Lync 2013 to Skype for Business in-place Upgrade...the experience

I was sitting at my desk today, waiting for (ironically enough) a client's new Skype for Business install to complete in a far far away country when I decided - hey, I am not expecting calls today, why not do a quick in-place upgrade to S4B?

Quick was not the operative word here. For reference, I have two pools - once user pool and one Persistent Chat pool (need it for demos :)), and edge pool, and a few trusted apps. Once I began the process - installing the admin tools on an admin server (not Lync), I upgraded the topology for the two pools, published, and so far so good.

The required KB2982006 was not installed on my FE servers so that was where we started, which required a reboot. Had I been wise, I would have disabled the Lync services so I would not have to wait for them to start post reboot of the server only to shut them down again so I could begin the upgrade process. I started the process on both pools, all servers, all at the same time. This was not an issue since all the services are shut down anyway, so there was no apparent communication occurring anyway.

The process started at 2:30pm my local time and the PChat pool finished approximately 30 mins later (less to uninstall and reinstall). However, the user services pool ran for two hours. It appeared that the servers were doing little to nothing during every step so I can only assume there is some fail-safe code slowing the process of uninstall and reinstall down. As a reference, the installation of the new Skype pool was completed (along with the Edge) in under one hour (granted basic install, no config, no uninstall).

I am happy to say that after the long wait, everything came up as expected and worked as expected. The edge pool was the last thing that needed an upgrade but I was waiting to get the inside pools completed prior to starting that process. I suspect it will not take long but will complete tonight and post my timings.

In short - make sure you have the requirements met for in place upgrading and the time set aside. Since the entire pool is down during the process you will have some sort of outage unless users are rehomed.

UPDATE 5/12

The upgrade of the Edge pool went as expected. The total time for upgrade was 30 mins and like the inside pools above, both servers were upgraded at the same time. I did notice that when I upgraded the Edge pool in the topology, the Skype-Skype Federation Search was automatically enabled. While this is a feature I do want, if you do not, or perhaps do not have the port open on the edge servers (outbound 4443), then this is something you would want to disable before publishing.

The truth about Call via Work in Skype for Business 2015

This year at Ignite I had the privilege of being asked to speak - this time the topic was "Planning and Deploying Call via Work for Enterprise PBX Users". As always, I had a great time preparing and presenting the topic however there are some that did not receive the message as well as I had hoped. For the record, we speakers are not paid to create and deliver our presentations. I present because I love to speak, especially when it is about a product I am passionate about and LCS/OCS/Lync/Skype4B definitely falls into that category!

It is true that Call via Work (CvW) is not a new "feature" of Lync/Skype4; but, it is also true that it is now being implemented in a new way. The key to the "little different" is where the feature is being exposed. The best example of what the feature is and where it was previously can be seen in the Lync 2010 Mobile app. For all intents and purposes, the 2010 Mobile feature is the Skype via Work feature, simply now in the desktop client.

So with all that said - why was I viewed as a hater of the feature? To clarify - I do not hate the feature, I simply do not agree with the concept of using it for Enterprise PBX users (my topic). :) My warnings of blind implementation were taken a little too direct. I was hoping to present the message that CvW was now an option but to plan and prepare prior to any implementation. Just because the feature is there doesn't mean we should/need to use it.

Without rehashing what I said regarding the feature and its limitations as a PBX feature, simply stated I believe attempting to use this feature as a replacement to RCC is a mistake - and 9 out of 10 Microsoft engineers agree (no, that is not a real statistic but everyone loves math). The feature parity is not there so that should be a given.

In addition, the users must understand the process. This understanding is something more than just making a call (as we often say, dial-tone should just simply work and users expect that). IMHO, in order for the feature to be used correctly, the user must understand the call flow concepts so intelligent decisions may be made (by the user).

Last point was administration of the feature is a nightmare for those environments that wish to control the call-back-phone. Yes, PowerShell is our friend and yes, PowerShell can help automate the need to create a CvW profile for every user - but there is still the potential for a single profile per end-user - yuck! Since this is a PowerShell-only task that means typical Level1 and perhaps even Level2 support will not be involved making the provisioning process tedious, cumbersome, and prone to errors.

