Lync 2010 Edge and TMG

I have an issue where a large group of users (about 2k) have been 'migrated' into my environment without first migrating their accounts in AD. Basically, accounts were created internally and they are just connecting to my Lync 2010 and Exchange 2010
environment through the internet.
Problem is, when they leave their current network, they hit my TMG 2010 servers from a single IP address. This triggered TMGs Flood Mitigation settings and their IP was blocked. I fixed this by creating an exception for their IP address
and bumping up the number of allowed tcp and http connections per minute.
Now, we are still having issues with users that attempt desktop and application sharing. Their sessions close sporadically.
My primary question is, has anyone ever attempted this type of solution before, allowing thousands of users external access from a single IP address through TMG and Lync Edge? If so is it supported and what type of issues might I need to look
for? Does the Edge role also have restrictions on how many connections can be made by a single IP address from the internet?

Hi Ray,
I'm pretty sure TMG is generally not the external endpoint publishing the AV/Sharing capabilities unless it is drastically different in your environment (or if TMG is your outer most firewall)
Usual setup for reverse proxy is :
Firewall1 (outer most) <---> DMZ <----> Firewall2 (TMG?) ---> Corp
Firewall 2 publishes web services.
Edge usually looks like:
Firewall1 (outer most) <---> DMZ <----> Edge Access/AV/WebConf ---> Corp
Can you confirm if TMG is your outer-most firewall? If it is then check if your edge has one or multiple IPs. Then check the publishing for those IPs and make sure they adhere to the exception you created. In addition, check the Firewall on the edge server
itself.
If TMG is not your outer-most firewall (if Firewall1 is some other device) then please check the intrusion protection on the Firewall1 device and allow for exception in there as well.
Hope this helps.
Cheers,
Max

Similar Messages

Finally about to decomission the Lync 2010 Edge. Small question

Getting ready to finally decommission our Lync 2010 Edge in favor of a 2013 Edge. The only reason I have kept the 2010 Edge around was because we still have a single 2010 FE server. All our users are on 2013 FE servers so the 2010 FE is just sitting there
do nothing. I thought it was best practice to remove the 2010 Edge first and then decommission the 2010 FE.
Does it really matter which server I decommission first? I can't see how but thought I would ask. I am sure there are companies that have 2013 Edge servers with a mix of 2010 and 2013 FE servers but it doesn't hurt to ask I guess.

Hi shadowtuck,
In general, you could decommission the Edge server first.
I don’t think this is a problem, all the Lync 2010 Servers are not working.
And there’s a document about
Uninstalling Microsoft Lync Server 2010 and Removing Server Roles
for your reference.
http://www.microsoft.com/en-us/download/details.aspx?id=18692
Best regards,
Eric

Lync 2010 Edge Certificate Assigning issue.

Hello,
We are facing issue in assigning Public certificate for Lync 2010 Edge server.
Where as i able to successfully import the certificate from Deployment wizard, but when assigning the same not able to view the certificate which is successfully imported from same wizard.
Please suggest to fix this issue.
FYI: I am able to view the certificate in the Local account certificate container.

Try importing the certificate using the DigiCert's Certificate Utility: https://www.digicert.com/util/
works for certificates issued by other Certificate Authorities.
After the cert is Imported, run the key test from the DigiCert's Certificate Utility. Run Step 3 again (Lync Server Deployment Wizard) and select "assign" to use the new certificate.
Please mark posts as answers/helpful if it answers your question.
Blog
Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

Lync 2010 client and Office 2013

I have Office 2013 installed minus Lync 2013 and have Lync 2010 installed in its place, we have a Lync 2010 infrastructure and are planning on upgrading our customers’s workstations to office 2013 and maintaining the Lync 2010
clients.
Is it expected behavior in this scenario to get prompted with the “Join the meeting using your web browser”, “Download and install Lync Attendee” & “Use Communicator” page when attpempting to join a meeting?
Thanks….

