Lync Front End and Edge on same host

Similar Messages

• Lync 2013 Enterprise load balancing on the front end and edge pool

  Hi,
  I am setting up a Lync 2013 Enterprise deployment consisting of a Front End pool (x2 FE servers) and an Edge pool (x2 Edge servers).  I'm seeing some conflicting advice regarding load balancing using hardware or DNS for the front end and the edge.
  On the front end I have 2 internal DNS records 'lyncfepool1.contoso.local' each of which map to one of the IPs of the FE servers.  I've used my details to populate the Detailed Design Planner excel spreadsheet and am told that I require a HLB to load
  balance my front end pool.  I'm aware of the need to load balance HTTPS traffic internally (which will be done by TMG) however other traffic to the front end (SIP, etc) can be balanced by DNS only, and not require a HLB?
  Can someone clarify the front end requirement?
  Also - looking now at the edge pool - this site again have two edge servers in a pool.  We are using a total of six private IP addresses, two per edge service (2 x av.contoso.com, 2 x sip.contoso.com and 2 x webcon.contoso.com).  These will be
  NAT'ed by the external firewall and directed to the respective external (DMZ) IP addresses on the Edge servers on port 443.  I know this isn't true roundrobin due to the intelligence of the Lync client when connecting (in that the Lync client will connect
  to one of the public IPs and if it can't connect, it will know to connect to the other service IP), however I want to clarify this set up, particularly the need to direct the external public IP traffic at the DMZ Edge IP specified in the topology builder.
  I've attached a basic diagram of the external/DMZ/Edge side which hopefully helps with this question
  Persevere, Persevere, Per..

  That is because you will always need HLB for a front-end server since it hosts the Lync webservices which use HTTP/HTTPS traffic.
  The description on the calculation tool also describes this correctly:
  Supports Standard and Enterprise pools (up to 12 nodes), with pure device-based load balancing or a combination of DNS load balancing and device-based load balancing (for
  Lync web services)
  You can use either Hardware or DNS loadbalancing for SIP traffic only, but you will always need a HLB for the webservices.  Both are applicable for the Front-End so you have either
  full HLB for both SIP and HTTP(S) traffic
  DNS LB for SIP traffic and HLB for HTTP(S) traffic
  Hope this is more clear :-)
  Lync Server MVP | MCITP Lync Server 2010 | If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.

• Configuring Lync 2010 Mobility with Front end and Edge Server

  I have been racking my brain the past week trying to figure out how to get the lync edge server working properly and how to get the mobility service working properly.
  Currently I have 1 front end server that is configured and working.  I have one edge server that has been configured according to nearly every online help I could find along with public CERT.
  If I use microsoft's online connectivity test and I run the test for
  Lync Server Remote Connectivity Test everything passes.  I am also able to connect to lync using a windows lync client from outside of the internal network however I have to specify the server name as being sip.ourdomain.com I cannot get connected using
  autodiscover.
  When I run the Lync Autodiscover Web Service Remote Connectivity Test it fails due to SSL error to lyncdiscover.ourdomain.com which then lead me down the path that I needed to install
  the Mobility service but it also tells me that I may need to update our SSL cert as well.
  This is where I am getting confused and would like to be pointed in the correct direction.
  When I installed mobility service on the front end server it created the autodiscover section in IIS.  If I am inside our network I can browse to it without any issue.  Where I am confused at this point is how to either setup DNS or how to configure
  the edge server to use autodiscover.
  Do I need to setup an additional public IP and point lyncdiscover.ourdomain.com to the IP of our front end server or to our edge server?  If I have to point this to our front end server then that would mean that I use one public IP that goes to 443,
  444 and 5061 for our edge server and then I would need one public IP that goes to ports 443 and 80 that get redirected to ports 4443 and 8080 on our front end server?  If that is the case then do I have to get an external cert for the front end server
  that contains lyncdiscover or can clients connect if it is just using the self signed cert from the domain?
  This is where I am getting confused at and hopefully some nice folks out there can clarify this for me so I can get this resolved.
  Thank you
  KK

