Date post: | 09-Dec-2015 |
Category: |
Documents |
Upload: | abhay-kapoor |
View: | 241 times |
Download: | 4 times |
Global Technical Readiness1
Released:
Lab 6: Lync Online Tenant Creation and Administration
Conditions and Terms of Use
This training package content is proprietary and confidential, and is intended only for users described in the training materials. This content and information is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or information included in this package is strictly prohibited.
THE CONTENTS OF THIS PACKAGE ARE FOR INFORMATIONAL AND TRAINING PURPOSES ONLY AND ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
Training package content, including URL and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Copyright and Trademarks © Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at http://www.microsoft.com/about/legal/permissions/.
Microsoft®, Internet Explorer, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
2 © Microsoft Corporation. All rights reserved.
About the Authors
Author: Greg Anthony
Bio:
Project Member: Ron Solomon
Bio:
Acknowledgements We want to thank the numerous members of the Product Group, User Assistance Teams, Beta Team, Reskit Team, and Product Quality Team and other supporting teams for their collaboration, time, effort, materials, and presentations that in many important ways has helped to make this project successful.We also want to thank Global Technical Readiness for help with the formatting, presentation creation and other training readiness items and CTS Labs with their help in on boarding the virtual environment in external VMAS.Lastly, I want to thank the CSS Readiness Team for their push, encouragement, and assistance with additional resources to complete this project in a timely manner.
Global Technical Readiness3
Lab 6: Lync Online Tenant Creation and Administration
Table of ContentsLab 6: Lync Online Tenant Creation and Administration.............................................................................
Configuring Your Computer(s).................................................................................................................................
Exercise 1: Provisioning an Office 365 Tenant Account............................................................................................
Scenario...............................................................................................................................................................
Exercise 2: Domains...............................................................................................................................................11
Scenario.............................................................................................................................................................11
Exercise 3: Single sign-on (AD FS 2.0).....................................................................................................................18
Scenario.............................................................................................................................................................18
Tasks..................................................................................................................................................................18
Exercise 4: Microsoft Online Services Directory Synchronization Tool...................................................................34
Tasks..................................................................................................................................................................34
Appendix A: Troubleshooting WSS1ADFS internet connectivity................................................................43
4 © Microsoft Corporation. All rights reserved.
Lab 6: Lync Online Tenant Creation and Administration
During this lab, you will gain hands-on experience with provisioning a tenant account in Office 365 and configuring it for Lync Online. Then you will deploy ADFS and Directory Synchronization between your Lync on-premises environment and Lync Online for the Lync Hybrid experience.
Note that this is for Office 365 based on the 2013 release of the Office 2013 and Exchange 2013 products under Software as a Service in the cloud.
Estimated time to complete this lab: 60 minutes There is a wait for online services to enable directory synchronization which can take 24 hours.
Before You BeginThis lab depends on the complete of
L00 - Participant Prerequisites
L01 - Prepare VMAS Environment
L02 Prepare LAB Environment
ML03 Defining and Deploying Lync Server 2013 Topology
What You Will LearnAfter completing the exercises, you will be able to:
Provision a managed tenant account in Office 365
Perform user, groups and domains management
ScenarioContoso has decided to try out Office 365 Lync Online. They want to provision a tenant account in Office 365 in order to utilize Lync Online. You as the IT Admin will provision a tenant trial account and configure Lync Online users and properties.
Configuring Your Computer(s)
Critical:This lab and course depends on student being able to create an account in Office 365 environment utilizing a promo code link. In order to access the promo code links participants need to have joined security group Office365 IsInternal Access Offer at http://idweb. Access should have been requested or verified by the participant during the course prerequisites lab.
Global Technical Readiness5
Lab 6: Lync Online Tenant Creation and Administration
Critical:Additional labs will utilize live public domain subdomains (<lync#>.msftonlinerepro.com) of a root public domain (msftonlinerepro.com) for each participant. Any DNS records management for the student sub domains will be performed by the participant submitting a CTS Labs Ticket for record creation using the same process as in the participant prerequisites lab.
