Lync 2013 Edge Server Deployment

Similar Messages

• Single LYNC 2013 Edge Server Deployment

  Hi,
  I intend to deploy single site edge deployment for two physical lync sites.
  So the scenario would be…
  Redmond LYNC Pool-----Redmond & its remote sites LYNC users connect to it
  Portland LYNC Pool-------Portland & its remote sites LYNC users connect to it
  But the Edge Server deployment is only at Redmond site, so any internet lync users(Redmond or Portland) will hit the Redmond Edge and then will be serviced out of either Redmond pool or Portland pool.
  If this is workable scenario ???
  If so, then I need to understand the network consideration for this specific type of deployment and where/how exactly the redirection will happen to ensure Portland users access lync services from their specific pool and Redmond users access from theirs.
  Regards, Pushkal MishrA, This posting is provided “AS IS” with no warranties and confers no rights. I request you to test the solution in lab and post successful outcome you should try this on production.

  Hi,
  It is possible to use single Edge Server for both Pools.
  You can use a single SRV record. The user from the other site has to connect to the only edge and then route though the WAN link to go to its own pool. Access Edge is responsible for proxying SIP traffic for remote clients to the next hop, which
  can be a Director or a Lync pool. For details:
  http://blogs.technet.com/b/nexthop/archive/2012/05/15/lync-server-2010-geographically-dispersed-edge-topology-part-1.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync 2013 edge server deployment manger

  Hi,
  I am getting error while importing the local configuration file on edge server.
  Error returned while installing ocscore.msi(feature_localmgmtstore), code 1603
  failed to create network share (---- -xds-replica)
  failed to drop network share (---  -xds-replica)
  I am able to telnet from CMS server to Edge server over port 4443.

  Hi PawanDeepSingh,
  Is there any update ?
  In my opinion, the issue might be caused by one of the followings.
  1.  Permissions issue. Please make sure that you logged in as a local administrator.
  2. 
  Windows service issue. During the installation process, some system services might be used.
   (e.g. Task Scheduler Service)
  http://blogs.technet.com/b/ariel/archive/2014/09/09/1603-error-when-installing-lync-server-2013-standard-edition-or-enterprise-front-end-server.aspx
  If the issue is hard to troubleshoot, I suggest reinstall the operation system and then retry.
  Best regards,
  Eric
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Lync 2013 Edge Server Issues

  Forgive me if this question sounds rather "entry level", I have never worked with Lync and this project was handed to me by my boss, who hasn't worked with Lync either.
  I have been reading various posts and forum messages until I went cross eyed about setting up Lync 2013 Edge server correctly.  I am still running into some questions and issues with the Access, Web, and A/V services starting.  Here is my main
  question, and below is my setup. 
  Question:
  Is there a need for both an external and internal nic card IF all three external IP's for the external services are programmed at the firewall and router to go directly to 1 internal IP address?
  Setup:
  Currently I have 1 FE-Standard server that also acts as the Mediation Server, and 1 Edge Server both of which are virtual and running Server 2012.  Originally I did have 2 network cards setup, as all other documentation suggested, 1 external and 1 internal. 
  However my boss, who setup the DNS/Firewall entries stated to remove the External Card since the external address that was setup for the 3 services was routed to 1 internal address. The Access Services, Web Services, and A/V services are all running on three
  separate ports with their own unique FQDN- 443, 444, and 445.  The cert that was deployed is a wild card cert from GoDaddy, this has been used by other servers that point inside and outside without issues.  
  Issues and Errors Messages:
  I have run into a few different issues and error messages from the Event Viewer:
  System
  Provider
  [ Name]
  LS Protocol Stack
  EventID
  14352
  [ Qualifiers]
  50153
  Level
  2
  Task
  1001
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2013-09-09T15:44:51.000000000Z
  EventRecordID
  2885
  Channel
  Lync Server
  Computer
  edgesvr01
  Security
  EventData
  0xC3E93C0A
  SIP_E_STACK_TRANSPORT_FAILED
  System
  Provider
  [ Name]
  LS Server
  EventID
  12303
  [ Qualifiers]
  50152
  Level
  2
  Task
  1000
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2013-09-09T15:44:51.000000000Z
  EventRecordID
  2884
  Channel
  Lync Server
  Computer
  edgesvr01
  Security
  EventData
  80072741
  The requested address is not valid in its context.
  System
  Provider
  [ Name]
  LS Protocol Stack
  EventID
  14336
  [ Qualifiers]
  50153
  Level
  2
  Task
  1001
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2013-09-09T15:44:51.000000000Z
  EventRecordID
  2883
  Channel
  Lync Server
  Computer
  edgesvr01
  Security
  EventData
  TLS
  external IP address that is now used now
  5061
  Please help, I am at a loss as to where to go from here.

