Edge Server cloning
Hello everyone,
I am trying to clone my 2010 EDGE server located on a 2k8 SP2 to a 2010 EDGE server located on a 2k12R2 server. I exported the file, created the answer file on the new server, but when I do the import from the new Edge, I get this message. Can
someone
[PS] C:\Users\Administrator\Desktop\Exch\scripts>./ImportEdgeConfig.ps1 -CloneConfigData:"C:\CloneConfigData.xml" -IsImport $true -CloneConfigAnswer:"C:\CloneConfigAnswer.xml"
Warning:Passwords will be encrypted with the default script encryption key
Set-TransportServer : You can't use this command to configure an Edge Transport server on a machine that is on your int
ernal network. You must perform this operation directly on the Edge Transport server.
At line:1 char:57
+ Get-TransportServer -Identity:EDGE | Set-TransportServer <<<< -AntispamAgentsEnabled:$true -ConnectivityLogEnabled:$
true -ConnectivityLogMaxAge '30.00:00:00' -ConnectivityLogMaxDirectorySize '1000 MB (1,048,576,000 bytes)' -Connectivit
yLogMaxFileSize '10 MB (10,485,760 bytes)' -ConnectivityLogPath 'C:\Program Files\Microsoft\Exchange Server\V14\Transpo
rtRoles\Logs\Connectivity' -DelayNotificationTimeout '04:00:00' -ExternalDNSAdapterEnabled:$true -ExternalDNSAdapterGui
d '00000000-0000-0000-0000-000000000000' -ExternalDNSProtocolOption 'Any' -ExternalDNSServers:$null -ExternalIPAddress:
$null -InternalDNSAdapterEnabled:$true -InternalDNSAdapterGuid '00000000-0000-0000-0000-000000000000' -InternalDNSProto
colOption 'Any' -InternalDNSServers:$null -MaxConcurrentMailboxDeliveries '20' -MaxConcurrentMailboxSubmissions '20' -M
axConnectionRatePerMinute '1200' -MaxOutboundConnections '1000' -MaxPerDomainOutboundConnections '20' -MessageExpiratio
nTimeout '2.00:00:00' -MessageRetryInterval '00:01:00' -MessageTrackingLogEnabled:$true -MessageTrackingLogMaxAge '30.0
0:00:00' -MessageTrackingLogMaxDirectorySize '1000 MB (1,048,576,000 bytes)' -MessageTrackingLogMaxFileSize '10 MB (10,
485,760 bytes)' -MessageTrackingLogPath 'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTrac
king' -IrmLogEnabled:$true -IrmLogMaxAge '30.00:00:00' -IrmLogMaxDirectorySize '250 MB (262,144,000 bytes)' -IrmLogMaxF
ileSize '10 MB (10,485,760 bytes)' -IrmLogPath 'C:\Program Files\Microsoft\Exchange Server\V14\Logging\IRMLogs' -Active
UserStatisticsLogMaxAge '30.00:00:00' -ActiveUserStatisticsLogMaxDirectorySize '250 MB (262,144,000 bytes)' -ActiveUser
StatisticsLogMaxFileSize '10 MB (10,485,760 bytes)' -ActiveUserStatisticsLogPath 'C:\Program Files\Microsoft\Exchange S
erver\V14\TransportRoles\Logs\ActiveUsersStats' -ServerStatisticsLogMaxAge '30.00:00:00' -ServerStatisticsLogMaxDirecto
rySize '250 MB (262,144,000 bytes)' -ServerStatisticsLogMaxFileSize '10 MB (10,485,760 bytes)' -ServerStatisticsLogPath
'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ServerStats' -MessageTrackingLogSubjectLoggingEnab
led:$true -OutboundConnectionFailureRetryInterval '00:30:00' -IntraOrgConnectorProtocolLoggingLevel 'None' -PickupDirec
toryMaxHeaderSize '64 KB (65,536 bytes)' -PickupDirectoryMaxMessagesPerMinute '100' -PickupDirectoryMaxRecipientsPerMes
sage '100' -PickupDirectoryPath 'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Pickup' -PipelineTracing
Enabled:$false -ContentConversionTracingEnabled:$false -PipelineTracingPath 'C:\Program Files\Microsoft\Exchange Server
\V14\TransportRoles\Logs\PipelineTracing' -PipelineTracingSenderAddress:$null -PoisonMessageDetectionEnabled:$true -Poi
sonThreshold '2' -QueueMaxIdleTime '00:03:00' -ReceiveProtocolLogMaxAge '30.00:00:00' -ReceiveProtocolLogMaxDirectorySi
ze '250 MB (262,144,000 bytes)' -ReceiveProtocolLogMaxFileSize '10 MB (10,485,760 bytes)' -ReceiveProtocolLogPath 'C:\P
rogram Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive' -RecipientValidationCacheEnable
