KB2592525 Installation failed (This update is not applicable to your computer)

Description:
When you try to install Lync WAC server (Office wen apps server 2013) on Microsoft Windows server 2008 R2 SP1 you may have this error while installing KB2592525 required update (This update is not applicable to your computer).

Resolution:

1. Download KB2592525  to folder on your system
2. Create a new folder called “files”
3. Extract the MSU: expand Windows6.1-KB2592525-x64.msu –F:* .\files
4. go to files
5. Install using Pkgmgr: pkgmgr /ip /m:Windows6.1-KB2592525-x64.cab

import photos to AD for Lync

Method no.1:

There is a minor schema change required to enable use of photos in AD. The change is to flip the thumbnailPhoto attribute to make it replicate to the Global Catalog. Exchange 2010 Service Pack 1 (SP1) automatically performs this schema change, so if you have deployed Exchange 2010 SP1, you do not need to make a schema change. Otherwise, you do need to follow these steps:

1. If you haven’t registered the Schema MMC snap-in on the server you want to make this change on, go ahead and do so using the following command: Regsvr32 schmmgmt.dll
2. Open an MMC console (Start | Run | MMC) and add the Schema snap-in.
3. In the Active Directory Schema snap-in, expand the Attributes node, and then locate the thumbnailPhoto attribute.
4. In the Properties page, select Replicate this attribute to the Global Catalog, and click OK.

Then you are ready to import photos into AD. This is done with a Powershell command, for example:

Import-RecipientDataProperty -Identity "Dollie Madison" -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\DollieMadison.jpg" -Encoding Byte -ReadCount 0))

Method no.2: 3rd party tool i have tried and it is helpful

http://www.cjwdev.co.uk/Software/ADPhotoEdit/Info.html

Lync 2013 Client continuously asks for credentials after signing in for response group & Certificate services

Errors that I had with the Lync Client where the following

• Credentials are required – Type your user name and password to connect for certificate services.
• Credentials are required – Type your user name and password to connect to the corporate address book.
• Credentials are required – Type your user name and password to connect for retrieving response groups.

Troubleshooting
The following PS cmdlets are very helpful in diagnosing what could be wrong in an environment. Test-CsKerberosAccountAssignments tests that Kerberos account assignment is configured, the Kerberos account attributes are OK and that the IIS configuration is OK for all servers in the site running WebServices
Test-CsKerberosAccountAssignment -Identity “site:SiteName” -Report “c:\logs\KerberosREport.htm” -Verbose



If you are getting above error, then you need to create Kerberos account and assign it to the site where you lync pool is resides.

Configuration
Create the Kerberos Account
PS C:\Users\TempUser> New-CsKerberosAccount -UserAccount “NTNET\KerbAuthSite” -ContainerDN “OU=Service Accounts,DC=corp,DC=ABC,DC=com”

"this will create a computer object for Kerberos authentication (KerbAuthSite)"

Assign the Account to the site
PS C:\Users\TempUser> New-CsKerberosAccountAssignment -UserAccount “NTNET\KerbAuthSite” -Identity “Site:SiteName”

Enable the topology
PS C:\Users\anisinghadm> Enable-CsTopology

Set the Account Password
PS C:\Users\anisinghadm> Set-CsKerberosAccountPassword -UserAccount “NTNET\KerbAuthSite”

Enable the topology
PS C:\Users\anisinghadm> Enable-CsTopology

Test that the account is assigned properly
PS C:\Users\TempUser> Test-CsKerberosAccountAssignment -Identity “site:SiteName” -Report “c:\logs\KerberosREport.htm” -Verbose




If there was only one server in topology, I would stop right here, but I had a few of them, so I had to synchronize a kerberos computer account password to on every additional server that I had:

Set-CsKerberosAccountPassword –FromComputer lync1.mydomain.local –ToComputer lync2.mydomain.local

Enable-CsTopology


Done, now you will not see this popup again :)

Create a Certificate Request for custom SANs using Microsoft Management Console (MMC)

Overview

In this article I show how to produce a Certificate Request using the management console with the Certificates snap-in. After importing the certificate in the computer container. 

In this case I am generating a digital certificate that will be installed at 2010 TMG that it is configured as Reverse Proxy Server Lync pool. The enterprise certification service is installed along with the domain controller with the service and this Web Enrrolement active.

The certificate will be generated with multiple Destinguish Name and Subject Alternative Names.

Connection Manager Certificate

Start running on the machine and run the mmc to start the management console, click File and Add / Remove Snap-in

Select the Certificate Snap-in and add to the console

Select Computer Account to manage the certificates installed on computed

Select Local Computer and finish the wizard

Request Certificate

Expand the Personal folder in the Certificates. Right-click All Tasks, select Advanced Operations and Create Custom Request ....

Go to start the certificate request

Select the Enrollment Policy

Select the template of the certificate to the Reverse Proxy must select Web Server template

In the Certificate Information tab expand the Details and click Properties to configure the options of the Certificate

Tab Certificeta Properties in select  Subject Name option Type: Common Name and Value set the FQDN of the primary service that uses the certificate. In part of Alternative Name select Typer: DNS and  add all the FQDN's that bear the certificate 

In the tab General set the Friendly Name of the certificate, this option does not affect any functionality of the certificate may take any value. Usually I set up a brief description of the functionality of the certificate

Tab Private Key option expand the Key Options check the Make Private key exportable. Apply the changes and finish the wizard

In Certificate Enrollment advance

Select the folder where the request is saved and finish the assistant

Generate the Certificate

Access the address of the Web Enrollment of digital certification in the URL https:// <FQDN server certificado> / CertSrv and click Request Certificate 

Click the Advanced Certificate Request

Select  Submit a certificate request by using the base 64-encoded CMC or PKCS # 10 file, or submit a renewal request by using the base 64-encoded PKCS # 7 file

Open the request file in Notepad, select and copy the entire contents

Paste the contents of the file request in the space Saved Request and select the Certificate Template: Web Server and click Submit

The certificate will be generated, click Download Certificate and save the certificate in a folder

Check the settings of the certificate are correct and that the option of private key is present in the certificate

Import Certificate

Return to the management console expand the Personal Right click on Certificates select All Tasks and click Import ...