  You need an additional public IP to point to a reverse proxy, which will listen on port 443 and proxy requests to your front end server on port 4443 (notice the extra 4).  You can use IIS ARR, Web Application Proxy, or whatever else you may have for
  this purpose, but you need to ensure you redirect port 443 to port 4443.  This reverse proxy cannot be collocated on your front end server or edge, you'll need a separate box or appliance. 
  Beyond Lyncdiscover, you'll want to do this for your external web services FQDN as defined in the topology builder and your meet and dialin URLs too.  You'll want a third part cert for all of this (though it doesn't need to be installed on the front
  end, just the reverse proxy) so that you don't need to install any internally signed root certs on anyone's smartphone.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Lync 2010 Standard Edition Front-End and Edge Cerificate Renewal issue

  Hi Experts,
  I have a client with Single Standard Edition FE server and 1 Edge server and both are using PUBLIC certificates. It also has a reverse-proxy server (F5 HLB) with wildcard certificate installed. The FE and Edge certificates are about to expire and the client
  now wants the ff.
  1. Internal Certificate from Internal CA server for FE
  2. External Certificate from Public CA for Edge
  What I did was,
  A. For Internal Cert - I generated a CSR from MMC cert manager using custom request from the FE server and have it signed by the Internal CA. Reason I did that was, everytime I requested the CSR from Lync Certificate Wizard, it is getting the certificate
  template not supported by the Internal CA.
  B. For External Cert - I requested the Edge external CSR thru Lync Certicate Wizard and submitted to the client for public CA renewal.
  When I installed both certificates, internal lync works fine but anything external (i.e. external lync access, mobile, federation) do not work anymore.
  So I decided to roll back the certificates and everything went back to normal?
  Question is, what steps or process did i miss or gone wrong? Hope for your response. Thank you in advance.

  Hi DaxZilla,
  You also need to request a certificate to internal interface of Edge Server from internal enterprise certificate authority.
  The certificate for the external edge interface should contain SANs as below:
  SAN=Access Edge service FQDN
  SAN=Web conference service FQDN
  SAN=SIP domain FQDN
  Mobile client goes through reverse proxy server to sign in. It is not related with Edge Server. Check the certificate on reverse proxy is not expired.
  Best Regards,
  Lisa Zheng
  Lisa Zheng
  TechNet Community Support

• Lync Front End and VMware CPU Ready %

  We are running an Enterprise Lync 2013 environment with Voice. It's running in on ESX with 3 front end boxes and 2 edge servers. Every now and then we get users complaining of poor audio quality on conference calls. Although there can be many reasons for
  this that are not "Technology" related we have been digging into it. We noticed that our CPU ready % was kind of high on the Front End boxes. It was pushing 10%... after some ongoing back and forth with our VMWare engineers we got them to isolate
  our boxes for a few weeks to see if that helped. It seemed to have done the trick but our VMware engineers don't like wasting resources so they put Lync back in with general population. Now CPU ready % is hovering more around 5% so it's better than it was
  before. My questions is what % CPU ready are you guys calling "Too High" in your environments?

  Thanks for your response Ben. We have gone through the white paper with our ESX engineer. Unfortunately they don't think it applies to ESX because it focuses on HyperV. Although much of it is applicable. My hope in this post is just to get a community benchmark
  on what people are finding in their environments that "work well" for them. The main topic we have been pushing is this part of the Virtualization White Paper.
  8.1.11 Resource Over-Allocation
  Lync Server 2013 guests should not be provisioned on hypervisor hosts which are configured for CPU over allocation. For example, if the physical host has 24 cores, no more than 24 cores total should
  be allocated to all of the guests on the system.
  Lync Server includes several real-time workloads (such as audio/video and conferencing) that require real-time access to components such as processor, memory, network, and storage. If these components
  are shared among other guests and Lync does not have access to these as required, the result can be a negative user experience including dropped calls, dropped audio, choppy audio, inability to join a conference, paused video, and other user-noticeable results.
  These can be difficult to troubleshoot, as an analysis of the physical servers and virtual guests at a later point in time may show all is fine, with the issues surfacing only during periods of high utilization from other guests.