d:$true -ReplayDirectoryPath 'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Replay' -RoutingTableLogMax
Age '7.00:00:00' -RoutingTableLogMaxDirectorySize '50 MB (52,428,800 bytes)' -RoutingTableLogPath 'C:\Program Files\Mic
rosoft\Exchange Server\V14\TransportRoles\Logs\Routing' -SendProtocolLogMaxAge '30.00:00:00' -SendProtocolLogMaxDirecto
rySize '250 MB (262,144,000 bytes)' -SendProtocolLogMaxFileSize '10 MB (10,485,760 bytes)' -SendProtocolLogPath 'C:\Pro
gram Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend' -TransientFailureRetryCount '6' -Tra
nsientFailureRetryInterval '00:10:00' -TransportSyncEnabled:$false -TransportSyncPopEnabled:$false -WindowsLiveHotmailT
ransportSyncEnabled:$false -WindowsLiveContactTransportSyncEnabled:$false -TransportSyncExchangeEnabled:$false -Transpo
rtSyncImapEnabled:$false -MaxNumberOfTransportSyncAttempts '3' -MaxActiveTransportSyncJobsPerProcessor '16' -HttpProtoc
olLogEnabled:$false -HttpProtocolLogFilePath:$null -HttpProtocolLogMaxAge '7.00:00:00' -HttpProtocolLogMaxDirectorySize
'250 MB (262,144,000 bytes)' -HttpProtocolLogMaxFileSize '10 MB (10,485,760 bytes)' -HttpProtocolLogLoggingLevel 'None
' -TransportSyncLogEnabled:$false -TransportSyncLogFilePath:$null -TransportSyncLogLoggingLevel 'None' -TransportSyncLo
gMaxAge '30.00:00:00' -TransportSyncLogMaxDirectorySize '10 GB (10,737,418,240 bytes)' -TransportSyncLogMaxFileSize '10
MB (10,485,760 bytes)' -TransportSyncHubHealthLogEnabled:$false -TransportSyncHubHealthLogFilePath:$null -TransportSyn
cHubHealthLogMaxAge '30.00:00:00' -TransportSyncHubHealthLogMaxDirectorySize '10 GB (10,737,418,240 bytes)' -TransportS
yncHubHealthLogMaxFileSize '10 MB (10,485,760 bytes)' -TransportSyncAccountsPoisonDetectionEnabled:$false -TransportSyn
cAccountsPoisonAccountThreshold '2' -TransportSyncAccountsPoisonItemThreshold '2' -TransportSyncAccountsSuccessivePoiso
nItemThreshold '3' -TransportSyncRemoteConnectionTimeout '00:01:40' -TransportSyncMaxDownloadSizePerItem '25 MB (26,214
,400 bytes)' -TransportSyncMaxDownloadSizePerConnection '50 MB (52,428,800 bytes)' -TransportSyncMaxDownloadItemsPerCon
nection '1000' -UseDowngradedExchangeServerAuth:$false -IntraOrgConnectorSmtpMaxMessagesPerConnection '20'
+ CategoryInfo : InvalidOperation: (:) [Set-TransportServer], CannotSetEdgeTr...erOnAdException
+ FullyQualifiedErrorId : 6BE3A2C5,Microsoft.Exchange.Management.SystemConfigurationTasks.SetTransportServer
Name DomainName
DomainType Default
A9ABA4D2-C21C-4bc5-8B30-3EA... A9ABA4D2-C21C-4bc5-8B30-3EA... Authoritative False
Confirm
Are you sure you want to perform this action?
Removing Accepted Domain "maranathahs.org".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y
Confirm
Are you sure you want to perform this action?
Removing Accepted Domain "A9ABA4D2-C21C-4bc5-8B30-3EA47BBE3608".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y
Importing Edge configuration information Failed.
Reason: This task can only be performed on a Hub Transport server role or an Edge Transport server role.
Install the Exchange 2013 Edge Transport role using the Setup wizard -
http://technet.microsoft.com/en-us/library/dn635117%28v=exchg.150%29.aspx
Exchange Server 2013 SP1 – EDGE Role – Part 2 -
http://justaucguy.wordpress.com/2014/03/07/exchange-server-2013-sp1-edge-role-part-2/
And if you like command line install then here it is...
Exchange 2013 SP1 Edge Transport Server -
http://www.jaapwesselius.com/2014/06/01/exchange-2013-sp1-edge-transport-server/
Similar Messages
-
Lync Edge server on windows 2012 R2 prequistes
What, if any, are the perquisites for install lync 2013 edge server on Windows 2012 R2. I have looked around and only found information for Windows 2012 and it requiring WIF 3.5. Is this required for R2 as when you go to install it you get:
is it required and do I require anything else?
ThanksHi,
Agree with Georg.
