Tag: Remote Access

How to Access Lync Server Management Shell Remotely

Welcome to 2015! Let’s start the year off with some helpful how-to’s.

The other day I was off-site, and a request came in to update the Web Conferencing branding. (I blogged about this at “Branding Your Lync Server”.)

Normally I’d just log into the server and make the change, either via PowerShell or in Control Panel. But I was off-site. My normal login wouldn’t work! I’d have to log in remotely.

IMG_1270a

Now, all you sysadmins who do work from 3 different locations (office, the couch, the coffee shop), you know what’s required for this: Remote Access to the Lync Front End Server. However, I had discovered that SOMEone on our Lync team had disabled remote access!

(Ordinarily that’s a sensible precaution. Unmonitored remote access to any server is a serious security risk. Keep that in mind when using the following instructions.)

After I returned to the office and re-enabled Remote User Access, I was able to access Management Shell remotely & enter the cmdlets I wanted. I’ve already given you the cmdlets themselves, and what they do (the link above).

Today, I’m talking about the process used to make this possible. Steps to access Lync Server Management Shell remotely.

Remote Management Shell Access, Step 1: Enable Remote User Access on Lync Server

WARNING: The following can leave your Lync Server vulnerable if your security does not address remote access. Check your network security configuration BEFORE attempting.

  1. If your Lync user account is a member of the RTCUniversalServerAdmins group (or is an Administrator), log on to your computer within your company network.
  2. Open a browser window, and then enter your Lync Server Control Panel’s administration URL. (This can be done via Remote Desktop Connection as well, if you prefer.)
  3. In the left navigation bar, click Federation and External Access. Then click Access Edge Configuration.
  4. On the Access Edge Configuration page, click Global / Edit / Show Details.
  5. You should be in Edit Access Edge Configuration.
    1. To enable Remote User Access, check the “Enable remote user access” box.
    2. To disable Remote User Access, clear the “Enable remote user access” box.
  6. Click Commit.

You can also do this via cmdlets (see this page for help: Enable or Disable Remote User Access in Lync Server 2013 – TechNet

I prefer doing so via Control Panel though, as it means you know where to go to enable/disable in the future. And you can switch it off whenever it’s not in use!

Step 2: Configure Policies

Enabling Remote User Access is not enough. You may also need to configure a policy allowing remote users to communicate back to Lync’s Front End.

  1. If you are still logged into Lync Server Control Panel, click External User Access in the left navigation bar.
  2. Click External Access Policy.
  3. Which policy you edit depends on which level you want to use.
    1. For the Global policy to support Remote User Access, click the Global policy. Click Edit, and then click Show details.
    2. To create a new Site policy, click New, and then “Site policy”. Select the appropriate Site from the “Select a Site” list and click OK.
    3. To create a new User policy, click New, and then “User policy”. Create an appropriate name under Name (“AllowRemotePowerShell” for example).
    4. If you want to change an existing policy, click it in the table, click Edit, and click Show details.
  4. To enable Remote User Access for the policy, check the “Enable communications with remote users” box.
  5. To disable Remote User Access for the policy, clear the “Enable communications with remote users” box.
  6. Click Commit.
  7. Exit out of Control Panel and log off.

More information is here: Configure Policies to Control Remote User Access in Lync Server 2013 – TechNet

**NOTE: As the comments below discuss, this step may in fact not be necessary. I will try removing our policy configuration & testing remote access afterward. If you want, you can skip this step and go right to Step 3. If you do experience an error, try configuring policies and see if that resolves it. If not, you’re good.

Step 3: Open PowerShell & Create New Session

Now you’re set on the server-side for remote access. Here’s how to log in via the client side.

  1. Copy down the FQDN of your Front End Server. Take this with you (but keep it secure!).
  2. When at a remote location, connect to the Internet. Open PowerShell.
  3. Enter the following cmdlet using your FQDN:

$session = New-PSSession -ConnectionUri https://lync.domain.com/PowerShell -Credential (Get-Credential)

Make sure you have the correct FQDN for your Front End Server! Otherwise you will see a Connection Failure error like this.

powershellFQDNfailure

You will be prompted to enter your credentials. Enter your login and password.

Once you’re authenticated, enter:

Import-PSSession -Session $session

This will create the new session.