Exercise 1: Provisioning an Office 365 Tenant AccountIn this exercise, you will provision an Office 365 Tenant Account. You can perform this action from any computer that has internet access.
Scenario
Note: Tenant accounts will be created in Office 365-15 Beta Production (*.onmicrosoft.com) for training purposes.
TasksProvision Managed Tenant Account
Critical:Your tenant admin account will be in the format of admin@lynctraining#.onmicrosoft.com.
a. Your O365 account has already been created. Open IE and sign in at https://portal.microsoftonline.com with admin@lynctraining#.onmicrosoft.com and password 3#Lync4u
6 © Microsoft Corporation. All rights reserved.
b. On the Admin Center page, you may see services are still being provisioned and it may take several hours or more for all the provisioning to complete.
c. Click the Watch this video to get an overview.
d. You can come back later and spend time in the portal. For now, continue.
Global Technical Readiness7
Lab 6: Lync Online Tenant Creation and Administration
Exercise 2: DomainsThe goal of this exercise is to add your <lync#>.msftonlinerepro.com domain to your Office 365 Tenant.
You will add and verify the domain, and configure it for use with Office 365.
ScenarioContoso is configuring their domain for use with Office 365 in order to conduct a Lync Hybrid deployment with a small group of users. They do not want to interrupt on premises services for all users.
TasksAdd and verify a domain.
1. In the Office 365 admin center, click domains.
2. Click Add a domain.
Critical:DO NOT ADD the second level domain msftonlinerepro.com. If you do, it will break training labs for anyone.
3. On the Add a domain to Office 365 page, click start step 1.
8 © Microsoft Corporation. All rights reserved.
2. On the type a domain page, enter your domain <lync#>.msftonlinerepro.com and click next.
3. On the confirm that you own … page, you can see that customers can view instructions on how to verify they own the domain that want to add. You will do this by submitting an email to VMAS Support to request the DNS record creation for your domain in a later step.
Global Technical Readiness9
Lab 6: Lync Online Tenant Creation and Administration
It is very important that you do not click verify until you have received confirmation of the creation of this record. Else you will have to wait on DNS TTL caches to expire since the record does not exist yet for verification. Continue to next step to request record creation.
4. Click to see the General instructions for adding a TXT record (preferred method). This will show the information for the TXT record that needs to be added in external DNS for your domain to be verified.
10 © Microsoft Corporation. All rights reserved.
Important: Use the MS=ms<somenumber> from your tenant page and not the example screenshot from above.
5. Send email to Bay VMAS Support with the following replacing <lync#> with your domain prefix.
"I am using Office 365 in training and need to use my domain with it, but first Office 365 must verify that I'm authorized to use the domain name. To do this, I need to create a TXT record for the domain <lync#>.msftonlinerepro.com. Because you are my DNS provider, could you please create the TXT record for me? The record needs to include the information included in the table in the Comments box. Copy and paste below in the email (Note: Make sure there is no space in the MS=ms……..) :
Global Technical Readiness11
Lab 6: Lync Online Tenant Creation and Administration
Alias or Host Name Destination or Points to Address TTL @ MS=ms<number from your tenant> 1 Hour
6. Allow time for a response email from Support that record has been created
7. On the confirm that you own … page, you can see that customers can view instructions on how to verify they own the domain that want to add.
It is very important that you do not click verify until you confirm this DNS record exists. Else you will have to wait on DNS TTL caches to expire since the record does not exist yet for verification. Continue to next step to request record creation.
8. On any machine open a command prompt and execute the following to verify that your DNS TXT record has been created correctly and has replicated.
NSLOOKUP
Server 4.2.2.2
Set type=txt
<lync#>.msftonlinerepro.com
You should receive response similar to <lync#>.msftonlinerrepro.com text = "MS=ms<number from your tenant>".
