Management Store Replication to Edge Servers

Similar Messages

• Topology not replicating to Lync 2013 Edge servers

  Hello all,
  I have installed Lync 2013 with a FE Pool (three servers HW Load Balanced), Director Pool (two servers HW Load Balanced), and an Edge Environment (2 servers, in DMZ, member of a work group, also HW load balanced).  All servers are Windows 2012
  server (not R2).
  I am able to login remotely and have green checks across the board at
  https://testconnectivity.microsoft.com.  So things are looking good.
  My issue is that I am unable to replicate to my Edge servers from the FE.  I am not seeing errors in the event viewer, just a big red 'x' on the topology tab in the control panel for the Edge servers.  Also, when trying to force replication
  the Edge servers continue to show 'False'.
  Here are things I have done/checked to resolve this - so I need your assistance please:
  1. From the FE, I can visit
  https://EdgeFQDN:4443/replicationwebservice  - there are no errors, no certificate errors so things look good
  2. I have verified that I the Edge servers have the domain suffix added to them. The HW Load balancer is configured as the EdgeInternal.domain.com entry and the physical edge servers are named Edge01 and Edge02 (obviously with the domain suffix added). 
  So this seems correct based on recommendations.
  3. I have added the following reg keys to all Lync Servers in the org
  HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL ->DWORD ClientAuthTrustMode Value=2 and SendTrustedIssuerList DWORD Value: 0
  I am trying to avoid having to resort to this as possible resolution -
  http://ucken.blogspot.com/2012/04/resetting-lync-cms-replication.html, but if this is my next step, please let me know.
  May be useless info, but here it is anyway....
  One thing I will mention - during my setup, I setup Kerberos Authentication for Lync 2013.  I followed
  http://howdouc.blogspot.com/2011/07/kerberos-web-authentication-for-lync.html and
  http://technet.microsoft.com/en-us/library/gg398976.aspx to configure this. 
  I am unable to access the RtcReplicaRoot\xds-replica directory on the primary FE server or any other lync server for that matter.  I assume this is because it is locked down to the Kerberos account that
  was created.  However, I am unable to run the command "Set-CsKerberosAccountPassword -FromComputer FEFQDN.Domain.com -ToComputer EdgeFQDN.Domain.com".  Obviously
  this fails because the Edge servers are in a workgroup and cant see the Kerberos account that was created.  Would this break the replication?   Just thinking outloud...
  Thanks in advance for any input.
  Wall

  Michael, Thank you for your response.  We are currently in coexistence with a Lync 2010 environment. 
  Our environment consists of a European domain and a North American domain, both in the same forest.  The European environment has had 2010 up and running for a couple of years and we (North America) just installed 2013 Lync.  The EU domain has
  many domain names they support (.uk, .net, .ie, etc.)  NAm only manages .com domain name space.
  I tell you this because I have configured the NAm environment to support only .com (save $ for SSL UCC licensing) and to provide separate paths to our services.  There is a EU site and a NAm site in the Lync topology.  The issues are with the FE
  servers in NAm. 
  Based on your response above, the NAm servers are fine with your suggestions in #2 and #3.  The CMS database is still on 2010 in the EU site.
  Given that the NAm domain is configured to support only .com domain namespace, I am worried that moving the CMS to NAm FE's as it would break EU's ability for federation.
  Any guidance or expertise is greatly appreciated.
  My ultimate goal is to have NAm employees authenticate to their Edge servers in the site and EU to authenticate to their respective Edge Servers.  Also, I have read that we can only have one Edge pool responsible for Federation in the Lync org. 
  I assume that we will have to keep federation going through EU as they have the SSL certs for all domains configured in their environment.  Just a little confused before I make any changes.
  Wall

• Purpose of certificate in the Operation manager store - ADCS server.

