RSS Subscription 167 Posts and 2,643 Comments

Enabling QoS for Lync Server 2013 and Various Clients – Part 1

There’s documentation available by Microsoft on how to enable Quality of Services (QoS) in Lync which you can find here.  I have a previous article series on enabling QoS for Lync 2010 here.  This article series will be more comprehensive than my previous article series and can be used instead of my Lync 2010 article series as this article series will provide all the necessary QoS configuration for both Lync Server 2010 and Lync Server 2013 and all the various clients while also supporting QoS for the Communicator 2007 R2 Client during a co-existence period when Communicator 2007 R2 is run against a Lync 2010 Pool.

The purpose of this multi-part article  is to lay everything out in a concise manner to help you, the reader, understand how to enable QoS for Lync Server 2013 and various supported clients such as Lync 2010, Lync 2013, and the Attendant Console .  Keep in mind that this article is only for the ability to enable QOS, it is not a comprehensive guide on all the various dynamic ports available in Lync to lock down your firewalls.  For that, you can check out my other article here. Second of all, the question may arise, why and when would you want to enable QoS?  Audio and Video are synchronize traffic that can be affected by jitter, delay, and packet loss on an IP Network.  Lync has been designed to work without QoS but Lync Administrators can choose to enable both Lync endpoints as well as servers to mark Differentiated Services Code Point (DSCP) values on audio and video packets.  This ensures that audio/video packets get prioritized on a network that is enabled for Differentiated Services (DiffServ).

To better understand DiffServ and its affect on the network, please check out the excellent blog article written by fellow Lync MVP Jeff Schertz at the following URL: http://blog.schertz.name/2011/08/lync-qos-behavior/

So, let’s dive into my version of how to enable QoS.  Shall we?

Part 1

Part 2

Comprehensive Table of QoS Configurations

In order to successfully deploy QoS, it helps if you have a table with all the various information needed.

Lync 2013 allows legacy Lync 2010 clients to connect to Lync 2013.  The legacy Lync 2010 client’s executable name is Communicator.exe whereas Lync 2013 now uses the executable name of Lync.exe. For Attendant clients, Lync 2010 Attendant is the current solution and the executable name is AttendantConsole.exe.  So we need to create policies for all three client executables as well as all the executables the server uses.  To help map out what we need to configure, inputting information into the following table will help set the stage for assigning QoS values for audio and video.

Communicator 2007 r2 does have some interoperability support with Lync 2013 but only for IM/Presence.  Therefore, the same legacy QoS support for the R2 client is no longer required in Lync 2013.  You can see Lync Server 2013 client inoperability support here.

This table will focus on Audio/Video.  In Part 2, we’ll add File Transfers, Application Sharing, and SIP to this list just in case you want to provide a more robust QoS configuration to your environment that extends to more than just Audio/Video.

Component Communication type Executable name DSCP value TCP/UDP Source IP Destination IP Source Ports Destination Ports
A/V Conferencing service Audio AVMCUSvc.exe 46 Both Any Any 49152-57500
Video AVMCUSvc.exe 34 Both Any Any 57501-65535
A/V Edge service Audio MediaRelaySvc.exe 46 Both Edge Internal IP Any 49152 – 57500 from Lync Edge to Servers20000 – 20039 from Lync Edge to Internal Clients
Video MediaRelaySvc.exe 34 Both Edge Internal IP Any 57501 – 65535 from Lync Edge to Servers20040 – 20079 from Lync Edge to Internal Clients
A/V Edge service to Exchange UM   Servers Audio MediaRelaySvc.exe 46 UDP Edge Internal IP Exchange UM Servers 1024-65535
Mediation Server Audio MediationServerSvc.exe 46 Both Any Any 49152-57500
Response Group application Audio OcsAppServerHost.exe 46 Both Any Any 49152-57500
Conference Announcement service Audio OcsAppServerHost.exe 46 Both Any Any 49152-57500
UCMA applications Audio OcsAppServerHost.exe 46 Both Any Any 49152-57500
Lync 2010 Audio Communicator.exe 46 Both Any Any 20000 – 20039
Video Communicator.exe 34 Both Any Any 20040 – 20079
Lync 2013 Audio lync.exe 46 Both Any Any 20000 – 20039
Video lync.exe 34 Both Any Any 20040 – 20079
Lync 2010 Attendant Audio AttendantConsole.exe 46 Both Any Any 20000 – 20039
Lync 2010 Phone Edition Audio n/a 46 Both Any Any 20000 – 20039