Could Microsoft make the process better? Sure - a simple option in the policy that states the call-back-phone number is automatically set to the users' LineURI would be an awesome feature/option. One global policy, one setting, and we are done. We could then make user policies for those that we want to be different if that was our need. Or vice-versa - we could set the global to no set call-back-number, a user policy to use the LineURI, and then the occasional odd-ball users where they do not match we could create yet another user policy. Today the options are limited but who know what the future of Microsoft holds. One thing is for certain, options are the key to Skype for Business and that is what we need.

So, stepping back a bit, let use start with what is CvW (I know, a little late in the game but better late than never)?

CvW is a feature that allows the end user (assuming allowed by policy) to set their ring-back-number that will be used when making outbound calls from Skype4B. The user would initiate the call, their specified number would ring, and when the Skype4B user answered the incoming call, the system would bridge their two calls together presenting the user's Skype4B caller-ID to the outside callee.

Awesome right? That means I can be at home, make a call back to a customer/vendor/whomever and it would appear to be coming from my office. Perhaps that is an awesome strategy for staying at home when the boss is away and any calls to the boss would look like they were coming from the office. :) Or perhaps your Internet connection at wherever you are is simply unreliable or experiencing poor bandwidth so that a VoIP call would not be practical. Or maybe you simply forgot your headset and would rather not talk into the microphone of the laptop, so using a land line makes more sense (or cell - whatever number you wish).

The point is - there are all kinds of reasons you may want to use this feature; in fact, there are a bunch of good ones. My favorite use happens to be when I am travelling. Inevitably the hotel Wi-Fi is congested and poor quality at the end of the day; if I need to make a call to anyone (family, friends, clients), I use the hotel phone as my call back number and I have a great calling experience. However I am not using it - as my presentation title suggested - as my PBX phone in hopes of retaining life out of my PBX system. Instead, I am adding to the feature-rich experience of Skype for Business, something we all can appreciate as a good idea.

One of the general use concepts from Microsoft's perspective deals with "what do I do with my PBX and desk phones if I implement Skype4B? Am I duplicating systems?". In some aspects the answer is yes - in fact you are. However, there is a potential use case where instead of purchasing a new desk phone and ripping out the PBX we simply tie Skype4B into the existing system using CvW, and create the hybrid-type solution. As mentioned in the presentation, this is not the correct solution for all phone systems, companies or even users. This rolls back to making intelligent deployment decisions and testing, testing, testing. Ideally once the ROI on the old phone system is reached, it would be removed, Skype4B would replace the system as a complete solution, and everyone is happy.

In my experience and with my customers this would not fit well but the important thing to remember is that you have options.

Hopefully this clears up the confusion on my like/dislike of the feature and feel free to leave your comments/questions below, I'd love to hear your thoughts on the matter.

February 2015 Lync Client/Server Update

Microsoft quietly released the Lync Client and Server CU for February 2015 and perhaps with good reason; little to nothing appears to have been added to Lync other than a not quite functioning correctly  CsClientPolicy setting EnableSkypeUI. The policy is designed to allow a Lync 2013 server admin to preserve the look and feel of the Lync client after the 'Skype' CU has been delivered either automatically via O365, via Windows Update, or via the system administrator. By default this value is $NULL which SHOULD equate to ‘Use the Lync UI’ but instead it defaults to ‘Use the Skype UI’. Setting the value to $FALSE will force the Lync UI and in future client releases (read that as RTM) the feature will work as expected.

Missing/odd features is definitely not a reason to apply a patch and since it has been 30 days since the release with no known/major issues I would say all is good. The patch does update Core, Server, RGS, Management, and Web Components as well as databases.

There are a few database upgrades required for the backend databases (QoE), and for the CMS (assuming you are up-to-date (i.e. since December 2014)). It is interesting that Microsoft is calling out the sequence with more vigor and I cannot stress enough how important it is to make sure your databases match your CU level or ‘bad things happen.’  We discuss over and over how to check upgrade readiness as well the database upgrade methods so if you are unclear, review previous posts here.