  Thanks for the quick responses. 
  I have re-enabled the external NIC.  All services are running now.  When I ran the Remote Connectivity tester this was the outcome.
  Testing remote connectivity for user: username@domain... to the Microsoft Lync server.
   Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
  Test Steps
  Attempting to resolve the host name lync.metisconnect.com in DNS.
   The host name resolved successfully.
  Additional Details
   IP addresses returned: xxx.xxx.xxx.xxx (external address)
  Testing TCP port 443 on host: host fqdn to ensure it's listening and open.
   The port was opened successfully.
  Testing the SSL certificate to make sure it's valid.
   The certificate passed all validation requirements.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server host fqdn on port 443.
   The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
   Remote Certificate Subject: CN=*.ourdomain.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=######, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona,
  C=US.
  Validating the certificate name.
   The certificate name was validated successfully.
  Additional Details
   The host name that was found, lync.metisconnect.com, is a wildcard certificate match for common name *.ourdomain.com.
  Certificate trust is being validated.
   The certificate is trusted and all certificates are present in the chain.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.ourdomain.com, OU=Domain Control Validated.
   One or more certificate chains were constructed successfully.
  Additional Details
   A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
  Analyzing the certificate chains for compatibility problems with versions of Windows.
   Potential compatibility problems were identified with some versions of Windows.
  Additional Details
   The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
  Testing the certificate date to confirm the certificate is valid.
   Date validation passed. The certificate hasn't expired.
  Additional Details
   The certificate is valid. NotBefore = 7/31/2013 4:02:03 PM, NotAfter = 7/31/2014 4:02:03 PM
  Testing remote connectivity for user username@domain to the Microsoft Lync server.
   Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
    Tell me more about this issue and how to resolve it
  Additional Details
   Couldn't sign in. Error: Error Message: Operation failed because the network connection was not available..
  Error Type: ConnectionFailureException.
  External calls from a 3g/4g data connection are not connecting when using the Lync call feature to an internal users Lync Client.  Outcome is: Connecting Call and No Audio.  Then call ends.

• Lync 2013 edge server request certificates

  I am deploying Lync 2013 edge server, how to get the certificate request file[certificate
  signing request (CSR)] on setp 3: Reques,install or Assign Certficates. 
  i need your help!
  Thanks!

  Agree with Jason.
  On the Certificate Request File page, type the full path and file name to which the request is to be saved.
  After you get Certificate Request File, you need to submit this file to your CA (by email or other method supported by your organization for your enterprise CA) and, when you receive the response file, copy the new certificate to this computer so that it
  is available for import.
  Check how to set up certificates for the internal edge interface at
  http://technet.microsoft.com/en-us/library/gg412750.aspx.
  Check how to set up certificates for the external edge interface
  http://technet.microsoft.com/en-us/library/gg398409.aspx.
  Lisa Zheng
  TechNet Community Support

• Lync 2013 Edge Server Migration

  Hi,
  Our organisation is in the process of changing gateway providers, so we have to move our currently deployed Lync 2013 Edge Server and TMG (Lync related sites) to the new provider datacentre. We have new public and DMZ IP addresses allocated for these services
  and we can't use the current addresses.
  Has someone been through this and is there a best practice to follow to transition these services with minimal outages to the users?
  Any help would be appreciated.

  the steps that you mentioned would work. I need to add some bits in to it,
  1. Take a copy of the current Edge Server (VM) and place into the new datacentre
  2. changed the IP addressing (of services) for the Edge Pool in the Topology builder and publish/sync
  3. Change the IP address of the edge server and run the deployment wizard with "Add remove Lync server component step" 
  3. Start services
  4. Publish the Lync services on the new TMG reverse proxy
  5. Test connectivity
  http://thamaraw.com

• Do we need License for Lync 2013 Edge server?

  Hello Team,
  We are currently running Lync 2013 Standard Edition Server. We are planning to enable users for External access and planning to deploly Lync 2013 edge server.
  1. Do we need License for Lync 2013 Edge server?
  2. Any other client licenses needed?
  Please advise.

