the fact that I'm not such an experienced Microsoft Server products user, I'm really glad that such articles are so supportive.

    We are trying to connect the Microsoft Lync Server to one of our Asterisk servers (4PSA VoipNow).
    I have read a few articles on this, some mentioned that it's not supported, others mentioned it's not known, so I figured I give it a try.

    At this moment, I feel like being really close, but I'm not quite sure whether everything is set up right.
    Would you happen to have any knowledge on this subject (or perhaps an article) which may get me on the right track?

    Any support is highly appreciated.
    Again, thanks for the great articles you write on this subject, as mentioned by others, I think you should write a book! 😉

    With kind regards,

    Gerard Nijboer

  5. Hi,

    I am newbie to Lync 2010 Can you give me a simple deployment plan for lync 2010. We have a Domain controller and TMG Firewall



  6. Jeff: Great article, however some of my phone numbers resolve to the user name some do not. Any ideas?


    1. Bob, I guess I would look at the format of the numbers in each account to see if there are any differences, but without additional data I can't really hazard a guess.

  7. Great stuff. Just deployed Enterprise FE, and Dir in lab and noticed that afterwards the IIS Admin Service is gone on each box. Any ideas as to why. It appears Lync Web components take over for it because IIS is still running (no inetinfo process running either). Thanks.

    1. Interesting, I've never even noticed that but I just compared a few servers and sure enough… I'll check with the product team to find out some background on this.

  8. Hi Jeff,

    Where you able to make any progress documenting the powershell scripts for installing Lync? I'm trying to figure out if its possible to create a silent installation build for a distributed Lync environment. Thanks.

    1. Jeff,

      I've done a little work in this but haven't had the time to fully vet it out. Thus far I've come to conclusion that it is much easier to use the setup wizard for some of the steps, but realize this isn't ideal for administrator-less deployments.

  9. Hi,

    Firstly, this series of articles was really interesting and very helpful (I'm just going through a proof-of-concept on a link setup for IM and potentially as a PBX too), however I've encountered one problem when configuring / viewing the internal contacts numbers; although the system recognises the 75xx is an internal extension, it doesn't appear to resolve this to an individual or conference room (though those appear as expected), I've checked that the users numbers are the same in both AD and the Lync Control Panel and they are, any suggestions on this?


  10. When defining the "New IP/PSTN Gateway" to be used for Dial-in Conferencing — and in this case it is a SIP trunk — is it allowable to use the Enterprise Edition Front End Server's own IP address?


  11. Hi,

    thank you for this fantastic articles. Not being to demanding if you could create a new one on configuration mediation pools for HA, it will be really nice.


  12. Great article Jeff.

    I do have one curious issue which I can’t find any info on and wondering if you’ve come across it.

    I’ve been trialling the Lync client and have users set up for Enterprise Voice, routed through an AterixNow box for the moment. All good with the client but when I install the Attendant for a user it doesn’t allow calls even though the same user can make calls from the client. On Attendant the number pad is greyed out and I can’t find a way to activate it. I know I’m missing something silly but can’t put my finger on it.

    Any direction pointing greatly appreciated!!

    Many thanks in advance,


    1. Gerry, I have not run across that issue before; as long as the user is Enterprise Voice enabled then they should work with the Attendant console correctly.

  13. hi Jeff,

    Can u share Screenshots to configure Tenor AF Gateway, which is only the missing part on this wonderful article…. i have just purchased a Tenor AF gateway for my lab, can u share your Tenor configuration?

    1. I do not currently have my Tenor running; needed to steal the AC and Ethernet ports for one of my many Lync phones 🙂 There are a few articles out there already on configuring the Tenor series with Lync. You may also want to contact NET directly for support as I have found them to be quite responsive.

  14. Hi Jeff ,

    I am a newbie to Lync Server, I have managed to install Lync server 2013 and its up and running.How can i practise to get more hands on experience.Is there anywhere i can get step by step labs to help me familiarise with the technology

  15. As always, fantastic information, thank you very much Jeff.

    I have a question regarding the topology of a collocated Mediation/FE Server. It's Lync 2010 and we're deploying a SIP trunk. There is a 1:1 NAT setup between us and the ITSP.

    The Lync server has a single NIC with two IP addresses assigned. Both IPs are on the same subnet (LAN segment). Between us and the ITSP is a Fortigate firewall, the internal facing interface is on our WAN segment and the external facing interface on the Fortigate is part of the ITSP's WAN segment.

    In topology builder, mediation traffic has been set to go out on the secondary IP address (PSTN IP address) and the primary IP address has been configured as the Primary IP Address in topology builder.

    The ITSP has created a NAT rule on the Fortigate to say all traffic from the secondary IP address, NAT to the external interface on the Fortigate (that's part of the ITSPs WAN segment).

    My first question is, would this be a supported /workable solution?

    For outbound PSTN calls that are failing, from my network captures and from the logging tool, I can see communication being initiated only on the Primary IP address. I'm getting a 503 and 504 Cannot connect to gateway socket error, TimedOut

    Would the initial communication go via the primary IP address when it's a collocated Mediation/FE server? The client talks to the FE that then sends the traffic to the Mediation server or should I see straight off it using the secondary IP address for outbound calls?

    For inbound calls the traffic is coming in on the secondary IP address. After restarting the mediation server, the calls from a PSTN number rings (however it doesn't ring on the Lync client). After about 10 minutes this stops working and the calls fail from the PSTN numbers.

    Any information will be greatly appreciated.

  16. Hi Jeff,

    Great article, I just have a quick question. I actually recently deployed Lync conference calling within my organization and my users love it. With that said, there is one small issue, there's no notification whenever someone joins the call. Typically you would hear a beep notifying everyone that someone new has joined. I took a look through all the Lync settings and I don't see anything that will change that. Any suggestions?

  17. While running snooper I got an error which says user does not exist for the destination phone number which is our dial in conferencing phone number. I m trying to set up lync 2013 dial in conferencing with one dial in access number.

Leave a Reply

Your email address will not be published. Required fields are marked *