Product

Version

KBs

Download

Lync Server 2013

5.0.8308.872

2809243

MS Download

 

 

 

 

Lync 2013 Client 32-bit

15.0.4693.1001

2920744

MS Download

Lync 2013 Client 64-bit

15.0.4693.1001

2920744

MS Download

 

Additional Notes:
Lync Server 2010 build number is 4.0.7577.709

Lync 2010 Client build number is 4.0.7577.4446

Lync Server 2013 build number is 5.0.8308.872

Lync 2013 Client build number is 15.0.4693.1001

Lync Group Chat build number is 4.0.7577. 4409

Lync Group Chat Server build number 4.0.7577.4409

Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4382

Lync Attendant build number is 4.0.7577.4098

Lync Phone Editions build number is 4.0.7577.4455
Lync Phone Edition (Tanjay) build number is 4.0.7577.4451
Lync for Mac 2011 build number is 14.0.10

Lync 2010 for Windows Phone build number 4.3.8120.0

Lync 2010 for iPhone build number 4.7

Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001

Lync 2013 for Windows Phone build number 5.8.1327.0

Lync 2013 for iPad build number 5.6

Lync 2013 for iPhone build number 5.6

Lync 2013 for Android build number 5.5.3.8935
Lync 2013 for Android tablet build number 5.5.3.8919

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Office 2016 / Skype for Business 2015 Client Preview

Much has been posted recently regarding the preview of Skype for Business client and what it has to bring to the table. The basic office team announcement was made on their blog (found here) this morning but others attending the various release functions commented as well. Those comments are the ones I have issue with and want to make a few basic comments of my own here.

First and foremost the new Skype for Business client is NOT a new client but rather an update to the existing Lync client. That's right - a CU/KB is applied and voila - you have the new Skype4B client. That brings a lot of ramifications with it, not the least that this client does communicate and work with Lync Server 2013 just fine. In its basic client upgrade and work as you are state, the features are the same, but you get a new look.

Skype4B client does NOT add the additional functionality of initiating calls, communication, etc. directly from Office apps (such as Outlook) as Lync already did that - and has done that - forever. This is nothing new and the contact cards are still shared. This also means it is not pulling on Lync features, they are Lync features as again, this is Lync under the covers.

Another important feature - and one that has been available in Lync for some time - is the ability to communicate with the public Skype counterpart. The idea of public federation was introduced in 2006 with Live Communication Server 2005 SP1 (that's LCS, the predecessor to OCS which was the predecessor to Lync). Public federation is a feature that has been in Lync's history and today (and yes even yesterday) you had the option to configure this federation link using the Microsoft provisioning website of https://pic.lync.com. Will the process and the features improve with time - yes, but not a new feature as of today.

Skype for Business Client and Office 2016 are coming and are exciting improvements. But it is important to understand what the changes are, how they impact current infrastructure, and what  (if any) impact that means on your end users. The last big piece of that equation is rolled into the original comment above - that this release is simply a cumulative update. What if you don't want the update? Well for those on-premise that are delivering Office Pro Plus 2013 using the "fat" method, easy - don't install it. For those using the Click-2-Run Office 365 distribution method - not such an easy decision. The good news is regardless, administrative control will be available to decide how Lync/Skype looks on the desktop using Lync/Skype client policies. This means the updates can occur and the switch to the new interface (and potentially new features) can be at the control of IT.

Another Microsoft "hidden" feature - CU December 2014 Released

In the latest Cumulative Update for Lync Sever 2013 released in December, a special “feature” was added by Microsoft secretively. The nature of the secrecy is unknown but I would bet it was not to be deceitful but more of poor planning on the release of information.

In the December 2014 CU, four items were updated – Core, the UCMAPI, Web Components, and the Front End/Edge Server. All of the updates are classified as routine maintenance/stability updates with no new features listed. However, the Web Components added a “feature” that is causing issues with using Lync Web App (LWA) and Google Chrome. In short, LWA is no longer compatible with Google Chrome because of future known issues with Chrome. This is one of those proactive steps that Microsoft took – before Chrome broke. So now, after the update is applied, the popup from Chrome simply states Google Chrome no longer supports LWA.

