Lync Server 2010 Multitenant Hosting Pack

Lync Server 2010 Multitenant Hosting Pack

Pre requisites

Pre requisite Description
Control Panel Server The server component of the control panel is required to be deployed on all frontend and director servers. In case multiple Frontend Servers are available, an additional server component can be deployed and specified as redundant server within the server configuration. Important is that both server deployments do preferable use the same AD Account for their applications pools and require to have the same password defined for the communication with the enterprise server componentThe used AD Account requires to be member of the following domain groups:

  • RTCUniversalServerAdmins
  • RTCUniversalUserAdmins
  • CSAdministrator
  • Domain Admins
Lync Server 2010 Pool An operational Lync pool is required.


Server Configuration

The IIS configuration of the server component requires adjustment. When the Enable-CSComputer powershell command is executed it will stop all not Lync related application websites.

  • Create a new web application named “WebsitePanel” under the Internal Lync Website on the Frontend or Director server. To do this follow the steps below:
    1. Start IIS Manager
    2. Right click the Internal Lync Web Site and select Add Application
    3. Type WebsitePanel for Alias:
    4. Click on the Select button and select the WebsitePanel Server Pool as the application pool
    5. Type C:\WebsitePanel\Server for Physical Path: or browse to your WebsitePanel Server directory
    6. Click on OK to add the new web application
  • Once you have created the new web application ensure Windows authentication is enabled. To verify follow the steps below:
    1. Start IIS Manager
    2. Select the new WebsitePanel application you just created.
    3. At the feature view pane under the IIS section double click on the Authentication icon (man with padlock)
    4. Make sure Windows Authentication is enabled

The Enterprise Server will use port 80 to communicate with the server component. When adding your Lync servers to the Enterprise Server make sure the URL in Connection Settings is in the correct format as shown below:

  • or
Please note the importance of the WebsitePanel web application appended to the end. This is different from how other servers are configured in the Enterprise server.

Service Configuration

Active Directory Settings

Item Information
Root Domain Specify over here the full qualified domain name of the domain where the user objects will reside in e.g.: hosting.local


Lync Server 2010 Settings

Select the following provider: “Microsoft Lync Server 2010” from the “Lync Server” group.

Category Item Information
Service Settings
Enterprise Pool or Standard Edition Server name FQDN of the enterprise pool or standard edition server name.
Simple Url Base Add here the base URL to use for simple urls ending with a ‘/’ e.g.
Frontend and Director Servers Specify all frontend servers and director servers that are part of the Lync pool. Click Add to Add the enlisted server. Once new tenants are on boarded the topology changes will be enabled on these servers to support the new tenant


Lync Configuration

Change root OU for tenants

  1. Run ldp.exe.
  2. In the Connection menu, click Connect.
  3. In the Connection menu, click Bind.
  4. In the View menu, click Tree and select the configuration partition from drop-down menu, then click OK.

Note The configuration partition option is the one that begins with “CN=Configuration”.

  1. Right-click on the root node, select Modify, and then do the following:
    1. In the Edit Entry box, enter “otherWellKnownObjects” for Attribute and “B:32:DE8197E3283B2C439A62F871E529F7DD:<DN of root tenant OU here>” for Values, e.g. OU=Hosting,DC=Hosting,DC=Local
    2. In the Operation box, select the Replace radio button and click Enter.
    3. Then click Run.
  2. On the Connection menu, click Exit to close ldp.exe.

Global Client Policies for Address Book Web Query

Configure the Address Book server for all users by setting the global client policy to allow only the Address Book Web Query service:

Set-CsClientPolicy –Identity global -AddressBookAvailability WebSearchOnly

Proxy Configuration

To ensure that all clients are treated as external, run the following command:

Set-CsProxyConfiguration –Identity global –TreatAllClientsAsRemote $True

(Note: do not run above command in Lync 2013 Hosting Pack environment. It will prevent your Edge server from external connections if $true)

Configure the Simple URL to use the backend database

Execute the following cmdlet to configure the Simple URL to use the back-end database:

Set-CsSimpleUrlConfiguration –UseBackEndDatabase $true

Conferencing Policy

Each tenant will get a conferencing policy assigned; this policy is inherited from the global conferencing policy where only the MaxMeetinSize and AllowIPVideo attributes can be influenced through the configuration of a hosting plan. Below a sample of global conferencing policy

Identity Global
AllowIPAudio True
AllowIPVideo True
AllowParticipantControl True
AllowAnnotations True
AllowUserToScheduleMeetingsWithAppSharing True
AllowAnonymousUsersToDialOut False
AllowAnonymousParticipantsInMeetings True
AllowExternalUsersToSaveContent True
AllowExternalUserControl False
AllowExternalUsersToRecordMeeting False
AllowPolls True
EnableDialInConferencing True
EnableAppDesktopSharing Desktop
AllowConferenceRecording False
EnableP2PRecording False
EnableFileTransfer True
EnableP2PFileTransfer True
EnableP2PVideo True
EnableDataCollaboration True
MaxVideoConferenceResolution VGA
MaxMeetingSize 2
AudioBitRateKb 200
VideoBitRateKb 50000
AppSharingBitRateKb 50000
FileTransferBitRateKb 50000


External Access Policy

Each tenant will get a external access policy assigned; this policy is inherited from the global conferencing policy where only the EnableFederationAccess attribute can be influenced through the configuration of a hosting plan. Below a sample of global external access policy:

Identity Global
EnableFederationAccess False
EnablePublicCloudAccess False
EnablePublicCloudAudioVideoAccess False
EnableOutsideAccess True



Run the Set-CSProvisionServerConfiguration and set the root of the simple urls e.g.

Set-CSProvisionServiceConfiguration –SimpleUrlDNSName