• Lync front end - Lost Connection to all Web Conferencing Edge Services

  I keep getting the error Lost Connection to all Web Conferencing Edge Services  on my lync front end server 2010
  The lync edge services are all starte the certs are fine and I disable ipv6
  Anything else  I can try

  Hi,
  Did you solve the issue with the help of the people above provided?
  Which type of certificate did you use for Edge server (both internal and external interface)?
  Please double check Edge server certificate with the help of the link below:
  http://www.technotesblog.com/2011/07/06/lync-server-2010-error-lost-connection-to-all-web-conferencing-edge-services/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Please try to restart Edge server and test again.
  Please also check the part of certificate configuration of Edge server with the help of the link below of “Useful Tips for Testing Your Lync Server 2010 Edge Server”:
  http://blogs.technet.com/b/nexthop/archive/2011/12/07/useful-tips-for-testing-your-lync-edge-server.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync Front-end service won't start

  Hello everybody
  I have this error when a I try to start Lync front-end service:
  Failed starting a worker process.
  Process: 'C:\Program Files\Microsoft Lync Server 2013\Server\Core\RtcHost.exe'  Exit Code: C3E8302D!_HRX! (The worker process failed to initialize itself in the maximum allowable time.!_HRM!).
  Cause: This could happen due to low resource conditions or insufficient privileges.
  Resolution:
  Try restarting the server. If the problem persists contact Product Support Services.
  event id: 12330 source LS Server
  and 
  An exception caused the process to stop.
  Exception Details. System.ApplicationException: Failed to start Fabric Pool Manager.
     at Microsoft.Rtc.AppDomainHost.Launcher.Initialize(String[] args)
     at Microsoft.Rtc.AppDomainHost.Launcher.Main(String[] args)
  Cause: Check the eventlog description.
  Resolution:
  Examine prior event log entries to find and resolve the problem. If the problem persists contact product support.
  event ID 500006 Source LS AppDomain Host Process
  When I try this powershell command  Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery -poolfqdn poolfqdn
  I have this message
  Reset-CsPoolRegistrarState : Could not connect to any server in Pool lync2013servername during Phase 1.
  At line:1 char:1
  + Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Reset-CsPoolRegistrarState], Exception
      + FullyQualifiedErrorId : Error resetting fabric state. For details, see inner exception.,Microsoft.Rtc.Management.Hadr.ResetPoolFabric 
     StateCmdlet
  Can you help me please

  Have you check your Sql database? Maybe a problem with correct accessing the SQL Database.
  How looks you Lync pool? Enterprise, Standard, how much FE server?
  regards Holger Technical Specialist UC

• Network ports between Lync front end pools

  Dear All,
  One of my client have two lync front end pools, at present all the ports are opened between these two pools, now we want to restrict the network ports between the pool servers.
  please help me to, which are the ports need to open between different lync front end pools.

  There's a bunch of them, take a look at the resources below:
  Ports and protocols for internal servers in Lync Server 2013 https://technet.microsoft.com/en-us/library/gg398833(v=ocs.15).aspx
  Lync Firewall Rules Viewer http://blogs.technet.com/b/nexthop/archive/2012/07/03/lync-firewall-rules-viewer.aspx
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
  Georg Thomas | MVP (Skype for Business)
  Blog skype4bexpert.com | Twitter
  @georgathomas
  Lync/Skype for Business Edge Port Check (Beta)
  This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Https front end and http backend