  Hi,
  No you don't required any additional License in order to install Lync Edge server. the only license required at OS level i mean windows server licence in terms of Lync concern you don't require any additional License   
  check this 
  https://products.office.com/en-us/lync/microsoft-lync-licensing-overview-lync-for-multiple-users
  http://lyncuc.blogspot.in/2013/02/lync-2013-licensing-guide-how-to.html
  And for client also you don't require any additional license with your existing client license will work for externally as well
  Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

• Lync 2013 Edge Server

  I have a few questions on setting up a Lync 2013 Edge Server.  Let me give a little background into what is going on.  My comapny currently still has the old Communicator server(1 user left to migrate to Lync!) and a Lync 2013 that is all setup
  and functional.  Our current Lync environment is only internal, since we do not have a Edge Server setup.  That is what I am task to work on now.  I have read alot of guides on how to build this server, where it needs to be placed in the DMZ,
  and what is needed for it. 
  First question - Is there a hardware spec needed for this server?
  Second question - I read that 3 public ip are needed.   What are they needed for?  So I can explain to our network guys why I need this.
  Third question - Does it matter if the Edge server is on the domain or not?  I read it shouldnt be.  I dont think it will be an issue either way for me, but its easier to manage if on the domain.
  Fourth question - Should I finish my Communicator server decom before worrying about the Edge server? 
  Final question - is there a guide on how to get rid of the Communicator Server Connections to our Lync Server?
  Thanks in advance.

  First question - Is there a hardware spec needed for this server?
  Second question - I read that 3 public ip are needed.   What are they needed for?  So I can explain to our network guys why I need this.
  Third question - Does it matter if the Edge server is on the domain or not?  I read it shouldnt be.  I dont think it will be an issue either way for me, but its easier to manage if on the domain.
  Fourth question - Should I finish my Communicator server decom before worrying about the Edge server? 
  Final question - is there a guide on how to get rid of the Communicator Server Connections to our Lync Server?
  First question- HW spec  https://technet.microsoft.com/en-us/library/gg398835.aspx
  For your reference, my edge servers happen to have 40 GB ram and 2x'E5-2690 2.9GHz' ... they don't have to be physical ... can be virtual however.
  Second - 3 IP's are recommended ... it makes it easier because you can use standard ports as opposed to straying from 443 etc. ... and it makes troubleshooting easier.  All three of the edge services include a 443 requirement - and, with SSL you can't
  just share that socket on a single IP - so, lucky service gets 443.  Also, you can segregate the traffic and see exactly what is happening.  If you only had 1 IP - many scenarios in Lync would not work (e.g., I'm at a hotel and yoru AV port is not
  allowed through the firewall). 
  Here is a wonderful reference - https://blogs.perficient.com/microsoft/2012/12/lync-scaled-consolidated-edge-public-ip-addresses/
  Third - it is recommened that it is NOT domain joined - however, it's ok that it is.  Mine IS domain joined because I have a domain in my DMZ and it assists with management (etc.) and may be required for yoru security.  Your call.  IMO, if
  you have a domain , join it.  Why not?
  RE: OCS - there is a migration path from OCS 2007 R2 to Lync 2013 as per https://technet.microsoft.com/en-us/library/gg425764.aspx   and several documents on the Internet that show the process for those who need to do so.   It's not trivial.
  Another interesting link:  http://blogs.technet.com/b/saleesh_nv/archive/2014/04/24/lync-2013-tri-co-existance.aspx

• Lync 2013 Edge server compatibility with Lyn 2010 Front end Pool

  Hi All,
  Technet article (http://technet.microsoft.com/en-us/library/jj688121.aspx) says the following:
  If your legacy Lync Server 2010 Edge Server is configured to use the same FQDN for the Access Edge service, Web Conferencing Edge service, and the A/V Edge service, the procedures in this section are not supported. If the
  legacy Edge services are configured to use the same FQDN, you must first migrate all your users from Lync Server 2010 to Lync Server 2013, then decommission the Lync Server 2010 Edge Server before enabling federation on the Lync Server 2013 Edge Server.
  Can you tell me why it is you have to change the External Lync Web services URL during a migration to Lync 2013 from Lync 2010. What purpose does this serve?
  Also can you clarify this and explain why this is required, why would you have to migrate all of your users, would a Lync 2013 Edge not talk to a Lync 2010 front-end?
  Any help would be much appreciated. MANY THANKS.