It is expected to be a short-term issue that will be resolved but just like changes to Chrome that broke Outlook Web App (OWA), it is more than apparent that working with a product outside of your control can be a bit trying at times. More information and pictures of the issue may be found on a blog post released today (the original December CU was released December 11) found at KB3025563.

There is a database upgrade required for the backend databases, none for the CMS (assuming you are up-to-date (i.e. since February 2014)). It is interesting that Microsoft is calling out the sequence with more vigor and I cannot stress enough how important it is to make sure your databases match your CU level or ‘bad things happen.’  We discuss over and over how to check upgrade readiness as well the database upgrade methods so if you are unclear, review previous posts here.

Product

Version

KBs

Download

Lync Server 2013

5.0.8308.857

2809243

MS Download

Additional Notes: 
Lync Server 2010 build number is 4.0.7577.709
Lync 2010 Client build number is 4.0.7577.4446
Lync Server 2013 build number is 5.0.8308.857
Lync 2013 Client build number is 15.0.4667.1001

Lync Group Chat build number is 4.0.7577. 4409
Lync Group Chat Server build number 4.0.7577.4409
Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4382
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4455
Lync Phone Edition (Tanjay) build number is 4.0.7577.4451
Lync for Mac 2011 build number is 14.0.10

Lync 2010 for Windows Phone build number 4.3.8120.0
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001

Lync 2013 for Windows Phone build number 5.6.1308.0
Lync 2013 for iPad build number 5.6
Lync 2013 for iPhone build number 5.6
Lync 2013 for Android build number 5.5.3.8919
Lync 2013 for Android tablet build number 5.5.3.8919

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Microsoft has released September 2014 CU for Lync Server 2013

An update for Lync Server 2013 has been released just one month after the previous drop but with some important bug fixes. One of the large annoyances fixed is the Dial-in conference rejecting the PSTN caller with a message about the meeting not found (2995830). There have also been some recent reports about maximum followers reached when that is not the case as well as high IIS CPU utilization – all addressed (well high IIS when publishing the topology has not been but I personally have never seen that issue).

There are is a database upgrade required for the backend databases, none for the CMS (assuming you are up-to-date). It is interesting that Microsoft is calling out the sequence with more vigor and I cannot stress enough how important it is to make sure your databases match your CU level or ‘bad things happen.’  We discuss over and over how to check upgrade readiness as well the database upgrade methods so if you are unclear, review previous posts here.

Product

Version

KBs

Download

Lync Server 2013

5.0.8308.815

2809243

MS Download

Additional Notes: 
Lync Server 2010 build number is 4.0.7577.230
Lync 2010 Client build number is 4.0.7577.4445
Lync Server 2013 build number is 5.0.8308.815
Lync 2013 Client build number is 15.0.4649.1000

Lync Group Chat build number is 4.0.7577. 4409
Lync Group Chat Server build number 4.0.7577.4409
Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4451
Lync Phone Edition (Tanjay) build number is 4.0.7577.4451

Lync 2010 for Windows Phone build number 4.3.8120.0
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001

Lync 2013 for Windows Phone build number 5.4.1087.0
Lync 2013 for iPad build number 5.4
Lync 2013 for iPhone build number 5.4
Lync 2013 for Android build number 5.4
Lync 2013 for Android tablet build number 5.4

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017


Microsoft has released August 2014 CU for Lync Phone Edition

I had blogged earlier about the release of the August CUs for LPE, but wanted to test the updates a little and see how the new features within the updates worked (i.e. the lock feature). This took longer than I expected and frankly the majority of the wait was my time getting back to the keyboard but…

What was found is logical yet unfortunate. Prior to the current firmware and Server CU there was a client policy setting (Set-CsClientPolicy) DisableHandsetOnLockedMachine which did nothing. The intent was that the phone would make the phone inoperable minus the emergency calling configuration. For those that tested and then left the setting alone, by installing the latest updates for BOTH the phone and the server nothing happened.

However, if you use a Tanjay/Aries based phone AND you enable the DisableHandsetOnLockedMachine setting it to TRUE then when the phone is locked (by PC or if standalone by timeout) the ability to make calls outbound are removed. A nice error is displayed on the phone due to restrictions (much better than just a failed call message). Yeah for team Tanjay/Aries…but what about 3PIP phones?

