This article outlines the default folder structure and permissions created on the File Share when deploying a Lync 2013 Server Front End server or pool.  Optional Lync services (like Persistent Chat) can trigger the creation of additional folders in the directory but for the purposes of this article only the default folders for a Standard Edition server are covered.

The general guidance is to manually create a new file share on the desired server and then set the share permissions to grant Full Control to the Administrators group.  This will insure that the administrator account performing the Lync Server deployment will have sufficient rights to the file share and NTFS Access Control Lists (ACL) so that when publishing the Lync Topology the proper configuration is applied.

For the examples used in this article a single Standard Edition Lync 2013 Front End Server was deployed and the changes were captured to identify the default configuration for Lync.  Although Lync 2010 uses nearly the same configuration there are a few changes to the folder structure among the various Web Services subfolders.

Root Directory

Prior to publishing the initial configuration of the Lync Topology the pool or server file share in this example was created at the root of the C: drive on the desired server.  The Lync Front End server itself was used in this environment which is allowed only for Standard Edition servers, Enterprise Edition pool servers can not be collocated with the file share data as it must be hosed on a separate server or servers.

After every successful instance of publishing the topology (regardless of what has changed) Lync will refresh the correct permissions (if needed) on the directory structure throughout the file share.  Thus if any undesired changes are made to any of the file structure permissions simply re-publish the topology in Lync to repair the configuration.

The following Access Control Entries (ACE) are assigned to the root directory of the Lync file share, in addition to any rights which might already assigned to that specific folder or any inherited from a parent folder.

Principal Access
NETWORK SERVICE Change
RTCHSUniversalServices Change
RTCComponentUniversalServices Change
RTCUniversalServerAdmins Change
RTCUniversalConfigReplicator Change
RTC Local Administrators Change
RTC Local Config Replicator Change
RTC Server Local Group Change
RTC Component Local Group Change

The root of the file share contains three primary folder used to store shared Server Application data, Central Management configuration data, and data used by the various Web Services in Lync. 

image

These folder names are encapsulated in digits which denote the Site and Pool instance that each folder belongs to.  The folder naming convention is <Site ID>-<Service ID>-<Pool ID>. In the above example the minimum folder configuration would reflect a single Site (ID 1) and Pool instance.  If a Director server was later added to the existing site then a new folder would be automatically created as “1-WebServices-2” and if a second pool was deployed then that would be called “1-WebServices-3” and so on.  In the event that a second site was defined and any pools are deployed in that site then new folders starting with “2-“ would be instantiated as well.

Application Server

The “1-ApplicationServer-1 folder contains data utilized by Lync applications like Call Park, Response Groups, and Call Admission Control.  Within the child “AppServerFiles” folder the following three subfolders will exist be default.

image

  • The CPS folder is used by the Call Park Service.
  • The PDP folder name stands for Policy Decision Point and is used by Call Admission Control (CAC) to distribute policies defining some of the CAC rules.

  • The Rgs folder is used by the Response Group Service to store common data like Music On Hold audio files (.wav) configured on a Hunt Group.  The “Rgs\Instances” and “Rgs\Queues” folders should contain a subfolder for each response group that is defined in the topology, but with nonsensical names reflecting a GUID associated to each one.  There may also exist an “Rgs\Temp” folder which seems to store the originally uploaded music file.

The AppServerFiles directory is configured when publishing the topology with the following file permissions.

    • C:\LyncShare\1-ApplicationServer-1\AppServerFiles
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCComponentUniversalServices Modify This folder, subfolders, and files
RTCUniversalServerAdmins Modify This folder, subfolders, and files
RTC Server Local Group Modify This folder, subfolders, and files
RTC Component Local Group Modify This folder, subfolders, and files
 

Central Management

The “1-CentralMgmt-1” folder is used by the Central Management Server to temporarily store replication data sent to and from other active replication partners defined in the topology in the form of data.zip files containing XML data.

image

Under various subfolder (e.g. replicas, working\fta, etc) will be a list of all the Computer objects defined in the Topology which are enabled for replication.  The following screenshots demonstrate how only the 4 objects enabled for replication will have an associated folder.

image

image

The CMSFileStore directory is configured when publishing the topology with the following file permissions.