9. If your “lync#” DNS TXT record is returned correctly, continue the verification. Your earlier browser session may have timed out. If so, log back on to https://portal.microsoftonline.com with your tenant admin credentials.
10. Click domains, then select the domain you are adding and click Setup in progress.
12 © Microsoft Corporation. All rights reserved.
11. Click start step 1.
12. On the confirm ownership step, click done, verify now.
13. Click finish.
14. Click start step 2
Global Technical Readiness13
Lab 6: Lync Online Tenant Creation and Administration
15. Select I don't want to add users right now and click next.
16. Click start step 3
14 © Microsoft Corporation. All rights reserved.
17. Accept the default selections of Exchange Online and Lync Online and click next.
18. From the add dns records page, click done, go check.
Global Technical Readiness15
Lab 6: Lync Online Tenant Creation and Administration
19. Notes that DNS records will not be found as they point to on-premises for Hybrid and we are not setting up Exchange so click close, return later.
16 © Microsoft Corporation. All rights reserved.
You will convert the standard managed domain that you added to a federated domain in the next exercise.
Exercise 3: Single sign-on (AD FS 2.0)The goal of this exercise is to prepare Active Directory for identity federation or single sign-on (SSO), by installing AD FS 2.0 for use with single sign-on, then install, and configure the Microsoft Online Services Module for Windows PowerShell.
ScenarioContoso is configuring a domain for single sign-on to prepare to support single sign-on from their on-premise Active Directory for a group of pilot users for Office 365 and Lync Hybrid.
Global Technical Readiness17
Lab 6: Lync Online Tenant Creation and Administration
Tasks
Prepare Active Directory for single sign-onActive Directory must have certain settings configured in order to work properly with single sign-on. In particular, the User Principal Name (UPN), also known as a user logon name, for each user must be set up in a particular way.
Add User Principal Name Suffixes1. On VM EnterpriseDC, click Start, then Administrative Tools, then Active Directory
Domains and Trusts.
2. Right-click the Active Directory Domains and Trusts node and click Properties.
3. On the UPN Suffixes tab enter <lync#>.msftonlinerepro.com, click Add and then click OK.
18 © Microsoft Corporation. All rights reserved.
4. Close Active Directory Domains and Trusts.
Modify users to use the new UPN suffixesDuring the execution of the ProvUserAccts.ps1 script in an earlier lab all your users already have the UPN suffix for <lync#>.msftonlinerepro.com
Configure Certificate for AD FS 2.05. On WSS1ADFS, logon as Contoso\administrator, and open MMC and add the
Certificates snap-in for the Computer account on the Local Computer.
6. Expand Certificates (Local Computer) -> Personal -> Certificates.
7. Right-click the Certificates node, select All Tasks -> Import.
Global Technical Readiness19
Lab 6: Lync Online Tenant Creation and Administration
8. On the Certificate Import Wizard page, click Next.
9. Browse to your the certificates on the class share (\\10.0.29.52\Foundation\Student Materials\Lync# ). You may need to change file type to *.pfx or all files to see it.
10. On the File to Import page, click Next.
11. On the Password page, enter the password 3*Lync4u and click Next.
20 © Microsoft Corporation. All rights reserved.
12. On the Certificate Store page, click Next.
13. Click Finish and then OK.
14. You will see the certificate chain certificates were also imported (Baltimore Root, Microsoft Internet Authority, and Microsoft Secure Server Authority).
15. Right-click your imported certificate, select All Tasks, Manage Private Keys.
16. Verify NETWORK SERVICE is listed as having Read permissions at a minimum. If not, add NETWORK SERVICE.
Global Technical Readiness21
Lab 6: Lync Online Tenant Creation and Administration
17. Close the Certificate MMC.
18. Remove ADFS datastore from prior installation by opening a command prompt and executing.
Del c:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Data\adfs*.*
19. Open IIS Manager, expand Sites, select Default Web Site, and click Bindings, select https, and click Edit.
22 © Microsoft Corporation. All rights reserved.
