Lync 2013 Mediation Server Direct SIP with Gamma Telecom & Sonicwall

This post is about how to set up a Lync Server Mediation server to support Direct SIP whilst utilising Gamma Telecom SIP and a Sonicwall Firewall.

This is the way that I did it, you may choose to do it differently. Leave a comment if you got this working another way.

The reason why you need to configure 2 NICs on the Mediation server is because Gamma require the external IP address to be present in the SIP OPTIONS. Normally this isn’t a problem as many firewalls have a SIP ALG. In simplified terms this means that they NAT the SIP traffic so that it appears to come from your external IP address. Sonicwall can do this for SIP over UDP but not for SIP over TCP. Because of this and the requirements from Gamma it’s necessary to have an external public IP address on your mediation server.

There’s a great post here about how to setup Lync Mediation server with “Duel homed” NICs. You’ll need to do this, and as it’s such a good post I’m not going to re-create it.

You’ll also need to stick one leg of your Mediation server in a DMZ on the Sonicwall and configure the DMZ in Transparent mode. Another good post here detailing how to setup your Sonicwall DMZ to support this.

Here’s how your mediation server should look in the topology builder.


Here’s the Gateway.


And here’s the Trunk.


That should get you going.

Bye for now.

Advertisements

How to configure Lync 2013 QoS

This is the way that I did it. You may not want to use the same ports, but they’re the standard ones mentioned on Technet. Also I’m aware that you can push out the registry setting via GPO so I’ll leave you to sort that bit out.

Lets go…..

Configuring Port Ranges for Your Conferencing, Application, and Mediation Servers

To implement Quality of Service, you should setup the same port ranges for audio, video, and application sharing on your Conferencing, Application, and Mediation servers.

Property

Conferencing Server

Application Server

Mediation Server

AudioPortStart

49152

49152

49152

AudioPortCount

8348

8348

8348

VideoPortStart

57501

VideoPortCount

8034

ApplicationSharingPortStart

49152

ApplicationSharingPortCount

16383

 

Configuring a Quality of Service Policy for Your Conferencing, Application, and Mediation Servers

 

  1. In Group Policy Management, locate the container where the new policy should be created. For example, if all your Lync Server computers are located in an OU named Lync Server then the new policy should be created in the Lync Server OU.
  2. Right-click the appropriate container and then click Create a GPO in this domain, and Link it here.
  3. In the New GPO dialog box, type a name for the new Group Policy object in the Name box (for example, Lync Server QoS) and then click OK.
  4. Right-click the newly-created policy and then click Edit.
  5. In the Group Policy Management Editor, expand Computer Configuration, expand Policies, expand Windows Settings, right-click Policy-based QoS, and then clickCreate new policy.
  6. In the Policy-based QoS dialog box, on the opening page, type a name for the new policy (e.g., Lync Server QoS) in the Name box. Select Specify DSCP Value and set the value to 46. Leave Specify Outbound Throttle Rate unselected, and then click Next.
  7. On the next page, make sure that All applications is selected and then click Next. This simply ensures that all applications will match packets from the specified port range with the specified DSCP code.
  8. On the third page, make sure that both Any source IP address and Any destination IP address are selected and then click Next. These two settings ensure that packets will be managed regardless of which computer (IP address) sent those packets and which computer (IP address) will receive those packets.
  9. On page four, select TCP and UDP from the Select the protocol this QoS policy applies to dropdown list. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two networking protocols most-commonly used by Lync Server and its client applications.
  10. Under the heading Specify the source port number, select From this source port or range. In the accompanying text box, type the port range reserved for audio transmissions. For example, if you reserved ports 49152 through ports 57500 for audio traffic enter the port range using this format: 49152:57500. Click Finish.

 

Do the same for Video but set DSCP to 34 and use ports 57501:65535.

Again for Application sharing, DCSP 24 and ports 40803:49151.

Here’s what it should look like:

Apply the new GPO to your Lync 2013 servers and run gpupdate/force on the Lync servers to apply them or wait for them to apply automatically.

Apply this registry setting to ensure that Windows obeys the QoS settings.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\QoS]

“Do not use NLA”=”1”

If your QoS is being applied correctly you will see the following entries in the Registry on your Lync servers.

 

Configuring Port Ranges for Your Edge Servers

 

Packet Type

Starting Port

Number of Ports Reserved

Application sharing

40803

8348

Audio

49152

8348

Video

57500

8034

Totals

24730

 

This will configure all Edge servers to use the above range of ports.