What’s more, you can refer to the link of “Installing Lync 2013 Edge Server”, it is Windows Server 2012 Standard or Datacenter, but similar for Windows Server 2012 R2:
http://www.orcsweb.com/blog/cory-granata/installing-lync-2013-edge-server/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
If you not choose all required roles and features, when you running Lync Server deployment Wizard and running steps, you will receive error and point out what you need to install.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Hi,
We have an Exchange server 2007 and an Edge server 2007 is configured in the perimeter network. Most of our clients use Public email domains such as Yahoo and Gmail. Last few weeks it has been a major issue for us that most of the emails from Yahoo/Gmail
get blocked by our Edge server calming the sender IP address is in Block Lists.
As a solution I've added yahoo.com/gmail.com/aol.com/hotmail.com to "BypassedSenderDomains" hoping if emails receive from one of these domains it will bypass the connection filtering. But still some of our customers complain that their emails are
still not passing to us and blocked by our edge server. They have provided me the error message they receive.
Our clients get following error message
edgexch gave this error: Recipient not authorized, your IP has been found on a block list
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction
may be preventing delivery.
550 5.7.1 Recipient not authorized, your IP has been found on a block list
When I check the Agent logs in Edge server I found specific email had been blocked. Please check one of the log entry.
Timestamp : 1/30/2014 1:45:15 PM
SessionId : 08D0E865200E7CBF
IPAddress : 98.139.213.140
MessageId :
P1FromAddress : Sender Email Address (@yahoo.com)
P2FromAddresses : {}
Recipients : {Recipient Email address}
Agent : Connection Filtering Agent
Event : OnRcptCommand
Action : RejectCommand
SmtpResponse : 550 5.7.1 Recipient not authorized, your IP has been found on a block list
Reason : BlockListProvider
ReasonData : bl.spamcop.net
This troubles me because I've added Yahoo.com to "BypassedSenderDomains" on 1/28/2014 and this email was blocked on 1/30/2014. I've checked whole Agent logs from 28th to-date and found most of the messages from white-listed domains bypassed
the content filtering but some were still getting blocked. Most of the messages from white-listed domains were blocked from "bl.spamcop.net " IP block list provider.
As a solution for the current situation I've disabled "bl.spamcop.net" from the "IP block List Providers". But the issue is, why the mails are getting blocked even the domains were white-listed. I though after white-listing emails domains,
messages will bypass the content filters if the email generates from one of the white-listed email domain.
I've also added the "Content Filter Config" for your reference.
[PS] C:\Windows\system32>Get-ContentFilterConfig
Name
: ContentFilterConfig
RejectionResponse
: Message rejected as spam by Content Filtering.
OutlookEmailPostmarkValidationEnabled
: True
BypassedRecipients
QuarantineMailbox
: [email protected]
SCLRejectThreshold
: 7
SCLRejectEnabled
: False
SCLDeleteThreshold
: 9
SCLDeleteEnabled
: False
SCLQuarantineThreshold
: 5
SCLQuarantineEnabled
: True
BypassedSenders
BypassedSenderDomains
: {yahoo.com, gmail.com, hotmail.com, aol.com}
Enabled
: True
ExternalMailEnabled
: True
InternalMailEnabled
: False
AdminDisplayName
ExchangeVersion
: 0.1 (8.0.535.0)
DistinguishedName
: CN=ContentFilterConfig,CN=Message Hygiene,CN=Transport Settings,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,CN={4546F49-6BC5-4F7A-848F-03E4652528A6}
Identity
: ContentFilterConfig
Guid
: c501959c-b062-4f59-8f0c-404c53f54a34
ObjectCategory
: CN=ms-Exch-Message-Hygiene-Content-Filter-Config,CN=Schema,CN=Configuration,CN={4546F4196BC5-4F7A-848F-03E4652528A6}
ObjectClass
: {top, msExchAgent, msExchMessageHygieneContentFilterConfig}
WhenChanged
: 1/28/2014 8:48:49 PM
WhenCreated
: 1/8/2012 8:42:18 PM
OriginatingServer
: localhost
IsValid
: True
It would be great if someone could help me to resolve this issue because this is a major problem since we lost mails from our valuable customers.
Thanks in advance.
TharakaHere is a similar issue someone with Exchange 2010 -
http://social.technet.microsoft.com/Forums/exchange/en-US/36aec4f6-6d73-4d71-ab64-e7f3d817b39b/exchange-2010-still-blocks-mail-from-domain-on-dnsbl-even-though-its-on-bypassedsenderdomain?forum=exchange2010. So in essence, use the exceptions tab for
the IP Block List Providers. See if that will work as a solution for you.
JAUCG - Please remeber to mark replies as helpful if they were or as answered if I provided a solution. -
Configuring Lync 2010 Mobility with Front end and Edge Server
I have been racking my brain the past week trying to figure out how to get the lync edge server working properly and how to get the mobility service working properly.
Currently I have 1 front end server that is configured and working. I have one edge server that has been configured according to nearly every online help I could find along with public CERT.