Go to start the certificate import

Select the certificate that was saved

Go to the configuration of the Certificate Store

And finalize the wizard

The certificate must be imported and ready to be linked to services

Configure ForeFront TMG 2010 as Reverse Proxy for Lync Server 2010

Overview

To publish the services of Lync Server for Internet users need to configure two separate server roles, the Edge and Reverse Proxy Serve. In this article I show the steps for configuring the Forefront Threat Management Gateway 2010 as Reverse Proxy publishing Web Services Front End 
For configuration I have a Domain controller and a Lync Server Front End servers are configured with the following IP addresses:

Role	Server Name	IP
Domain Controller	hm01.home.intranet	192.168.1.200
Front End	hm02.home.intranet	192.168.1.201
TMG 2010	hm06.home.intranet	Internal Network: 192.168.1.205 External Network: xxx.xxx. 235.40

With the Reverse Proxy web publishing services Lync Server the following services are available to remote users

• Download meeting content 
• Expansion distribution group
• Download Address Book Service
• Provides Lync Web App Client
• Conference Dial-in web page
• Access to Location Information Service
• Connection to the update service devices
• Mobility Services

During the installation of Lync Server are two sites created in IIS:

1. Lync Server Internal Web Site: configured on ports 80 and 443, responsible for providing services to internal customers
2. Lync Server External Web: configured on ports 8080 and 4443, a site that should be published by the Reverse Proxy

TMG's role in this scenario is to direct Internet traffic from ports 80/HTTP and 443/HTTPS to 8080/HTTP and 4443/HTTPS in Lync Server Front End

URL configuration

For the publication of the Web service will use three different url's set in the Front End 
Two Url's are configured by default during installation of the Front End, addresses and meet.home.com.br dialin.home.com.br. To check this setting run the Topology Builder and click Lync Server 2010

The third URL must be configured in the properties of the Front End pool. Open the properties of the Front End, Web Services set the url of the External Web Services

No external DNS hosts were created by solving all of these URLs to the ip of external network interface of the TMG.

Host	IP
LyncPortal.home.com.br	xxx.xxx. 235.40
dialin.home.com.br	xxx.xxx. 235.40
meet.home.com.br	xxx.xxx. 235.40
LyncDiscover.home.com.br (new URL for Mobility Service)	xxx.xxx. 235.40

For more information on configuring the Mobility Service to access the article  Configuring Lync Server 2010 Mobility Service

Configuring the Digital Certificate

For publication, you must configure a certificate server in TMG container, this will be associated to https port in TMG. The certificate was issued by the same certificate that was used in the certificates of the Front End

The certificate must be configured with the Common Name to FQDN configured in the External Web Services, this scenario LyncPortal.home.com.br. The SAN certificate must be configured with all the URLs created in the Front End 
For the new service to external URL Mobility Service Discovery Service should be added to the SAN certificate, the URL LyncDiscover. <domain Sip> should be added. The figure below shows the configuration of the certificate:

If you need help configuring the digital certificate access the article Create a Certificate Request using Microsoft Management Console (MMC)

Publishing Rule

With the certificate start the TMG management console, right-click on Firewall Policy, select New , and start the wizard  Web Site Publishing Rule ...

Set the name of the publishing rule

Create a rule to Allow

In the Publish Type select  Publish a single Web site or load balancer.

In the  Server Connection Security select the option  Use SSL to connect to the published Web Server or Server Farm

Configure  Internal Publishing detais  and configure the Internal site name: the FQDN of your Front End server Verify that the TMG is able to correctly resolve the FQDN and successfully ping the server Front End

In Internal Publish Details and set the Path / *

In the Public Name Details select the This domain name (type bellow), set the Public Name LyncPortal.home.com.br, which was set to the URL External Site. 

In the Web Listener create a new listener

Set a name for the new listener

In the Client Connection Security select Require SSL secured connections with clients

In the Web Listener IP Address select the network External , and then click Select IP Address

Select the URL set to ip in DNS

Configured with the IP advance.

In the Listener SSL Certificate select Use single certificate for the Web Listener and click Select Certificate ...

Select the certificate configured with the URL's Lync Server

Proceed with the configured certificate.

 

In Authentication Settings option set No Authentication.

In Single Sign On Settings do not change any setting and advance

Finalize the creation of the Web Listener

Go in creating the rule

In Authentication Delegation select  No delegation, but client may authenticate directly

Do not change the security settings of the rule.

Complete the setup wizard.

Return to the management console and open the rule properties

Tab To check the Forward the original host header instead of the current one

Tab  Binding set the Redirect requests to HTTP port: 8080;   Redirect requests to HTTP port: 4443

Tab Public Name add the URL's configured. Also add the URL of the Discover Service: LyncDiscover.home.com.br

Test Your Configuration

To test the settings, access the URL's

• https://ExternalWebServices/abs, this is the folder from the Address Book Server. The page should require username and password. If you get another result of publication review your configuration

• https://ExternalWebServices/meet, this is the meeting page, it should show code for troubleshooting 

• https://ExternalWebServices/ GroupExpansion / service.svc, this is the folder to expand groups. On page must ask for authentication.

• https://DialIn.dominio.com.br, this is the page Dialin,

Reference

http://technet.microsoft.com/en-us/library/gg398069.aspx