Monday, December 20, 2010

Understanding Recording and Configuration Options in Lync 2010

The Lync client comes equipped with full recording capabilities for both peer to peer conversations and conferencing.  This includes the ability to record audio, video, IM, and shared content.  With this great functionality (and great power) comes the need to control it.  Note that recording is not enabled by default.

This post will be separated into two parts: Administration and Client Experience.


Recording options are configured within the Conferencing Policy on the Lync server.  You can view and configure the policy by either navigating within the Lync Control Panel (LCP) to the Conferencing node or through the Lync Management Shell (LMS) using the CsConferencingPolicy commands.


LyncRec - LCP - conf


LyncRec - ConfPol1 - shell

Note: The above policies are looking at the Global Policy for conferencing.  If more granular policies are needed, then multiple policies can be created.

There are three parameters that are configurable that effects recording capabilities:

  • AllowConferencingRecording – Indicated whether users are allowed to record the meeting, and applies to all users taking part in the conference (default value is false)
  • AllowExternalUsersToRecordMeeting – Indicated whether external users (anonymous or federated) are allowed to record the meeting.  Note that this applies to the user who organizes the conference (default value is false and is dependent on the AllowConferencingRecording value set to true)
  • EnableP2PRecording – Indicates whether users will be able to record peer-to-peer sessions. (default value is false)

To enable one or all of these settings, within the LCP –> Conferencing –> Conferencing Policy tab, open the Global (or desired) policy.  Configure the settings as shown below:

LyncRec - ConfPol1 - markup

LyncRec - ConfPol2 - markup

Or these parameters can be set utilizing the Set-CsConferencingPolicy command.  In the following example, I enable P2PRecording with the following command:

Set-CsConferencingPolicy –EnableP2PRecording $True

LyncRec - EnableP2PRec - shell and output - markup

Client Experience

Now that users have been enabled for recording, the Lync client will have additional menu choices.  Within a conversation, a user can set their Recording Options by clicking the Alt key and selecting Settings –> Recording Options.

LyncRec - Menu-RecOptions

This will bring up the ability to set what modalities the user wants to configure to record.

LyncRec - RecOptions

During a conversation, a user can initiate a recording by selecting Start Recording option from the menu picks.

LyncRec - Menu-StartRec - startmarkup

While a conversation is being recorded the initiator will see:

LyncRec - Client - Recording - markup

And the attendee will see (if they are also using a Lync client):

LyncRec - Client - Recording - attendee view - markup

Once the recording has stopped, the Lync client will start processing the recording.  The initiator will be able to change any last minute options and also create a one-file *.wmv format of the recording (along with the multi-file native Lync format). 

LyncRec - Client - Recording - StopOptions

When Lync is installed, another component called the Lync Recording Manager is also installed.  This is the tool that will be used to view, publish, and manage recorded conversations.  You can access the Recording Manager either by accessing the program from the Start Menu, by clicking the System Tray icon, or by selecting Manage Recordings from within the client.

System Tray:

LyncRec - recordmgr - systray - markup

Client – Manage Recordings:

LyncRec - Menu-StartRec - manage markup

This will launch the Lync Recording Manager:

LyncRec - recordmgr - client

Note that options to Play, Browse, Publish, and Rename are available within the client.  To access the native files, you can click browse.  By default the recordings are saved in the user’s windows profile under the Lync Recordings folder.  Both the single file *.wmv and the multi-file Lync recording will be in this folder:

LyncRec - recordmgr - browse - wmv

The default recording location can be changed within the users’ client options:

LyncRec - SaveLocation - markup

As always, comments welcome.