  Thank you very much for all your inputs.
  We still have few questions:
  Questions:
  Can you tell me if Lync 2010 users will be able to login using mobility if we repoint the reverse proxy (TMG) web services publishing rule to the Lync 2013 server? Remember both systems Lync 2010 and 2013 are using the same web
  services URL so they will both end up at the Lync 2013 server. Alternatively if not we will migrate all users to 2013, this is not a problem
  In addition to this I cannot find anything that states how Exchange UM will operate when you are running from a backup pool and the exchange UM contacts are not available because they are homed on the server that is down. This
  configuration is 2 x standard edition servers pool paired. How can we make sure Exchange voice mail works during a pool failover?
  Call Park is not clear to me I read the following:
  Lync Server 2013 provides new disaster recovery mechanisms in the form of failover and failback processes. These failover and failback processes support recovery of Call Park functionality by allowing
  users who are homed in the primary pool to leverage the Call Park application of the backup pool when an outage occurs in the primary pool. Support for disaster recovery of the Call Park application is enabled as part of the configuration and deployment of
  paired Front End pools.
   Is this saying we need to deploy Call Park in the DR pool and use a different range of orbit numbers, or can we use the same range in the DR pool?
  Further, I can see that Common Area Phones will be fine as they will log into the DR pool automatically. Response Groups need to be exported and imported to the DR pool. Incidentally these did not migrate well at all and have
  caused us a big headache!
  Any inputs will be greatly appreciated. Thanks again for all of your time.

• Change Lync 2013 Edge Server Natted public ip addresses

  we changed public ip addresses for Lync 2013 edge. I changed only a/v edge service NAT-Enabled public ipv4 address to the new public ip address .
  published the topology
  run
  Invoke-CsManagementStoreReplication command
  restarted edge server.
  what else to do to solve it ?
  Error:
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.*****.com on port 5061.
  The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
  Additional Details
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

  Hi,
  Please re-run Step 2-Setup or Remove Lync Server Components after changing IP in topology.
  Kent Huang
  TechNet Community Support

• Need to generate a CSR for a new Lync 2013 Edge server

  I am upgrading my Lync 2010 Edge to 2013. Part of the process is exporting all the certificates on the 2010, some public, and eventually importing them into my 2013 Edge. I have a problem with one certificate that was generated by our internal CA for the
  2010 server itself named servername.domain.local. Since my new Edge will be renamed to the same name as the old Edge, I was planning on exporting this certificate but the private key can't be exported. The option is grayed out.
  I need to therefore figure out how to get a certificate on my new Edge. No Lync software has been installed yet. What is the best way to generate a CSR so I can manually create a certificate on my internal CA. Since I don't have access to the internal CA
  from the DMZ, I need to do it this way. I am thinking maybe the MMC but maybe Windows PowerShell? Once I get the CSR generated, I will figure out how to create a certificate on my internal CA.
  I know I can do it during the Lync install but I wanted to have it ready on the server when installing.

  The option is most likely grayed out, because the private key was not marked as exportable.
  Now, you can either request the certificate by using the Deployment Tool and requesting the certificates, selecting offline and then manually copying the CSR to your Internal CA (and the certificate back)
  Or you can use Powershell and do a Request-CsCertificate (see here: http://technet.microsoft.com/en-us/library/gg425723.aspx)
  Try something like this: Request-CsCertificate -New -Type Internal -ComputerFqdn "lyncedge.domain.com" -FriendlyName "Internal Edge"
  -Template jcila -PrivateKeyExportable $True -DomainName "edge.domain.com" -Output C:\path\test.req​
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
  Georg Thomas | Lync MVP
  Blog www.lynced.com.au | Twitter
  @georgathomas
  Lync Edge Port Check (Beta)
  This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Lync 2013 Test Server Deployment

  Hi All,
  I have been asked to look at using Lync 2013 in our organisation.
  As this is a test deployment to start with, I have the following restrictions:
  Access to only 1 public IP Address
  Mobility is a requirment
  No budget for Reverse Proxy
  I have been looking at various ways to test this, but have been unable to successfully get this working. I have started again, with a blank canvis. I am now at the stage where I need to install Lync 2013 on our test domain and am not sure where to go.
  I have read about external DNS (A Record for sip.domain.co.uk to point to public IP & SVR Record for _sipfederationtls._tcp.domain.co.uk points to sip.domain.co.uk on port 5061). 
  Could anyone give me any pointers?
  Thanks in advance

  Hi Daymondeo,
  As thamaraw said, the Reverse Proxy is required for functioning mobility.
  With one public IP, you have to deploy TMG . Using TMG as a reverse proxy, then you can have all the Lync features.
  Have a look at this article,
  http://social.technet.microsoft.com/wiki/contents/articles/9807.how-to-configure-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx
  Best regards,
  Eric

• Lync 2013 Edge Server - Lync Server Audio/Video Edge Don´t respond

  Hello, We have a Lync 2013 Infraestructure. (With Windows 2008 R2)
  3 front ends servers (pool) and 1 edge server.
  We have an issue with the edge server.  Often we lost the Presence , IM and Audio/Video with external/federated contacts
  We can´t chat or do any calls.
  When we try to restart the service "Lync Server Audio/Video Edge" in the Edge, it never stop...
  We try to kill the process MediaRelaySvc.exe without success.
  The only way is to restart the server.
  The server is up to date with the lastest hotfixes.
  There are not events in APP/SYSTEM/LYNC logs in the event viewer.
  Any idea ?
  Thanks in advance!

