zaterdag 24 november 2012

Installing and configuring ADFS on Server 2012 for Office 365

Recently I upgraded our Dirsync server to Windows server 2012.
ADFS could not stay behind.

In this blog I will be explaining how to get ADFS 2012 to work wit Office 365, as it is not yet supported and there are issues with the Online module. In our scenario we already have a federation in place with Office 365 with an ADFS 2.0 farm running on Windows Server 2008 R2.

Follow the below steps at your own risk!

Installing Windows Server 2012 and prereqs
The first step is to prepare a new server installed with Windows Server 2012.
( I used Standard )
I am replacing my ADFS farm with Windows Server 2012 servers, so I am using the same name for the machines and ADFS farm. ( The old servers have to be shutdown , don’t forget this Glimlach )
I exported the certificate from the “ old”  ADFS and imported it on the new machine, this certificate will be needed later in the ADFS configuration.

Download and install the following, these are needed to federate with Office 365:

Microsoft Online services assistant
http://download.microsoft.com/download/7/1/E/71EF1D05-A42C-4A1F-8162-96494B5E615C/msoidcli_64bit.msi

Microsoft Online Services 64 bit module
http://go.microsoft.com/fwlink/p/?linkid=236293

Install ADFS feature
In Windows Server 2012, ADFS 2.0 can be installed as a feature.
No need to download the installers from Microsoft.
To install ADFS, run the following command from an elevated powershell prompt.

“add-windowsfeature ad-federation-services”

Once completed there will be a message saying  you still need to configure ADFS, so that’s what we will do in the next step.

Configure ADFS
After the installation of the feature you will be able to start the configuration wizard.
Open ADFS management from administrative tools and start the configuration wizard.

7178_wizard_thumb_3F2A9EDB

In my case I am replacing my old farm so I will create a new federation service.
For the second ADFS server I run the wizard with the “ Add a federation server to an existing federation service” option.

Wortell - visionapp Remote Desktop 2009_2

I create a new federation server farm, if you only have one server, choose the standalone federation server option.

Wortell - visionapp Remote Desktop 2009_3

Choose the certificate you imported in the first step ( the certificate used for federation service ) and choose the federation service name. Use the same name as your old federation service if you are replacing your old ADFS server.

Wortell - visionapp Remote Desktop 2009_4

The last step is to specify a dedicated ADFS service account. use a domain account here and finish the wizard. ADFS is nog configured!

But, if you try to federate with Office 365, you will end up getting an error when using the Online Service Module.

Registry tweak
You need to register the following keys  to get the Microsoft Online services module to work.

Copy the below information and save this to “ adfsregistrytweak.reg”  and run this on the new Server 2012 ADFS.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns\Microsoft.Adfs.PowerShell]
"ApplicationBase"="C:\\Windows\\ADFS"
"Version"="6.2.0.0"
"AssemblyName"="Microsoft.IdentityServer.PowerShell, Version=6.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
"Description"="This powershell snap-in contains cmdlets used to manage Microsoft Identity Server resources."
"PowerShellVersion"="1.0"
"ModuleName"="C:\\Windows\\ADFS\\Microsoft.IdentityServer.PowerShell.dll"
"Vendor"="Microsoft" “

Update domain federation
We allready setup a federation with our old ADFS farm. Therefore we need to update our federation information on the ADFS server and on the Office 365 side.

If you are creating a new federation, refer to the following article :
http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652539.aspx#bk_deployfsfarm

If you already had ADFS setup, follow the below steps
Open the Microsoft Online Services Module for Windows PowerShell from the start menu.

Run $cred=Get-Credential. When this cmdlet prompts you for credentials, type your Office 365 administration account credentials.

Run Connect-MsolService -Credential $cred. This cmdlet connects you to Office 365.
Creating a context that connects you to Office 365 is required before running any of the additional cmdlets installed by the tool.

Run Set-MSOLAdfscontext -Computer <AD FS 2.0 primary server>, where <AD FS 2.0 primary server> is the internal FQDN name of the primary AD FS 2.0 server. This cmdlet creates a context that connects you to AD FS 2.0.

Run Update-MSOLFederatedDomain -DomainName <domain>. This cmdlet updates the settings from AD FS 2.0 into Office 365 and configures the trust relationship between the two.

Now your new Windows Server 2012 federation server is ready to use!
After updating the federated domain setting it took about 5 minutes tilll it worked.

Setting service to auto start
After all the above is done, the ADFS service is set to “ automatic delayed start “.
In my case the ADFS service was not started correctly when rebooted.
I set the startup type to “ automatic”, this starts the ADFS service directly.

