There’s a doc available by Microsoft on how to enable Quality of Services (QoS) in Lync which you can find here. The purpose of this multi-part article (first part for QoS on Lync Client and second part for QoS on Lync Server) is to lay everything out in a concise manner to help you, the reader, understand how to enable QoS. Keep in mind that this article is only for the ability to enable QOS, it is not a comprehensive guide on all the various dynamic ports available in Lync to lock down your firewalls. For that, you can check out my other article here. Second of all, the question may arise, why and when would you want to enable QoS. Audio and Video are synchronize traffic that can be affected by jitter, delay, and packet loss on an IP Network. Lync has been designed to work without QoS but Lync Administrators can choose to enable both Lync endpoints as well as servers to mark Differentiated Services Code Point (DSCP) values on audio and video packets. This ensures that audio/video packets get prioritized on a network that is enabled for Differentiated Services (DiffServ).
To better understand DiffServ and its affect on the network, please check out the excellent blog article written by fellow Lync MVP Jeff Schertz at the following URL: https://blog.schertz.name/2011/08/lync-qos-behavior/
So, let’s dive into my version of how to enable QoS. Shall we?
Part 1
Client QOS
Windows 7 versus Windows XP
Windows Vista and Windows 7 utilize Policy based QOS. Policy based QOS has the benefit that you can restrict the QoS application at the application level. For Lync, this would be communicator.exe. Windows XP uses separate QOS Group Policy Options that do not allow you to restrict the DSCP values at the application level. This means that all applications that utilize the Audio/Video ports we configure for Audio/Video will get DSCP markings stamped.
Peer to Peer Port Configuration
All client port ranges need to be changed as they are all overlapping by default. Client Media traffic by default utilizing ports 1024 to 65535 when doing Peer to Peer. To specify the client media port ranges, Set-CSConferencingConfiguration must be used. The port ranges for each modality must not conflict with another modality. Also, it is highly recommended to ensure that when each modality is locked down to its own port range that all ports are contiguous as this will make configuring Group Policy later on a bit easier as you will see later on in the article.
The command used to enable the ability to lock down peer to peer client ports is Set-CsConferencingConfiguration with the ClientMediaPortRangeEnabled set to 1. When enabled, clients will use the specified port range for media traffic. When disabled (the default value) any available port (from port 1024 through port 65535) will be used to accommodate media traffic. Because we want to lock down the peer to peer ports, we must run the following command:
Once this command is run, we can go ahead and start locking down our ports. Now keep in mind, all these commands are provided to the clients via in-band provisioning. This means that once our client signs in, they will start using these locked down port ranges and it does not require any Group Policy Object to be created (at least not for locking down ports) and pushed down to your clients.
The following commands are where we finally choose the amount of ports and at what port each modality starts. The commands are:
- Application Sharing:Set-CSConferencingConfiguration -ClientAppSharingPort <beginning of port range (5350 by default)> -ClientAppSharingPortRange <extent of port range, at least 4 (40 by default)>
- Audio:Set-CSConferencingConfiguration -ClientAudioPort<beginning of port range> -ClientAudioPortRange <extent of port range, at least 20 (40 by default)>
- Video:Set-CSConferencingConfiguration -ClientVideoPort <beginning of port range> -ClientVideoPortRange <extent of port range, at least 20 (40 by default)>
- File Transfer:Set-CSConferencingConfiguration -ClientFileTransferPort <beginning of port range> -ClientFileTransferPortRange <extent of port range, at least 20 (40 by default)>
- Communicator 2007 R2:Set-CSConferencingConfiguration -ClientMediaPort <beginning of port range> -ClientMediaPortRange <extent of port range, at least 40>
Note: -ClientMediaPortRange is used for Office Communicator 2007 R2 Clients. The reason why this uses 40 is because this setting includes all modalities as Office Communicator 2007 R2 did not split apart each modality into their own separate switches. Being able to break up each modality is a feature of Lync.
An example of a properly defined command with the minimum port requirement in one big switch is as follows:
An example of a properly defined command with the default port range is as follows (this is the example we will use going forward when configuring Group Policy):
Configuring Policy Based QOS in Group Policy for Windows Vista and/or Windows 7 clients
As stated previously, Windows Vista and Windows 7 clients utilize Policy Based QOS which allows a wider variety of options for configuring QoS. For example, you can specify that only communicator.exe should tag x ports.
In the below example, we will show how to create the Policy-based QoS for Audio. Once finished, be sure to also create Policy-based QoS policies for Video. The DSCP Value for Audio will be 46 and the DSCP Value for Video will be 34. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Windows Settings > Policy-based QoS. Right-Click and choose Create new policy.
In the new Policy, give it a name and specify the DSCP Value. DSCP Values for audio is typically 46. Make sure the Outbound Throttle Rate check box is cleared. Click Next.
Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that communicator.exe uses. So make sure you choose the “Only applications with this executable name” and specify communicator.exe. Click Next.
On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.” Click Next.
On the following screen, choose TCP and UDP. In our example above we used the Set-CSConferencingConfiguration command with the ClientAudioPort 20000 -ClientAudioPortRange 40 switches. Because of this, our source port range will 20000 to 20039 specified as 20000:20039 since our ClientAudioPortRange was 40.
Let’s go ahead and set the DSCP Value for Video with a DSCP value of 34. Right-Click Policy-based QoS and choose Create new policy. In the new Policy, give it a name and specify the DSCP Value. DSCP Values for video is typically 34. Make sure the Outbound Throttle Rate check box is cleared. Click Next.
Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that communicator.exe uses. So make sure you choose the “Only applications with this executable name” and specify communicator.exe. Click Next.
On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.” Click Next.
On the following screen, choose TCP and UDP. In our example above we used the Set-CSConferencingConfiguration command with the ClientVideoPort 20040 -ClientAudioPortRange 40 switches. Because of this, our source port range will 20040 to 20079 specified as 20040:20079 since our ClientVideoPortRange was 40.
Now go ahead and restart your Lync clients so they pick up the changes. After Group Policy have applied the settings, you should see the following settings within the registry:
Also, if you are in Workgroup Mode and notice that DSCP Values are not being applied, you may have to apply the following registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\QoS]”Do not use NLA”=”1″
Configuring QOS Policies in Group Policy for Windows XP clients
As stated previously, Windows XP Clients (it’s the same for Windows Server 2003) cannot use policy-based QoS. Instead, it uses QoS Policies based on the QoS Packet Scheduler. To install the QoS Packet Scheduler on Windows XP or Windows Server 2003, please proceed with the following steps:
Go to Control Panel > Network Connections > Right-Click Network Interface > Choose Properties. Then Choose Install.
Make sure to choose Service. Click Add.
Choose QoS Packet Scheduler as the Network Service. Click OK.
Now it is time to go into Group Policy. The DSCP Value for Audio will be 46 and the DSCP Value for Video will be 34. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Administrative Templates > Network > QoS Packet Scheduler.
The section we will be working with is, “DSCP value of conforming packets.” You do not need to modify “DSCP value of non-conforming packets.” And the two options within “DSCP value of conforming packets” we will be working with is:
- Controlled load service type (For Video with a DSCP Value of 34)
- Guaranteed service type (For Audio with a DSCP Value of 46)
Let’s go ahead and set the DSCP Value for Video (Controlled load service type). Go ahead and open “Controlled load service type.” Choose Enabled and set the DSCP to 34. Then click OK.
Let’s go ahead and set the DSCP Value for Audio (Guaranteed service type). Go ahead and open “Guaranteed service type.” Choose Enabled and set the DSCP to 46. Then click OK.
After Group Policy have applied the settings, you should see the following two settings set within the registry:
Now hop on your Lync Server and open the Lync Management Shell and type the following command:
This command should set your Windows XP and/or Windows Server 2003 machine with the following registry key:
Configuring QOS for Lync Phone Edition
Configuring Lync Phone Edition QoS is really simple and there’s really only one step. By default, the DSCP Value is set to 40 which is not typical for voice DSCP. We can see the default value by running the following:
Get-CsUCPhoneConfiguration
Identity : Global
CalendarPollInterval : 00:03:00
EnforcePhoneLock : True
PhoneLockTimeout : 00:10:00
MinPhonePinLength : 6
SIPSecurityMode : High
VoiceDiffServTag : 40
Voice8021p : 0
LoggingLevel : Off
To set this value to 46, run the following command (leaving -Identity blank will modify the global settings):
Surprisingly, that’s all there is to it for enabling QoS to Lync Phone Edition. That is of course other than rebooting your Lync Phone which is required.
As an alternative to DSCP value, you can utilize 802.1p for Lync Phone edition. This setting is effective only for networks in which switches and bridges are 802.1p-capable. The minimum value for this property is 0 and the maximum is 7. The default value is 0.
To enable 8021.p you can run the following command (leaving -Identity blank will modify the global settings):
Conclusion
In this Part 1 on how to enable QOS for Lync Server 2010, we took a look at how to enable QOS for Lync clients. In Part 2, we will take a look at how to enable QoS for for Lync 2010 servers.
Great article post! I want to introduce with USB device and port. Now, most of devices are made with USB port because of it is easy and comfortable. Thanks!
Brilliant article. Thank you. I set up a QoS policy using your article as a guide with the Local Group Policy editor and found that the packets were marked with the DSCP settings entered (confirmed with WireShark). However when switching this to a group policy (same settings, confirming that the relevant regkey was created etc) packets are not being marked with the DSCP settings – again this has been confirmed using WireShark. If I switch back to a local group policy packets are marked! What am I doing wrong? Any thoughts?
I used the above settings and it was working great, until Win 8 + lync 2013 came into picture.
I noticed communicator.exe process is now changed to lync.exe,
Modified the same in GP, however it is still not working.
Any suggestions.
This is brilliant. HOWEVER ( I say this timidly because of the work that went into creating this) , what if QoS is controlled strictly by an edge of network appliance or router? Does anyone know of a similarly beautiful piece of work that could be used as a starting block in enabling lync qos using edge of network equipment?
This article was great! Thank you for the post, it saved us a lot of headache. One question – how do we address DSCP with Mac to be used with Lync services?
This is the best explanation of Lync QoS I have seen. Question: For policy-based Win 7 QoS, is it effective to leave the port settings as "From any source port?" It seems like the traffic is already targeted by application and their DSCP values.
Also, for router QoS, would prioritizing SIP and RTP traffic be sufficient? I don't see an option for DSCP on my Linksys WRT150N running DD-WRT.
I would use From any source port because you want to use different DSCP values for the different types of traffic. So while you are indeed using communicator.exe, you still want to have different policies (audio, video, etc.).
As far as Linksys, you could certainly do that as I used to do that on my DD-WRT so it would prioritize Lync ranges so if family/etc. are streaming Netflix or whatever and you're trying to do Lync Audio/Video, your traffic would get prioritized.
This is really great – many thanks!
best article on this subject. great job!
Thanks for this worthy information with such detailed explanation. It helps to easily understand the whole subject matter… thanks again. This is useful to me..