Johan at Lync-Blog.nl has additional details on this page: Multiple Ways to Manage Your Lync Server Environment – Lync-Blog.nl

I also came across a script to speed up the process, here: #Lync and Remote PowerShell – Phyler’s Blog

After this, you should be there! Logged into PowerShell remotely and set to enter cmdlets.

When done, don’t forget to end your sessions with:

Remove-PsSession $session

P.S. – You May Need to Log Into Your Company VPN

Like many businesses, we use a VPN for external access. I was initially rebuffed from my remote PowerShell login. Logging into our VPN corrected this issue.

Depending on your network configuration, you may need to log into your VPN as well. Check with your network administrator for remote access rules.

========

Remote PowerShell access is a great help for admins who travel. Not every cmdlet will work from off-site (Johan mentioned that Enable-CsTopology will not, for instance). But you can create/disable users, get reports and restart some Lync services.

Thank you to everyone in our 2014 end-of-year polls! I’ll share the results next week. If you haven’t voted yet, I’ve extended the polls until Saturday the 10th. Please go here and vote: 2014 Reader Survey: What are Your 2015 Lync Plans?

How do you prefer administering your Lync Server? Please share your thoughts. We’ll see you again next week!

Facebooktwitterlinkedinmail

Lync as a Remote Access Option – The Conversation Continues

Quite a lot of responses to my last post! Thank you to everyone for the comments.

I’d intended to discuss Tom’s AutoAssist app in today’s post. But you brought up a lot of good points – let’s address all of them and see what else we can find out!

When the User Does Not Have Lync

Jay asked about remotely connecting to user PCs which do not have Lync.

When I tested out using Lync for remote access, I also tested it on a home desktop. Why? Because I knew it did not have Lync installed. I wanted to see if the remote access would fail, or show an error, or have nothing happen…

…Or auto-install Lync Attendee.

Which is exactly what it did. Attendee auto-downloaded, just like it should, and connected to the Lync Meeting. The remote login continued just like I described last week.

However, I should point out that this test was done before I installed AutoAssist.

AutoAssist: Speed Boost for Accessing Lync-Enabled Computers

Tom’s AutoAssist application does exactly what he claimed – it automates the Meeting invitation acceptance, so you get right to requesting control of the user’s PC. Essentially, it lets you skip Steps 2 & 3 in last week’s how-to.

For an IT admin or support tech who does a lot of remote support, this is an ideal timesaver. You can download AutoAssist free at http://autoassist.thoughtstuff.co.uk/.

We tested AutoAssist in the office. And it worked great! The app runs in your taskbar, ready whenever you are. It does have one limitation though – users must be Lync contacts. Which is understandable, given the app’s nature. I tried sending a $share$ invite to one of my Lync-free computers and received “Error ID 504 (source ID 239)”.

So there’s your answer Jay. AutoAssist doesn’t like to work if the remote user does not have Lync already installed. Lync however does facilitate remote access in such a situation, by using Lync Attendee. You’ll just have to follow all the steps.

Hmmm. Maybe AutoAssist could prompt for Attendee download. Might take some federation-related configuration. Tom, what do you think?

Privileged Apps: Legitimate Obstacle

Two commenters brought up the issue of remote-controlling privileged apps. This IS an obstacle for Lync, like Shaun said. Applications like LogMeIn incorporated tools for seeking administrative permissions, facilitating work with restricted apps on user PCs. Lync does not include the same tools.

Lync can still access most applications running on standard permissions. Privileged apps are an inconsistent obstacle popping up here and there. It’s something to keep in mind…and to keep a backup remote access solution around, just in case.

Unattended Access: Snarl in Lync Remote Logins

Currently, using Lync for remote access does require someone on the other PC to accept the meeting invitation & give control. If they are not there, LogMeIn could provide Unattended Access. Lync? Not so much.

Quite frankly, this is something I didn’t test initially. But it is definitely a problem. I would say this is the weakness Lync must work around when it comes to remote access. We’ll have to see if there is a way we can automate the Lync Meetings invitation. (Hey, maybe AutoAssist could do it!)

Lync Bots?

Finally, Mike mentioned a bot he’d coded. Mike, I looked at your site, but I didn’t see this bot! Could you give us a link?

I did see some interesting Lync add-ons though. Like this: Lync Custom Status 2014. It has quite the features list – creating custom status alerts, adding personal notes, adjusting call handling options…I’ll have to pick up a copy & test it out. Go check out his blog at MikeSel.info if you like programming, Lync and how-to’s.

