Jason Lee

Project Scope
Preparing for Deployment – Research and Education and Pricing
Deployment of Standard Server & Director Role
Deployment of Edge and Reverse Proxy
Deployment of Lync Voice Capabilities
Configuring Lync PSTN Calling thru Avaya IPOffice
Configure Lync 4 Digit Extension Dialing without DIDs
Configure Asterisk as a SIP Proxy for Avaya IPO and and Lync
Deployment of Lync Client to users
Testing Configuration of Backup Registrar
Training

Continuing the series in our Lync Deployment.  As we are approaching the date that we will completely cut over all users to lync we wanted to build in some redundancy to our deployment. 

We have done this by licensing a second standard server and configuring it in the topology as a backup registrar.  This will allow us to have a fail over server to host all voice calls in the event of a failure to the primary standard edition server (PSE).  The Backup Standard Edition Server (BSE) will provide voice capabilities and limited IM capabilities in a production down situation of the PSE. 
Note: for calls to be made in a ‘failed over’ scenario backup calling routes will need to be configured for the BSE mediation role as discussed in a future post

So we have configured our backup in the topology (how to in a future post) and configured the failover routes so it is time to test the scenarios.  For our testing we want to confirm that the PSE can fail and we can still make calls to the PSTN and if the PSTN is not available make a call out the analog backup lines.

You will want to review the default setting in your topology to set it to the lowest value possible when testing otherwise this test could take 15-20 minutes depending upon your value selected to fail over to a backup registrar. 

Our test was to remove the NIC from the PSE, the Lync clients will disconnect, attempt to re-connect and after the specified time connect to the BSE as the fail over registrar and make calls via the PRI and Pots lines.

However after configuring a Backup Registrar Lync Clients wouldn’t login during a failed server.  The clients would drop the connection as expected but however, they wouldn’t login to the backup registrar with limited functionality as expected. 

Side note… Kudos to @DHannifin helping figure this one out…
check out our awesome buddy Dustin’s blog: http://www.technotesblog.com/ for lots of Uber good Lync goodness.

Even after changing the fail over time to just 30 seconds, the phone handset endpoints would login and calls could be made, but the Lync client would fail to login.   After some digging in the trace logs we found client that wouldn’t connect that we were getting an unauthorized error because the newly added BSE server wasn’t in the user certificate issued by the server to the client so the Lync client didn’t trust the backup registrar.

The Lync Client uses a certificate for communications with the front end server.  This certificate is not updated very often, in fact the default value to when it will update is 8760 HOURS that’s 365 DAYS!  (A little longer than we wanted to wait for our testing…)

You can use the PowerShell command: Get-CSWebServiceConfiguration
to review the current values of your setting for MaxValidityPeriodHours’

Since we didn’t have a year to wait, there are a couple solutions.
1. Change the default value by using the PowerShell command
Set-CSWebServiceConfiguration but this changes the cert settings for all clients and would require time for replication.
or
2. Delete the certificate on the machine that you are using for testing. This is a little more killing a fly with a sledge hammer, but for this testing appeared to be the best solution.

So in a testing scenario where you don’t want to change the re-issue certificate settings, on the machine you are using to test, simply launch an mmc window add the add-in for certificates and choose to manage users certificates.  Next browse to the personal certificates where you should find a certificate named the SIP URI of the user you are logged in as and it is issued by ‘Communications Server’. Delete the certificate and then restart your Lync Client (exit the application not just log off). 

Note: After deleting the cert, before you re-launch the Lync Client, you will need your primary front end server online so a new certificate can be issued to the client on the workstation.  Otherwise you still will not have valid certificate to connect and since the PSE is offline your client will try to connect to the BSE for which it still doesn’t have a valid cert.

After you re-connect to Lync to the PSE you can then power off the PSE (or remove the virtual nic from the virtual machine as we did.) You will notice the Lync client log off and after your Backup Registrar time out passes Lync will login to the Backup Registrar.  You will know this has happed when you see the Lync client display the red bar indicating limited functionality.

If you have correctly configured a backup call route to your gateway, all voice calling will route out the gateway as if your Lync topology was operating normally.

Note: In an actual failover after you have configured all backup routes a call in progress should stay active even while the Lync Client is going thru its log off/log on process to connect to the backup registrar.  If you are in an active call during this fail over, your call should stay connected, BUT it will disconnect if you hit cancel on the Lync client during the reconnection process.

Church IT, Tech, Uncategorized IPO, IPOffice, Lync, POTs, PSTN

Its been just over a year since we launched CheckPoint, an ACS Technologies product, as the software we used to do electronic check in our Discoveryland (Children’s Ministry), birth thru 5th grade.  Being a year out from that launch I am posting a series of posts evaluating the project and also documenting the launch of our second phase in our Jr Hi and Sr. High ministries.

This series of posts will not specifically look at ACS’ Checkpoint product or how to deploy checkpoint specifically, but you can review that by checking out the workshop Taught at the 2009 ACS Convention.

Part 1: Why Biometric?
Part 2: Why Vein Scanning?
Part 3: Installing M2sys Vein Scan Server & Configuring the Database
Part 4: Installing M2Sys BioPlugin Vein Scanning Client
Part 5: Configuring the M2sys Vein Scanning Client and ACS CheckPoint

The Discoverlyand launch used Finger Print Scanners and software made by M2sys.  The parent uses the biometrics to authenticate to the system and in turn sees their family record on screen.  The Choice to use finger print scanning was driven by two factors: speed of check-in and security.