  Hi there....I am having a small issue....I have a web app that is https based....I have installed the cert on the CSS, and DNS for this app points to the VIP....the client is wanting to have an https front end, and then load balance in http to the backend servers....the issue I am running into is that this only works if I have an active port 80 rule on that same VIP....if I suspend the port 80 rule and only leave the port 443 rule active on that VIP, it doesn't work....please see appropriate config portions below....Thanks in advance!
  Sandeep
  ANy suggestions? I have been trying this for a couple of days now...it works fine if the backend sessions are also https, but the client has changed their requirement....
  ssl-proxy-list SSL1
  ssl-server 1
  ssl-server 1 rsakey app1-test
  ssl-server 1 rsacert app1-test
  ssl-server 1 vip address 10.19.55.10
  ssl-server 1 cipher rsa-with-rc4-128-md5 10.19.55.10 81
  backend-server 1
  backend-server 1 port 81
  backend-server 1 server-ip 10.19.55.132
  backend-server 1 ip address 10.19.55.132
  backend-server 2
  backend-server 2 port 81
  backend-server 2 server-ip 10.19.55.133
  backend-server 2 ip address 10.19.55.133
  backend-server 3
  backend-server 3 port 83
  backend-server 3 server-ip 10.19.55.132
  backend-server 3 ip address 10.19.55.132
  backend-server 4
  backend-server 4 port 83
  backend-server 4 server-ip 10.19.55.133
  backend-server 4 ip address 10.19.55.133
  backend-server 5
  backend-server 5 port 85
  backend-server 5 server-ip 10.19.55.132
  backend-server 5 ip address 10.19.55.132
  backend-server 6
  backend-server 6 port 85
  backend-server 6 server-ip 10.19.55.133
  backend-server 6 ip address 10.19.55.133
  active
  service webserver002:81
  ip address 10.19.55.132
  port 81
  keepalive port 2199
  keepalive type tcp
  protocol tcp
  active
  service webserver003:81
  ip address 10.19.55.133
  port 81
  keepalive port 2199
  keepalive type tcp
  protocol tcp
  add ssl-proxy-list SSL1
  active
  service webserver002:83
  ip address 10.19.55.132
  port 83
  add ssl-proxy-list SSL1
  keepalive port 2399
  keepalive type tcp
  protocol tcp
  active
  service webserver003:83
  ip address 10.19.55.133
  port 83
  keepalive port 2399
  keepalive type tcp
  protocol tcp
  add ssl-proxy-list SSL1
  active
  service webserver002:85
  ip address 10.19.55.132
  port 85
  add ssl-proxy-list SSL1
  keepalive port 2599
  keepalive type tcp
  protocol tcp
  active
  service webserver003:85
  ip address 10.19.55.133
  port 85
  keepalive port 2599
  keepalive type tcp
  protocol tcp
  add ssl-proxy-list SSL1
  active
  service SSL_Front
  slot 2
  type ssl-accel
  keepalive type none
  add ssl-proxy-list SSL1
  active
  owner app1-test
  content app-test_back
  vip address 10.19.55.10
  add service webserver002:81
  add service webserver003:81
  add service webserver002:83
  add service webserver003:83
  add service webserver002:85
  add service webserver003:85
  balance aca
  protocol tcp
  port 81
  active
  content app1-test_front
  vip address 10.19.55.10
  application ssl
  add service SSL_Front
  protocol tcp
  port 443
  advanced-balance ssl
  balance aca
  active

  Thanks for the quick reply....there is another port 80 rule setup for that vip....I was using that to test with the app until I got the front end https rules working....
  my port 80 rules just says listen to 10.19.55.10 on port 80 and load balance btwn the webervers on port 8x in the back end...
  I am trying to do https front end and http backend....
  no where in my SSL config have I configured port 80....but when I suspend that rule it all fails....
  I am wondering if the backend server sessions are happening properly?
  I don't fully get what you mean by "You need to have the rule in port 443 to match traffic coming from the client and the clear text rule (port 81) to match traffic already decrypted coming from the SSL module"
  Haven'tI done that?
  Thanks again!
  Sandeep

• What is BW Front-end and Whats BW Back-end? Technica ? Functional?

  Hi Gurus,
  Can some one throw light on the diff between a BW Front-end and BW BAck-end? How will u diff the responsibilities of a Functional BW Consultant and Technical BW Consultant?
  thanks
  kishore karnati

  Hi,
  BW Front end is the one that deals with reporting. Eg: BEx
  BW back end is the one that deals with the components that stores data which is used for the reporting purpose.
  Eg: R3
  Functional consultant comes into picture when there is a need to understand the functional aspects of a requirement, say for example, you have a requirement to use Sales Order in your BW application, as a pure BW person, you wont know what a Sales Order is about. A functional consultant has the ability here to map the sales order requirement in the BW application. This means that, he knows what field and what table this sales order relates to. This way, a functional consultant maps the user requirements to the technical detail in the system.
  A pure BW consultant is one who knows how to setup data extraction from source system , how to build various components in a BW system, how to schedule a load, how to troubleshoot in case of any issues in the BW application.
  Hope this helps..
  Assign points if this helps...
  Thanks,
  Raj

