:: infotechGuyz.com ::
> For the IT community by the IT community

• BlackBerry Server (BES)
• Excel Macro/VBA
• Exchange 2007
• Exchange 2010
• Lync 2010
• Scripting/Command-line
• SQL Server 2008
• SQL Server 2012
• Team Foundation Server
• VMware
• Windows 7
• Windows 8
• Windows Server 2008
• Windows Server 2012

Updating Lync 2010 Client Devices Remotely

 

Device Update Web feature in Lync 2010 is automatically installed with Web Features which allows for remote software deployment to clients. You can use this feature to download updates from MS, test them, and then deploy the updates to all the IP phones in your company.  You can also use Device Update Web feature to roll back devices to previous software versions. This feature can be used in below scenarios:

• Deploy updates   
  Retrieve updates from MS and upload them to Device Update Web feature. Test, and then approve or reject, specific updates for deployment to your company’s IP phones to make sure that all updates are valid and functional, instead of having to troubleshoot after deployment.
• Roll back an update   
  Roll back a defective update and retain a tested prior update as the latest update. The device goes back to the backup tested update, which is always stored on the device as a backup.
• New device models   
  Make available all software updates relevant to a new model of an IP phone that is being introduced to the market.
• Inventory management for devices in companies   
  Use the log files and audit information stored in the Device Updates folder to view the IP phones in your company and information about them, such as the current firmware version.

 

Lync 2010 Control Panel
In MSLync 2010 Control Panel, use the following to manage the Device Update Web feature on the Clients page:

• Device Update   
  Provides the ability to view updates in the device update store, create device update rules in Central Management store and approve or reject device updates for deployment, approve or reject updates for test devices, and roll back updates to a previous version.
• Test Device   
  Provides the ability to specify the devices that are to receive pending updates for testing purposes.

 

Device Updates File Store
The device updates file store serves as the central repository for the update information, logs, and audit information. It provides the installation point for devices that require updates.In Lync 2010 Standard Edition, this folder is automatically created by the installer and located in the Web Features folder, under the installation folder. The default path is as follows:<share>\<Webfeature instance>\DeviceUpdateLogs\Server\Audit\ImageUpdates.

In Lync 2010 Enterprise Edition, prior to installation, the administrator creates a shared folder to contain both client and device update files. The administrator then specifies the location of this folder in the Create Front End Pool wizard during deployment.

 

The Device Update Process
The device update process begins with you downloading an update from the MS website, and then using the Lync 2010 Control Panel to test, approve, or reject the update. Approved updates become pending updates that devices retrieve by using the following process.

The first time a user starts an IP phone and signs in, the device gets information by using in-band provisioning from the server. The information contains the internal URL of the server running the Device Update Web feature.

If the device is turned on, but no user signs in, and no user has ever signed in on the device, then the device sends a DNS lookup request to ucupdates-r2.<DNSDomainNameProvidedByDHCP>, and obtains the internal URL of the server running the Device Update Web feature.

The device checks for updates every time it is turned on, every time the user signs in, and every 24 hours, by default. It checks by sending an HTTP request over port 443 to the Front End Server that hosts the Device Update Web feature. The request includes the current version of software that the phone is running, and the response is determined by the device and whether there is a new update on the server to download.

Internal Devices
If device is inside the company’s firewall and the user is signed in, the Device Update Web feature returns a response that contains one of the following:

• If no approved updates exist for the current version of the firmware, or if the current version of the firmware matches the version of the approved update, the response contains NumOfFiles = 0. For test devices, pending updates are also considered.
• If an approved update is available for the current firmware version, the response contains the path to the location from where the update can be downloaded.
  
  

External Devices
If the device is outside the company’s firewall, and the user is signed in, the Device Update Web feature returns a response indicating that anonymous access is not supported. The device then sends an HTTPS update request over port 443 to the Device Update Web feature. The Device Update Web feature returns one of the responses listed previously in the internal case.

If the device is outside the company’s firewall, and the user is not signed in, the Device Update Web feature denies the request.

When the update is complete, the device uses the update as its current version, and the previous version is stored in the firmware as a backup.

Device Out of Box
When the device is turned on for the first time, it sends a DNS lookup request to ucupdates-r2.<DNSDomainNameProvidedByDHCP> to obtain internal URL of the server running the Device Update Web feature. The device will then make a HTTPS request to request for device updates.

Dependencies for this function:

• The phone must be on the corporate network.
• UCUpdates-R2 must be configured in DNS.
• Device Update certificate must have SAN entries containing ‘UCUpdates-R2’ (hostname) and ‘UCUpdates-R2.contoso.com’ (FQDN).
• The server running the Device Update Web feature must have a certificate trusted by Lync 2010 Phone Edition.
  • Refer to the Trusted Authorities Cache for a list of publicly trusted certificates.
  • If you use a private enterprise certificate, the device will not receive updates.  To work around this, have the user attempt sign-in on the device. Regardless of whether or not the sign-in is successful, the sign-in process will trigger the bootstrapper and download the root certificate from the server.
• Network Time Protocol (NTP) must be configured correctly for the device.  For details, see Using NTP to Set the Correct Time and Date for Devices.

 

Updating Lync 2010 Client Devices Remotely with Device Update Web Service

Follow these steps to get started with using Device Update Web service to manage device updates for your organization’s devices:

1. Obtain and upload update files from Microsoft. Cabinet (.cab) files for software updates are available from Microsoft Help and Support. As a best practice, you should check for updates that apply to your organization’s devices on a regular basis, at least every three months, and upload them to Device Update Web service for testing and deployment. When you upload updates, they display on the Pending Updates tab of the Device Update Web service on the Lync Server Control Panel.

2. Test Updates. Use the Test Devices tab of the Device Update Web service on the Lync Server Control Panel to specify devices to use for testing the updates for your organization. All devices check Device Update Web service for new updates when they are turned on and every 24 hours thereafter by default. All devices except test devices receive approved updates, which display on the Deployed Updates tab after you have approved them. Only test devices receive pending updates, which display on the Pending Updates tab. When a test device receives a pending update, you can check to see that the device is still functioning properly and also view audit logs to verify the success of the update. You should test all updates in this manner before you approve them for deployment to the devices in your organization.

3. Manage Pending Updates. Use the Pending Updates tab to approve or reject pending updates for deployment to devices in your organization. When you approve an update, it appears on the Deployed Updates tab and is automatically deployed to the appropriate devices when they check Device Update Web service for new updates. When you reject an update, it is removed from the Device Update Web service on the Lync Server Control Panel and is no longer available for deployment. As a best practice, you should test each update on a test device before you approve it.

4. Manage Deployed Updates. Use the Deployed Updates tab to see a list of updates that have been deployed to your organization and to roll back updates if necessary. When you roll back an update, devices that received that update will revert to the last previous update.

5. Customize Log Settings. On the Device Update Web service on the Lync Server Control PanelTools menu, use the Log Settings command to specify how long to keep log files on your system before purging them.

6. Manually purge log and update files. On the Device Update Web service on the Lync Server Control PanelTools menu, use the Purge command to manually purge log files, rejected update files, and update files that have been replaced with more recent updates.

 

 

Verifying Device Update Web Service Functionality
Device Update Web service is automatically installed with Microsoft Lync Server 2010. Prior to installation, however, there are additional deployment steps you must take, including creating a file storage location and configuring the environment so that devices can discover and connect to Device Update Web service.

Following deployment, you can check to make sure Device Update Web service is functioning properly by verifying that a test device can connect to it, and then by verifying that the service is accessible to external devices. You can also use these procedures to check any time you are concerned that the service is not functioning properly. After using these procedures, if you find that Device Update Web service is not functioning properly, ensure that you have taken the required additional deployment steps, perform any omitted steps, and then perform the verification steps again.

How to verify Device Update Web service functionality:

1. Add a test device to Device Update Web service on the Lync Server Control Panel.
2. Turn off the test device and then turn it back on, so that it connects to Device Update Web service and checks for updates.
3. Check the audit logs in the imageUpdates folder to verify that the device sent an update request to Device Update Web service and received a response.
4. Check the device System Information screen to verify that it has the expected firmware version.
5. If your deployment is configured to allow access to external devices, verify that the external URL is available outside your organization’s firewall by connecting the test device to an external network, logging on to the device with a valid user account, and repeating steps 2, 3, and 4.

Testing and Deploying a Device Update
Keeping the software on your organization’s devices up-to-date helps them continue to function correctly and securely. As a best practice, you should check this website on a regular basis, at least every three months, and download any new software updates for your organization’s devices. Before deploying a new update to your organization, however, you should first verify that that it functions correctly on a test device.

New updates that you obtain from Microsoft Help and Support should apply to your organization’s devices, corresponding to their type, brand, model, and language. The revision should be more recent than the revision for the last update the devices received.

How to test and deploy a new update:

1. Obtain the new software update and upload it to the Device Update Web service on the Lync Server Control Panel.
2. Check the Pending tab of the Device Update Web service on the Lync Server Control Panel to verify that the new update is listed.
3. Add a test device to the Device Update Web service on the Lync Server Control Panel.
4. Turn off the test device and then turn it on again.
5. For a Microsoft Lync 2010 Phone Edition device, check the System Information screen to see whether the version number of the new update is listed as the current version.
6. Check the audit logs to verify that the update was installed on the test device.
7. If the update was not installed, check the test device connection, correct any problems, and then perform steps 3, 4, and 5 again.
8. If the new update was successfully installed, use the test device and verify that it works properly.
9. If devices that are connected to a network outside your organization’s firewall also need the update, verify the update by connecting a test device to the external network, and then following steps 5 through 9.
10. If the new update works properly on the test devices, you can then approve it for deployment to the devices in your organization. The update will be automatically deployed to the appropriate devices when they connect to Device Update Web Service.