  Hello,
  I do have win 2003 ADCS server. When I do mmc snap in for local computer, I can see one of the certificate under operation manager expiring soon.
  Can anyone please tell me the purpose of operation manager store - ADCS server.
  Thanks

  Hi,
  The Operations Manager store is used to contain certificates which are used for securing communication between Operations Manager servers across untrusted domains.
  For more detailed information, please refer to this blog below:
  Operations Manager - Certificates from Concept to Deployment
  http://blogs.technet.com/b/denisrougeau/archive/2014/09/02/operations-manager-certificates-demystified.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• What is best recommendstion for DNS LB for lync 2013 Edge servers

  What is best recommendation for DNS LB for lync 2013 Edge servers ?. We have F5 LB for edge and want to decide if we can go with DNS base LB for Edge servers.
  Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com

  It will be better to Use Hardware Load balancing (F5).
  If you choose to use DNS load balancing for a pool but still need to implement hardware load balancers for traffic such as HTTP traffic, the administration of the hardware load balancers is greatly simplified. For example, configuring the hardware load balancer
  will be simpler as it will only manage the HTTP and HTTPS traffic, while all other protocols will be managed by DNS load balancing
  Also for more info., you can check below links
  http://technet.microsoft.com/en-us/library/gg615011.aspx
  http://technet.microsoft.com/en-us/library/gg398634.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Encrypted file deleted from edge servers

  when any user try to send encrypted files as attachment from internal to external
  edge server stripe the attachment.
  and there is no attachment filter entry for encrypted files in the attachmentfilterconfiguration.

  Hi,
  There are two types of attachment filtering to control attachments that enter or leave organization through an Edge Transport server.
  Filtering based on file name or file name extension
  Filtering based on file MIME content type
  According to your issue, please check your encrypted files name or files name extension is not in the format list of Attachment Filter Entry.
  You can use the following command to view a complete list of file name extensions and content types that attachment filtering can detect.
  Get-AttachmentFilterEntry | Format-List
  Otherwise, we can disable the attachment filtering by following command to take a test.
  Disable-TransportAgent "Attachment Filtering Agent"
  After you enable or disable attachment filtering, restart the Microsoft Exchange Transport service by running the following command:
  Restart-Service MSExchangeTransport
  To know more about how to manage attachment filtering on Edge Transport Servers:
  http://technet.microsoft.com/en-us/library/aa997139(v=exchg.150).aspx
  Best Regards.

• Central Management Store being accessed is not the active store

  We are experiencing issues with our Lync 2013 services after hardening our SQL backend. Even though we have created aliases to the backend database instances and FrontEnd servers is able to access the databases, we are having this error when performing tasks
  like enable-csuser or new-clientpolicy from powershell or Lync control panel:
  ###50023:XdsPublishItems: The central management store being accessed is not the active store. No data can be read or any changes can be made to this store.
  Any suggestions or ideas?

  Here some guidance that must be followed for Lync Servers
  http://blogs.technet.com/b/nexthop/archive/2011/04/12/using-lync-server-2010-with-a-custom-sql-server-network-configuration.aspx
  http://technet.microsoft.com/en-us/library/gg195795(v=ocs.14).aspx
  Have this been followed ?
  Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

• 2 edge servers and 2 front end servers?

  Good morning/afternoon/evening Technet,
  We're about to go to production with Lync 2013 standard with the following.
  1. 2 front end servers w/ standard edition
  2. 2 edge servers 
  We want to set it up so that 1 front end and 1 edge server will be at a location of ours a couple miles away. We want to setup the other front end and edge server at our main office. For disaster recovery purposes I know that I can keep the two front ends
  pooled but as far as the Edge servers go, would it be best to have 1 active and the other edge turned passive? Is there a way that I can put the two edge servers in the same pool?
  Thanks for all the help guys and gals!
  -Liqsh0t

  Hi,
  Each Site can use a separate Edge Server to support external login process.
  However, it is possible to use single Edge server for both pools. The user from the other site has to connect to the only edge and then route though the WAN link to go to its own pool. Access Edge is responsible for proxying SIP traffic for remote clients
  to the next hop, which can be a Director or a Lync pool.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Merge Lync 2013 Edge servers in same pool

  Hi guys.
  - We had Lync 2013 FE STD version.
  - We have added one more Lync 2013 FE STD and done front end pool pairing.
  - We had single Edge Pool, soo only 1 EDGE server being in 1 POOL.
  We wish to add another Edge server and put previous and this new Edge server in one pool.
  This is a printscreen of our current Edge Deployment.
  Because we have a federation enabled with external partners who had put in their lync configuration
  to trust to our public external address of current edge server: LyncEDGESIP.domain.com, we would like to avoid sending them new address and we have decided to keep that public address and make it EDGE POOL NAME where both edge servers would be inside.
  Now we are little bit confused/amused what to do next.
  If use LyncEDGESIP.domain.com to be FQDN of EDGE POOL with 2 two edge servers, what would we need to do with our current edge server.
  What to put for:
  Access Edge Service public address on both edge servers
  Web Conferencing Edge Service public address on both edge servers
  A/V Edge Service public address on both edge servers.
  bostjanc