  • C:\LyncShare\1-CentralMgmt-1\CMSFileStore
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCUniversalConfigReplicator Modify This folder, subfolders, and files
RTC Local Config Replicator Modify This folder, subfolders, and files
 

Web Services

From the introduction of web service applications in LCS to the latest release of Lync the amount of new features and functionality provided by IIS has grown steadily.  In Lync Server 2013 the following subfolders will appear by default under the “1-WebServices-1” folder.

image

  • The ABFiles folder is probably the most familiar of all the web services as this folder stores the Lync Address Book files for distribution to many different Lync client types (e.g. Windows, Lync Phone Edition).  At minimum a singe subfolder will exist using the default msRTCSIP-TenantID of all zeros (00000000-0000-0000-0000-000000000000).  In a multi-tenant environment each unique tenant ID will have an associated folder of its own.  The next level down will include another folder name with a string of zeros for the msRTCSIP-GroupingID which is used to create different address book file groups within the same tenant ID.  Finally this folder will store the various *.lsabs and *.dabs files which are downloaded directly by Lync clients.  Additionally the Invalid_AD_Phone_Numbers.txt file can be found in this directory.

image

  • The CollabContent, CollabJournal, and CollabMetadata folders are all used to store data associated with Lync multi-party conferences.  Any attachments or PowerPoint files which are uploaded by Lync or Lync Web App attendees are stored by the server in the CollabContent directory underneath a subdirectory associated with the specific conference’s Focus ID.

image

  • The DataConf folder is new in Lync 2013 and stores conferencing data like whiteboarding information.

image

  • The DeviceUpdateLogs folder contains various types of logs files for Lync Phone Edition devices.  The Client subfolder contains Windows CE (.clg1)  and Dr.Watson (.log & .kdmp) files which are uploaded from Lync Phone Edition devices.  These files are primarily meant to be used by Microsoft PSS as they require special tools (e.g. readlog.exe) to open and read.  The Server subfolder contains daily log files created by the RequestHandler web application which report whenever a device queries the server for any new potential firmware update files.

image

  • The DeviceUpdateStore folder is where Lync saves any device update files which are published using the Import-CsDeviceUpdate cmdlet.  There are two potential subfolders names depending on if any updates have been imported for any Lync phones.  For all Lync Phone Edition devices the subfolder UCPhone is used to store each update package for every individual manufacturer, model, hardware revision, locale, and firmware version.  For Lync Qualified devices a subfolder called 3PIP will be automatically created when importing any updates for these devices. (3PIP is shorthand for Third Party Interoperability Program).

image

image

  • The LMStaticData folder is another folder which can be used to store web conferencing related data.

  • The StorageService folder is new in Lync 2013 and is used by the Lync Storage Service (LSS) to store data that it uses with Exchange Server 2013 for a back-end data store.

  • The WebAuthStore folder stores copies of previously issued server certificates.

image

The following directories are configured when publishing the topology with the following file permissions.

    • C:\LyncShare\1-WebServices-1\ABFiles
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCHSUniversalServices Modify This folder, subfolders, and files
RTCComponentUniversalServices Read & Execute This folder, subfolders, and files
RTC Server Local Group Modify This folder, subfolders, and files
RTC Component Local Group Read & Execute This folder, subfolders, and files
 
    • C:\LyncShare\1-WebServices-1\DeviceUpdateLogs
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCComponentUniversalServices Modify This folder, subfolders, and files
RTCUniversalServerAdmins Modify This folder, subfolders, and files
RTC Server Local Group Modify This folder, subfolders, and files
RTC Component Local Group Modify This folder, subfolders, and files
 
    • C:\LyncShare\1-WebServices-1\DeviceUpdateStore
Principal Access Applies To
NETWORK SERVICE Read & Execute This folder, subfolders, and files
RTCComponentUniversalServices Read & Execute This folder, subfolders, and files
RTCUniversalServerAdmins Modify This folder, subfolders, and files
RTC Server Local Group Modify This folder, subfolders, and files
RTC Component Local Group Read & Execute This folder, subfolders, and files
 
    • C:\LyncShare\1-WebServices-1\CollabContent
    • C:\LyncShare\1-WebServices-1\CollabJournal
    • C:\LyncShare\1-WebServices-1\CollabMetaData
    • C:\LyncShare\1-WebServices-1\DataConf
    • C:\LyncShare\1-WebServices-1\LMStaticData
    • C:\LyncShare\1-WebServices-1\StorageService
    • C:\LyncShare\1-WebServices-1\WebAuthStore
Principal Access Applies To
NETWORK SERVICE Modify This folder, subfolders, and files
RTCComponentUniversalServices Modify This folder, subfolders, and files
RTC Component Local Group Modify This folder, subfolders, and files
 

By Jeff Schertz

Site Administrator

50 thoughts on “Breaking Down the Lync File Share”
  1. If the LyncShare is located on a DFS share, we will lose the ability to assign the RTC Component Local and RTC Server Local Groups to the share permissions. Are they still required in for the Address Book and other Lync Services to function? Thanks. Ed M.

    1. Ed, good question. I haven't tested this yet with DFS so I'm unsure on the behavior. Maybe someone else who's tested this can share their observations.