Client QOS

Windows Vista/7/8 versus Windows XP

Windows Vista, Windows 7, and Windows 8 utilize Policy based QOS. Policy based QOS has the benefit that you can restrict the QoS application at the application level.  For Lync 2010, this would be communicator.exe. For Lync 2013, this would be lync.exe.  For the Lync Attendant Console, this would be attendantconsole.exe. Windows XP uses separate QOS Group Policy Options that do not allow you to restrict the DSCP values at the application level.  This means that all applications that utilize the Audio/Video ports we configure for Audio/Video will get DSCP markings stamped.

Peer to Peer Port Configuration

All client port ranges need to be changed as they are all overlapping by default.  Client Media traffic by default utilizing ports 1024 to 65535 when doing Peer to Peer. To specify the client media port ranges, Set-CSConferencingConfiguration must be used. The port ranges for each modality must not conflict with another modality. Also, it is highly recommended to ensure that when each modality is locked down to its own port range that all ports are contiguous as this will make configuring Group Policy later on a bit easier as you will see later on in the article.

The command used to enable the ability to lock down peer to peer client ports is Set-CsConferencingConfiguration with the ClientMediaPortRangeEnabled set to 1.  When enabled, clients will use the specified port range for media traffic. When disabled (the default value) any available port (from port 1024 through port 65535) will be used to accommodate media traffic.  Because we want to lock down the peer to peer ports, we must run the following command:

Set-CsConferencingConfiguration -ClientMediaPortRangeEnabled 1

Once this command is run, we can go ahead and start locking down our ports.  Now keep in mind, all these commands are provided to the clients via in-band provisioning.  This means that once our client signs in, they will start using these locked down port ranges and it does not require any Group Policy Object to be created (at least not for locking down ports) and pushed down to your clients.

The following commands are where we finally choose the amount of ports and at what port each modality starts.  The commands are:

  • Application Sharing:
    Set-CSConferencingConfiguration -ClientAppSharingPort <beginning of port range (5350 by default)> -ClientAppSharingPortRange <extent of port range, at least 4 (40 by default)>
  • Audio:
    Set-CSConferencingConfiguration -ClientAudioPort<beginning of port range> -ClientAudioPortRange <extent of port range, at least 20 (40 by default)>
  • Video:
    Set-CSConferencingConfiguration -ClientVideoPort <beginning of port range> -ClientVideoPortRange <extent of port range, at least 20 (40 by default)>
  • File Transfer:
    Set-CSConferencingConfiguration -ClientFileTransferPort <beginning of port range> -ClientFileTransferPortRange <extent of port range, at least 20 (40 by default)>
  • Communicator 2007 R2:
    Set-CSConferencingConfiguration -ClientMediaPort <beginning of port range> -ClientMediaPortRange <extent of port range, at least 40>

Note: -ClientMediaPortRange is used for Office Communicator 2007 R2 Clients. The reason why this uses 40 is because this setting includes all modalities as Office Communicator 2007 R2 did not split apart each modality into their own separate switches.  Being able to break up each modality is a feature of Lync. Because Lync Server 2013 only supports IM/Presence from Office Communicator R2 clients, if you are in a Lync Server 2013 environment with no Lync 2010 Servers, ClientMediaPortRange is unnecessary to configure.  However, you may be in an environment with both Lync Server 2010 and Lync Server 2013 and you may want to configure ClientMediaPortRange as this configuration in Lync Server 2013 still applies to Lync Server 2010 which may still be supporting Office Communicator 2007 R2 clients.  Therefore, we will still configure ClientMediaPortRange.

