As provided in the past this series of basic deployment articles will be used to capture a specific environment used as the foundation for many other Lync Server 2013 specific deployment articles.  Starting with a single Standard Edition Lync Server in a fresh Active Directory forest future articles will build on this deployment with additional component installation like Group Chat, Edge Services, Exchange Server integration, etc.

Throughout this series of articles the same basic instructional flow is used as in other articles.  Although it may not have been obvious, the usage of bulleted items is intentionally specific.  Steps starting with a bullet are typically mandatory to reach the same level of installation completion as the article intends to provide at the end.  Yet normal paragraphs without bullets may include optional steps intended to provide a deeper understanding of a previous action or cover the installation of optional tools or components used to aid in knowledge transfer of the topic at hand.  This format aids in skimming through the article for repeated installations.

Environment

For these articles specific to Lync Server 2013 a new lab environment has been created which is nearly identical to the one used in previous Lync Server 2010 articles.  One important change worth noting is that the internal Active Directory namespace is now configured as schertz.name as opposed to the previously used schertz.local domain name.  This was done to match newer best practices of moving away from using invalid Top Level Domain (TLD) names which would prevent the ability to issue public certificates for those internal services, as described in this previous article.  The primary SIP domain namespace will continue to be mslync.net throughout all articles.

• Physical Host: Windows Server 2008 R2 Hyper-V running on a Core2 Duo desktop-class system with 8GB RAM.
• Domain Controller: A single Windows Server 2012 x64 Standard Edition guest promoted to a domain controller for the new Active Directory forest root domain of schertz.name.
• Lync Server: A second virtual guest running Windows Server 2012 x64 Standard Edition and joined to the schertz.name domain.
• The default domain administrator account used to perform all steps is a member of the Domain Admins, Enterprise Admins, and Schema Admins domain security groups.
• The Forest and Domain functional levels were set to Windows Server 2012.
• A Windows Enterprise Certificate Authority was deployed on the domain controller to provide SSL certificates for internal services. The CA configuration was updated to provide access to the Certificate Revocation List via HTTP, as explained in this article.

Server and Forest Preparation

Before installation any of the Lync Server components it is best to install any prerequisite components on the targeted server so that steps like Active Directory preparation are easily dealt with.

• Mount the Windows Server 2012 installation media on the server to an available drive letter as some of the components to be installed will need to be read from the installation media as provided by the Source parameter in the following cmdlet (e.g. D:\sources\sxs).
• Launch Windows PowerShell by selecting ‘Run As Administrator’ and enter the following cmdlet to quickly install the .NET Framework package, the Remote Server Administrative Tools, and all additional prerequisites followed immediately by a required server reboot. (The Telnet Client is not a requirement but is helpful to have installed when troubleshooting any connectivity issues.)

Install-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Windows-Identity-Foundation, Desktop-Experience, Telnet-Client, BITS -Source D:\sources\sxs -Restart

• After the server finishes rebooting disconnect the Windows Server media and mount the Lync Server 2013 installation media.
• Launch the Lync Server 2013 Deployment Wizard from the following path and then select Yes if prompted to install the Microsoft Visual C++ Runtime package.

D:\Setup\amd64\setup.exe

• Confirm the default Installation Location or change the path to a different directory if desired.

C:\Program Files\Microsoft Lync Server 2013

• At the main menu of the deployment wizard select Prepare Active Directory and then click Run on Step 1: Prepare Schema.

If deploying in an environment with a single domain controller there is no need to run the optional verification processes.

• Select Run on Step 3: Prepare Current Forest and select the Local Domain as the Universal Group Location if desired.  If Lync is being installed into a multiple domain forest and the universal groups need to be stored in a domain other than the domain that the current server is a member of then enter the desired domain FQDN.
• Advance to Step 5: Prepare Current Domain to complete the Active Directory preparation steps.

To confirm some of the changes which were applied in these steps a few items can be spot checked.

• Run adsiedit.msc and connect to the Schema container to view the properties for the following object.  Confirm that the UpperRange attribute value is set to 1150 (which was incremented up from 1100 in Lync Server 2010).

