Lync Server 2010 – Client Recording Location

I recently had a requirement to store Lync 2010 recordings on a UNC path for a customer. Natively in Lync 2010, setting the recording location directly through the client to either a UNC path or a mapped drive is not supported, and there is a good reason as to why this is the case. When a Lync 2010 recording is invoked the data is streamed to the recording location and when the recording is stopped it is then processed and viewable in both the the Lync Recording Manager and as a WMV file if selected. If for example there was an interuption to network connectivity on the local client, this would impact the recording itself. If you do try and select a mapped drive as a recording location in the Lync 2010 client, the following error will be displayed.

Lync Recording Mapped Drive 300x104 Lync Server 2010   Client Recording Location

If you have a particular requirement to place Lync recordings onto a mapped drive, the following work around can be performed. This work around utilises a HKEY_CURRENT_USER registry modification that is executed every time a user logs onto a workstation, the registry key itself sets the “RecordingRootDirectory1″ value to be the mapped drive or UNC path that you require. In order achieve this, the following actions need to be performed.

1. Download the LyncRecordingLocation registry file from here.

2. Open the registry file in notepad and amend the “RecordingRootDirectory1″=”S:\\LyncRecordings\\” entry to read a mapped drive or UNC location of your choice and then save the file.

3. Connect to a domain controller in your infrastructure and then open the Group Policy Management Console. From here, create a new GPO named “Lync Recording Location” for example, and then right click the newly created object and select edit.

4. When the GPO Editor opens navigate to the following location, User Configuration -> Policies -> Windows Settings ->Scripts, as illustrated below.

Group Policy Object 300x123 Lync Server 2010   Client Recording Location

5. In the Scripts action pane, double click Logon to configure the script. When the Logon dialog box opens click Add which will invoke the “Add a script” dialog box. In the “Script Name” field type the following without quotes, “Regedit.exe”. In the parameters field enter the following without quotes “/s LyncRecordingLocation.reg”. See below for an illustration of this and once both of these fields have been populated click OK.

Logon Script Dialogue Box 270x300 Lync Server 2010   Client Recording Location

6. To complete the creation of the script, click the “Show Files” button and in the policies folder that then displays copy and then paste the LyncRecordingLocation.reg file into this area and close the window. Click Apply and the OK on the Logon Properties dialog box and then exit the Group Policy Management Editor.

7. Back in the Group Policy Management Console, locate an Organisational Unit (OU) where your Lync 2010 users reside, right click the OU and then select “Link an existing GPO” and then select the Lync Recording Location GPO that you have created. This could also be filtered to a specific Active Directory group that requires recordings to be stored centrally, choose which ever option is suitable for your environment.

8. Have your Lync 2010 users log off their workstations and back on again. Open the Lync 2010 client, select Options -> File Saving, and ensure that the Lync Recordings Save To dialog box is now showing the mapped drive or UNC path you set in the registry file, as illustrated below.

Lync Recordings Save To 300x45 Lync Server 2010   Client Recording Location

That’s it, the process is now complete.

Remote Desktop Services – RemoteApp Certificate Issue

I was recently involved in a Remote Desktop Services deployment for three hundred users. After configured Remote Desktop Services and publishing a RemoteApp, which had been digitally signed with a Go Daddy certificate and deployed via an MSI, I was prompted with a “Do you trust the publisher of this RemoteApp program” warning as shown in the below screenshot.

Remote Desktop Services Do you trust the publisher of this RemoteApp program 300x172 Remote Desktop Services   RemoteApp Certificate Issue

Obviously this was going to be an inconvenience for users, so to resolve this issue I performed the following actions.

1. Create a new Group Policy object via the Group Policy Management Console.

2. Edit the GPO and navigate to the following location, User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client.

3. Within the Remote Desktop Connection Client folder double click the “Specify SHA1 thumbprints of certificates representing trusted .rdp publishers” group policy object and check the enabled radio button.

4. Now open the SSL certificate you are using for RemoteApp signing, click the Details tab and then scroll down the details pane until you see the “Thumbprint” item. Click the thumbprint entry and you should now see a large alphanumeric string, copy this string and paste the contents into the “Comma separated list of SHA1 trusted certificate thumbprints” box in the GPO we were editing in step 3.

5. Now that you have pasted the thumprint string into the GPO, remove all space and capitalise all lower case letters of the string. For example, if your thumprint looks like this, “95 1f 22 02 c3 6e a6 b0 64 0c db 8e b5 4a bb 98 0c bd ed af” once you have pasted it into the GPO, you need to modify it to read like this, “951F2202C36EA6B0640CBD8EB54ABB980CBDEDAF”.

6. Close down the GPO editor and then link the created GPO to a users organisational unit where the RemoteApp users reside. Log a RemoteApp user off and back on again and test the RemoteApp program, you should now hopefully see that the certificate warning is suppressed and the application loads straight away.

That’s it, your all done.