There’s documentation available by Microsoft on how to enable Quality of Services (QoS) in Lync which you can find here. I have a previous article series on enabling QoS for Lync 2010 here. This article series will be more comprehensive than my previous article series and can be used instead of my Lync 2010 article series as this article series will provide all the necessary QoS configuration for both Lync Server 2010 and Lync Server 2013 and all the various clients while also supporting QoS for the Communicator 2007 R2 Client during a co-existence period when Communicator 2007 R2 is run against a Lync 2010 Pool.
The purpose of this multi-part article is to lay everything out in a concise manner to help you, the reader, understand how to enable QoS for Lync Server 2013 and various supported clients such as Lync 2010, Lync 2013, and the Attendant Console . Keep in mind that this article is only for the ability to enable QOS, it is not a comprehensive guide on all the various dynamic ports available in Lync to lock down your firewalls. For that, you can check out my other article here. Second of all, the question may arise, why and when would you want to enable QoS? Audio and Video are synchronize traffic that can be affected by jitter, delay, and packet loss on an IP Network. Lync has been designed to work without QoS but Lync Administrators can choose to enable both Lync endpoints as well as servers to mark Differentiated Services Code Point (DSCP) values on audio and video packets. This ensures that audio/video packets get prioritized on a network that is enabled for Differentiated Services (DiffServ).
To better understand DiffServ and its affect on the network, please check out the excellent blog article written by fellow Lync MVP Jeff Schertz at the following URL: https://blog.schertz.name/2011/08/lync-qos-behavior/
So, let’s dive into my version of how to enable QoS. Shall we?
Part 1
Comprehensive Table of QoS Configurations
In order to successfully deploy QoS, it helps if you have a table with all the various information needed.
Lync 2013 allows legacy Lync 2010 clients to connect to Lync 2013. The legacy Lync 2010 client’s executable name is Communicator.exe whereas Lync 2013 now uses the executable name of Lync.exe. For Attendant clients, Lync 2010 Attendant is the current solution and the executable name is AttendantConsole.exe. So we need to create policies for all three client executables as well as all the executables the server uses. To help map out what we need to configure, inputting information into the following table will help set the stage for assigning QoS values for audio and video.
Communicator 2007 r2 does have some interoperability support with Lync 2013 but only for IM/Presence. Therefore, the same legacy QoS support for the R2 client is no longer required in Lync 2013. You can see Lync Server 2013 client inoperability support here.
This table will focus on Audio/Video. In Part 2, we’ll add File Transfers, Application Sharing, and SIP to this list just in case you want to provide a more robust QoS configuration to your environment that extends to more than just Audio/Video.
Component | Communication type | Executable name | DSCP value | TCP/UDP | Source IP | Destination IP | Source Ports | Destination Ports |
A/V Conferencing service | Audio | AVMCUSvc.exe | 46 | Both | Any | Any | 49152-57500 | |
Video | AVMCUSvc.exe | 34 | Both | Any | Any | 57501-65535 | ||
A/V Edge service | Audio | MediaRelaySvc.exe | 46 | Both | Edge Internal IP | Any | 49152 – 57500 from Lync Edge to Servers20000 – 20039 from Lync Edge to Internal Clients | |
Video | MediaRelaySvc.exe | 34 | Both | Edge Internal IP | Any | 57501 – 65535 from Lync Edge to Servers20040 – 20079 from Lync Edge to Internal Clients | ||
A/V Edge service to Exchange UM Servers | Audio | MediaRelaySvc.exe | 46 | UDP | Edge Internal IP | Exchange UM Servers | 1024-65535 | |
Mediation Server | Audio | MediationServerSvc.exe | 46 | Both | Any | Any | 49152-57500 | |
Response Group application | Audio | OcsAppServerHost.exe | 46 | Both | Any | Any | 49152-57500 | |
Conference Announcement service | Audio | OcsAppServerHost.exe | 46 | Both | Any | Any | 49152-57500 | |
UCMA applications | Audio | OcsAppServerHost.exe | 46 | Both | Any | Any | 49152-57500 | |
Lync 2010 | Audio | Communicator.exe | 46 | Both | Any | Any | 20000 – 20039 | |
Video | Communicator.exe | 34 | Both | Any | Any | 20040 – 20079 | ||
Lync 2013 | Audio | lync.exe | 46 | Both | Any | Any | 20000 – 20039 | |
Video | lync.exe | 34 | Both | Any | Any | 20040 – 20079 | ||
Lync 2010 Attendant | Audio | AttendantConsole.exe | 46 | Both | Any | Any | 20000 – 20039 | |
Lync 2010 Phone Edition | Audio | n/a | 46 | Both | Any | Any | 20000 – 20039 |
Client QOS
Windows Vista/7/8 versus Windows XP
Windows Vista, Windows 7, and Windows 8 utilize Policy based QOS. Policy based QOS has the benefit that you can restrict the QoS application at the application level. For Lync 2010, this would be communicator.exe. For Lync 2013, this would be lync.exe. For the Lync Attendant Console, this would be attendantconsole.exe. Windows XP uses separate QOS Group Policy Options that do not allow you to restrict the DSCP values at the application level. This means that all applications that utilize the Audio/Video ports we configure for Audio/Video will get DSCP markings stamped.