  

Well unfortunately the policy feature only works today with the current Aries phones and it does nothing to the desktop client – it only applies to Lync Phone Edition (LPE) devices. That means should you have executives, conference rooms, etc. that have unrestricted calling options where others do not, the fear of afterhours use of phones inappropriately is squashed. All in all this is a good thing although it would be nice if the feature applied to 3PIP phones as well – but that’s up to the manufactures of those devices.

Product

Version

KBs

Download

Lync Phone Edition (for Aastra 6721ip and Aastra 6725ip)

4.0.7577.4451

2988177

MS Download

Lync Phone Edition (for HP 4110 and HP 4120)

4.0.7577.4451

2988178

MS Download

Lync Phone Edition (for Polycom CX500, Polycom CX600, and Polycom CX3000)

4.0.7577.4451

2988181

MS Download

Lync Phone Edition for Polycom CX700 and LG-Nortel IP Phone 8540

4.0.7577.4451

2988182

MS Download


Additional Notes:
Lync Server 2010 build number is 4.0.7577.230
Lync 2010 Client build number is 4.0.7577.4445
Lync Server 2013 build number is 5.0.8308.738
Lync 2013 Client build number is 15.0.4605.1003

Lync Group Chat build number is 4.0.7577. 4409
Lync Group Chat Server build number 4.0.7577.4409
Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4451
Lync Phone Edition (Tanjay) build number is 4.0.7577.4451

Lync 2010 for Windows Phone build number 4.3.8120.0
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001

Lync 2013 for Windows Phone build number 5.4.1087.0
Lync 2013 for iPad build number 5.4
Lync 2013 for iPhone build number 5.4
Lync 2013 for Android build number 5.4
Lync 2013 for Android tablets build number 5.4

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Microsoft has released August 2014 CU for Lync Server 2013

It is official – an update has finally been released for Lync Server 2013! The update is effectively 8 months in the making so don’t let the small build increment fool you (although one could argue a few hundred rounds is far from insignificant).

Nearly half of all components are updated with this patch – even Windows Fabric – on Front-end servers and all components on the Edge, but no new features are called out as this is a bug fix/stabilization patch. A database update is required (CMS does not), so do not forget to update with the typical Install-CsDatabase commands after upgrading the FE pool servers. We discuss over and over how to check upgrade readiness as well the database upgrade methods so if you are unclear, review previous posts here.

Product

Version

KBs

Download

Lync Server 2013

5.0.8308.738

2809243

MS Download

Additional Notes: 
Lync Server 2010 build number is 4.0.7577.230
Lync 2010 Client build number is 4.0.7577.4445
Lync Server 2013 build number is 5.0.8308.738
Lync 2013 Client build number is 15.0.4605.1003

Lync Group Chat build number is 4.0.7577. 4409
Lync Group Chat Server build number 4.0.7577.4409
Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4450

Lync 2010 for Windows Phone build number 4.3.8120.0
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001

Lync 2013 for Windows Phone build number 5.4.1087.0
Lync 2013 for iPad build number 5.4
Lync 2013 for iPhone build number 5.4
Lync 2013 for Android build number 5.3.1100

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

SolarWinds NPM 11.0 Review

When notified that a new version of anything is being released, I am always excited to see what new ideas and technology are being developed and how easily they are able to be implemented into an environment. Today BriComp Computers, LLC is utilizing SolarWinds NPM, NTA, and SAM ever trying to build the perfect monitoring solution for UC solutions. While that quest is still in progress I was hopeful NPM 11.0 would assist greatly in the task.

The new product has been designed to be app-centric, providing what I would consider more of a System Center Operations Manager (SCOM) view into the network layered on top of the existing exceptional network foundation present in previous versions. I know what you are thinking – with Network traffic Analyzer (NTA) and Server & Application Monitor (SAM) I can get nearly everything if not everything I need and be comparable to SCOM. However, with the new deep packet inspection technology that SolarWinds is utilizing and the pre-canned application configurations, NPM 11.0 with the added Packet Analyzer (and do not forget NTA and SAM) the information is designed to be more complete and automatically categorized.