      1. Hi,
        Great article, lots of greasy details. 🙂 But this problem doesn't really relate to DFS does it? It more relates to Lync Enterprise, where the LyncShare cannot be placed on the Frontend. Furthermore, several of the Lync servers in the farm has RTC local groups of some sort.
        So the question is, I guess, if the RTC local groups are required at all, and if so how are we supposed to assign them if the share is not on a Lync server.
        Thanks.

        /Sune T.

        1. Correct, I haven't even touched on the subject of using DFS for hosting the Lync File Share. But you typically should not have to set any of this stuff manually as publishing the topology should do all the work. This article was meant as a reference and not a how-to.

  2. Hi Jeff,
    Thanks for the great post. We've actually run into an issue where one of our workflows wouldn't accept calls while the file share is offline. It turns out that we had custom on hold music configured for that workflow. If the file share (which was stored on our non-HA lync database server) went down, calls to that workflow would fail. We removed the custom hold music and were able to successfully put a call through while the file share was offline.

    It appears that custom hold music creates more of a dependency on the file share. Hope this helps you and your readers.

  3. You can pre-configure the SHARE permissions, you will however get the following error when publishing your topology.
    Warning: Unable to access share permissions for "\<dfsnamespace>dfslsshare". This is expected if you are not an administrator on the file server, or if this is a Distributed File System (DFS) share. If the share permissions have already been configured, this warning can be ignored. If it is a new share, refer to the documentation for details on manually configuring share permissions.

    1. I'm not sure what you are looking for, but the Focus IDs are created by the Lync server and stored (most likely) somewhere in the SQL databases.

  4. Nice article, Jeff! My company has multiple Lync servers (1 at each site) and is wanting to present videos and other large content across the offices for global meetings. We're running into a problem where Lync will fail to upload anything over ~12 Mb. Is there a way to configure the webapps? settings to allow large files to be presented to other sites? Thanks!

  5. Thanks Jeff. I've actually applied those settings in that article but wasn't sure if it needed to be applied to all sites in our org. I guess what I'm really asking is if it is feasible to configure Lync to allow for presentations with large videos embedded to other offices in our org. We're trying to workaround not having the proper codecs to play across the internet, so in this case, the videos are cached locally, no need for codecs. 🙂

  6. Hello,
    i have a question regarding "ABFiles" Folder.
    All Clients are using only LDAP direct search, for my understanding it's not nessesary to queue address-book-files…
    Additional in this folder are a lot of temporary files
    a.e.:
    F-130cdaba.tmp
    F-130b.dabs.tmp

    These files are permantly in use, so i cant take a look into it…
    What is the aim of there files?
    thanks for any further information
    ross

    1. LDAP connectivity is completely different than the Lync Address Book service. Any LDAP searches are requested placed directly to an Active Directory domain controller and has nothing to do with the Lync Servers. The files you see in the address book folder are only for use by Lync clients and interoperable devices. The various files are different formats of initial full and periodic delta files used by either soft clients and Lync Phone Edition devices.

  7. […] Define a new File Store (Different to the Lync 2010 store). This needs to be pre-created and the permissions set correctly. I am using my SQL server, ideally you will want to use a file server (can be a DFS share). As this is just a lab, I have given write access to the authenticated users group. Important: In a production environment, the file share/security must be locked down. (Jeff Schertz has a fantastic article here) […]

  8. Hi, Nice Article!

    Is it possible to create a second central site and select the central site A’s File Share location to see a 2-applicationserver-1 for example?

    I am not able to select the previously defined file Share in the second central site when I am in the Front End Pool Wizard and defining a new one is just a hassle. Why do you need a second file share for Central Site B instead of sharing the Fileshare.

    Any clues on this one on how to share the same file share location for two central sites?

    Thanks!

    1. The file share is part of the pool and should be located with it (same site). Also the FQDN must be unique in the Lync Topology which is why you are unable to use the same one again in the second pool.

  9. Hi Jeff,

    Lovely article. Do the clients need access to the file share or is this purely for the servers?

    1. The servers will access the file share via SMB, client access to any files stored there for read (e.g. download device firmware) or write (e.g. upload logs) are performed via HTTP/HTTPs access through Lync Web Services.

  10. Hi Jeff can I ask what will basically happen if my Lync File Share went down. What features or services will be affected.

    1. The file share is critical as several components need to read/write to this to function. Not sure exactly what the server behavior would be as I’ve not tested it.

  11. Hi Jeff nice information, i have a question, if we are migrating from Lync 2010 to 2013/SFB do we create a new fileshare folder or we use the old one used by Lync 2010? In case we don’t use old one it doesn’t allow us to publish the topology on Lync 2013/SFB doing side by side migration. What i did is removed the configuration store location in AD using the cmdlet remove-csconfigurationstorelocation. Is this what is suppose to do or simply use the same fileshare folder used by Lync 2010 FE? Please through some light on it.