20. On the Edit Site Binding page, select the certificate you imported and click OK.
21. Close Site Bindings.
22. Select Default Web Site and then under Actions, select View Applications.
Global Technical Readiness23
Lab 6: Lync Online Tenant Creation and Administration
23. Right-click and select Remove for both applications /adfs and /adfs/ls.
24. In the navigation pane, select Application Pools then select ADFSAppPool, right-click and Remove.
25. Open Windows Explorer and delete the folder ADFS under c:\inetpub.
24 © Microsoft Corporation. All rights reserved.
Configure a Secure Token Service (STS) RecordThe next step is to create a host (A) record in DNS for the STS. You will run a script to create this and other records in the internal DNS for your environment.
26. On EnterpriseDC, open PowerShell and cd c:\users\administrator\Downloads and execute .\dnsconfig.ps1 to update DNS records for your environment. Enter your domain alias when prompted..\dnsconfig.ps1
Tip:At this point if you have received confirmation from CTS Labs that your TXT record for the domain verify has been created you should go and complete that and then return here.
Install Active Directory Federation Services 2.0In order to configure single sign-on for your company, you must install the Microsoft Online Services Module for Windows PowerShell and then run a series of commands in the Windows PowerShell command-line interface.
For online help see the following:
Prepare for single sign-on http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652540.aspx.
Plan for and deploy AD FS 2.0 for use with single sign-on http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652539.aspx
Checklist: Use ADFS to implement and manage single sign-on
http://technet.microsoft.com/en-us/library/jj205462.aspx
27. On virtual machine WSS1ADFS, AD FS 2.0 software has been preinstalled you will run the configuration wizard.
Create and configure a new Federation service. 28. Click Start -> Administrative Tools -> AD FS 2.0 Management
Global Technical Readiness25
Lab 6: Lync Online Tenant Creation and Administration
29. On the AD FS 2.0 management page, select the AD FS 2.0 Federation Server Configuration Wizard.
30. On the AD FS 2.0 Federation Server Configuration Wizard Welcome page, select Create a new Federation Service and then click Next.
26 © Microsoft Corporation. All rights reserved.
31. On the Select Stand-Alone or Farm Deployment page, select Stand-alone federation server and then click Next.
Global Technical Readiness27
Lab 6: Lync Online Tenant Creation and Administration
32. On the Specify the Federation Service Name page, if not already selected, select your SSL certificate *.<lync#>.msftonlinerepro.com, and then in the Federation Service name field change the Federation Service name from *.<lync#>.msftonlinerepro.com to your federated domain sts.<lync#>.msftonlinerepro.com and then click Next.
28 © Microsoft Corporation. All rights reserved.
33. If you receive page Existing AD FS Configuration Database Detected, select Delete database and then click Next.
Global Technical Readiness29
Lab 6: Lync Online Tenant Creation and Administration
34. On the Ready to Apply Settings page, review the list of actions that will occur and then click Next.
30 © Microsoft Corporation. All rights reserved.
35. On the Configuration Results page, you can see the progress of each component that is being installed and configured. If there are any issues there will be a clickable link to identify the issue and display actionable error message and dialog. Click Close to complete the wizard.
Note: If Configuration Fails starting the AD FS 2.0 Windows Service, close the wizard.
Open Services.msc, locate Windows Internal Database (MICROSOFT##SSEE) and restart the service.
Start again at step 23.
Global Technical Readiness31
Lab 6: Lync Online Tenant Creation and Administration
36. In AD FS 2.0 management console, after it refreshes, select and right-click AD FS 2.0, and then click Edit Federation Service Properties.
37. The Federation Service Properties page is displayed. Verify your information.
32 © Microsoft Corporation. All rights reserved.
Important:The Federation Service Identifier has to be unique. If you had multiple federated domains you would need separate AD FS 2.0 Servers with unique identifiers.