If I use microsoft's online connectivity test and I run the test for
Lync Server Remote Connectivity Test everything passes. I am also able to connect to lync using a windows lync client from outside of the internal network however I have to specify the server name as being sip.ourdomain.com I cannot get connected using
autodiscover.
When I run the Lync Autodiscover Web Service Remote Connectivity Test it fails due to SSL error to lyncdiscover.ourdomain.com which then lead me down the path that I needed to install
the Mobility service but it also tells me that I may need to update our SSL cert as well.
This is where I am getting confused and would like to be pointed in the correct direction.
When I installed mobility service on the front end server it created the autodiscover section in IIS. If I am inside our network I can browse to it without any issue. Where I am confused at this point is how to either setup DNS or how to configure
the edge server to use autodiscover.
Do I need to setup an additional public IP and point lyncdiscover.ourdomain.com to the IP of our front end server or to our edge server? If I have to point this to our front end server then that would mean that I use one public IP that goes to 443,
444 and 5061 for our edge server and then I would need one public IP that goes to ports 443 and 80 that get redirected to ports 4443 and 8080 on our front end server? If that is the case then do I have to get an external cert for the front end server
that contains lyncdiscover or can clients connect if it is just using the self signed cert from the domain?
This is where I am getting confused at and hopefully some nice folks out there can clarify this for me so I can get this resolved.
Thank you
KKYou need an additional public IP to point to a reverse proxy, which will listen on port 443 and proxy requests to your front end server on port 4443 (notice the extra 4). You can use IIS ARR, Web Application Proxy, or whatever else you may have for
this purpose, but you need to ensure you redirect port 443 to port 4443. This reverse proxy cannot be collocated on your front end server or edge, you'll need a separate box or appliance.
Beyond Lyncdiscover, you'll want to do this for your external web services FQDN as defined in the topology builder and your meet and dialin URLs too. You'll want a third part cert for all of this (though it doesn't need to be installed on the front
end, just the reverse proxy) so that you don't need to install any internally signed root certs on anyone's smartphone.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Lync 2013 Edge server compatibility with Lyn 2010 Front end Pool
Hi All,
Technet article (http://technet.microsoft.com/en-us/library/jj688121.aspx) says the following:
If your legacy Lync Server 2010 Edge Server is configured to use the same FQDN for the Access Edge service, Web Conferencing Edge service, and the A/V Edge service, the procedures in this section are not supported. If the
legacy Edge services are configured to use the same FQDN, you must first migrate all your users from Lync Server 2010 to Lync Server 2013, then decommission the Lync Server 2010 Edge Server before enabling federation on the Lync Server 2013 Edge Server.
Can you tell me why it is you have to change the External Lync Web services URL during a migration to Lync 2013 from Lync 2010. What purpose does this serve?
Also can you clarify this and explain why this is required, why would you have to migrate all of your users, would a Lync 2013 Edge not talk to a Lync 2010 front-end?
Any help would be much appreciated. MANY THANKS.Thank you very much for all your inputs.
We still have few questions:
Questions:
Can you tell me if Lync 2010 users will be able to login using mobility if we repoint the reverse proxy (TMG) web services publishing rule to the Lync 2013 server? Remember both systems Lync 2010 and 2013 are using the same web
services URL so they will both end up at the Lync 2013 server. Alternatively if not we will migrate all users to 2013, this is not a problem
In addition to this I cannot find anything that states how Exchange UM will operate when you are running from a backup pool and the exchange UM contacts are not available because they are homed on the server that is down. This
configuration is 2 x standard edition servers pool paired. How can we make sure Exchange voice mail works during a pool failover?
Call Park is not clear to me I read the following:
Lync Server 2013 provides new disaster recovery mechanisms in the form of failover and failback processes. These failover and failback processes support recovery of Call Park functionality by allowing
users who are homed in the primary pool to leverage the Call Park application of the backup pool when an outage occurs in the primary pool. Support for disaster recovery of the Call Park application is enabled as part of the configuration and deployment of
paired Front End pools.
Is this saying we need to deploy Call Park in the DR pool and use a different range of orbit numbers, or can we use the same range in the DR pool?
Further, I can see that Common Area Phones will be fine as they will log into the DR pool automatically. Response Groups need to be exported and imported to the DR pool. Incidentally these did not migrate well at all and have
caused us a big headache!
Any inputs will be greatly appreciated. Thanks again for all of your time. -
Adobe Connect prevents external users from connecting via Edge Server
Errors thrown in the logs:
Bad network data; terminating connection : bad chunk version 24 on input stream 07726718
Bad network data; terminating connection : (Adaptor: _defaultRoot_, VHost: Unknown, IP: 110.141.64.253, App: , Protocol: rtmp) : 18
Bad network data; terminating connection : (Adaptor: _defaultRoot_, VHost: Unknown, IP: 110.141.64.253, App: , Protocol: rtmp) : 03
Any advice would be greatly appreciated!
Regards
Ole KristensenHi,
Please check all the services are started on Lync Edge server.