CheckPoint already had the ability to use barcodes and phone number lookup but two concerns were identified with those methods used exclusively.  The first concern is you could always leave the barcode in the car or at home and you would need to then check-in at a desk (taking time away from guest services) or use another method like name or number lookup.  The concerns name and phone number lookup was it took longer for each person to check-in and we couldn’t require pre-registration before using express check-in.  Name and Number lookup might result in you finding your family, but that might be from other involvement (giving, small group, etc) in the church and those vehicles for getting in the database might not include capturing family information.  Resulting in a poor user experience where you can display your record but your children aren’t able to be checked into the system.

Discoveryland has established a process for registration that needs to be completed before you use express check-in for a classroom.  This process includes parents agreeing not to drop children off and and run to the grocery as well as other logistics of how old is your child and what grade are they in.  With this information we can, which a much higher percentage of accuracy, know that your check-in process will work more smoothly.

Once the pre-registration data is collected and entered into the database a family can be pre-register for express check-in with the finger scan.

With the finger scanning we were able to speed up the process of check-in as well as limit the usage of the system to those who have appropriately identified themselves to the Discoveryland team.

Next Part 2: Why Vein Scanning vs.Finger Print Scanning

Uncategorized

As some may know our operations director, Jerry Croegaert, is recently Retired Lt. Col. Jerry Croegaert (ANG), Commander of the 169th Air Support Operations Squadron.  Well today we took a field trip to see the old stomping grounds of our new leader.  The 169th shares a base with the 182nd Airlift Wing (a C130 Unit). Jeremie, Linda, Melanie and I went along with Jerry to the Air National Guard base in Bartonville, IL.
The primary reason for our visit was information sharing with the Coms personnel on base.  This was a great opportunity to see how they are doing all things IT as well as share our successes at Northwoods and the ANG as well as our struggles.  It was interesting to learn that their operations are very similar to ours (well except people don’t die if we mess things up) and they struggle with many of the same issues as those in the CITRT community… Limited Budget, Expectations to provide cutting edge technology and support and train our users to utilize that technology.
One take away from our trip was the accountability from the top down of the organization of Technology Continuing Education. MSgt George Garcia will be sending over some samples of their online Education tools that I hope to digest and reuse in our environment.
I would share some photos from the DataCenter but we had to turn our cameras/phones in during that part of the tour.

Here are some photos from the rest of the base where we were allowed to take photos (Jeremie and I asked several times if it was ok to take photos in specific areas we didn’t want to see anyone get tackled like in the Terry Tate commercials.)

A C130 Taking off

A C130 in the Hanger

Our Team inside the belly of a C130

Church IT, Uncategorized

Last week our media director, the new user of the MacPro, called and said his files were gone off a directory on his windows machine.  We use a shared directory on the PC in the tech booth as a temporary landing place for the media files that are going to be transferred to the hard drive based playback unit that plays all video for our main stage events.

We use this ‘transfer’ folder to stage the files to ftp to the Ederol since the internal FTP server on the Ederol is quite flaky and it helps sit right right at the unit to do the transfer (Roland said it doesn’t get any better so we found a good work around).

So a week after the MacPro and the newly reformatted G5 were in production we noticed files just disappearing out of the transfer directory.  After closer inspection the files would copy over the network, then when the file is completely copied it deletes off the PC.  File transfers from a PC to this directory work fine.  So we decided maybe its a root permissions issue in the OS so we reformatted the PC… but the problem remains.

We have specifically narrowed it down to file transfer from two macs and it only fails if there are no files in this directory.  If there is a blank .txt file in this directory all is good, if the directory is empty the copy from the Mac fails.

Worst thing about this is if we call either Windows or Apple support its going to be a blame game I am sure…

Nothing more frustrating than identifying the problem and having no solutions…. What are your Thoughts?

Church IT, Uncategorized

I came in to the office this morning to hear that my co-workers were shaken awake this morning by the earthquake. It wasn’t that unbelievable since I know we are on a fault line and we have a extension of our Home-Owners insurance just for earthquakes, but I completely slept thru the whole event.

Our Campus Services Director, Mark, said his kids were shaken awake and noticed their ceiling fans moving and the noise was loud enough it sounded like a tree had fallen on the house. 

Is it bad that you come to work completely unaware you slept through a 5.2 magnitude earthquake? What does it say about you when you can sleep thru an Earthquake?  Is it bad when you are just a little bit bummed out that you slept thru an Earthquake?

Now I understand why we have Earthquake insurance on our Home-Owners Policy, not a bad investment of $6 per year.

Here is the report from FoxNews

Uncategorized

Jeremie has blogged about why we are moving to our new DataCenter so i’ll show you some photos of the progress.  The fire suppresion system was installed last week. 

Church IT, Uncategorized DataCenter Relocation

So thinking of what I am thankful for today in no specific order:

• A great family to spend the day with (family and in-laws)
• A wonderful wife who is my best friend and supports me in ministry
• A awesome staff who serves tirelessly to support Northwoods’ IT needs
• A growing relationship with Christ
• A supervisor who is a helping me grow as a leader
• Being part of a growing church family

Uncategorized thanksgiving