  Go with cutover migration if you can take downtime. Here is the high level summary for your reference;
  Remove existing edge server from topology and publish the changes.
  Create a new edge server pool in topology builder.
  Make sure that access edge , web conference edge and AV edge name remains the same.
  Publish the topology and run the setup on both edge servers. You need to configure external and internal IP addresses based on Lync topology.
  Replicate the configuration change and run the deployment wizard.
  Import the certificate and start the services.
  Create additional DNS A records for load balancing externally.
  Thanks
  Saleesh
  If answer is helpful, please hit the green arrow on the left, or mark as answer.
  Technet Blog

• Maximum number of Edge servers within a Pool for Lync 2013

  I see no reference as to the maximum number of Lync Edge servers within a pool. Does it follow the same as that of the Front End, and so, no more than 12 per pool?
  Also, can you have more than one edge pool within the same data center? I don't see why not, though validation is needed.
  Thanks,
  Christian
  Christian Frank

  Maximum no. Edge Servers 12,000 concurrent remote session
  You can refer below link for more info. about capacity
  http://technet.microsoft.com/en-us/library/gg615015.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Multiple sites, multiple Edge servers

  How do I configure multiple Edge servers? I am working with a client that has offices in US, Europe, and Asia. There are three sites configured. Each site has it's own internet and voice provider.
  Right now they use one Edge server that is located in US. How do I add more Edge servers? Should I use different names for sip.domain.com records?
  Any way to configure that if US user in Europe, this user will automatically use Edge server that is located in Europe? Same for Asia.
  Can someone help me find documentation and/or explain how to configure it?
  Thank you.
  Thank you. Eric.

  Eric,
  Obviously when you get into global Lync deployments things get a bit more complicated.  So there are a few things you can do to mitigate issues/failover/etc.  So to the questions at hand.
  The Lync 2013 Client utilizes the Lync Discover service as the default login method.  So as I described in the above post, when the Lync 2013 Client logs in, it will resolve lyncdiscoverinternal.domain.com and lyncdiscover.domain.com before it goes
  to the SRV records like OCS/2010 Clients did.  The Lync Discover service is a web service that would be published via the reverse proxy.  In terms of your example, yes, the first time a user connects to the Lync Server they would connect to where
  ever lyncdiscover.domain.com is published. So let's say it's in the US. The client will pass XML files back and forth and go to the edge server defined for the EU Site. The next time the user logs in remotely, they will not go back to the lyncdiscover.domain.com
  as the client will cache the location it's supposed to connect in the configuration.cache file.  So yes, it would go to the US but only the first attempt (or if it's server was down).
  As for the second question.  You could utilize a global DNS solution so users in EU get directed to a Reverse Proxy in EU where lyncdiscover.domain.com is published.  US folks would go to US, etc. etc.
  Thanks,
  Richard
  Richard Brynteson, Lync MVP | http://masteringlync.com | http://lyncvalidator.com

• Can lync client use internet proxy settings to proxy edge servers, if direct access is not reachable?

  Hi everybody I am trying to Login with my lync Client out of my organization. So I am using lync as a remote user. I am in another organization, and I am using their coporate lan wired and wireless, but I cannot Login to lync in my organization.
  I see that I cannot Access my edge Server on port 443 to authenticate directly, I know that Client in this organization use Internet Proxy to browse the Internet. they have a .pac in their ie Settings.
  my question is; can lync Client use Internet Proxy Settings to reach the Destination? I mean the Access edge on port 443?
  or it can use only Client direct Access to reach the edge Servers?
  I Think that the answer is that I use tcp protocol and not http, and maybe that is the reason why I cannot use the Internet Explorer Proxy Settings to reach the Access edge Servers, different maybe is the case I Need to reach the reverse Proxy for live Meetings.
  Hope my question is clear.
  Thanks

  Proxy settings are used to tell Internet Explorer the network address of an intermediary server (known as a proxy server) that is used between the browser and the Internet on some networks.
  Lync client doesn’t use Internet Proxy Setting. You need to access the Edge service directly.
  Lisa Zheng
  TechNet Community Support

