Pages

September 26, 2011

Microsoft Lync Remote PowerShell Administration

One method of remotely administering a Lync deployment is through a remote
PowerShell session. This is paticularly useful on a 32-bit O/S (yes, they still
exist) where the 64-bit Lync Administration tools cannot be installed (see my
previous post Lync
and OCS Administration Tools for more information).
You can always use the Lync Server 2010 Control Panel (from any
computer running IE 7, IE 8, or Firefox 3+), but having administrative access
via PowerShell will allow you to do more powerful custom administration –
specifically Topology related administration.
Below are some tips that might save you some time.
The details of establishing a remote PowerShell session to a
particular Lync server is well documented in this article: Quick Start:
Managing Microsoft Lync Server 2010 Using Remote PowerShell
(http://blogs.technet.com/b/csps/archive/2010/06/16/qsremoteaccess.aspx).
In a nutshell PowerShell 2.0 must be used, and there are three commands you
need to establish a remote session and have access to the Lync PowerShell
cmdlets:
  1. $cred = Get-Credential “ExampleDomain\Lync_Administrator”
  2. $session = New-PSSession -ConnectionURI “https://LyncServer/OcsPowershell”
    -Credential $cred
  3. Import-PsSession $session
Once you are finished with the remote PowerShell session, remove it with this
cmdlet:
> Remove-PsSession $session
After you import the session (cmdlet #3 above), you can issue the majority of
the Lync PowerShell cmdlets as if you were on the Lync server itself.

Tips

1] Don’t Forget the “s” in the https Protocol of the
URL

This sounds obvious but it is easy to forget. If
you get a “HTTP 403 Forbidden” error, this is likely the problem.
The remote PowerShell endpoint is secured with SSL, so HTTPS is
required.
2] Ensure all the .NET and PowerShell Updates have
been Applied

Ensuring that Windows Update is current. I had
all sorts of WinRM remoting errors on a 32-bit Windows 2008 server that was not
up-to-date (e.g. “OpenError:
(System.Manageme….RemoteRunspace:RemoteRunspace) [],
PSRemotingTransportException”
) . All the problems were solved when I
updated the system (which included .NET and PowerShell updates).
3] Server Revocation Error
If anything is going to cause you the most grief, it is
likely certificate errors. The Lync remote PowerShell endpoint is secured with
SSL and a certificate. For privately signed certificates (likely in this case),
ensure that the workstation you are using has network access to the Certificate
Authority that signed the certificate.
Ensure that the Certificate Authority is a trusted Third
Party CA on your workstation. Also, I have experienced certificate revocation
errors when my workstation was not part of the same AD domain as the Lync
server.
4] Ensure Script Execution is Enabled in
PowerShell

Depending on the O/S version on your workstation and the
PowerShell configuration, you may have to enable script execution. Issue a
“Set-ExecutionPolicy Unrestricted” before you establish your
remote session to work around this issue.
Normally the remote session works like a charm and is an
effective way to Administer Lync; I have only experienced the above errors on
older workstations.
5] Use a Remote Session in the PowerShell
ISE.

The PowerShell ISE ships with Windows 2008 R2 or can be
downloaded and installed. Run PowerShell_ISE.exe to start it.
You can enter the above PowerShell commands to establish a remote session,
along with any commonly used Lync Powershell cmdlet’s, and save it to a *.ps1
script to re-use and save time.
source: http://blog.insidelync.com/2011/08/remote-lync-powershell-administration/

No comments:

Post a Comment

Search This Blog

Loading...