Please double check the ports for both Edge server internal and external interface with the help of the link below:
http://technet.microsoft.com/en-us/library/gg425891.aspx
You can test your remote connectivity with the help of the link below:
https://testconnectivity.microsoft.com/
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Check current calls via edge server
Is there a way to check what calls are currently happening via a Lync 2013 edge server. What I mean here is we need to take down the director pool for some maintenance and this is the next hop from the edge hence before we do this would be good to
see if there is active communications going on of any kind of modality (video, voice etc)
Thanks
DEHi,
You can use Get-CsWindowsService.
It will list you all services and activity level/sessions as below:
Status Name ActivityLevel
Running REPLICA
Running RTCSRV Incoming Requests per Second=0,Messages In Server=0,Incoming ..
Running RTCDATAPROXY Server Connections Currently Active=40
Running RTCMRAUTH Current Requests=0
Running RTCMEDIARELAY Active Sessions=45
You can put edge server on drain as:
Stop-CsWindowsService -Graceful
It will not drop active session and also will not accept any new user on your edge server. Once all active sessions are completed, you can start your maintenance. -
However, I think the problem is the edge server not starting.
I looked in the logs directory and found the core log, the master log.
I also found /var/log/messages.
Shouldn't there be an edge log?
I did this from the readme:
sudo ./fmsmgr server fms start
udo ./fmsmgr adminserver startrats, hit the wrong button
here is the rest of the report
I did this
sudo ./fmsmgr server fms start
sudo ./fmsmgr adminserver start
sudo ./server start
The master.log:
#Date: 2011-07-21
#Fields: date time x-pid x-status x-ctx x-comment
2011-07-21 16:34:35 26286 (i)2581173 FMS detected IPv6 protocol stack! -
2011-07-21 16:34:35 26286 (i)2581173 FMS config <NetworkingIPv6 enable=false> -
2011-07-21 16:34:35 26286 (i)2581173 FMS running in IPv4 protocol stack mode! -
2011-07-21 16:34:35 26286 (i)2581173 Host: bastet.cam.corp.google.com IPv4: 172.31.194.67 -
2011-07-21 16:34:35 26286 (i)2571011 Server starting... -
2011-07-21 16:34:35 26286 (i)2581224 Edge (26306) started, arguments : -edgeports ":1935,80" -coreports "localhost:19350" -conf "/opt/adobe/fms/conf/Server.xml" -adaptor "_defaultRoot_" -name "_defaultRoot__edge1". -
2011-07-21 16:34:35 26286 (i)2571111 Server started (/opt/adobe/fms/conf/Server.xml). -
2011-07-21 16:34:40 26286 (i)2581226 Edge (26306) is no longer active. -
#Date: 2011-07-21
#Fields: date time x-pid x-status x-ctx x-comment
2011-07-21 16:36:16 26713 (i)2581173 FMS detected IPv6 protocol stack! -
2011-07-21 16:36:16 26713 (i)2581173 FMS config <NetworkingIPv6 enable=false> -
2011-07-21 16:36:16 26713 (i)2581173 FMS running in IPv4 protocol stack mode! -
2011-07-21 16:36:16 26713 (i)2581173 Host: bastet.cam.corp.google.com IPv4: 172.31.194.67 -
2011-07-21 16:36:16 26713 (i)2571011 Server starting... -
2011-07-21 16:36:16 26713 (e)2571122 Server aborted. -
The /var/log/messages output shows "Server starting ..." messages.
When I do the ps:
ps auxww | grep adobe
nobody 19178 0.0 0.0 203444 11124 pts/2 Sl 16:03 0:00 /opt/adobe/fms/fmscore -adaptor _defaultRoot_ -vhost _defaultVHost_ -app registry -inst registry -tag -console -conf /opt/adobe/fms/conf/Server.xml -name _defaultRoot_:_defaultVHost_:registry:registry:
I expected to see the fmsedge binary.
lsof doesn't show anybody listening on 1935 as I expected for an rtmp server. -
Unexplained UnpublishNotify on Edge Server
I have and FMS (3.0.2) running as an edge server,
republishing a stream from another ingest FMS that is recieving a
stream from Adobe Flash Media Encoder (2.5). After almost exactly 5
minutes the edge FMS unpublished the stream even though I have a
separate client still watching it. The ingest FMS is still
recieving the published stream from the encoder.
Is there some sort of garbage collection being done on the
edge stream? Does it maybe think it should drop it because it
doesn't detect anyone watching?Hi,
According to your description, port 25 cannot be detected. Maybe it’s used by other applications instead of Exchange when you cannot monitor the port 25.
Thus, let’s check it by using : netstat –o when the issue appears.
Then we will get all active TCP connections and the process ID (PID) for each connection.
After that, please check the application based on the PID on the Processes tab in Windows Task Manager and confirm if it’s Exchange server.
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
Can you use a self signed certificate on an external Edge Server interface?