Peer to Peer Port Configuration
All client port ranges need to be changed as they are all overlapping by default. Client Media traffic by default utilizing ports 1024 to 65535 when doing Peer to Peer. To specify the client media port ranges, Set-CSConferencingConfiguration must be used. The port ranges for each modality must not conflict with another modality. Also, it is highly recommended to ensure that when each modality is locked down to its own port range that all ports are contiguous as this will make configuring Group Policy later on a bit easier as you will see later on in the article.
The command used to enable the ability to lock down peer to peer client ports is Set-CsConferencingConfiguration with the ClientMediaPortRangeEnabled set to 1. When enabled, clients will use the specified port range for media traffic. When disabled (the default value) any available port (from port 1024 through port 65535) will be used to accommodate media traffic. Because we want to lock down the peer to peer ports, we must run the following command:
Once this command is run, we can go ahead and start locking down our ports. Now keep in mind, all these commands are provided to the clients via in-band provisioning. This means that once our client signs in, they will start using these locked down port ranges and it does not require any Group Policy Object to be created (at least not for locking down ports) and pushed down to your clients.
The following commands are where we finally choose the amount of ports and at what port each modality starts. The commands are:
- Application Sharing:Set-CSConferencingConfiguration -ClientAppSharingPort <beginning of port range (5350 by default)> -ClientAppSharingPortRange <extent of port range, at least 4 (40 by default)>
- Audio:Set-CSConferencingConfiguration -ClientAudioPort<beginning of port range> -ClientAudioPortRange <extent of port range, at least 20 (40 by default)>
- Video:Set-CSConferencingConfiguration -ClientVideoPort <beginning of port range> -ClientVideoPortRange <extent of port range, at least 20 (40 by default)>
- File Transfer:Set-CSConferencingConfiguration -ClientFileTransferPort <beginning of port range> -ClientFileTransferPortRange <extent of port range, at least 20 (40 by default)>
- Communicator 2007 R2:Set-CSConferencingConfiguration -ClientMediaPort <beginning of port range> -ClientMediaPortRange <extent of port range, at least 40>
Note: -ClientMediaPortRange is used for Office Communicator 2007 R2 Clients. The reason why this uses 40 is because this setting includes all modalities as Office Communicator 2007 R2 did not split apart each modality into their own separate switches. Being able to break up each modality is a feature of Lync. Because Lync Server 2013 only supports IM/Presence from Office Communicator R2 clients, if you are in a Lync Server 2013 environment with no Lync 2010 Servers, ClientMediaPortRange is unnecessary to configure. However, you may be in an environment with both Lync Server 2010 and Lync Server 2013 and you may want to configure ClientMediaPortRange as this configuration in Lync Server 2013 still applies to Lync Server 2010 which may still be supporting Office Communicator 2007 R2 clients. Therefore, we will still configure ClientMediaPortRange.
An example of a properly defined command with the minimum port requirement in one big switch is as follows:
An example of a properly defined command with the default port range is as follows (this is the example we will use going forward when configuring Group Policy):
Configuring Policy Based QOS in Group Policy for Windows Vista, Windows 7, and/or Windows 8 clients
As stated previously, Windows Vista, Windows 7, and Windows 8 clients utilize Policy Based QOS which allows a wider variety of options for configuring QoS. For example, you can specify that only communicator.exe, lync.exe, or attendantconsole.exe should tag x ports. One thing to note however, is the Lync 2013 client is unsupported on Windows Vista and is only supported in Windows 7 and Windows 8.
In the below example, we will show how to create the Policy-based QoS for Audio. Once finished, be sure to also create Policy-based QoS policies for Video. The DSCP Value for Audio will be 46 and the DSCP Value for Video will be 34. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Windows Settings > Policy-based QoS. Right-Click and choose Create new policy.
In the new Policy, give it a name and specify the DSCP Value. DSCP Values for audio is typically 46. Make sure the Outbound Throttle Rate check box is cleared. Click Next.
Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that communicator.exe uses. So make sure you choose the “Only applications with this executable name” and specify lync.exe. Click Next.
On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.” Click Next.
On the following screen, choose TCP and UDP. In our example above we used the Set-CSConferencingConfiguration command with the ClientAudioPort 20000 -ClientAudioPortRange 40 switches. Because of this, our source port range will 20000 to 20039 specified as 20000:20039 since our ClientAudioPortRange was 40.
