About Me

My photo
This is a blog for John Weber. One of my joys in life is helping others get ahead in life. Content here will be focused on that from this date forward. John was a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). I used to write a variety of articles (https://tsoorad.blogspot.com) on technical issues with a smattering of other interests. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. The opinions expressed on this blog are mine and mine alone.

2013/10/16

Lync 2013 Remote Admin with PowerShell

Scenario

You would like to use your desktop/laptop to administer your Lync 2013 environment, or you need to supply some RBAC access to a specific administrative group – i.e., voice admins.  Additionally, you don’t want to give remote server access to everyone.  In this article, we will take a look at what is needed to accomplish this.  But, before you begin, read this, which is a TechNet blog on how to do this with Lync 2010.  Then read MVP Curtis Johnstone’s blog on this, and then this other blog from TechNet.  Maybe I am a bit dense, but it took me all three to put this together.  If you are looking to do this for Lync Online, read this. and then this.

Requirements:

Lync 2013 is 64-bit.  No getting around this.  What this means is that you cannot deploy the Lync 2013 Administrative tools to an x86 machine.  If you have a squeaky new Windows 8 x64 machine, you are all set.  But if you have an x86 or x64 Windows 7 machine (probably the vast majority) – you will need to do some preparation. 

At any rate, you need to ensure that your Win7 is at SP1.  Then you need to install .Net 4.0 – the entire thing, not just the client side.  You can get the .net 4.0 here. You may also attempt to use .net 4.5; but for this exercise, I used the 4.0.  After you get done with these installs, you will of course want to think about re-running Windows Update to pick up the myriad patches that will ensue.  Next, you are going to need PowerShell V3.  You can get that here.  In my little world, I had a heck of a time getting PowerShell v3 to install on my Win7 x86 VM.  I ended up having to throw it (the VM) away and start from a fresh install.  YMMV.

Once we have that in place, you can proceed with setting up for one of two scenarios:  x64 or x86.

If you have x64, then you can simply open the Lync 2013 Deployment wizard (in my lab the Lync setup is located on a mounted ISO: d:\setup\amd64\setup.exe ) and install the admin tools.

image

If you have x86, you are going to be limited to running just PowerShell in remote mode.  Which is the whole point to this article, eh?  Let’s take a look at what needs to be done so that you can bask in the goodness that is remote PowerShell and Lync 2013 administration.  Remember that using credentials that equate to a RBAC role of, say, CSUserAdministrator, will result in only those cmdlets that support that functionality.  You can read up on Lync RBAC here.

If your servers are on your network, fine.  If you are really remote, you will need a VPN of some sort so that you can connect yourself to the network subnet in question. Once you have the network connection part figured out (and no, I cannot help you with that), you are ready for this:

# get creds for remote environment

$credential = get-credential "domain\johnw"

# set session options to bypass the PKI checks - I trust the far side

$sessionoption = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck

#create new session

$session = New-PSSession -ConnectionUri https://somelyncfrontendserverFQDN.domain.com/ocspowershell -Credential  $credential -SessionOption $sessionOption

# assuming the above line worked, import the cmdlets needed for Lync

import-pssession $session

A few notes:  You are going to have to have some credentials – no getting around that.  I also tend to go straight at an FE, not to the Load Balancer.  The $sessionoption line causes the Front End server IIS internal services certificate to be basically ignored, so if you connect to a domain server from a non-domain workstation, you should be OK.  The actual script line for my connection was:

$session = New-PSSession -ConnectionUri https://ls2013e2.tsoorad.net/ocspowershell -Credential  $credential -SessionOption $sessionOption

Don’t overlook the “https”  - http will not work.

Operations

Here is the script in action on an non-domain member, x86, Windows 7 SP1 workstation:

image

Asking for credentials

image

Credentials accepted, session established, and fetching the Lync cmdlets from the server

image

Just to show we have what we really want, here is the CS* cmdlets…

 image

Remember that from your reading through the references I give you up above, not ALL of the Lync cmdlets will work.  Synthetic transactions, for instance, need to run directly on the server.  For a refresher on that information, see this.

But, to prove that we can control Lync Server remotely, a quick list of my lab CS users:

image

YMMV

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

test 02 Feb

this is a test it’s only a test this should be a picture

  • International Call Test Number
    Do you need to test outbound calling to international numbers but your customer doesn’t have anyone just sitting there waiting for your call...
  • Frontier FIOS and static IP
    Background About four months ago, I made the decision to extend my lab, Tsoorad.net, out to the larger world of the internet.  I have sever...
  • 1008;reason=Unable to resolve DNS SRV record
    ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";domain="domain.com";dns-srv-result="NegativeResult&q...