An example of a properly defined command with the minimum port requirement in one big switch is as follows:

Set-CsConferencingConfiguration -ClientAudioPort 20000 -ClientAudioPortRange 20 -ClientVideoPort 20020 -ClientVideoPortRange 20 -ClientAppSharingPort 20040 -ClientAppSharingPortRange 4 -ClientFileTransferPort 20044 -ClientFileTransferPortRange 4 -ClientMediaPort 20048 -ClientMediaPortRange 40

An example of a properly defined command with the default port range is as follows (this is the example we will use going forward when configuring Group Policy):

Set-CsConferencingConfiguration -ClientAudioPort 20000 -ClientAudioPortRange 40 -ClientVideoPort 20040 -ClientVideoPortRange 40 -ClientAppSharingPort 20080 -ClientAppSharingPortRange 40 -ClientFileTransferPort 20120 -ClientFileTransferPortRange 40 -ClientMediaPort 20160 -ClientMediaPortRange 40

Configuring Policy Based QOS in Group Policy for Windows Vista, Windows 7, and/or Windows 8 clients

As stated previously, Windows Vista, Windows 7, and Windows 8 clients utilize Policy Based QOS which allows a wider variety of options for configuring QoS.  For example, you can specify that only communicator.exe, lync.exe, or attendantconsole.exe should tag x ports. One thing to note however, is the Lync 2013 client is unsupported on Windows Vista and is only supported in Windows 7 and Windows 8.

In the below example, we will show how to create the Policy-based QoS for Audio.  Once finished, be sure to also create Policy-based QoS policies for Video.  The DSCP Value for Audio will be 46 and the DSCP Value for Video will be 34. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Windows Settings > Policy-based QoS Right-Click and choose Create new policy.

In the new Policy, give it a name and specify the DSCP Value.  DSCP Values for audio is typically 46.  Make sure the Outbound Throttle Rate check box is cleared.  Click Next.

Lync15QoS1

Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that communicator.exe uses.  So make sure you choose the “Only applications with this executable name” and specify lync.exe. Click Next.

Lync15QoS2

On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.”  Click Next.

Lync15QoS3

On  the following screen, choose TCP and UDP.  In our example above we used the Set-CSConferencingConfiguration command with the ClientAudioPort 20000 -ClientAudioPortRange 40 switches.  Because of this, our source port range will 20000 to 20039 specified as 20000:20039 since our ClientAudioPortRange was 40.

Lync15QoS4

Let’s go ahead and set the DSCP Value for Video with a DSCP value of 34. Right-Click Policy-based QoS and choose Create new policy. In the new Policy, give it a name and specify the DSCP Value.  DSCP Values for video is typically 34.  Make sure the Outbound Throttle Rate check box is cleared.  Click Next.

Lync15QoS5

Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that communicator.exe uses.  So make sure you choose the “Only applications with this executable name” and specify lync.exe. Click Next.

Lync15QoS6

On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.”  Click Next.

Lync15QoS7

On  the following screen, choose TCP and UDP.  In our example above we used the Set-CSConferencingConfiguration command with the ClientVideoPort 20040 -ClientAudioPortRange 40 switches.  Because of this, our source port range will 20040 to 20079 specified as 20040:20079 since our ClientVideoPortRange was 40.

Lync15QoS8

Now go ahead and repeat the above policies for the Lync 2010 Client and the Attendant Client.  The only things you will have to change are the Policy Name and the Application Name.  The AttendantConsole.exe would only have an Audio policy. After finished, you will have 5 client GPO policies and will look like the following:

Lync15QoS9

Now go ahead and restart your Lync clients so they pick up the changes. After Group Policy have applied the settings, you should see the following settings within the registry:

Lync15QoS10

Lync15QoS11

Lync15QoS12

Lync15QoS13

Lync15QoS14

Also, if you are in Workgroup Mode and notice that DSCP Values are not being applied, you may have to apply the following registry key:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\QoS]“Do not use NLA”=”1″

Configuring QOS Policies in Group Policy for Windows XP clients

As stated previously, Windows XP Clients (it’s the same for Windows Server 2003) cannot use policy-based QoS.  Instead, it uses QoS Policies based on the QoS Packet Scheduler.  To install the QoS Packet Scheduler on Windows XP or Windows Server 2003, please proceed with the following steps:

Go to Control Panel > Network Connections > Right-Click Network Interface > Choose Properties. Then Choose Install.