Thanks for the reply.
The reason that we though to stay with the Lync 2010 client is that we were told that the Lync 2013 client only communicates to the Lync 2010 back-end via the Lync Edge servers. In looking at the Lync 2013 client configuration
information I see that Inside User Status: True which looks like it might not be communicating via the Edge servers.
Is this a valid reason not to push forward with Lync 2013 client while still having Lync 2010 back-end?
Thanks…

Uninstall Legacy Lync 2010 enterprise and install Lync 2013

I have a customer who has Lync 2010 enterprise and decided to install Lync 2013 but don't want migration and instead want to uninstall Lync 2010 . I would like to know in this case how to clean the active directory schema from Lync 2010 ?
and If there's anything else to consider before uninstalling Lync 2010 ? I will have to disable/remove all currently Lync enabled users but is there anything else?
I found this article, but would like to know what's the steps in sequence of removing Lync in this case?
https://social.technet.microsoft.com/wiki/contents/articles/9849.how-to-remove-lync-server-2010-from-active-directory.aspx
for example, do I have to first
1- Disable LYnc users.
2- Uninstall Lync server Application from Control panel
3- Remove Lync from Active Directory?
Would appreciate your help. thanks
thanks
Mohammed JH

Hi
Check this to Uninstall Lync 2010
http://terenceluk.blogspot.nl/2011/01/step-by-step-instructions-for.html
Check this to remove AD References
http://blog.ucmadeeasy.com/2010/11/09/lync-server-2010-active-directory-references-and-how-to-remove-them/
http://digitalbamboo.wordpress.com/2014/01/28/how-to-clean-your-server-of-old-active-directory-lync-ad-references-in-the-rtc-service-when-removing-the-last-2010-pool-fails-to-publish-in-the-lync/
Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

Replication issue between lync 2010 FE and lync 2013 FE

Hello
I face any issue in my lync server's .
I was in the last steps in the migration process from lync 2010 to 2013 enterprise edition .
where CMS was moved already to 2013 , and later on many time I checked the replication and it was fine , then I deleted the CMS DB FROM 2010 FE and I checked the replication and it was fine .
later on I proceed to delete the archiving server and monitoring server and it was fine .
later on I proceed to
Reset call admission control
Prevent sessions for services
Stop Lync Server 2010 services
Remove a Front End Server from a pool
I just I face this replication issue after I start the process to delete the lync 2010 pool which im stuck on it now .
one more thing while I was trying to delete the 2010 front end pool , I got the error .
Error: An error occurred: "System.InvalidOperationException" "Cannot publish topology changes. Conference directories still exist on a pool that would be deleted. Remove the conference directories before continuing."
so I moved the conference directories from 2010 pool to the 2013 pool successfully.
but later on when I check the replication I notice the replication issue ?
Get-CsManagementStoreReplicationStatus
UpToDate           : False         """""""""""""""""""it is already shutdown
ReplicaFqdn        : HQ-EDGE01.mydom
LastStatusReport   :
LastUpdateCreation : 3/23/2015 11:22:17 AM
ProductVersion     :
UpToDate           : True
ReplicaFqdn        : HQ-LYNC2013-FE.mydom
LastStatusReport   : 3/19/2015 5:21:27 PM
LastUpdateCreation : 3/19/2015 5:21:25 PM
ProductVersion     : 5.0.8308.556
UpToDate           : False
ReplicaFqdn        : HQ-LYNC-FE-01.mydom
LastStatusReport   : 3/19/2015 11:38:25 AM
LastUpdateCreation : 3/23/2015 11:52:17 AM
ProductVersion     : 4.0.7577.0
then I run the
I run Invoke-CsManagementStoreReplication
Get-CsManagementStoreReplicationStatus
UpToDate           : False     """""""""""""""""""it is already shutdown """"""""""""""""""
ReplicaFqdn        : HQ-EDGE01.mydomain
LastStatusReport   :
LastUpdateCreation : 3/23/2015 10:18:22 PM
ProductVersion     :
UpToDate           : True
ReplicaFqdn        : HQ-LYNC2013-FE.mydomain
LastStatusReport   : 3/23/2015 10:18:26 PM
LastUpdateCreation : 3/23/2015 10:18:22 PM
ProductVersion     : 5.0.8308.556
UpToDate           : False
ReplicaFqdn        : HQ-LYNC-FE-01.mydomain
LastStatusReport   : 3/19/2015 11:38:25 AM
LastUpdateCreation : 3/23/2015 10:18:22 PM
ProductVersion     : 4.0.7577.0
====================
Get-CsManagementStoreReplicationStatus
UpToDate           : False """"""""""""""" it is already down """""""""""""""""""""
ReplicaFqdn        : HQ-EDGE01.mydomain
LastStatusReport   :
LastUpdateCreation : 3/23/2015 10:53:23 PM
ProductVersion     :
UpToDate           : True
ReplicaFqdn        : HQ-LYNC2013-FE.mydomain
LastStatusReport   : 3/23/2015 10:18:26 PM
LastUpdateCreation : 3/23/2015 10:18:22 PM
ProductVersion     : 5.0.8308.556
UpToDate           : False
ReplicaFqdn        : HQ-LYNC-FE-01.mydomain
LastStatusReport   : 3/19/2015 11:38:25 AM
LastUpdateCreation : 3/23/2015 10:53:23 PM
ProductVersion     : 4.0.7577.0
why LastUpdateCreation : 3/23/2015 10:53:23 PM from the lync 2010 pool ????
I'm not doing any change on 2010 pool now (I just try to delete it ) , all the change it is on 2013 pool .
for edge server 2013 I shut down the server since there is another configuration issue there (so replication to edge server not the issue now since it is down).
my question is this will affect my lync 2013 since it is the production now ? is this un completed steps for removing the 2010 pool affect my production.
is the replication issue affects my 2013 pool ?
Kind Regards
MK