Let’s go ahead and set the DSCP Value for Video with a DSCP value of 34. Right-Click Policy-based QoS and choose Create new policy. In the new Policy, give it a name and specify the DSCP Value. DSCP Values for video is typically 34. Make sure the Outbound Throttle Rate check box is cleared. Click Next.
Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that communicator.exe uses. So make sure you choose the “Only applications with this executable name” and specify lync.exe. Click Next.
On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.” Click Next.
On the following screen, choose TCP and UDP. In our example above we used the Set-CSConferencingConfiguration command with the ClientVideoPort 20040 -ClientAudioPortRange 40 switches. Because of this, our source port range will 20040 to 20079 specified as 20040:20079 since our ClientVideoPortRange was 40.
Now go ahead and repeat the above policies for the Lync 2010 Client and the Attendant Client. The only things you will have to change are the Policy Name and the Application Name. The AttendantConsole.exe would only have an Audio policy. After finished, you will have 5 client GPO policies and will look like the following:
Now go ahead and restart your Lync clients so they pick up the changes. After Group Policy have applied the settings, you should see the following settings within the registry:
Also, if you are in Workgroup Mode and notice that DSCP Values are not being applied, you may have to apply the following registry key:
Configuring QOS Policies in Group Policy for Windows XP clients
As stated previously, Windows XP Clients (it’s the same for Windows Server 2003) cannot use policy-based QoS. Instead, it uses QoS Policies based on the QoS Packet Scheduler. To install the QoS Packet Scheduler on Windows XP or Windows Server 2003, please proceed with the following steps:
Go to Control Panel > Network Connections > Right-Click Network Interface > Choose Properties. Then Choose Install.
Make sure to choose Service. Click Add.
Choose QoS Packet Scheduler as the Network Service. Click OK.
Now it is time to go into Group Policy. The DSCP Value for Audio will be 46 and the DSCP Value for Video will be 34. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Administrative Templates > Network > QoS Packet Scheduler.
The section we will be working with is, “DSCP value of conforming packets.” You do not need to modify “DSCP value of non-conforming packets.” And the two options within “DSCP value of conforming packets” we will be working with is:
- Controlled load service type (For Video with a DSCP Value of 34)
- Guaranteed service type (For Audio with a DSCP Value of 46)
Let’s go ahead and set the DSCP Value for Video (Controlled load service type). Go ahead and open “Controlled load service type.” Choose Enabled and set the DSCP to 34. Then click OK.
Let’s go ahead and set the DSCP Value for Audio (Guaranteed service type). Go ahead and open “Guaranteed service type.” Choose Enabled and set the DSCP to 46. Then click OK.
After Group Policy have applied the settings, you should see the following two settings set within the registry:
Now hop on your Lync Server and open the Lync Management Shell and type the following command:
This command should set your Windows XP and/or Windows Server 2003 machine with the following registry key:
Configuring QOS for Lync Phone Edition
Configuring Lync Phone Edition QoS is really simple and there’s really only one step. By default, the DSCP Value is set to 40 which is not typical for voice DSCP. We can see the default value by running the following:
Get-CsUCPhoneConfiguration
Identity : Global CalendarPollInterval : 00:03:00 EnforcePhoneLock : True PhoneLockTimeout : 00:10:00 MinPhonePinLength : 6 SIPSecurityMode : High VoiceDiffServTag : 40 Voice8021p : 0 LoggingLevel : Off
To set this value to 46, run the following command (leaving -Identity blank will modify the global settings):
Surprisingly, that’s all there is to it for enabling QoS to Lync Phone Edition. That is of course other than rebooting your Lync Phone which is required.
As an alternative to DSCP value, you can utilize 802.1p for Lync Phone edition. This setting is effective only for networks in which switches and bridges are 802.1p-capable. The minimum value for this property is 0 and the maximum is 7. The default value is 0.
To enable 8021.p you can run the following command (leaving -Identity blank will modify the global settings):
Validating QoS using WireShark
What better way to test out your QoS policies than to ensure that using WireShark to see and verify the ports are correctly being restricted to the range of ports we have defined and verify a DSCP value is being added. Keep in mind, our audio packets will show as UDP as Lync prefers UDP over TCP and only falls back to TCP if UDP does not work.
When opening WireShark, go ahead and start capturing your interface. Right-click one of the columns and choose Column Preferences. Add IP DSCP as a column.
Start logging and look for UDP packets and you should see audio packets in the 20000:200039 range we specified and they should be marked as 46.
And voila, there we go. Working as intended!
