Tuesday, December 18, 2012

Removing a Lync Server 2010 Standard server from an existing topology

Recently, I’ve found that I’ve had to remove a lot of Lync Server 2010 Standard servers from existing environments recently as most of my clients prepare for their upgrades to Lync Server 2013 and while I’ve performed this a few times in the past whether due to test pools that were deployed or other reasons, I noticed that I haven’t actually written a blog post demonstrating the process so this post serves to show the steps required.

First, I would like to clarify that the purpose is to remove additional standard edition servers and not to remove the whole Lync Server 2010 deployment so please DO NOT perform the following in the Topology Builder:

Topology –> Remove Deployment…

image 

The step above will remove your whole Lync Deployment from the environment so unless your intention is to completely uninstall Lync Server 2010 as demonstrated in one of my previous posts:

Step-by-Step instructions for uninstalling a Microsoft Lync Server 2010 Enterprise Pool
http://terenceluk.blogspot.com/2011/01/step-by-step-instructions-for.html

… make sure you don’t accidently select this option.

Step #1 – Migrate all users, Exchange UM contacts and Analog Devices from the pool

Prior to actually removing the standard server from your existing Lync Server 2010 topology, you’ll need to first remove all of the users, Exchange UM contacts and Ana log devices within the pool.  You can get a list of users by either using the Lync Server 2010 Control Panel as such:

Users node:

image

Search for users filtered by Registrar pool:

image

… or using the Get-CsUser PowerShell cmdlet as such:

Get-CsUser -Filter {(Enabled -eq $true) -and (RegistrarPool -eq "<Standard Server FQDN>")}

More information about the Get-CsUser cmdlet can be found here: http://technet.microsoft.com/en-us/library/gg398125.aspx

To migrate users, you can either use the Lync Server 2010 Control Panel’s User node, click on Action –> Move all users to a pool:

image

Select the proper pool for both Source registrar pool and Destination registrar pool:

image

Confirm to complete the move:

image

image

Alternatively, you can use the PowerShell cmdlet Move-CsUser to move the users.  More information about this cmdlet can be found her: http://technet.microsoft.com/en-us/library/gg398528.aspx

Once all user objects have been migrated away from the standard server, proceed with identifying any Exchange UM Contacts and Analog Devices still attached to the pool by using the following cmdlets:

Get-CsExUmContact -Filter {(Enabled -eq $true) -and (RegistrarPool -eq "<Standard Server FQDN>")}

More information about the Get-CsExUmContact can be found here: http://technet.microsoft.com/en-us/library/gg412725.aspx

Get-CsAnalogDevice -Filter {(Enabled -eq $true) -and (RegistrarPool -eq "<Standard Server FQDN>")}

More information about the Get-CsAnalogDevice can be found here: http://technet.microsoft.com/en-us/library/gg398748.aspx

… and use the commands Move-CsExUmContact (http://technet.microsoft.com/en-us/library/gg425842.aspx) and Move-CsAnalogDevice (http://technet.microsoft.com/en-us/library/gg398816.aspx) to move the rest of the objects out of the server that will be decommissioned.

Step #2 – Remove Conference Directories from the Standard Server

With the user, Exchange UM contacts and Analog devices removed, the next step is to remove the conference directory associated with the standard server.  You can’t actually use the Topology Builder to do this so begin by opening up the Lync Server Management Shell and execute the following:

Get-CsConferenceDirectory

The cmdlet will display something similar to the following:

PS C:\Users\tluk> Get-CsConferenceDirectory

Identity : 1

ServiceId : UserServer:svrlyncstd01.domain.internal

TargetServerIfMoving :

Id : 1

Fingerprint : 8f98bbd8-f2d1-4816-9de0-1c17331a4542

Identity : 2

ServiceId : UserServer:svrlyncstd02.domain.internal

TargetServerIfMoving :

Id : 2

Fingerprint : b8731540-abdf-4e2d-905c-06dff6b9e60e

image

The Conference Directory we’re interested in is the one associated to the server we’re about to decommission so proceed by using the following cmdlet to remove it from the server:

Remove-CsConferenceDirectory - Identity #

**Note that the # is the the value listed in the output provided by the Get-CsConferenceDirectory cmdlet.

In this example, the Conference Directory we’d like to remove is number 2 so we’ll execute the following cmdlet and confirm when asked:

PS C:\Users\tluk> remove-csconferencedirectory -identity 2

WARNING: You are about to delete the last conference directory. Users on this

pool won't be able to schedule PSTN conferences anymore.