The Quality of Experience data is broken into three categories for all data captured – Category, Risk level, and Productivity Rating. An example, out-of-the-box, would be Lync Media, defined as Streaming Media, Possible Misuse, and All Business. The categories are designed to be a nice view of what is on the network providing immediate information at the wire-level.

In SolarWinds words:

“With the addition of the new out-of-the-box DPI and analysis sensors, SolarWinds NPM provides a comprehensive view of network fault, performance, availability, traffic, and latency allowing network engineers to more effectively IDENTIFY, PRIORITIZE AND RESOLVE network issues before they impact application performance, end-users and the business by:

  • Continuously monitoring packets across the wire
  • Inspecting, identifying and classifying application traffic for over 1,200 applications such as Skype, YouTube and Microsoft Lync
  • Displaying network and application response time in easy-view charts and graphs
  • Complementing the power of flow-based technologies like NetFlow, sFlow® and J-Flow with DPI technology”

The explicit call out of Microsoft Lync excited me and raised the bar on expectations.

First Impressions

The initial install and configuration of NMP was fairly straight forward. The installer looked and felt like previous versions so there were no surprises. The installation was completed in BRICOMPLABS in an environment configured with Lync 2013, Exchange 2010, SQL 2012, TMG, and a few Windows clients. The base OS for all servers other than TMG were Server 2012, fully patched and ready to go.

The application server NPM was installed onto was fully ‘bare’ with nothing other than the OS and OS patches installed. When installing NPM it has IIS and .NET 3.5 prerequisites. However, if the pre-reqs are not installed, the installer is kind enough to inform you and install them for you*.

Once the install and the initial discovery is complete, looking at the home screen a tab for Quality of Experience is displayed. Clicking the tab brings you to the section as well as a description of next steps. The QoE Applications and Sensors process appeared straight forward; however, all of my attempted push installations of the sensors failed to all of my servers.

Going a bit further into the architecture, there is an agent that gets installed on the selected servers (that’s right – not agentless) and a ‘sensor’ which is a fancy term for WinPcap and a few Visual C++ Redistributable files (if they are not already present). Both objects are installed (pushed) when selecting under QoE Packet Analysis Sensors the specific Servers. However, as mentioned all of my installs were failing with the error “Agent deployment failed. Installer package has invalid signature.”

Deployment Error

I manually downloaded the agent and thought I would install it manually (an agent option especially if you plan to mass deploy to your servers using a third-party system) to see what the local error was. Upon installing the agent I ran into no issues – a little annoying I must say. Installing the agent I specified the polling server (BCL2010MON), login (admin no password as it is the default), and it worked. Looking further at the installer MSI I decided to verify the digit signature details and found an error stating the signature could not be verified.

Digital Signature Error

This was a bit puzzling knowing that the package should have been signed with a public certificate, so I continued by inspecting the certificate. The certificate itself was issued by VeriSign (that’s a good thing) and the dates were valid (another good thing) but further investigation found the intermediate and root certificates not on the server and thus the certificate untrusted. The certificate used was not a standard certificate found on the 2012 servers and required me to manually install them on the servers I wanted monitored**.

Certificate Error

However, once the certificates were installed the agents deployed as expected. The install time was nothing major – maybe a few minutes total with multiple machines running simultaneously. Checking on the servers we see the last four installed items are the agent and the ‘sensor’. Interestingly, I was not able to figure out easily how to manually install the ‘sensor’ when the agent was installed manually. I also did not find a great way to uninstall the agent and sensor globally. Yes, I could (and did) write a script to uninstall the agents (attached below) but that should be done from the console IMHO.

Installed Applications

The initial observed impact on the NPM server and those that had the agent were mixed. The NPM server CPU cycles were 50-80% greater than my 10.7 NPM server which has NPM, NTA and SAM installed. The servers that had agents and sensors deployed varied. On average, the agent added about 2-3% CPU impact when monitoring LYNC, sometimes more and I am not sure what the variance were (as reported by NPM). Yet interestingly, the agent/sensor did not indicate any impact in NPM on the polling server – odd***.