    1. You can reuse the existing file store as long as it’s on a server that will be retained. Otherwise define a new file share location in the Topology when installing the newer server pool and use that.

  12. Hi Jeff,
    I intend to use a temporary Skype-Share folder and deploy Skype for Business servers and after providing the new server for DFS move the share-folder on it, would you please let me know, how should I do that? only create a shared folder based on DFS procedures and then copy the files and change the skpe share address?

    I will be appreciated to reply me.

    Thanks.

  13. Great article, do you perhaps have any information if SMB Signing can be enabled on a Lync/Skype for Business server? Does it work, is it even supported?

  14. \1-WebServices-2\StorageService\DataExport has 7 Gb of information for the last 3 1/2 months. Can I delete or is there a command or config that can limit the amount of space in use?

  15. Hi Jeff,

    I am not seeing any sub folders inside LyncShare not permission updated after publishing new topology.Any idea what could be the issue?
    Also , Is space allowed in the Lync File share name?

    1. Had a issue with the File Share not being updated in IIS after moving it in the topology. Started causing the photos not to be displayed and Address Book issues. After spending a couple of hours on the phone with Microsoft, they ran the Setup or Remove Skype for Business Components again on all Front end servers. This resolved all the issues because it verifies the install against the topology.

      1. Question on this… I have the exact same problem right now. No Skype for Business components just straight up Lync 2013. How did Microsoft determine the file share was not being updated in IIS?

  16. We got a Lync 2013 Enterprise edition running. We got already a DFS Namespace configured and working fine. Now I want to use DFS-R. However I thought it was not supported. Do you know if it’s supported by Microsoft?

  17. Dear,

    I did move fileshare from SAN to Local storage, I am facing the below mentioned error:

    Unexpected exception.

    Message=Error: Path \\SIDCS4BSHARE02.in.ril.com\SKYPESHARE01\1-WebServices-67\StorageService failed to be read for flushed data. Error details: System.UnauthorizedAccessException: Access to the path ‘\\SIDCS4BSHARE02.in.ril.com\SKYPESHARE01\1-WebServices-67\StorageService’ is denied.
    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
    at System.IO.FileSystemEnumerableIterator`1.CommonInit()
    at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
    at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption, Boolean checkHost)
    at System.IO.Directory.InternalGetFiles(String path, String searchPattern, SearchOption searchOption)
    at Microsoft.Rtc.Internal.Storage.Sql.LyssDal.CheckFilePathForFlushedFiles(StoreContext ctx, String parentFilePath, Boolean checkArchived, Boolean& errorOccurred, Int32& numDataFilesToReport)

    Exception: Access to the path ‘\\SIDCS4BSHARE02.in.ril.com\SKYPESHARE01\1-WebServices-67\StorageService’ is denied.
    Stack Trace: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
    at System.IO.FileSystemEnumerableIterator`1.CommonInit()
    at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
    at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption, Boolean checkHost)
    at System.IO.Directory.InternalGetFiles(String path, String searchPattern, SearchOption searchOption)
    at Microsoft.Rtc.Internal.Storage.Sql.LyssDal.CheckFilePathForFlushedFiles(StoreContext ctx, String parentFilePath, Boolean checkArchived, Boolean& errorOccurred, Int32& numDataFilesToReport)
    Cause: Unexpected exception.
    Resolution:
    If problem persists, notify your organization’s support team with the event detail.

    Also, after this activity, PPT sharing option is not visible in client.

    Can you please guide on the same?

  18. HI jeff,
    great article.

    I have basic question that you could probably hellp me with.

    i have 2 sfb standard. do i need two shared folders ( one on each server) or they use the same shared folder ?

    thanks

  19. Hi,

    We have a Lync 2013 deployment with two FE Pools in a Pool Pairing scenario. Our fileshares is on a NetApp fileshare which we understand is a big no no, so we would like to move it to a DFS.

    The fileshare is prepared long ago, but no one has done the move because all instructions we can find says that al services have to be stopped on the FE servers and copy everything from the old fileshare to the new. Stopping all services in the primary pool is ok, but starting them up would take several hours right? Wouldn’t that be like a pool-failback?

    So I have two questions

    Do you really need to copy the data from the old fileshare, isn’t it recreated?

    If it is needed, what is it that is needed from the old fileshare?

    Regards

    MIcke

  20. Great article Jeff. Just what I needed.

    Some bright spark has de-commed a legacy Tier 1 VM which just happened to have the Skype File Share sitting on it. As a result users have lost the ability to search contacts and loss of presence.

    As you said the Topology will do all the heavy lifting, so I if I create a folder on the new share, say called ‘SkypeShare’, the topology will then build the rest of the file structure including Access?

    I then gather I will have to manually reconfigure IIS with the new file share path?

Leave a Reply

Your email address will not be published. Required fields are marked *