  Hi,
  Please also check if there is any error message on FE Server.
  Please make sure the CMS replication is update to the latest status on Edge Server.
  Please make sure there is no other antivirus software in Edge Server as Anthony said above.
  Please also double check the Edge certificate/DNS is setting suitable.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• LYNC 2010 Edge server deployment issues

  I've been able to install LYNC and have the meet and dialin function working properly internal/external. I'm attempting to test setting up external access to the client with an edge server. All seems to install properly etc with no errors being thrown my
  way. But in the services i have a few that will not start with the below errors. Can anyone point me to a deployment scenario with an edge server how-to?
  Any help would be greatly appreciated.
  The Lync Server Access Edge service terminated with service-specific error %%-1008124918.
  The Lync Server Web Conferencing Edge service terminated with the following error:
  The requested address is not valid in its context.

  Hi every body, I am trying to do  a
  proof of concept before we buy the public Certificate for my Edge server but I have this error..
  I have the same error as you guys (1008124918 )
  Here is my setup
  Active directory with a CA on it. ( I used this CA for my Front-End, and for both Internal/External Edge Certificate )
  FrontEnd ;
  -In the domain
  -192.168.16.55 255.255.255.0
  ==
  Edge:
  Inside NIC : 192.168.16.57 255.255.255.0, no gateway
  Outside NIC (dmz ) : 192.168.18.80 255.255.255.0   . Gateway 192.168.18.0
  The edge is not in the domain.
  ==
  My Public IP : 69.70.xx.xx
  =====================
  In the wizzard for the edge-pool
  I choose:
  -Single computer pool
  I check :
  - Use a single FQDN & IP
  -Enable federation ( port 5061 )
  -The external IP address of this edge pool is translated by Nat
  external fqdn : sip.OurCie.com / 5061 Port
  Internal IP : 192.168.16.57
  External IP ( for sip access, web conf, A/V Edge services )  : 192.168.18.80
  Public IP used by nat : 69.70.xx.xx
  =====================
  So when I start the service I have this error code :  Windows could not start the Lync Server Access Edge....code : 1008124918
  in the eventvwr here is ther error that I have :
  Transport TLS has failed to start on local ip : 69.70.xx.xx at port 5061
  cause: config error, low system ressources or another proram is using this port
  can also happen if the ip address has become invalid
  Any idea ?

• Lync 2013 Edge server Overloading network?

  Hi
  I have a weird problem that suddenly arose this morning, but has possibly been developing for the past couple of days. I'll try and explain...
  The Internet was slow Yesterday, and Lync calls were suffering from "poor network conditions", so the QoS on router was adjusted, but this morning the internet was unuseable. No pages would load, pinging our external IP from external was losing
  every other packet, and we could not login to the router.  
  Restarting router would sort the problem for literally 10 seconds, and then the same thing would happen, everything would just stop. We unplugged our EFM line(which is our main line with all IPs for SIP trunks, external IPs etc), and the internet fell over
  to the fibre(backup) and the router became accessable and internet was working fine.
  I then reconnected the EFM line, and unplugged the DMZ (IP routed subnet for FE/Edge/TMG external IPs). The internet fell back to the EFM and started working perfectly, and the router was accessable. So i reconnected the DMZ, but removed the cables
  from the servers. I then connected the FE server to the DMZ, and this sorted inbound/outbound calls, and the internet continued to work perfectly.
  I then connected the Edge server back to the DMZ, and everything came tumbling down.
  All servers have always been connected to the internal network via there second NIC.
  Any ideas what the Edge server could be speaking too, or how i can troubleshoot further? (Basically, as soon as external NIC is enabled on the edge server with the external IP, the entire network is bombarded and nothing is useable)
  Any advice would be much appreciated,
  Regards
  Alistair Cameron

  Ran wireshark and found it shouting out WPAD everywhere. Un-ticked WPAD on internet explorer, connected to an isolated network and issue was resolved.
  Ran several scans and all found a Trojan (wish i had recorded name but forgotten) and it removed fine.
  But as its only Edge server I just quickly re-installed using same IPs and BIOS name - not worth the risk really. 
  Thanks for your help
  Alistair Cameron