Make sure to choose Service.  Click Add.

Choose QoS Packet Scheduler as the Network Service.  Click OK.

Now it is time to go into Group Policy. The DSCP Value for Audio will be 46 and the DSCP Value for Video will be 34. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Administrative Templates  > Network > QoS Packet Scheduler.

The section we will be working with is, “DSCP value of conforming packets.”  You do not need to modify “DSCP value of non-conforming packets.” And the two options within “DSCP value of conforming packets” we will be working with is:

  • Controlled load service type (For Video with a DSCP Value of 34)
  • Guaranteed service type (For Audio with a DSCP Value of 46)

Let’s go ahead and set the DSCP Value for Video (Controlled load service type).  Go ahead and open “Controlled load service type.”  Choose Enabled and set the DSCP to 34. Then click OK.

Let’s go ahead and set the DSCP Value for Audio (Guaranteed service type).  Go ahead and open “Guaranteed service type.”  Choose Enabled and set the DSCP to 46. Then click OK.

After Group Policy have applied the settings, you should see the following two settings set within the registry:

Now hop on your Lync Server and open the Lync Management Shell and type the following command:

Set-CsMediaConfiguration -EnableQoS $true

This command should set your Windows XP and/or Windows Server 2003 machine with the following registry key:

Configuring QOS for Lync Phone Edition

Configuring Lync Phone Edition QoS is really simple and there’s really only one step.  By default, the DSCP Value is set to 40 which is not typical for voice DSCP. We can see the default value by running the following:

Get-CsUCPhoneConfiguration

Identity             : Global CalendarPollInterval : 00:03:00 EnforcePhoneLock     : True PhoneLockTimeout     : 00:10:00 MinPhonePinLength    : 6 SIPSecurityMode      : High VoiceDiffServTag     : 40 Voice8021p           : 0 LoggingLevel         : Off

To set this value to 46, run the following command (leaving -Identity blank will modify the global settings):

Set-CsUCPhoneConfiguration -VoiceDiffServTag 46

Surprisingly, that’s all there is to it for enabling QoS to Lync Phone Edition.  That is of course other than rebooting your Lync Phone which is required.

As an alternative to DSCP value, you can utilize 802.1p for Lync Phone edition.  This setting is effective only for networks in which switches and bridges are 802.1p-capable.  The minimum value for this property is 0 and the maximum is 7.  The default value is 0.

To enable 8021.p you can run the following command (leaving -Identity blank will modify the global settings):

Set-CsUCPhoneConfiguration -Voice8021p <value>

Validating QoS using WireShark

What better way to test out your QoS policies than to ensure that using WireShark to see and verify the ports are correctly being restricted to the range of ports we have defined and verify a DSCP value is being added.  Keep in mind, our audio packets will show as UDP as Lync prefers UDP over TCP and only falls back to TCP if UDP does not work.

When opening WireShark, go ahead and start capturing your interface.  Right-click one of the columns and choose Column Preferences.  Add IP DSCP as a column.

Lync15QoS15

Start logging and look for UDP packets and you should see audio packets in the 20000:200039 range we specified and they should be marked as 46.

Lync15QoS16

And voila, there we go. Working as intended!

Conclusion

In this Part 1 on how to enable QOS for Lync Server 2013, we took a look at how to enable QOS for Lync 2010 clients, Lync 2013 clients, and the Attendant Console.  In Part 2, we will take a look at how to enable QoS for for Lync 2013 servers which include QoS for the Lync 2013 Edge Server in addition to Exchange UM.

Share

16 Responses to “Enabling QoS for Lync Server 2013 and Various Clients – Part 1”

  1. [...] http://www.shudnow.net/2013/02/16/enabling-qos-for-lync-server-2013-and-various-clients-part-1/ [...]

  2. on 17 Feb 2013 at 8:22 amRasheedah

    Thank You!