Hi,
From your description above, did you mean before deleting the Lync Server 2010 Pool from topology, you found the replication of Lync 2010 FE Server not update to date?
If it is the case, based on my knowledge, there is no affect for Lync Server 2013 Pool. Please double check if Lync Server 2013 Pool work normally, and Lync users in Lync 2013 Pool can use all Lync function without issues. Then you can delete Lync 2010 Pool
from Topology and publish it. After finish it, please re-run step 2 on Lync Server 2013 FE Servers.
Best Regards,
Eason Huang
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Eason Huang
TechNet Community Support

Migrating onto LYNC 2010 Edge Servers

We have LYNC 2010 pool merged topology with OCS 2007 R2 and using OCS 2007 R2 Edge pool. All the users have been moved onto LYNC pool and LYNC Edge pool has been setup with same FQDN for acces edge, web conf, andA/V Edge service...
Howver Microsoft Migration guide stated that we need to decommission OCS 2007 R2 edge servers if we use same FQDNs in LYNC Edge? This is confusing to me as how can we decommission OCS edge servers without testing routing on LYNC Edge servers?
Why can't we disable federation with OCS Edge pool ( with deployment wizard) and enable federation with LYNC Edge pool?
Any suggestion or best practice advice to migrate onto LYNC Edge pool is much appreciated.
From MS Migration Guide page 94:
"If your legacy Office Communications Server 2007 R2 Edge Server is configured to use the same FQDN for the Access Edge service, Web Conferencing Edge service, and the A/V Edge service, the procedures in this section to transition the federation
setting to a Lync Server 2010 Edge Server are not supported. If the legacy Edge services are configured to use the same FQDN, you must first migrate all your users from Office Communications Server 2007 R2 to Lync Server 2010, then decommission the Office
Communications Server 2007 R2 Edge Server before enabling federation on the Lync Server 2010 Edge Server.
Tek-Nerd

Not supported means you may have unexpected issue.
Please follow the way Microsoft suggested.
Lisa Zheng
TechNet Community Support

Lync 2010 client and SRV record

When Lync 2010 was originally set up in our environment, we included our login domain which is a .local as a SIP domain but everyone uses our additional SIP domain which is a .org.
In our internal DNS, we have SRV records under both domains. Question is if a Lync 2010 client is doing autodiscover and their SIP domain is the .org, will the client look at the SRV record in the .local domain? I don't think this SRV record was ever used
even though its the users login domain, its not their SIP domain.