CN=ms-RTC-SIP-SchemaVersion,CN=Schema,CN=Configuration,DC=schertz,DC=name

• Run dsa.msc to open Active Directory Users and Computers and then browse to the default Users container.  Look for a number of groups starting with ‘CS’ and ‘RTC’ in their names.  These groups were created during the Forest preparation step in the chosen domain.

• Run adsiedit.msc and connect to the Configuration container and browse to the following path.  Notice that a number of empty containers have been created where some of the Topology configuration will be stored when later published.

CN=RTC Service,CN=Services,CN=Configuration,DC=schertz,DC=name

Lync Server Preparation

This process will install the SQL Native Client and SQL Server Express components, as well as configure Windows Firewall exceptions for remote SQL connectivity. Mostly importantly it also deploys a SQL Express named instance, simply called RTC.  This instance will be the default location for the Central Management Store which is where Lync will store the majority of the global (forest-wide) configuration data.  The RTC Service container shown above in the AD Configuration partition is still used to store some data, but mainly for coexistence with previous versions of OCS.

• Return to the main menu of the deployment wizard and select Prepare First Standard Edition server.  It is normal for the installation to take a few minutes to complete during this step.

A quick glance at the Programs and Features control panel shows all of the components which were installed on the server once this process is completed.

The SQL Server Configuration Manager can be used to verify that the local SQL services are properly installed and running.

The newly installed SQL Server Express instance default database files can be found in the following location.

%ProgramFiles%\Microsoft SQL Server\MSSQL11.RTC\MSSQL

• Before moving further the domain Administrator account used throughout this process should be added as a member to the domain security groups CsAdministrator and RTCUniversalServerAdmins. 

• This user account should then logoff and back on to the Windows Server where Lync is being installed to update the associated security token.  Once logged back on use the following whoami commands in the Windows Command Prompt to verify the new group membership.

whoami /groups /fo list | findstr /i CsAdmin
whoami /groups /fo list | findstr /i RTC

The final preparation step is to manually create a file share on the server which will later be referenced during the Lync Server topology configuration.

• Create a new folder on the server (e.g. lyncshare) anywhere on the server.  The following path was used in this lab deployment.

C:\LyncShare

• Verify that the local Administrators group is already granted Full Control at the file permission level and then enable sharing for this folder.  Provide a name for the new share (e.g. lyncshare) and then assign Full Control share permissions to the administrator account currently being used to perform the installation.  These permissions will be more granularly defined when the Topology is published in a later step.

Deployment and Administration Tools Installation

Now that the first Lync server in the environment has been fully prepared the next step is install and run the Topology Builder tool.

• Return to the main menu of the Lync Server 2013 Deployment Wizard and select the Install Administrative Tools option.  An installation window will briefly appear followed by a green check box next to the component name in the wizard, indicating the installation was complete.

To verify the installation is is complete simply search the Windows Start Menu for “lync” to see the administrative tools.

Outside of the installation media Microsoft also provides a handful of great administrative and troubleshooting tools for Lync Server 2013.  It is recommended to download and install each of these packages on the server as they include some important tools used in other blog articles like OCSLogger, Snooper, or DBAnalyze.

• Lync Server 2013 Best Practices Analyzer
• Microsoft Lync Server 2013 Resource Kit Tools
• Microsoft Lync Server 2013 Debugging Tools

If all of the above packages are installed into the default directory then the tools can be found and launched from their respective installation directories.

%ProgramFiles%\Microsoft Lync Server 2013

Additionally it can be helpful to have access to the SQL Express database management tools on the local server.  Normally this is not needed but can be used for following some of the validation steps throughout these articles.  (Download and install only the SQLManagementStudio_x64_ENU.exe package from the following Microsoft Download page.)

• Microsoft SQL Server 2012 Express – Management Studio

Topology Definition

This section covers creating a new Lync Topology in a new Active Directory forest and domain.

• Launch the Lync Server 2013 Topology Builder application and select New Topology from the initial prompt.
• Save a new .tbxml file with any desired name (e.g. lynctopo.tbxml).
• For the Primary SIP domain enter the desired domain namespace (e.g. mslync.net). 

Add any additional desired SIP domains at this point , but a single SIP domain is sufficient for most deployments as well as this series of articles.