Confirm

Are you sure you want to perform this action?

Performing operation "Remove-CsConferenceDirectory" on Target "Conference

directory 2".

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help

(default is "Y"):yes

PS C:\Users\tluk>

image

Executing the cmdlet Get-CsConferenceDirectory will now list the remaining directory for the pool we’ll be keeping:

image

While the next logical step may seem to be to execute the Enable-CsTopology cmdlet to publish these changes, do not do so because it will automatically recreate the Conference Directory we just created.

Step #3 – Removing Lync Server 2010 Standard Server from Topology

With the previous steps completed, we can now proceed with removing the standard server from the Topology Builder as such:

image

As we’re deleting the server, we’ll also be asked whether we would like to delete the file store associated to it so continue by selecting Yes:

image

Upon successful deletion of the server, we’ll see that both the server and file store object is removed from the Topology Builder:

image

Note that deleting objects in the Topology Builder doesn’t actually remove the deleted items right away so the next step is to publish the topology as such:

image

image

image

Confirm the deletion:

image

… and verify that all steps have succeeded:

image

Step #4 – Remove Lync Components from the Standard Server

With the standard server removed from the topology, proceed with removing the Lync Server 2010 components installed by running the Deployment Wizard and selecting Install or Update Lync Server System:

image

Then select Setup or Remove Lync Server Components:

image

Proceed with the wizard:

image

image

Upon completion, all of the core components will be uninstalled:

image

From here on, you have the choice of manually going into Programs and Features to remove the remaining components if you intend on reusing the server (not recommended):

image

… or you can simply disjoin the server from the domain and delete it if it’s a virtual machine or reinstall the OS if it’s a physical server.

Sunday, December 16, 2012

Microsoft Lync Server 2013 Enterprise Pool Database Permissions

As with one of my previous posts for Microsoft Lync Server 2010 where I documented the permissions for the databases created on the back-end server for a Lync Server 2013 pool:

Microsoft Lync Server 2010 Enterprise Pool SQL Database Permissions
http://terenceluk.blogspot.com/2011/01/microsoft-lync-server-2010-enterprise_31.html

… this post serves to do the same for the new Lync Server 2013.

Upon successfully deploying Lync Server 2013, the following databases are created:

  • cpsdyn
  • rgsconfig
  • rgsdyn
  • rtcab
  • rtcshared
  • rtcxds

image

The following screenshots show the accounts assigned to these databases:

  • cpsdyn

image

  • rgsconfig

image

  • rgsdyn

image

  • rtcab

image

  • rtcshared

image

  • rtcxds

image

Logins

The following are logins created for the SQL server:

  • RTCComponentUniversalServices
  • RTCHSUniversalServices
  • RTCUniveresalReadOnlyAdmins
  • RTCUniversalServerAdmins

image

The method I usually use to do a quick audit of databases is actually to execute the stored procedure: sp_helplogins which will allow me to quickly have a look at which account has what permissions. With that being said, since there may be administrators reading this post who are not familiar with SQL, I will paste the screenshots for the properties of each login before I paste the table:

RTCComponentUniversalServices

imageimage

imageimage

imageimage

**Note that you should ignore the mgs database because that belongs to a Persistent Chat (the new Group Chat) deployment.

RTCHUniversalServices

imageimage

imageimage

RTCUniversalReadOnlyAdmins

imageimage

imageimage

imageimage

RTCUniversalServerAdmins

imageimage

imageimage

imageimage

As I mentioned earlier, the method I usually use to perform a quick audit of databases is actually to execute the stored procedure: sp_helplogins which will allow me to quickly have a look at which account has what permissions. The following is what the tables look like when you execute the stored procedure:

image

The table of interest in the 2 above is the second one at the bottom where it will list out all the services and their respective role membership. The following is the table copy and pasted into a table:

LoginName DBName UserName UserOrAlias
##MS_AgentSigningCertificate## master ##MS_AgentSigningCertificate## User   
##MS_PolicyEventProcessingLogin## master ##MS_PolicyEventProcessingLogin## User   
##MS_PolicyEventProcessingLogin## msdb ##MS_PolicyEventProcessingLogin## User   
##MS_PolicyEventProcessingLogin## msdb PolicyAdministratorRole MemberOf
##MS_PolicyTsqlExecutionLogin## msdb ##MS_PolicyTsqlExecutionLogin## User   
##MS_PolicyTsqlExecutionLogin## msdb PolicyAdministratorRole MemberOf
METALS\RTCComponentUniversalServices cpsdyn METALS\RTCComponentUniversalServices User   
METALS\RTCComponentUniversalServices cpsdyn ReadWriteRole MemberOf
METALS\RTCComponentUniversalServices mgc METALS\RTCComponentUniversalServices User   
METALS\RTCComponentUniversalServices mgc ServerRole MemberOf
METALS\RTCComponentUniversalServices rgsconfig METALS\RTCComponentUniversalServices User   
METALS\RTCComponentUniversalServices rgsconfig ReadWriteRole MemberOf
METALS\RTCComponentUniversalServices rgsdyn METALS\RTCComponentUniversalServices User   
METALS\RTCComponentUniversalServices rgsdyn ReadWriteRole MemberOf
METALS\RTCComponentUniversalServices rtcab METALS\RTCComponentUniversalServices User   
METALS\RTCComponentUniversalServices rtcab ServerRole MemberOf
METALS\RTCHSUniversalServices rtcshared METALS\RTCHSUniversalServices User   
METALS\RTCHSUniversalServices rtcshared ServerRole MemberOf
METALS\RTCHSUniversalServices rtcxds ConsumerRole MemberOf
METALS\RTCHSUniversalServices rtcxds METALS\RTCHSUniversalServices User   
METALS\RTCHSUniversalServices rtcxds PublisherRole MemberOf
METALS\RTCHSUniversalServices rtcxds ReplicatorRole MemberOf
METALS\RTCUniversalReadOnlyAdmins cpsdyn METALS\RTCUniversalReadOnlyAdmins User   
METALS\RTCUniversalReadOnlyAdmins cpsdyn ReadOnlyRole MemberOf
METALS\RTCUniversalReadOnlyAdmins rgsconfig METALS\RTCUniversalReadOnlyAdmins User   
METALS\RTCUniversalReadOnlyAdmins rgsconfig ReadOnlyRole MemberOf
METALS\RTCUniversalReadOnlyAdmins rgsdyn METALS\RTCUniversalReadOnlyAdmins User   
METALS\RTCUniversalReadOnlyAdmins rgsdyn ReadOnlyRole MemberOf
METALS\RTCUniversalReadOnlyAdmins rtcxds ConsumerRole MemberOf
METALS\RTCUniversalReadOnlyAdmins rtcxds METALS\RTCUniversalReadOnlyAdmins User   
METALS\RTCUniversalServerAdmins cpsdyn METALS\RTCUniversalServerAdmins User   
METALS\RTCUniversalServerAdmins cpsdyn ReadWriteRole MemberOf
METALS\RTCUniversalServerAdmins rgsconfig METALS\RTCUniversalServerAdmins User   
METALS\RTCUniversalServerAdmins rgsconfig ReadWriteRole MemberOf
METALS\RTCUniversalServerAdmins rgsdyn METALS\RTCUniversalServerAdmins User   
METALS\RTCUniversalServerAdmins rgsdyn ReadWriteRole MemberOf
METALS\RTCUniversalServerAdmins rtcxds METALS\RTCUniversalServerAdmins User   
METALS\RTCUniversalServerAdmins rtcxds PublisherRole MemberOf
sa cpsdyn db_owner MemberOf
sa cpsdyn dbo User   
sa master db_owner MemberOf
sa master dbo User   
sa mgc db_owner MemberOf
sa mgc dbo User   
sa model db_owner MemberOf
sa model dbo User   
sa msdb db_owner MemberOf
sa msdb dbo User   
sa rgsconfig db_owner MemberOf
sa rgsconfig dbo User   
sa rgsdyn db_owner MemberOf
sa rgsdyn dbo User   
sa rtcab db_owner MemberOf
sa rtcab dbo User   
sa rtcshared db_owner MemberOf
sa rtcshared dbo User   
sa rtcxds db_owner MemberOf
sa rtcxds dbo User   
sa tempdb db_owner MemberOf
sa tempdb dbo User   

If you’re not familiar with the table and the cells, try reconciling it with the following examples:

image image

Notice how I opened up the User Mapping for the account RTCUniversalServices under the database rtcshared and you see how only ServerRole was checked?

Hope this helps anyone that may come across a problem where their Lync Server 2013 front-end pool’s database permissions has been tampered with or modified unintentionally and needs to reference default settings.