You're right, the SRV records that belongs to your .local domain are not used by the lync client for a user that hs a .org sip domain sign-in address, so as you are saying if all the users are configured with a .org sip domain that means these SRV records
were never used, and you can safely remove them.
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

Lync 2010 server and UM role on different domains in different forests

Hello
I have a Lync 2010 environment running on domain A, with exchange 2010 UM also running in Domain A. We are in the process of migrating users and mailboxes from domain A to domain B. Once we reach our enterprise voice users with exchange UM enabled
we will need to install the exchange UM role on the exchange server in Domain B.
There is a 2-way trust relationship between domain A and domain B.
All the users from are running Lync on a PC located in Domain B, using Lync credentials from Domain A.
Are there any issues running Lync 2010 and Exchange UM from different domains in different forests? Is it as simple as creating a new UM DialPlan and UM IP Gateway to the domain A Lync FQDN?
Thanks

Hi,
Each UM forest must be configured to trust the forest in which Lync Server is deployed, and the forest in which Lync Server 2013 is deployed must be configured to trust each UM forest. If Exchange UM is installed in multiple forests, the Exchange
Server integration steps must be performed for each UM forest or you’ll have to specify the Lync Server domain.
Here is a link about for UM of Lync server 2013 but similar for Lync server 2010:
http://technet.microsoft.com/en-us/library/jj966276(v=exchg.150).aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

Lync 2013 Edge and routing algorithm

Hi
I have problem with Lync 2013 Edge server. I'm tring resolve problem but for now I 'm totally lost.
Short description for a problem:
What works:
IM and presence communication to Internet and federation
A/V conferences with remote users and federated organizations.
File transfer to remote users and federated org.
What doesn't work:
Audio and video P2P connections to remote user and federated org. SIP signalization works, but media connection doesn't.
Tracing at wireshark shows that Edge server trying establish stun connection to INTERNAL clients on EXTERNAL interface.
Persistent route for internal subnets are added to routing table on server.
All ports are opened on firewall between DMZ and LAN.
I can ping and connect via RDP to stations on internal network.
Why A/V Edge service trying establish connection on external interface ?
What is algorithm/mechanism for network interface selection
Regards
Mawik

Hi,
Please check if all server settings were correct (check if Global Settings had the A/V Edge server defined and assigned as the A/V Authentication Service in the pool properties).
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

Lync 2013 Edge and Reverse proxy on same server with SNI

Hello
I cannot find information if it is possible to create a single Lync 2013 Edge server with a Reverse proxy on the same server?
Would it not be possible to share port 443 with SNI support? That way we could use only one public IP?
Thanks!

Sorry, it doesn't work. Remember that 443 isn't HTTPS for the Edge. If you went with the single IP model for the edge, 443 would be used for the A/V role which would be STUN/TURN.
The edge will always want to listen on 443, it just doesn't work to collocate a reverse proxy.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Exchange 2010 Edge and Sophos PureMessage

Experiencing a dilemma with Exchange Edge server 2010 + Sophos PureMessage.
After installing Sophos PureMessage on Exchange Edge server, there is a significant increase in SPAMS.
I was just wondering if anyone has any knowledge about this issue who are in Exchange and PureMessage environment.
Sophos technical support is pretty much "zzzzzz" since they don't even mention about 3rd party technical KB.
Any thoughts would be highly appreciated.
Thanks!

Hi,
I suggest enalbe Exchange Anti-Spam instead of using Sophos PureMessage.
If you have to use Sophos PureMessage, I suggest go to Sophos PureMessage Support for help.
Thanks

Exchange 2010 URL and TMG 2010

Hi All,
Would like to know whether can I publish my Exchange OWA through TMG 2010 with the URL on Internal and External the same (Example: mail.contoso.com) and using single-Nic?