Agent CPU Resources

The list of agents provided included expected applications such as Active Directory, SQL, Exchange, Lync, Citrix, SYSLOG, etc. and even ones that I was not expecting such as Facebook and Evony. Not that they are blocking any of these apps or protocols, but the actual network impact could perceivably be better understood than just simply HTTP/HTTPS traffic. Speaking of HTTP, custom HTTP applications can be created filtering on the URL; you could not however edit existing applications or even see what they were looking at.

Searching for Applications

*On a base 2012 R2 server ,if .NET 3.5 is not installed, the installer will fail adding it as it needs to be installed with Server Manager and the Windows DVD.

**2012 R2 Servers did not face this same issue.

***When testing in a semi-production environment the CPU Utilization % spiked on the Lync servers to nearly 12% - huge impact to a UC environment

The Good

The installation process and getting the base of the system running was great – it installed without a hitch onto the servers and added the prerequisite software for me flawlessly. The number of applications to choose from is impressive and should cover the majority of mainstream and even a large portion of what I would consider non-mainstream software. I would assume this list will only grow. Installing the software as a network agent (rather than a server agent as I did) should allow you to sniff all traffic - not just application traffic running on the server - which I am sure would be required for more accurate data.

The Bad

The installation snag with the agent was a big deal and could potentially be a HUGE deployment barrier for companies that manage/monitor access of their infrastructure. According to Microsoft critical/urgent updates all were deployed to these servers yet they did not have the required root certificates to talk. While not necessarily an NPM failure the fact is the product does not install in a very simplistic environment without manual intervention.

Once the agents are installed the removal process is just as bad. Support responded when I asked about the uninstall process that it must be done from the Agent Management under settings. While this makes sense, and I had found this location on my own, the process still fails to uninstall anything and even warns that fact. If an agent is installed in the Agent Management be warned I did not find an option to add the sensor functionality without removing the agent and then pushing via the sensor install.

Agent Uninstall Warning

The monitors I added for Lync unfortunately were a hit/miss in the information gathered. The application monitors for Lync included a rollup traffic monitor simply named Lync, Lync Audio, Lync Control, Lync Media, Lync Share, and Lync Video. I also included Microsoft SQL to gather local SQL data. Unfortunately, the data the monitors gathered was both inaccurate and incomplete. The Lync control application is defined as being all SIP messages, the underlining code of Lync itself. Yet my monitors never showed any traffic when deployed to the Lync servers – odd. A Conference Call also showed no data in the Lync Audio although it was logged in Lync Media. Desktop Sharing showed up in Lync Media but video calls did not get captured in Lync Video. To make things worse, once unique port ranges were applied to the Lync environment all of the monitors went dead capturing no information. Using NTA and defining the ports in my environment as well as source servers IPs, I am able to get much more accurate information. The QoE Applications in NPM 11.0 are not configurable and what they are watching is a mystery, so be warned.

Cost is always a "gotcha" with any IT project. While actual costs always vary, the stated cost for NPM 11.0 is $2,675 USD which includes once network packet analysis sensor and 10 server packet analysis sensors. Looking to monitor more? – I am sure there is a SKU for that.

Finally, the resource impact. One of the great things about NPM has been its ability to remain agentless and still gather all the information it does. While the use of agents are used everywhere (including SCOM), the current agents seem unrefined at their current state.

Summary

In summary the application works as well as 10.7 for the features found in 10.7. It is peculiar that the hardware impact of 11.0 was greater for the same installation as compared to 10.7, but I am sure that is a simple update forthcoming. However, once the agents are deployed there will be additional server CPU cycles taken.

The product did not capture the Lync data I was looking for accurately and when support was asked they mentioned encrypted traffic may be an issue – well all Lync traffic is encrypted so there is that. :) The Microsoft SQL monitor I added to the Lync server did not capture any information so I am not sure what data I should be seeing there. My guess is there are a bunch of tweaks and updates that are going to be required prior to the application working as expected. NPM, NTA, and SAM working together however have been gathering the majority of the information you really need and all without localized agents. Bottom line, make sure you evaluate the product in your environment and ideally in a LAB with identical hardware, software, and versions a production so you can gauge how well the product works for you.

Uninstall Script

Save as a CMD file and execute locally to remove the agent where desired.