• Authentication with UME separation of front end and back end

  My webdynpro project has 2 application. One for Admin one for Rating.
  Is it possible to create a java class at Webdynpro level and share it between the 2 applications?
  Why the need?
  Created a custom class (lets called it CommonEJB), to point to the right pages and set of UI controls after the initial login with UME. This class utilizes the IWDClientUser.getSAPUset() method to get IUser object.
  If it is not possible to create a java class at Webdynpro, then this ejb will need to be deployed to the backend.
  Putting it at the backend is not good as security wise, its always better to separate the authentication between front and back end.
  Any ideas/solutions?
  thanks

  s0003358504
  au-?Krup
  LDAP
  ==============================================
  Computer Associates Int'l  [eTrust Directory]  
  Critical Path  [CP Directory Server (CP DS)]  
  Microsoft  [Windows 2000 Active Directory Server]  
  Microsoft  [Windows 2003 Server - Active Directory]  
  Netscape Communications  [Netscape Directory Server]   
  Novell  [DirXML Driver for User Management]  
  Novell  [Novell DirXML Driver for SAP HR/PA]  
  Novell  [Novell eDirectory]  
  Oracle Deutschland  [Oracle Internet Directory (OID)]  
  Siemens  [DirX Directory Server]  
  Siemens  [DirX Extranet Edition]  
  Sun Microsystems  [Sun Java System Directory Server] 
  •     Test Objectives
  •     Testing Scope
  •     Test Approach
  •     Test Environment
  •     Test Data
  •     Entry / Exit Criteria
  •     Risks
  •     Schedule and Resources
  •     SIT Deliverables
  •     Test Planning Source Documents
  Well, i wish to create a java class that can separate the view areas depending on their login.
  lets say you're a manager, u can see certain views. and if you're a supervisor u see another. This is achieved using the java class with information from getSAPUser() position. After retrieving the position, using the java class will programmatically assigned the appropriate views, buttons, tabs etc.
  so this class need to in front end, and not back end. problem is we have 2 application.
  if the class is created front end in one application can it be shared with another.

• Front end and console ports are down for switch WS-C3750X-48PF-S

  We have a switch WS-C3750X-48PF-S in the stack and front end and console ports stopped working and are down.
  I have tried to replug power cable but this didn't help, please let me know if I could replug stack power for this switch without outage of other switches in the stack, since switches are connected into the ring
  Please let me know what might be the possible root cause
  #sh switch stack-ports 
    Switch # Port 1 Port 2 
      2 Down Ok 
      3 Ok Ok 
      4 Ok Down   

  Hello,
  There is a problem with the stacking connection between switch 4 and 2. Can you try replacing the stacking cable between these switches?

• Hello there, I am creating a database of all our companies press contacts. I would like to create a form that would act as the front end and feed the database which is obviously the back end. The database is in Access 2013. My question is to whether this

  Hello there, I am creating a database of all our companies press contacts. I would like to create a form that would act as the front end and feed the database which is obviously the back end. The database is in Access 2013. My question is to whether this is indeed possible?

  This forum thread appears to point towards the problem.
  Re: Unable to Switch Audio Sync Settings

• Connecting to SQl server ( MS acess front end) and pull the data into BI

  Dear all,
  i need to extract the data from SQl server ( MS acess front end) and pull the data into BI .
  i need to know what are the steps need to follow on this..
  can any one help me on this...!
  Thanks,
  Siva

  Hi,
  1. login to sql server u2013 with ur server credentials  and connect.
  2. select ur sql for ex: sap bw
  3. Right click u2013 sapbw - task - export data  From sql to excel I m exporting So give sql details 
  4. Destination u2013 select excel.. and browse where u want to save the fileu2026
  5. give next
  6. select from which table u want to export
  7. click on  next
  8. click on finish
  9. close
  10. go to desktop and open the xyz.xls file
  11. not make it as csv file and load the data to BI as a flat file
  Hope it will help you.
  Regards,

• Lotus notes as a front end and oracle as backend

  Dear All,
  Can i use lotus notes as a front end and oracle as backend atleast for few forms in my application.
  If Yes how to go about it.
  I have not tried it even once
  Kindly also advice if this is appropriate forum to ask this question
  Best Regards,
  Devendra Shelke

  Dear All,
  Context for asking above question :
  We use Form 6i and Report 6i, Application Server 9i and 9i DB.
  But for some forms we want the user to enter the data through Lotus Notes but get updated in 9i DB used by Form 6i.
  Best Regards,
  Devendra