  3. on 18 Feb 2013 at 6:03 amVladi

    Thnak you Elan! What about the VDI Plugin? Which exe have to be considered in the QoS Policy? (for the Citrix Plugin it is MediaEngineHost.exe)

  4. on 19 Feb 2013 at 4:44 amariprotheroe

    With Lync Server 2013, UCMA application now support Video. (Voice was only supported with 2010). You haven't included to cmdlet for setting the port ranges for UCMA applications.

  5. on 22 Feb 2013 at 12:54 amElan Shudnow

    I'll add this at some point.

  6. [...] Enabling QoS for Lync Server 2013 and Various Clients – Part 1 – [...]

  7. on 04 Mar 2013 at 10:54 amStephen

    I do have a question. Does anyone out there have any information or sample configurations on enabling QOS (I’m using a tomato OS router) using a router for Lync soft phones? The Port/Protocol/Destination addressing QOS settings for competing services like Ring central are easy to find, but when one google’s “Link QOS” it seems that there is a bunch of stuff on enabling QOS on the link client agent and server (we use a service provider via the Internet that manages the server), and very little on where it seems (to me) where it actually matters, that being on the routers that actually attach our numerous sites to the internet cloud.

    The router UI that I have for QOS requires items such as source/destination address, TCP/IP protocol (TCP/UDP) and/or port? Any thoughts??

  8. on 18 Mar 2013 at 3:33 pmNextHop

    Lync MVP Article Roundup: February 2013…

    Lync MVPs are a fountain of deep knowledge on Lync Server. But keeping up with the dozens of great articles…

  9. on 10 Apr 2013 at 11:00 amKorbyn

    Do you have a reason for using the 20000 port ranges instead of moving them up into the 50000 range for Audio and 58000 range for video, and overlap them with the DSCP values of the server ranges? Just curious, I don't see either way being wrong, just looking for whats most right… Current TechNet documentation is showing use of the high ports: http://technet.microsoft.com/en-us/library/jj2047

    I've also just noticed that "Do not use NLA”=”1" is supposed to be a string value and not dword as some sites are posting: http://support.microsoft.com/kb/2733528

  10. on 01 May 2013 at 4:58 amDorthea

    My spouse and I stumbled over here coming from a different page and thought I should check things out.

    I like what I see so now i’m following you. Look forward to looking at your web page again.

  11. on 03 May 2013 at 12:46 amValerie

    If it is not, remove the receiving part of the mouse, the device plugged into
    the USB port, then reinsert it. 4GHz wireless connection to transmit the signal
    from the keyboard to the computer. These buttons are a very cool feature for the mouse, so if you’ve never used a feature like this before, don’t be too intimidated not
    to try them out.

  12. on 06 May 2013 at 2:13 pmCorey McClain

    There are a two instances in the following text where communicator.exe should be lync.exe.

    Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that communicator.exe uses. So make sure you choose the “Only applications with this executable name” and specify lync.exe.

  13. on 08 May 2013 at 8:49 amSusan S. Bradley

    Very nice article, thanks Elan!

  14. “Worked All Zones Award” is the same concept with time zones.
    Regular workshops ensure that the staff at PVM Radio subdivision is not only
    up to date with the latest technological innovations,
    but also ensures that the customers from diverse backgrounds are offered the best possible services to suit their tastes.
    These channels offer a variety of genres for the user.

  15. on 10 Aug 2013 at 8:51 amTaranjeet Singh

    Hi Alan

    I have a question, the commands listed above under the section "Peer to Peer Port Configuration" for locking down peer to peer client ports for Application Sharing/Audio/Video etc, needs to be run on each client?

    If this is the case what is the best way to run this command on bulk clients and that too when we have variety of different clients (Lync 2013/2010 and Communicator).

    Thanks
    Taranjeet Singh

  16. on 19 Aug 2013 at 6:52 amElan Shudnow

    Clients will receive this port configuration in-band. No need to push out the port configuration via GPO. If you were locking the ports down for QoS reasons, then you would need to push out the QoS configuration via GPO. But the port configuration itself is pushed to clients in-band.

Trackback this post | Feed on Comments to this post

Leave a Reply