38. If you receive an Error that the data is stale, click OK to the error and Cancel the change.
Click Action->Refresh on the menu.
39. You will add a trusted relying party later when you convert your lync#.msftonlinerepro.com standard domain to a federated domain in the next section.
Global Technical Readiness33
Lab 6: Lync Online Tenant Creation and Administration
40. Close the AD FS 2.0 management console.
Note: If you need to troubleshoot ADFS 2.0 later on refer to this information http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-guide(v=ws.10).aspx
Connect Powershell to the Microsoft Online servicesThe next step is to open Powershell from Microsoft Online Services Module for Windows PowerShell and connect Powershell to the online domain using your Online Administrator Credentials.
41. On VM WIN7A, click Start—>All Programs—>Microsoft Online Services-> Microsoft Online Services Module for Windows PowerShell.
Important:On the AD FS 2.0 Server if Windows Firewall is enabled, ensure an exception exists for Windows Remote Management. Windows Firewall is disabled on
34 © Microsoft Corporation. All rights reserved.
the virtual machines in your environment.
42. Connect to VM WSS1ADFS, open an administrative command prompt and run WinRM QuickConfig.
Tip:You can run mstsc.exe (RDP) and connect from WIN7A to WSS1ADFS.
Global Technical Readiness35
Lab 6: Lync Online Tenant Creation and Administration
43. Back on WIN7A, in the Microsoft Online Services Module for Windows PowerShell run the following commands:
a. $cred=Get-CredentialEnter your online admin credentials (admin@<lynctraining#>.onmicrosoft.com) in the page.Windows PowerShell Credential Request
b. Connect-MsolService -Credential $cred
This cmdlet connects you to Office 365. Creating a context that connects you to Office 365 is required before running any of the additional cmdlets in the module.
.c. Set-MsolADFSContext -Computer wss1adfs.contoso.com
Tip:Remember your VMs are joined to the physical domain Contoso.com. You administrator account UPN is Contoso.com. Your other user accounts UPN is <lynctraining#>.onmicrosoft.com.
d. Enter the on-premise administrator credentials for contoso\administrator, if prompted.
This cmdlet creates a connection that connects you to AD FS 2.0.
Note: in Internet Explorer as a different user than the tenant admin account. If you are cutting and pasting commands from the lab document, it can introduce spaces causing credential failure.You should be signed into WIN7A as contoso\administrator.
36 © Microsoft Corporation. All rights reserved.
Alternatively try the following cmdlets and supply contoso\administrator credentials.
$credadfs=get-credentialSet-msoladfscontext -computer wss1adfs.contoso.com -ADFSUsercredentials $credadfs
e. Run the following.
Convert-MsolDomainToFederated –DomainName <lync#>.msftonlinerepro.com
This command converts the domain from standard authentication to single sign-on.
Domain verification and intent44. Verify that the domain was converted correctly and is federated via the Microsoft
Online Portal (MOP) (https://portal.microsoftonline.com) Admin portal. In the Microsoft Online Portal click Admin -> Office 365 in the navigation bar. In the left column select Domains.
45. Under Status, click Active by the domain that you added and converted to single sign-on.
Note: Does your Lync# domain still show “Setup in Progress?” If the command “convert-MsolDomainToFederated” completed successfully, you can safely ignore the status setting and continue with the Exercise 4.
46. On the domain properties page, the domain should now show as configured for single sign-on under DNS management. Under domain purpose it should show ExchangeOnline and LyncOnline.
Global Technical Readiness37
Lab 6: Lync Online Tenant Creation and Administration
47. Click back arrow.
Tip:For more information on Windows PowerShell cmdlets for Office 365 see HYPERLINK "http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh125002.aspx" \l "BKMK_subs"http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh125002.aspx#BKMK_subs
Exercise 4: Microsoft Online Services Directory Synchronization Tool
The goal of this exercise is to install and configure the Directory Synchronization tool. Then you will synchronize your Active Directory with Office 365, and verify directory synchronization.