Hi,
I have a small lab deployment for evaluation purposes. The Lync FE server works great for internal users. I have now added an Edge server. For the internal interface, I have a self signed certificate from our internal CA. (no problem there) For the external
interface, I have a self signed certificate from our own external CA. I have installed the cert on the client machine of the external user and installed it for trusted operation. I have used the RUCT and digicert tools to prove that the external self signed
cert is valid (root and intermediate have been checked for validity).
At first, when logging in from the Lync 2013 client on the external users machine, I would get an error from Lync about the cert being untrusted. I have now fixed that error by adding it as trusted. At this point, there are no errors or warnings in the Event
Viewer (in the application or system logs) However, I receive the following error from the Lync client, "Were having trouble connecting to the server... blah, blah".
Here is my question. Does the Microsoft Lync 2013 client and/or the "testconnectivity.microsoft.com" tool specifically prevent or forbid the use of self signed certificates on the external interface of an Edge server? They seem too.
I can tell if the certificate is my problem or something else. Any ideas on how to trouble shoot this?
ThxDrago,
Thanks for all your help. I got it working.
My problem with the Lync client error, "Were having trouble connecting to the server... blah, blah", was NOT a certificate error. It was a problem with my Lync Server Topology. (My sip default domain needed to match my user login domain.)
Let me update everyone about self-signed certificates:
YES, you can self-sign a certificate on your external edge server. It is a pain, but possible.
I have a self signed certificate from our own external CA. I have installed the cert on the client machine of the external user for trusted operation. I have used the RUCT and digicert tools to prove that the external self signed cert is valid (root and
intermediate have been checked for validity).
Here are my notes:
Create/enable your own external Certificate Authority (CA) running on a server with internet access.
On the Lync Edge Server, run the "Lync Server 2013 - Development Wizard".
Click "Install or Update Lync Server System". (Lync will automatically determine its deployment state)
You should have already completed: Step1 and Step 2.
Run or Run Again "Step 3: Request, Install or Assign Certificates".
Install the "Edge internal" certificate.
Click "Request" button to run the "Certificate Request" wizard.
You use can "Send the request immediately to an online certificate authority" option to connect to your internal CA, and create the certificate.
Once the certificate has been created, use "Import Certificate" to import it.
Once imported, on the Edge Server, go to: (Control Panel -> Administrative Tools -> Internet Information Services (ISS) Manager -> Server Certificates -> Complete Certificate Request...
In the Lync deployment wizard - Certificate Wizard, "Assign the newly imported "edge internal" certificate.
Install the "Edge External" certificate (public Internet).
Click the "Request" button to run the "Certificate Request" wizard.
Press "next"
Select "Prepare the request now, but send it later (offline certificate request).
Supply the "Certificate Request File" name and location. (You will need the file later. It should have the file extension ".req").
Click next on the "Specify Alternate Certificate Template". (which means you are using the default options)
Give it a Friendly Name. Bit Length = 2048. I selected "Mark the certificate's private key as exportable" option.
Fill in the organization info.
Fill in the Geographical Information.
The wizard should automatically fill-in the "Subject name:" and "subject alternative name:' fields.
Select your "Configured SIP domains"
"Configure Additional Subject Alternative Names" if you want. Otherwise, next.
Verify the "certificate Request Summary". Click next.
Run the wizard script to "Complete". The wizard will create a file containing the certificate request with the file extension ".req". (Let's assume the file name is "myCert.req")
Move your myCert.req file to your external CA. Have your CA issue the cert (based on myCert.req) and export the new cert to a file. I save it as a P7B certificate. (Let's call it "ExternalCert.p7b")
In the Lync Deployment wizard - Certificate Wizard, click on "Import Certificate" for ExternalCert.p7b.
Once imported, on the Edge Server, go to: (Control Panel -> Administrative Tools -> Internet Information Services (ISS) Manager -> Server Certificates -> Complete Certificate Request... (assign it a friendly name. Let's say "EXTERNAL-EDGE")
For the "External Edge certificate (public Internet), click "Assign".
The "Certificate Assignment" wizard will run.
Click next.
From the list, select your cert "EXTERNAL-EDGE".
Finish the wizard to "complete".
You are finished on the server.
Move the "ExternalCert.p7b" file to the machine running the lync client. Install the cert via the "Certificate Import Wizard".
When installing it to a particular Certificate Store, select the "Place all certificates in the following store" option.
Browse
Select "Trusted Root Certification Authorities"
Finish the wizard. -
Using PowerShell ISE on Exchange Edge Server
I need manage edge servers from PowerShell ISE to create a script. I tried the steps mentioned on TechNet, but they give an error due to Kerberos not being usable on a workgroup computer.
Any ideas how I can manage to do this without much tinkering?
TechNet Article that doesn't work with Edge server:
http://technet.microsoft.com/en-us/library/dd335083(v=exchg.150).aspxHi,
According to the description, I notice that you are using workgroup computer.
