Posted by: rcosic | 22/03/2012

Provisioning UCMA applications

This time I will shortly explain the procedure to provision (i.e. install & configure) UCMA application. Just to note, this only applies to UCMA application endpoints, since for user endpoints provisioning is not necessary.

For application to be recognized by Lync server, it must be configured as a trusted application inside of it. A prerequisite for this is to create a trusted application pool, i.e. a physical repository where UCMA application will reside. I emphasise physical, since Lync server maps this location to a concrete FQDN when it wants to find the applications. Unfortunatelly, for this to accomplish, you will need to use Lync Server PowerShell and type some commands:

First, type these commands to get information about your Lync server and its central database store:


Get-CsService -Registrar

After that, you will be able to find out proper parameters to invoke command to create application pool:

New-CsTrustedApplicationPool -Identity <fqdn> -Registrar <registrar> -Site <site>

Note that this works fine when you are using a separate machine on which your UCMAs will reside. In contrast, if you have all installed on the same machine (as I have), although Microsoft strongly discourages this, you will have to do something more… You’ll have to add a new Host (A) entry on your DC machine, with the same IP address as your Lync server machine, representing the ‘fake app pool’ machine. For example:

Host: apppool
FQDN: apppool.ebtest.local
IP address:

New-CsTrustedApplicationPool -Identity apppool.ebtest.local -Registrar lync.ebtest.local -Site MyLab

With every way you choose, now it’s the right time to refresh your topology, so invoke the following command:


And also set the replication of central database store:


Just to note that this replication of central configuration is mandatory for provisioning. The premise is that data will be needed on application server as well, and therefore it must be replicated to each trusted app pool. You can check Replica service status with PowerShell command Get-CsManagementStoreReplicationStatus and force the replication to commence immediatelly by invoking Invoke-CsManagementStoreReplicationStatus command. It takes some time, so invoke it couple of times until you get “UpToDate : true” result for your app pool.

Next is to create certificate for your app server, and important thing is to request it from your DC. You should use two commands to accomplish this: one for requesting a new certificate from your DC server, and one for setting the certificate to be used:

Request-CsCertificate -New -Type default -CA <domain controller FQDN> -Verbose

Set-CsCertificate -Type default -Thumbprint <thumbprint>

You will need to copy the thumbprint value from the first command output and paste it into another command parameter.

Finally, it’s time to invoke the command which will create a new application entry inside Lync server. With that, you will also create a corresponding application endpoint, as there is no point to have an application without an endpoint communicating through it:

New-CsTrustedApplication -ApplicationId <name> -TrustedApplicationPoolFqdn <app pool FQDN> -Port <port number>

New-CsTrustedApplicationEndpoint -ApplicationId <…> -TrustedApplicationPoolFqdn <…>.SipAddress <…> -DisplayName <…>

Note that for application identifier, you should input urn address of the application in format urn:application:<name> and for sip address an arbitrary SIP address in format sip:<name>@<domain> . For example:

urn:application:testapplication, and

You can, of course, enlist current applications and endpoints by using the corresponding Get-CsTrusted* commands (Application/Computer/Endpoint/Pool)…

And this is it! For viewing if the process succeeded, open the Lync Server Control Panel and under Topology, review Status tab (for trusted application pools), and Trusted Application tab (for server applications).

Kind regards,


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: