One method of remotely administering a Lync deployment is through a remote PowerShell session. This is paticularly useful on a 32-bit O/S (yes, they still exist) where the 64-bit Lync Administration tools cannot be installed (see my previous post Lync and OCS Administration Tools for more information).
You can always use the Lync Server 2010 Control Panel (from any computer running IE 7, IE 8, or Firefox 3+), but having administrative access via PowerShell will allow you to do more powerful custom administration – specifically Topology related administration.
Below are some tips that might save you some time.
In a nutshell PowerShell 2.0 must be used, and there are three commands you need to establish a remote session and have access to the Lync PowerShell cmdlets:
- $cred = Get-Credential “ExampleDomain\Lync_Administrator”
- $session = New-PSSession -ConnectionURI “https://LyncServer/OcsPowershell” -Credential $cred
- Import-PsSession $session
Once you are finished with the remote PowerShell session, remove it with this cmdlet:
> Remove-PsSession $session
After you import the session (cmdlet #3 above), you can issue the majority of the Lync PowerShell cmdlets as if you were on the Lync server itself.
Tips
1] Don’t Forget the “s” in the https Protocol of the URL
This sounds obvious but it is easy to forget. If you get a “HTTP 403 Forbidden” error, this is likely the problem. The remote PowerShell endpoint is secured with SSL, so HTTPS is required.
2] Ensure all the .NET and PowerShell Updates have been Applied
Ensuring that Windows Update is current. I had all sorts of WinRM remoting errors on a 32-bit Windows 2008 server that was not up-to-date (e.g. “OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException”) . All the problems were solved when I updated the system (which included .NET and PowerShell updates).
3] Server Revocation Error
If anything is going to cause you the most grief, it is likely certificate errors. The Lync remote PowerShell endpoint is secured with SSL and a certificate. For privately signed certificates (likely in this case), ensure that the workstation you are using has network access to the Certificate Authority that signed the certificate.
Ensure that the Certificate Authority is a trusted Third Party CA on your workstation. Also, I have experienced certificate revocation errors when my workstation was not part of the same AD domain as the Lync server.
4] Ensure Script Execution is Enabled in PowerShell
Depending on the O/S version on your workstation and the PowerShell configuration, you may have to enable script execution. Issue a “Set-ExecutionPolicy Unrestricted” before you establish your remote session to work around this issue.
Normally the remote session works like a charm and is an effective way to Administer Lync; I have only experienced the above errors on older workstations.
5] Use a Remote Session in the PowerShell ISE.
The PowerShell ISE ships with Windows 2008 R2 or can be downloaded and installed. Run PowerShell_ISE.exe to start it. You can enter the above PowerShell commands to establish a remote session, along with any commonly used Lync Powershell cmdlet’s, and save it to a *.ps1 script to re-use and save time.
Thanks Curtis, this helped me put together how to do this on 2013.
3] Server Revocation Error
ensure that the workstation you are using has network access to the Certificate Authority that signed the certificate.
Ensure that the Certificate Authority is a trusted Third Party CA on your workstation. Also, I have experienced certificate revocation errors when my workstation was not part of the same AD domain as the Lync server.
You dont need all of this! Configure a custom new PssessionOption object, where you can skip Root CA check, revocation check, CommonName mismatch checks.
Try this as an example:
$credential = get-credential
$sessionoption = new-pssessionoption -SkipRevocationCheck -SkipCAcheck -skipCNcheck
$session = New-PSSession -ConnectionUri https://lyncadmin.domain.com/ocspowershell -credential $credential -SessionOption $sessionoption
IMport-Pssession $session
[...] http://blog.insidelync.com/2011/08/remote-lync-powershell-administration/ [...]
[...] http://blog.insidelync.com/2011/08/remote-lync-powershell-administration/ Like this:LikeBe the first to like this post. Categories: Lync Comments (0) Trackbacks [...]
[...] Microsoft Lync Remote PowerShell Administration Contains tips and a link on remote administration for Lync Servers (like a branch appliance). Pay [...]
[...] A new post on InsideLync.com – Microsoft Lync Remote PowerShell Administration (http://blog.insidelync.com/2011/08/remote-lync-powershell-administration/). Share and [...]
[...] 4. There is only a 64-bit Version of the Lync Server Administrative Tools There is only a 64-bit version of the Lync Administrative tools currently available. I have not tried a 32-bit remote powershell session to a 64-bit Lync server. It should be possible to launch a remote PowerShell 2.0 remote session on a 32-bit machine to the Lync server, load the Lync Server Management module, and use the Lync PowerShell cmdlets if you are in a pinch. For more information on this see my blog post: Microsoft Lync Remote PowerShell Administration. [...]