Get-CsService -EdgeServer | ForEach-Object {Set-CsEdgeServer -Identity $_.Identity -MediaCommunicationPortStart 40803 -MediaCommunicationPortCount 24730}

 

 

Configuring a Quality of Service Policy for Your A/V Edge Servers

  1. Click Start and then click Run.
  2. In the Run dialog box, type gpedit.msc and then press ENTER.
  3. In the Group Policy Management Editor or the Local Group Policy Editor, expand Computer Configuration, expand Policies, expand Windows Settings, right-clickPolicy-based QoS, and then click Create new policy.
  4. In the Policy-based QoS dialog box, on the opening page, type a name for the new policy (e.g., Lync Server Audio) in the Name box. Select Specify DSCP Value and set the value to 46. Leave Specify Outbound Throttle Rate unselected, and then click Next.
  5. On the next page, make sure that All applications is selected and then click Next. This setting instructs the network to look for all packets with a DSCP marking of 46, not just packets created by a specific application.
  6. On the third page, make sure that both Any source IP address and Any destination IP address are selected and then click Next. These two settings ensure that packets will be managed regardless of which computer (IP address) sent those packets and which computer (IP address) will receive those packets.
  7. On page four, select TCP and UDP from the Select the protocol this QoS policy applies to dropdown list. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two networking protocols most-commonly used by Lync Server and its client applications.
  8. Under the heading Specify the destination port number, select From this destination port or range. In the accompanying text box, type the port range reserved for audio transmissions. For example, if you reserved ports 49152 through ports 57500 for audio traffic then enter the port range using this format: 49152:57500. Click Finish.

Do the same for Video but set DSCP to 34 and use ports 57501:65535.

Again for Application sharing, DCSP 24 and ports 40803:49151.

Apply this registry setting to ensure that Windows obeys the QoS settings.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\QoS]

“Do not use NLA”=”1”

 

Configuring Port Ranges for Your Microsoft Lync Clients

 

Client Traffic Type Port Start Port Range
Audio 50020 20
Video 58000 20
Application sharing 42000 20
File transfer 42020 20

 

Enabled client media ports and set them to the above:

Set-CsConferencingConfiguration -ClientMediaPortRangeEnabled $True -ClientAudioPort 50020 -ClientAudioPortRange 20 -ClientVideoPort 58000 -ClientVideoPortRange 20 -ClientAppSharingPort 42000 -ClientAppSharingPortRange 20 -ClientFileTransferPort 42020 -ClientFileTransferPortRange 20

 

Configuring Quality of Service Policies for Clients Running on Windows 7 or Windows 8

 

  1. In Group Policy Management, locate the container where the new policy should be created. For example, if all your client computers are located in an OU named Clients then the new policy should be created in the Client OU.
  2. Right-click the appropriate container and then click Create a GPO in this domain, and Link it here.
  3. In the New GPO dialog box, type a name for the new Group Policy object in the Name box (for example, Lync Audio) and then click OK.
  4. Right-click the newly-created policy and then click Edit.
  5. In the Group Policy Management Editor, expand Computer Configuration, expand Policies, expand Windows Settings, right-click Policy-based QoS, and then clickCreate new policy.
  6. In the Policy-based QoS dialog box, on the opening page, type a name for the new policy (e.g., Lync Audio) in the Name box. Select Specify DSCP Value and set the value to 46. Leave Specify Outbound Throttle Rate unselected, and then click Next.
  7. On the next page, make sure that All applications is selected and then click Next. This setting instructs the network to look for all packets with a DSCP marking of 46, not just packets created by a specific application.
  8. On the third page, make sure that both Any source IP address and Any destination IP address are selected and then click Next. These two settings ensure that packets will be managed regardless of which computer (IP address) sent those packets and which computer (IP address) will receive those packets.
  9. On page four, select TCP and UDP from the Select the protocol this QoS policy applies to dropdown list. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two networking protocols most-commonly used by Lync Server and its client applications.
  10. Under the heading Specify the source port number, select From this source port or range. In the accompanying text box, type the port range reserved for audio transmissions. For example, if you reserved ports 50020 through ports 50039 for audio traffic enter the port range using this format: 50020:50039. Click Finish.

Do the same for Video but set DSCP to 34 and use ports 58000:58019.

Again for Application sharing, DCSP 24 and ports 42000:42019.

Finally for File Transfers, DCSP 14 and ports 42020:42039.

 

Apply this registry setting to ensure that Windows obeys the QoS settings.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\QoS]

“Do not use NLA”=”1”

 

Switch and Firewall QoS

There no use setting all this up if your switches and firewall aren’t configured in the same way, or at least to preserve and adhere to the settings you’ve set.

QoS & the Internet

Hah. Good luck with that.