Tuesday, December 14, 2010

Exchange 2010 SP1 Update Rollup 2 and Exchange 2010 Update Rollup 5 Available

An update for Exchange 2010 SP1 has just released and can be downloaded at: Exchange 2010 SP1 Update Rollup 2 Download

  • For a description of all the included fixes, see KB 2425179
An update for Exchange 2010 RTM has just released and can be downloaded at: Exchange 2010 Update Rollup 5 Download

  • For a description of all the included fixes, see KB 2407113
For those of you running DAGs, please see the following article: Applying Updates to Exchange 2010 SP1 

If you are running Forefront, it is important to disable Forefront protection during the update:
  • Before running patch: fscutility /disable
  • After running patch: fscutility /enable

Exchange 2007 SP3 Update Rollup 1 and Exchange 2007 SP2 Update Rollup 5 Available

An update for Exchange 2007 SP3 has just released can be downloaded at: Exchange 2007 SP3 Update Rollup 2 Download
  • For the list of all the included fixes, see KB 2407025
An update for Exchange 2007 SP2 has just released can be downloaded at: Exchange 2007 SP2 Update Rollup 5 Download
  • For the list of all the included fixes, see KB 2407132
If you have a clustered environment, please see this article: Applying Exchange 2007 Update Rollups to Clustered Mailbox Servers

Monday, December 6, 2010

Repairing an Invalid Certificate (for Exchange or Lync/OCS)

Certificates are a part of Exchange and OCS/Lync, there is no getting away from them.  Because of this, I have seen numerous issues not only around the names in a certificate (another future post), but also with provisioning certificates. 

Exchange and OCS/Lync are programmed to not allow the use of invalid certificates.  The two top reasons that I see invalid certificates have to do with:

  • Missing private key
  • Certificate Chain issues

Missing Private Key

There are several reasons that a certificate can have a missing private key.  These include, but are not limited to:

  • Did not complete the pending certificate request from the originating server
  • Import a .cer or .crt file into the certificate store
  • Export a certificate without including the private key and then import on a different server

So now that we have a certificate without the private key, what do we do now?  Well, you can either reissue the certificate and work with your CA to get a new certificate or we can try to repair the certificate’s private key.  The later is the path of least resistance.  So let’s look at that process.

By opening the troubled certificate in the Certificates MMC Snap-in, we can see that the certificate does not have the private key.

Cert - no PK - markup

To repair the key, we will need to get the certificate’s Serial Number.  We can do that from the Details Tab of the certificate.

Cert - Serail num

Now we will open a command prompt and run the following command:

certutil –repairstore my “SerialNumber”

Cert - CMD Repairstore

After running the command and refreshing the Certificates MMC Snap-in, we can reopen the troubled certificate and see that it now has a valid private key:

Cert - with PK - markup

Now the certificate will be available to select in Exchange or OCS/Lync to utilize.

If this process does not work, then you will have to reissue your certificate and request a new certificate from your CA.

Certificate Chain Issue

The other main issue with invalid certificates have to do with getting the Certificate Chain installed appropriately.  Most certificate chain issues can be viewed from the Certificate Path tab of the certificate properties.  CA’s usually have detailed instructions and downloads of the chains.  I suggest you work with the CA to install the certificate chain properly as they are all different and have different requirements.

Digicert has a great web-based utility to test and uncover certificate chain related issues.  Navigate to:

I hope this helps!  I know this has saved me quite a bit of time over the years.

Wednesday, December 1, 2010

BUG: Exchange 2010 Personal Archive Display Name in Outlook 2010

This post is based on Exchange 2010 SP1 with Update Rollup 1 and Outlook 2010 with latest updates.

Let’s consider that we would like the name of the Personal Archive to be more descriptive for our users.  We can change the Display Name for the archive to display whatever we want.  There appears to be a bug with the display name of the Personal Archive Display Name in Outlook 2010.  OWA displays the name correctly. 

Let’s look at default settings of my Personal Archive by running the following command:

Get-Mailbox 2010sp1b | fl *archive*

ArchErr - EMS - before

The default view from Outlook 2010 doesn’t match the exact Display Name of “Online Archive – 2010SP1b” as shown above from the “ArchiveName” parameter:

ArchErr - Outlook - before - markup

The default view from OWA does match the “ArchiveName” parameter:

ArchErr - OWA - before - markup

Now let’s change the “ArchiveName” parameter to something more descriptive by running the following command:

Set-Mailbox 2010sp1b –ArchiveName “KEEP FOREVER”

ArchErr - EMS - after

Again, the view in Outlook 2010 does not update to match the “ArchiveName” parameter:

ArchErr - Outlook - after - markup

But, OWA 2010 does update to match:

ArchErr - OWA - after - markup

Anyone know of or have a fix to force Outlook 2010 to update the Archive Display Name?