• Select a Name for the first site to be created in the topology (e.g. Chicago) and enter a Description if desired.
• Specify the locality information associated with the first Lync site and then complete the wizard.

At this point the Define New Front End Pool wizard should be automatically launched.

• On the Define Front End Pool FQDN page enter the Fully Qualified Domain Name (FQDN) of the Windows domain member server where the Lync Front End services will be hosted.  This would be the same server that all of the prerequisite components have been installed on.  Make sure that the server’s FQDN is correctly configured so that it matches exactly what is entered into the topology as this is how the later installation process identifies which components to install on the server.

• Select Standard Edition Server and advance to the next page.

• On the Select Features page choose the desired options for this installation.  To start only Conferencing and Enterprise Voice features will be selected, with additional components to be addressed in later articles.

• Retain the default enabled setting of Collocate Mediation Server on the Select Collocated Server Roles page.
• On the Associate Server Roles with this Front End Pool page leave the option blank as an Edge Server does not yet exist.  This setting will be addressed when an Edge Server is deployed in a later article.
• As this is a Standard Edition server then there will be no configurable options available on the Define the SQL Store page.  Take note of the automatically defined SQL Server store which is comprised of the server’s FQDN (lync.schertz.name) followed by the previously installed SQL Express instance name (RTC).

• On the Define a File Store page enter the name of the Windows file share created in the previous section (e.g. lyncshare).

• On the Specify the Web Services URL page the External Base URL will automatically be set to the same FQDN as the internal Front End server (e.g. lync.schertz.name).  For the purposes of this article the default setting will be retained and in the future when external services are published this will be updated to reflect the external namespace.
• The next page Select an Office Web Apps Server is new to Lync Server 2013 and is used to either define a new OWAS pool FQDN or associate this server with an existing OWAS pool.  As a later article will cover deploying OWAS simply uncheck this option and then click Finish to complete the wizard.  (Note that until this server is deployed that PowerPoint content sharing will be unavailable in Lync conferences as this is no longer performed by the Front End server.)

Upon completion the Topology Builder window should refresh and the defined settings will be populated as shown.

• Back at the main Topology Builder window select Edit Properties on the Lync Server root-level object.  Highlight the Simple URLs section and enter the desired Administrative Access URL (e.g. https://admin.mslync.net).  Technically his is an optional step as the administrative access URL is not required, but is a recommended way to access the Lync Server Control Panel via a web browser internally.
• Move down to the Central Management Server section and select the new Front End server (e.g. lync.schertz.name) as the location to install the CMS component on.

The final process is to publish the changes made to the topology into the Central Management Server database which also updates information in the RTC services container in Active Directory and sets up the folder structure and permissions on the file share.

• From the Action menu select Publish Topology.  The local server FQDN for the Central Management Store location should already be populated in the drop-down menu due to the previous step.  If all configuration steps were performed correctly then the wizard should complete without any errors or warnings.

As indicated by the To-Do List shown under Next Steps a couple of DNS records will need to be manually created to match the FQDN set in the Lync Server topology.

• Create new DNS Host (A) records for the Simple URLs on the internal DNS server’s forward lookup zone which match the SIP domain used.  Each record should point to the static IP address used by the server where the Standard Edition roles will be deployed, thus the same IP address as the lync.schertz.name server is used for all records.

meet.mslync.net
dialin.mslync.net
admin.mslync.net

To validate and understand the changes the Topology Builder has applied to Active Directory there are a number of places to look throughout the various results logs, within Active Directory, and the SQL databases themselves.

• Use adsiedit.msc to connect to the Configuration context and browse to the path shown below and notice that the previously empty containers are now populated with child objects and attributes.

CN=RTC Service,CN=Services,CN=Configuration,DC=schertz,DC=name

• The SQL Server Management Studio tool (if installed) can be used to connect to the RTC instance on the Lync Server to view the databases new xds and lis databases.

• The raw database files can be found on the Lync Server in the default installation directory shown below.

• Additionally the defined file share is now populated with the new folder structure and the required share permissions.

Summary

At this point all organization preparation steps have been completed and the next article in the series will focus on installation of the actual Lync Server components to the Standard Edition Front End server.