Hi
With a single NIC deployment, you will only be able to use the web publishing feature of TMG for Exchange. This means be able to publishing OWA, Outlook Anywhere and ActiveSync.
Same URL for Internal and Public Internet
100 % you can have same URL for Both and belwo are the DNS changes you many need to do.
You need to create a Split Brain DNS
Create a New Primary DNS Zone with the same name as you public Domain
Add a A record and point that to internal IP address of the Exchanges server OWA
On the Public Internet Add A record pointing to Public IP address which is used on webpublishing
TMG - Link
http://technet.microsoft.com/en-us/library/ee796231.aspx
Other Post -
http://social.technet.microsoft.com/Forums/windowsserver/en-US/c38035f8-b975-4c58-99b2-952f3de9db74/configuring-splitbrain-dns

How to Integrate Microsoft Lync 2010, Asterisk, and a sip trunk.

Dear Friends.
i need you to assist me to step my new project
Objective:
Setup Asterisk
to Configure a SIP trunk between Asterisk and the SIP provider of my choice
Integrate Lync Server 2010 with Asterisk
Configure a dial plan
Configuring Voice Polices, PSTN Usage Records, and Voice Routes.
To be able to make international
local call to any mobile extension or same number range
This is a new project to me can anyone please simply assist me step by step ?
Thanks
Greenman

Hi GreeMann, Which Flavor of Asterisk you are using ex: FreePBX, Elastix, AsteriskNow.
You can use any of them most of the configuration will be similar.
To configure the SIP Trunk of service provider in asterisk check this
http://wiki.freepbx.org/display/ST/Setting+up+SIPStation+manually+in+FreePBX http://wiki.freepbx.org/display/F2/Trunk+Sample+Configurations
Here is my blog Step by step guide to Integrate asterisk ( Elastix) with Lync
http://mslyncforall.blogspot.in/2014/12/lync-2013-asterisk-pbx-integration.html
http://blogs.technet.com/b/rischwen/archive/2013/08/21/series-exchange-2013-and-lync-2013-integration-with-asterisknow-pbx-pt-1.aspx
Please let me know if you encounter any issues i am happy to help you.
Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

LYNC 2010 Edge server deployment issues

I've been able to install LYNC and have the meet and dialin function working properly internal/external. I'm attempting to test setting up external access to the client with an edge server. All seems to install properly etc with no errors being thrown my
way. But in the services i have a few that will not start with the below errors. Can anyone point me to a deployment scenario with an edge server how-to?
Any help would be greatly appreciated.
The Lync Server Access Edge service terminated with service-specific error %%-1008124918.
The Lync Server Web Conferencing Edge service terminated with the following error:
The requested address is not valid in its context.

Hi every body, I am trying to do a
proof of concept before we buy the public Certificate for my Edge server but I have this error..
I have the same error as you guys (1008124918 )
Here is my setup
Active directory with a CA on it. ( I used this CA for my Front-End, and for both Internal/External Edge Certificate )
FrontEnd ;
-In the domain
-192.168.16.55 255.255.255.0
==
Edge:
Inside NIC : 192.168.16.57 255.255.255.0, no gateway
Outside NIC (dmz ) : 192.168.18.80 255.255.255.0 . Gateway 192.168.18.0
The edge is not in the domain.
==
My Public IP : 69.70.xx.xx
=====================
In the wizzard for the edge-pool
I choose:
-Single computer pool
I check :
- Use a single FQDN & IP
-Enable federation ( port 5061 )
-The external IP address of this edge pool is translated by Nat
external fqdn : sip.OurCie.com / 5061 Port
Internal IP : 192.168.16.57
External IP ( for sip access, web conf, A/V Edge services ) : 192.168.18.80
Public IP used by nat : 69.70.xx.xx
=====================
So when I start the service I have this error code : Windows could not start the Lync Server Access Edge....code : 1008124918
in the eventvwr here is ther error that I have :
Transport TLS has failed to start on local ip : 69.70.xx.xx at port 5061
cause: config error, low system ressources or another proram is using this port
can also happen if the ip address has become invalid
Any idea ?

Lync 2010 Edge and TMG

Similar Messages

Maybe you are looking for