ScenarioContoso has configured a domain for single sign-on and configured the domain to be used with Lync Online. They are unable to add the domain to a cloud-based user as this is expected behavior since single sign-on domains require users in their Active Directory to be assigned that UPN and are then DirSync'ed to Microsoft Online Services. You will install and configure the Directory Synchronization tool for your environment.
38 © Microsoft Corporation. All rights reserved.
Tasks
Activate directory synchronization1. In the Office 365 admin center, click users and groups.
2. On the users and groups page, click the Set up link next to Active Directory® synchronization.
3. On the Set Up and Manage Active Directory Synchronization page, under step 3 - Activate Active Directory synchronization, click Activate.
4. On the Do you want to activate Active Directory synchronization overlay page, click activate.
Global Technical Readiness39
Lab 6: Lync Online Tenant Creation and Administration
5. When completed the Activate button is replaced with Active Directory synchronization is being activated.
Note: This process may take up to 24 hours to complete.
6. Once Active Directory synchronization is activated, you will see the option to Deactivate.
40 © Microsoft Corporation. All rights reserved.
Install and configure the Directory Synchronization tool.1. On VM WSS1DIRSYNC, sign on as contoso\administrator; launch Internet Explorer
and sign on to the Office 365 portal https://portal.microsoftonline.com using your online admin account admin@ <lynctraining#> .onmicrosoft.com .
2. In the Admin portal go to users and groups management and by Active Directory® synchronization click Manage. If Active Directory synchronization has been activated, click Set up to continue.
Configure Directory Synchronization1. On VM WSS1DIRSYNC, launch the Directory Sync Configuration tool.
2. On the Microsoft Online Services Directory Synchronization Configuration Wizard Welcome page, click Next.
Global Technical Readiness41
Lab 6: Lync Online Tenant Creation and Administration
3. On the Microsoft Online Services Credentials page, enter your Microsoft Online Services Administrator Credentials (admin@<lynctraining#>.onmicrosoft.com), and then click Next.
Note: Note if you receive invalid credentials after clicking Next; verify that you are not signed into Windows Live with another account in your web browser. If you are, you will need to sign out and reboot the WSS1DIRSYNC VM and start the Configuration Wizard again.
4. If you received a Configuration error, Active Directory synchronization activation has not completed in Office 365. Return here when you have verified that Active Directory synchronization has been activated in your tenant portal, then click Back, and then Next.
42 © Microsoft Corporation. All rights reserved.
5. On the Active Directory Credentials page, enter your domain administrator account credentials ([email protected]) and click Next.
6. On the Exchange hybrid deployment page, select Enable Exchange hybrid deployment and click Next
Note: Enabling Exchange hybrid deployment grants write back ability from Office 365 to the local Active Directory.
Global Technical Readiness43
Lab 6: Lync Online Tenant Creation and Administration
7. On the Configuration page, when it displays Configuration complete, click Next.
8. Force the first synchronization to start right now instead of waiting three hours, on the Finished page of the wizard, by leaving the Synchronize directories now check box selected, and then click Finish
9. On the MOSDS Configuration Wizard popup click OK
44 © Microsoft Corporation. All rights reserved.
Verify Directory Synchronization
1. Sign in to Microsoft Online Portal (https://portal.microsoftonline.com) with your administrator credentials.
2. Go to Users and groups.
3. You should see users that have been synchronized from your Active Directory.
Tip: If you want to verify forced directory synchronization:
a. On the computer that is running the Directory Synchronization tool, navigate to the directory synchronization installation folder. By default, it is located here: %programfiles%\Microsoft Online Directory Sync.
b. Double-click DirSyncConfigShell.psc1 to open a Windows PowerShell window with the cmdlets loaded.
c. In the Windows PowerShell window, type Start-
Global Technical Readiness45
Lab 6: Lync Online Tenant Creation and Administration
OnlineCoexistenceSync, and then press ENTER.