So it seems Lync Server is not a perfect solution for remote access & control. I did say it wasn’t 100%, but all of these topics are valid and important to keep in mind. We’re fortunate at least that Lync DOES allow for so much remote control as it is.

Plus, we have capable developers working to expand it! We appreciate your work.  Please keep it up!

If you’ve created an add-on for Lync Server 2013 (remote access-related or not), please comment or email & let us know. I’d love to showcase the add-ons on the Lync Insider.

Facebooktwitterlinkedinmail

Lync Server as an Alternative to LogMeIn

Use Lync Meetings to Control PCs Remotely

Chances are you’ve used LogMeIn at some point. The remote-login software made it easy to provide remote support and find out what you needed from someone else’s PC.

Remote Login via LyncIn January, LogMeIn increased their fees–dropping their free option in favor of making all users pay. A choice which backfired into a lot of angry users ceasing to use it.

In the past, we too used LogMeIn for remote support. Taking control of a client’s PC and troubleshooting their issues, while talking with them on the phone to explain our actions and receive feedback. The problem was, with so many clients requiring remote access for support? We’d need to switch to the highest LogMeIn subscription option. And that gets expensive fast!

For a while, we paid for a LogMeIn subscription. It allowed us to continue with remote support uninterrupted…while we investigated alternatives.

LogMeIn Alternatives: Teamviewer, VNC…Lync?

Other remote access solutions do exist: Teamviewer, Chrome Remote Desktop, VNC, etc. We tried out a couple. But they didn’t quite meet our needs, or felt clunky.

While investigating these alternatives, one of the IT team members noticed something. He saw that signing into a Lync Meeting is similar to the LogMeIn remote login process. And a Lync Meeting allows for sharing – sharing applications, whiteboards, even desktops.

Could we use Lync Server as a LogMeIn alternative? If it could facilitate remote support, we wouldn’t need a solution like LogMeIn at all!

We did some research and some testing. It turns out that, while the process is a little more complicated than LogMeIn or Teamviewer…it DOES work. Remote access through Lync Server is possible.

Here’s how.

How to Use Lync Server for Remote Login

Step 1: Create a Lync Meeting
Click “Meet Now” in Lync. (It’s under the Settings menu; click the arrow next to the gear.)
Mouse over “Invite More People”, and then click ACTIONS in the window.

Step 2: Invite a User to the Meeting
In the Meeting window, click “Invite by Email”.
Enter the email address of the user you want to connect to, and send the message. Wait for them to accept the invitation.
You may need to invite them in from the lobby if they are using Lync Attendee (i.e. they do not have Lync 2010 or 2013 installed).

Step 3: Have the User Present
Once the user enters the Lync Meeting:
Direct them to hover their mouse over the “Present” icon (fourth from the left in the lower-left corner)
Direct them to click Desktop in the popup window.
Accept their invitation to present.

Step 4: Request Control
Now the user is presenting their desktop. You should see it, but you can’t control it yet.
Click the “Request Control” button.
If necessary, direct the user to click Yes.

You now have remote control of the user’s desktop!

Perform whatever support tasks are necessary. Be aware that, just like with LogMeIn, the user can see what you’re doing.

Step 5: Disconnect Remote Control
When you’re done, click the “Release Control” button to release your control of the user’s PC.
Direct them to click the “Stop Presenting” button.
End the meeting.
——

Cautions

  • This may not work 100% in all situations. LogMeIn doesn’t work 100% either, so that’s not really a limitation. I just want you to be aware.
  • Our office uses a Lync Server 2013 Standard installation, with Edge Server and Reverse Proxy. I see no reason why it wouldn’t work for Enterprise Edition either. But as with all software implementations, your results may vary depending on configuration. (If you do experience an issue, please send it to me! I’d love to hear about it.)
  • This remote login method was NOT tested on all phones & tablets, so I can’t guarantee it’ll work there either. I was able to access an iPad remotely, which had Lync installed.

Test Lync as a Remote Access Option – and Tell Us About It!

If you have Lync Server 2013, you should be able to use this method in a remote support situation. Without disabling any existing remote access solutions.

Try it out! And if you do, please tell us how it worked. Please comment below or email me.

Facebooktwitterlinkedinmail