If you are using workgroup computer, based on my knowledge, it seems impossible to apply Edge settings.
If you have Script requirement, I suggest ask Script Center for help, so that you can get more professional suggestions. For your convenience:
http://technet.microsoft.com/en-us/scriptcenter/dd742246.aspx
Thanks
Mavis Huang
TechNet Community Support -
Do we need License for Lync 2013 Edge server?
Hello Team,
We are currently running Lync 2013 Standard Edition Server. We are planning to enable users for External access and planning to deploly Lync 2013 edge server.
1. Do we need License for Lync 2013 Edge server?
2. Any other client licenses needed?
Please advise.Hi,
No you don't required any additional License in order to install Lync Edge server. the only license required at OS level i mean windows server licence in terms of Lync concern you don't require any additional License
check this
https://products.office.com/en-us/lync/microsoft-lync-licensing-overview-lync-for-multiple-users
http://lyncuc.blogspot.in/2013/02/lync-2013-licensing-guide-how-to.html
And for client also you don't require any additional license with your existing client license will work for externally as well
Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question. -
Lync Edge Server Service Not Starting
i am having an issue with starting the "Lync Server Audio/Video Edge" service on my lync edge server. when i try to start the service it throws the following error..
"The Lync server audio/video edge service on local computer started and than stopped. some services stop automatically if they are not in use by other services or programs."
than in the event viewer logs there are 2 specific errors i can see that look like the following..
what is stopping me from fixing this right away is that i havent changed anything in my configuration, seems to have broke on its own. i can post more errors i have found in other places as well if needed. any help is greatly appreciatedhey sean, thanks for your response. all things point to something else using port 443 right now.. however from what i can see from a netstat command it doesnt look like anything new is running on it. here is a copy/paste of my most recent netstat command..
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 756
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 2804
TCP 0.0.0.0:4443 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 468
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 844
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 896
TCP 0.0.0.0:49338 0.0.0.0:0 LISTENING 1400
TCP 0.0.0.0:56483 0.0.0.0:0 LISTENING 572
TCP 0.0.0.0:56966 0.0.0.0:0 LISTENING 564
TCP 0.0.0.0:56967 0.0.0.0:0 LISTENING 2824
TCP 192.100.100.84:139 0.0.0.0:0 LISTENING 4
TCP 192.100.100.84:444 0.0.0.0:0 LISTENING 1768
TCP 192.100.100.84:5061 0.0.0.0:0 LISTENING 1908
TCP 192.100.100.84:5061 68.34.170.246:52296 CLOSE_WAIT 1908
TCP 192.100.100.84:5061 68.34.170.246:52297 CLOSE_WAIT 1908
TCP 192.100.100.84:5061 68.34.170.246:53570 CLOSE_WAIT 1908
TCP 192.100.100.85:5061 0.0.0.0:0 LISTENING 1908
TCP 192.100.100.85:5062 0.0.0.0:0 LISTENING 1844
TCP 192.100.100.85:5062 192.100.100.83:53701 ESTABLISHED 1844
TCP 192.100.100.85:5062 192.100.100.83:53967 ESTABLISHED 1844
TCP 192.100.100.85:8057 0.0.0.0:0 LISTENING 1768
TCP 192.100.100.85:8057 192.100.100.83:56612 ESTABLISHED 1768
TCP 192.100.100.85:8057 192.100.100.83:56617 ESTABLISHED 1768
TCP 192.100.100.85:8057 192.100.100.83:56618 ESTABLISHED 1768
TCP 192.100.100.85:8057 192.100.100.83:56619 ESTABLISHED 1768
TCP 192.100.100.85:8057 192.100.100.83:56620 ESTABLISHED 1768
TCP 192.100.100.85:8057 192.100.100.83:56628 ESTABLISHED 1768
TCP 192.100.100.85:8057 192.100.100.83:56629 ESTABLISHED 1768
TCP 192.100.100.85:8057 192.100.100.83:56670 ESTABLISHED 1768
TCP 192.100.100.85:57577 192.100.100.146:5357 TIME_WAIT 0
TCP 192.100.100.85:57579 192.100.100.175:5357 TIME_WAIT 0
TCP 192.100.100.85:57583 192.100.100.159:5357 TIME_WAIT 0
TCP 192.100.100.85:57584 192.100.100.147:5357 TIME_WAIT 0
TCP 192.100.100.85:57585 192.100.100.242:3911 TIME_WAIT 0
TCP [::]:80 [::]:0 LISTENING
4
TCP [::]:135 [::]:0 LISTENING
756
TCP [::]:443 [::]:0 LISTENING
4
TCP [::]:445 [::]:0 LISTENING
4
TCP [::]:3389 [::]:0 LISTENING
2804
TCP [::]:4443 [::]:0 LISTENING
4
TCP [::]:47001 [::]:0 LISTENING
4
TCP [::]:49152 [::]:0 LISTENING
468
TCP [::]:49153 [::]:0 LISTENING
844
TCP [::]:49154 [::]:0 LISTENING
896
TCP [::]:49338 [::]:0 LISTENING
1400