If you want to verify automatic synchronization: Wait at least three hours for directory synchronization to occur.
The default replication interval of 3 hours can be changed by changing the value below in Program Files\Microsoft Online Directory Sync\Microsoft.Online. DirSync.Scheduler.exe.CONFIG file. <?xml version="1.0" encoding="utf-8" ?><configuration> <appSettings> <!--the interval in hours--> <!--refer for valid values:http://msdn2.microsoft.com/en-us/library/system.timespan.parse.aspx--> <add key="SyncTimeInterval" value="3:0:0" /> </appSettings></configuration>
4. On WSS1DIRSYNC check the event log for the entry Export has completed, and then view the address properties of the user or group in your Office 365 directory.
46 © Microsoft Corporation. All rights reserved.
Appendix A: Troubleshooting WSS1ADFS internet connectivity
During the prepare VMAS environment lab some scripts were run to configure various networking components of the virtual machines in the environment. It is possible some changes did not complete correctly.
Do the following.
1. On WSS1ADFS, open the network adapter properties.
2. Click Local Area Connection.
3.
4. On the Local Area Connection Status page, click Properties.
5. On the Local Area Connection Properties page, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Global Technical Readiness47
Lab 6: Lync Online Tenant Creation and Administration
6. On the Internet Protocol Version Property page, click Advanced.
7. Verify that two IP addresses do not show here. If there are two, select and remove the one that is not in the static range for your VLAN using the following table for VLAN configuration reference. In addition, if you are connected via RDP to WSS1ADFS and the one you are deleting is the one you are connected by you should first disconnect and reconnect to the IP you will not be deleting.
Network ID
Router address
Static Range
Dynamic Range
Broadcast Subnet Mask
.0 .1 .2-.16 .17-.30 .31 255.255.255.224
.32 .33 .34-.48 .49-.62 .63 255.255.255.224
.64 .65 .66-.80 .81-.94 .95 255.255.255.224
.96 .97 .98-.112 .113.126 .127 255.255.255.224
.128 .129 .130-.144 .145-.158 .159 255.255.255.224
.160 .161 .162-.176 .177-.190 .191 255.255.255.224
.192 .193 .194-.208 .209-.222 .223 255.255.255.224
.224 .225 .226-.240 .241-.254 .255 255.255.255.224
8. Verify the gateway address is that of the WSTMG01 internal NIC.
It should be 1 IP up from the Router address for your VLAN.
48 © Microsoft Corporation. All rights reserved.
9. Next, connect to WSTMG01.
10. Open the Forefront TMG management console.
11. Under the Firewall Policy view check and see if a rule named Outbound exists.
12. If not create it using the following steps.
13. Right click Firewall Policy -> New -> Access Rule.
14. On the New Access Rule Wizard page, for the Access rule name enter Outbound, and click Next.
15. On the Rule Action page, select Allow and click Next.
Global Technical Readiness49
Lab 6: Lync Online Tenant Creation and Administration
16. On the Protocols page, for This rule applies to, select All outbound traffic and click Next.
17. On the Malware Inspection page, select Do not enable … and click Next.
50 © Microsoft Corporation. All rights reserved.
18. On the Access Rule Sources, click to Add Internal Networks, and click Next.
Global Technical Readiness51
Lab 6: Lync Online Tenant Creation and Administration
19. On the Access Rule Destination, click to Add External Networks and then click Next.
20. On the User Sets page, accept default of All Users, and click Next.
21. Click Finish.
22. Right Click, the new Outbound rule and click Move Down. You will need to do this until it is above the Last Default rule of Deny All Traffic.
52 © Microsoft Corporation. All rights reserved.
23. Apply the change.
24. Select Monitoring, Configuration tab, Refresh Now and wait for applied change to synchronize.
25. You may need to Refresh Now again.
26. Once green, return to WSS1ADFS and try the download again.
Global Technical Readiness53