Conclusion
In this Part 1 on how to enable QOS for Lync Server 2013, we took a look at how to enable QOS for Lync 2010 clients, Lync 2013 clients, and the Attendant Console. In Part 2, we will take a look at how to enable QoS for for Lync 2013 servers which include QoS for the Lync 2013 Edge Server in addition to Exchange UM.
eaglenino says
Thank You!!!!
Dave P says
Do mobile apps like Lync for iOS honor the QoS configured port ranges, or does that only apply to PC / Mac Lync clients?
Elan Shudnow says
It only applies to PC clients. Mobile clients do not support QoS.
Rob says
Howdy folks, great post. I've had a problem getting non-zero DSCPs and Lync for a while now, so I tried these suggestions. I have added the group policy object with the correct port ranges, and I can see these changes reflected in the client's registry settings, as well as the sniffer trace. I have also added the "”Do not use NLA”=”1″ value to the registry, but still when I put Wireshark on the network all the DSCPs from the Win7 machines is zero. I tried this with my Mac and I see correct DSCPs, so I'm sure there is no problem with the infrastructure.
Any suggestions how to troubleshoot this?
@patrichard says
Just a note that the Windows Store app executable is called LyncMX.exe. So QoS policies need to include that. Also, don't forget about Exchange UM.
Tore says
Great article!
So far I have only created the client policy and published to two clients. (only to see that the client will mark the UDP packets) Then I make a Lync Call between them and I still see source port outside my range and also the DSCP value is zero.
Do I need to configure all the server setting before the client will send the correct value?
TsooRaD says
shudnow rocks – nice layout
Taranjeet Singh says
Hi Alan
I have a question, the commands listed above under the section "Peer to Peer Port Configuration" for locking down peer to peer client ports for Application Sharing/Audio/Video etc, needs to be run on each client?
If this is the case what is the best way to run this command on bulk clients and that too when we have variety of different clients (Lync 2013/2010 and Communicator).
Thanks
Taranjeet Singh
Elan Shudnow says
Clients will receive this port configuration in-band. No need to push out the port configuration via GPO. If you were locking the ports down for QoS reasons, then you would need to push out the QoS configuration via GPO. But the port configuration itself is pushed to clients in-band.
http://reviewofcuban-americanblogs.blogspot.co.uk says
“Worked All Zones Award” is the same concept with time zones.
Regular workshops ensure that the staff at PVM Radio subdivision is not only
up to date with the latest technological innovations,
but also ensures that the customers from diverse backgrounds are offered the best possible services to suit their tastes.
These channels offer a variety of genres for the user.
Susan S. Bradley says
Very nice article, thanks Elan!
Corey McClain says
There are a two instances in the following text where communicator.exe should be lync.exe.
Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that communicator.exe uses. So make sure you choose the “Only applications with this executable name” and specify lync.exe.
Valerie says
If it is not, remove the receiving part of the mouse, the device plugged into
the USB port, then reinsert it. 4GHz wireless connection to transmit the signal
from the keyboard to the computer. These buttons are a very cool feature for the mouse, so if you’ve never used a feature like this before, don’t be too intimidated not
to try them out.
Dorthea says
My spouse and I stumbled over here coming from a different page and thought I should check things out.
I like what I see so now i’m following you. Look forward to looking at your web page again.
Korbyn says
Do you have a reason for using the 20000 port ranges instead of moving them up into the 50000 range for Audio and 58000 range for video, and overlap them with the DSCP values of the server ranges? Just curious, I don't see either way being wrong, just looking for whats most right… Current TechNet documentation is showing use of the high ports: http://technet.microsoft.com/en-us/library/jj2047…
I've also just noticed that "Do not use NLA”=”1" is supposed to be a string value and not dword as some sites are posting: http://support.microsoft.com/kb/2733528
Stephen says
I do have a question. Does anyone out there have any information or sample configurations on enabling QOS (I’m using a tomato OS router) using a router for Lync soft phones? The Port/Protocol/Destination addressing QOS settings for competing services like Ring central are easy to find, but when one google’s “Link QOS” it seems that there is a bunch of stuff on enabling QOS on the link client agent and server (we use a service provider via the Internet that manages the server), and very little on where it seems (to me) where it actually matters, that being on the routers that actually attach our numerous sites to the internet cloud.
The router UI that I have for QOS requires items such as source/destination address, TCP/IP protocol (TCP/UDP) and/or port? Any thoughts??
ariprotheroe says
With Lync Server 2013, UCMA application now support Video. (Voice was only supported with 2010). You haven't included to cmdlet for setting the port ranges for UCMA applications.
Vladi says
Thnak you Elan! What about the VDI Plugin? Which exe have to be considered in the QoS Policy? (for the Citrix Plugin it is MediaEngineHost.exe)
Elan Shudnow says
I'll add this at some point.
Rasheedah says
Thank You!