TCP [::]:56483 [::]:0 LISTENING
572
TCP [::]:56966 [::]:0 LISTENING
564
TCP [::]:56967 [::]:0 LISTENING
2824
TCP [2002:c064:6454::c064:6454]:4443 [2002:c064:6453::c064:6453]:54033 ESTABLISHED 4
TCP [2002:c064:6454::c064:6454]:57581 [2002:c064:64ab::c064:64ab]:445 ESTABLISHED 4
TCP [2002:c064:6454::c064:6454]:59957 [2002:c064:640c::c064:640c]:445 ESTABLISHED 4
UDP 0.0.0.0:123 *:*
948
UDP 0.0.0.0:500 *:*
896
UDP 0.0.0.0:1434 *:*
1976
UDP 0.0.0.0:4500 *:*
896
UDP 0.0.0.0:5355 *:*
140
UDP 127.0.0.1:51664 *:*
1172
UDP 127.0.0.1:56155 *:*
2924
UDP 127.0.0.1:59005 *:*
964
UDP 127.0.0.1:62503 *:*
1680
UDP 127.0.0.1:62786 *:*
572
UDP 127.0.0.1:62788 *:*
140
UDP 127.0.0.1:64531 *:*
896
UDP 127.0.0.1:65160 *:*
1844
UDP 192.100.100.84:137 *:*
4
UDP 192.100.100.84:138 *:*
4
UDP [::]:123 *:*
948
UDP [::]:500 *:*
896
UDP [::]:1434 *:*
1976
UDP [::]:4500 *:*
896
UDP [::]:5355 *:*
140 -
Not able to install Bea Weblogic RFID Edge Server in solaris10
Hi,
I am not able to install Bea Weblogic RFID Edge Server. I gave all permissions to that file.
$ ./rfid_edge220_solaris32.bin
./rfid_edge220_solaris32.bin: cannot execute
Could you please tell me the solution to resolve this issueHi,
I am not able to install Bea Weblogic RFID
Edge Server. I gave all permissions to that file.
$ ./rfid_edge220_solaris32.bin
./rfid_edge220_solaris32.bin: cannot execute
Could you please tell me the solution to resolve this
issueWhat is the output of " file fid_edge220_solaris32.bin". -
I am working on a deployment and in order to get the ports opened to the outside world the InfoSec team runs a scan against the Edge servers. They have come back with the following issue. Has anyone run across this and how do you work around it?
.2.5. Database Open Access (database-open-access)
Description:
The database allows any remote system the ability to connect to it. It is recommended to limit direct access to trusted systems because
databases may contain sensitive data, and new vulnerabilities and exploits are discovered routinely for them. For this reason, it is a
violation of PCI DSS section 1.3.7 to have databases listening on ports accessible from the Internet, even when protected with secure
authentication mechanisms.
Affected Nodes:
Affected Nodes: Additional Information:
69.197.x.x:1434 Running Microsoft SQL Monitor service
Page 17
Audit Report
Affected Nodes: Additional Information:
69.197.x.x:52591 Running TDS service
69.197.x.x:1434 Running Microsoft SQL Monitor service
69.197.x.x:51773 Running TDS service
References:
Source Reference
URL
https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf
Vulnerability Solution:
Configure the database server to only allow access to trusted systems. For example, the PCI DSS standard requires you to place the
database in an internal network zone, segregated from the DMZHi,
Would you please tell us which ports did you open for Edge server?
It seems you open the wrong port from Edge server, please open the right ports for both Edge internal and external interface with the help of the link below:
http://technet.microsoft.com/en-us/library/gg425891.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support
Maybe you are looking for
-
How can I grant Application access to a user via API ) programattically
how do I grant access to a portal user from API I want to grant access to a user from an API, ie I need a command to grant "SCOTT" access to "EXAMPLE_APP" APPLICATION as an end user?
-
ITunes will not recognize my Recently Played music from my iPod
I recently upgraded to iTunes 7 and I also upgraded my iPod as well to 1.2. I've been having problems with my iTunes not keeping track of the recently played tracks. If I look into my ipod history via iTunes it doesn't list any recently played tracks
-
I want to change my apple store from US because I have problem whit using browser
Please help me I am not at UNited State now i am at middle Estes I can use of this place support of apple support so I want you please change my apple store that be able use apple store to open sites and icons that not support at US store
-
Uploading and downloading files in webdynpro abap
how to up load axl file and download file in webdynpro abap application .
-
Change location of sync file outlook
I'd like to change the location of the file that is used by PCsync to synchronize outlook to my 6230i (file: PcSync2.SML.lml) There are no menu options in pcsync. regedit finds it at C:\Documents and Settings\\Application Data\Nokia\PCSync\SynchData\