Microsoft Lync Remote PowerShell Administration

One method of remotely administering a Lync deployment is through a remote PowerShell session. This is paticularly useful on a 32-bit O/S (yes, they still exist) where the 64-bit Lync Administration tools cannot be installed (see my previous post Lync and OCS Administration Tools for more information).

You can always use the Lync Server 2010 Control Panel (from any computer running IE 7, IE 8, or Firefox 3+), but having administrative access via PowerShell will allow you to do more powerful custom administration – specifically Topology related administration.

Below are some tips that might save you some time.

The details of establishing a remote PowerShell session to a particular Lync server is well documented in this article: Quick Start: Managing Microsoft Lync Server 2010 Using Remote PowerShell (http://blogs.technet.com/b/csps/archive/2010/06/16/qsremoteaccess.aspx).

In a nutshell PowerShell 2.0 must be used, and there are three commands you need to establish a remote session and have access to the Lync PowerShell cmdlets:

  1. $cred = Get-Credential “ExampleDomain\Lync_Administrator”
  2. $session = New-PSSession -ConnectionURI “https://LyncServer/OcsPowershell” -Credential $cred
  3. Import-PsSession $session

Once you are finished with the remote PowerShell session, remove it with this cmdlet:

>  Remove-PsSession $session

After you import the session (cmdlet #3 above), you can issue the majority of the Lync PowerShell cmdlets as if you were on the Lync server itself.

Tips

1] Don’t Forget the “s” in the https Protocol of the URL

This sounds obvious but it is easy to forget. If you get a “HTTP 403 Forbidden” error, this is likely the problem. The remote PowerShell endpoint is secured with SSL, so HTTPS is required.

2] Ensure all the .NET and PowerShell Updates have been Applied

Ensuring that Windows Update is current. I had all sorts of WinRM remoting errors on a 32-bit Windows 2008 server that was not up-to-date (e.g. “OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException”) . All the problems were solved when I updated the system (which included .NET and PowerShell updates).

3] Server Revocation Error

If anything is going to cause you the most grief, it is likely certificate errors. The Lync remote PowerShell endpoint is secured with SSL and a certificate. For privately signed certificates (likely in this case), ensure that the workstation you are using has network access to the Certificate Authority that signed the certificate.

Ensure that the Certificate Authority is a trusted Third Party CA on your workstation. Also, I have experienced certificate revocation errors when my workstation was not part of the same AD domain as the Lync server.

4] Ensure Script Execution is Enabled in PowerShell

Depending on the O/S version on your workstation and the PowerShell configuration, you may have to enable script execution. Issue a “Set-ExecutionPolicy Unrestricted” before you establish your remote session to work around this issue.

Normally the remote session works like a charm and is an effective way to Administer Lync; I have only experienced the above errors on older workstations.

5] Use a Remote Session in the PowerShell ISE.

The PowerShell ISE ships with Windows 2008 R2 or can be downloaded and installed.  Run PowerShell_ISE.exe to start it.  You can enter the above PowerShell commands to establish a remote session, along with any commonly used Lync Powershell cmdlet’s, and save it to a *.ps1 script to re-use and save time.

Be Sociable, Share!

7 comments to Remote Lync PowerShell Administration

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>