• Changing the FQDN for receive connectors on Edge servers

  Hi everyone,
  I need to make a change to the default receive connector on our edge servers. Currently they have mx1.internaldomain.intra and mx2.internaldomain.intra, I need to change this to mx1.publicdomain.com and mx2.publicdomain.com. This is primarily in order to
  get TLS to work, checktls.com shows that it cannot resolve the current names, for obvious reasons.
  These receive connectors are for receiving inbound mail from the internet only.
  The question I wanted to ask was - if I make this change, will I have to redo the edge subscription for these servers?
  Some people here seem to think edgesync will be broken if this is changed, I personally think it'll be fine. As we don't have a test environment I can't check on that, and also our DR site was configured correctly (as I configured this myself ;) )
  Does anyone have any concrete information regarding this? I have tried so many searches but they haven't produced anything definitive.
  Thanks in advance
  Andoni

  I changed this and TLS starts OK now. checktls.com produces the expected results (OK). There is no need to redo the edgesync as that's only used to pass credentials between edge and CAS/HT servers.
  Closing this post.

• Re-routing Edge servers from OCS 2007 R2 to LYNC 2010

  We have LYNC 2010 Enterprise pool with merged topology with OCS 2007 R2 Pool, using OCS 2007 R2 Edge servers. We would like to move onto LYNC 2013 and here i have some questions on Edge servers.
  1. Once I migrate all users, can i keep OCS 2007 R2 Edge servers and decommission OCS 2007 R2 pool to setup LYNC 2013 Pool? ( we have 3 Front end servers and 3 CWA servers in OCS 2007 R2 pool).
  Can i use OCS 2007 R2 edge servers for LYNC 2010 and LYNC 2013 Pools for federation and remote access?
  Thanks for your help.
  Tek-Nerd

  I've seen OCS 2007 R2 servers work for Lync 2013 internal users with some limitations.  I'm not sure what would happen if you decommission the OCS front end.  However, why not upgrade the edge as well?
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Exchange 2013 MP doesn't discover Exchange edge servers

  SCOM cannot discover exchange 2013 edge servers with the following error 
  MicrosoftExchangeDiscovery.ps1 : (198):   $res= $ds.FindOne()  
   System.Runtime.InteropServices.COMException (0x8007054B): The specified domain either does not exist or could not be contacted.
     at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
     at System.DirectoryServices.DirectoryEntry.Bind()
     at System.DirectoryServices.DirectoryEntry.get_AdsObject()
     at System.DirectoryServices.PropertyValueCollection.PopulateList()
     at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
     at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
     at System.DirectoryServices.DirectorySearcher.get_SearchRoot()
     at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
     at System.DirectoryServices.DirectorySearcher.FindOne()

  I have the same problem as well. Tried all the fixes that were done to discover Exchange 2010 Edge servers. Cant discover the 2013 Edge Server.
  See the script start;
  MicrosoftExchangeDiscovery.ps1 : Exchange Server Discovery Script
      Message: Discovery Script started.
      Arguments:  '0' '{3E7D658E-FA5E-924E-334E-97C84E068C4A}' '{26027EF2-6F9B-528B-706D-49808087F917}' 'mx2.exchange.****.***.**' 'mx2' 'PER' '' '' 'C:\Program Files\Microsoft\Exchange Server\V15\' '0' 'true'
  Then see it error;
  MicrosoftExchangeDiscovery.ps1 : (198):   $res= $ds.FindOne()  
   System.Runtime.InteropServices.COMException (0x8007054B): The specified domain either does not exist or could not be contacted.
     at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
     at System.DirectoryServices.DirectoryEntry.Bind()
     at System.DirectoryServices.DirectoryEntry.get_AdsObject()
     at System.DirectoryServices.PropertyValueCollection.PopulateList()
     at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
     at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
     at System.DirectoryServices.DirectorySearcher.get_SearchRoot()
     at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
     at System.DirectoryServices.DirectorySearcher.FindOne()
     at CallSite.Target(Closure , CallSite , Object )

• Does Lync client Inside office need to communicate with Lync Edge Servers?

  Does Lync client Inside office need to communicate with Lync Edge Servers?
  Regards

  Hi,
  Agree with David.
  Here is a similar case may help you:
  https://social.technet.microsoft.com/Forums/en-US/0c10a56a-9669-4ff3-8a76-1769afa61232/lync-client-point-to-point-av-or-conferencing-av-traffic?forum
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support