To do this, run the following command from an elevated command prompt.
set-service -name adfssrv -startuptype automatic

Well, you now have a working Windows Server 2012 ADFs server to federate with Office 365.

donderdag 15 november 2012

What’s new in Lync 2013 client

With the new Lync 2013 much has changed on the server side, but also the client side has not been untouched.
Within the client there are some new features available and the lay-out has been changed to communicate even faster and easyer..

The improvements
New in the client is the quick launch menu.
From within this menu users can start a chat, voice or video conference with only one click. It’s also possible to open the users contact card.
The menu will be shown when the mouse cursor is placed on the photo of the contact.

Lync_thumb2

Chatrooms
Another new feature is the use of chatrooms, also known as Persistent Chat.
These are chatrooms where you can participate in ongoing conversations.
The full history of the conversation will be available in the chatroom.
Chatrooms can be created for all kind of purposes. For example the different departments or community’s. Or an “ off topic”  chatroom where users can chat about there weekends.

Lync_2_thumb3

The following views are available in the chatroom view.

  • Followed: Chatrooms followed by you.
  • Member Of: Chatrooms where you are a member of.
  • New: New chatrooms.

Chatrooms can be created with three types of privacy levels..

  • Open: Everyone can search, read and post. No membership needed.
  • Closed: Everyone can search, but only members can read and post. ( Default )
  • Secret: Only visible to members.

Chatrooms can be created by the administrator or users.
To provide users with the option to create chatrooms, administrators first have to set the appropriate permissions.
Chatrooms can be created easily within the Lync client as shown below.

3n_thumb2

The below message will be showed when the user does not have the appropriate permissions.

image_thumb3

The page below will be shown when the user does have permissions to create a chatroom.

image_thumb9

The name, privacy levels, members and room managers can be set here.

EGO filter / Topic Feed
A cool feature is the EGO filter.
The name already reveils the use of this feature.
The EGO filter searches all chatrooms available to you for your name.
As soon as your name is mentioned by someone ( not you ) in one of the chatrooms the EGO filter wil notify you.

The EGO filter is built with the use of topic feeds.
A topic feed can be created for topics you are interested in. As soon as a topic is mentioned in a chatrooms you will be notified.
Topic feeds can be created from the same menu as the “ create chatroom “ option.

Tabbed converstations / converstation history
In Lync 2010 you needed to install an application to use tabbed conversations. In Lync 2013 this became a standard feature.
It is also possible to reopen your last conversations at signin. This way you can pick up where you left off. Both features must first be enabled within the Lync options.

Frank-Bos_thumb1

The below screen shows the Lync options where to enable this features.

Lync---Options_thumb1

Preview Windows
Also new are the preview windows. There are similar to the preview windows in Office 2013.
As soon as the mouse cursor is places above a buttion a preview of the actions for that button pop up.
These actions can be chosen directly from the preview window.

6_thumb2

Very handy when you want to start a video session and want to check if you have a bad hairday before activating the videofeed.

7_thumb2

Improved conference options
Powerpoint presentations can be a part of a chat or conference call.
These presentations can be easily added to the conference with the presentation button.

9_thumb1

Once the presentation is added it will be shown in the chat or conference.
The view automatically switches to the presentation view.

10_thumb1

It is also possible to create shared notes, also with the presentation button.
Onenote is used for this.
From within the shared presentation the presenter can add voice, video or chat to create a conference call.

11_thumb1

As the presenter you have several options to manage the call.
You have the options to mute all except yourself, or to end all video except your own.
This can be handy when you do not want the conference to be interactive.

12_thumb1

From the call button you can choose which devices you want to use.

13_thumb1

Another handy feature I came accross is the option to merge calls into the conference.
If you are called by someone you can easily add this person to an ongoing conversation..

14_thumb1

Depending on the type of conference you can choose between different type of views.
These views are personal so every attendee can choose there own view.

views_thumb[1]

The different views:

  • Gallery: Photo’s or video feed is shown.
  • Speaker: Only the active speaker is shown.
  • Presentation: The powerpoint slides are shown.
  • Compact: The chat is shown.

VDI Support
A big improvement is the added support for Virtual desktops ( VDI )
Lync 2013 can be used within your Virtual desktop infrastructure.
To get this to work you need to install a plugin on the client you use to connect to VDI.
The full blown Lync client needs to be installed on your RDS or VDI.

Video improvements
Lync 2013 detects your face and keeps your face centered within the frame.
Even if you move, the client keeps your face in the centre of the frame.
When a second person joins your videofeed, the client will notice this switch to a wider view.

Conversation (3 Participants)_2_thumb[1]

When you are in a conference and all attendees have a videofeed, they can be shown all at once in the galleryview shown above.

As you can see Lync 2013 client shows many improvements compared to Lync 2010. This can be a valuable asset to your company.
Especially company’s where employees are always on the road, the chatrooms and improved conference can ensure better communication and teamwork.