Merge Lync 2013 Edge servers in same pool

Similar Messages

• What is best recommendstion for DNS LB for lync 2013 Edge servers

  What is best recommendation for DNS LB for lync 2013 Edge servers ?. We have F5 LB for edge and want to decide if we can go with DNS base LB for Edge servers.
  Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com

  It will be better to Use Hardware Load balancing (F5).
  If you choose to use DNS load balancing for a pool but still need to implement hardware load balancers for traffic such as HTTP traffic, the administration of the hardware load balancers is greatly simplified. For example, configuring the hardware load balancer
  will be simpler as it will only manage the HTTP and HTTPS traffic, while all other protocols will be managed by DNS load balancing
  Also for more info., you can check below links
  http://technet.microsoft.com/en-us/library/gg615011.aspx
  http://technet.microsoft.com/en-us/library/gg398634.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Topology not replicating to Lync 2013 Edge servers

  Hello all,
  I have installed Lync 2013 with a FE Pool (three servers HW Load Balanced), Director Pool (two servers HW Load Balanced), and an Edge Environment (2 servers, in DMZ, member of a work group, also HW load balanced).  All servers are Windows 2012
  server (not R2).
  I am able to login remotely and have green checks across the board at
  https://testconnectivity.microsoft.com.  So things are looking good.
  My issue is that I am unable to replicate to my Edge servers from the FE.  I am not seeing errors in the event viewer, just a big red 'x' on the topology tab in the control panel for the Edge servers.  Also, when trying to force replication
  the Edge servers continue to show 'False'.
  Here are things I have done/checked to resolve this - so I need your assistance please:
  1. From the FE, I can visit
  https://EdgeFQDN:4443/replicationwebservice  - there are no errors, no certificate errors so things look good
  2. I have verified that I the Edge servers have the domain suffix added to them. The HW Load balancer is configured as the EdgeInternal.domain.com entry and the physical edge servers are named Edge01 and Edge02 (obviously with the domain suffix added). 
  So this seems correct based on recommendations.
  3. I have added the following reg keys to all Lync Servers in the org
  HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL ->DWORD ClientAuthTrustMode Value=2 and SendTrustedIssuerList DWORD Value: 0
  I am trying to avoid having to resort to this as possible resolution -
  http://ucken.blogspot.com/2012/04/resetting-lync-cms-replication.html, but if this is my next step, please let me know.
  May be useless info, but here it is anyway....
  One thing I will mention - during my setup, I setup Kerberos Authentication for Lync 2013.  I followed
  http://howdouc.blogspot.com/2011/07/kerberos-web-authentication-for-lync.html and
  http://technet.microsoft.com/en-us/library/gg398976.aspx to configure this. 
  I am unable to access the RtcReplicaRoot\xds-replica directory on the primary FE server or any other lync server for that matter.  I assume this is because it is locked down to the Kerberos account that
  was created.  However, I am unable to run the command "Set-CsKerberosAccountPassword -FromComputer FEFQDN.Domain.com -ToComputer EdgeFQDN.Domain.com".  Obviously
  this fails because the Edge servers are in a workgroup and cant see the Kerberos account that was created.  Would this break the replication?   Just thinking outloud...
  Thanks in advance for any input.
  Wall

  Michael, Thank you for your response.  We are currently in coexistence with a Lync 2010 environment. 
  Our environment consists of a European domain and a North American domain, both in the same forest.  The European environment has had 2010 up and running for a couple of years and we (North America) just installed 2013 Lync.  The EU domain has
  many domain names they support (.uk, .net, .ie, etc.)  NAm only manages .com domain name space.
  I tell you this because I have configured the NAm environment to support only .com (save $ for SSL UCC licensing) and to provide separate paths to our services.  There is a EU site and a NAm site in the Lync topology.  The issues are with the FE
  servers in NAm. 
  Based on your response above, the NAm servers are fine with your suggestions in #2 and #3.  The CMS database is still on 2010 in the EU site.
  Given that the NAm domain is configured to support only .com domain namespace, I am worried that moving the CMS to NAm FE's as it would break EU's ability for federation.
  Any guidance or expertise is greatly appreciated.
  My ultimate goal is to have NAm employees authenticate to their Edge servers in the site and EU to authenticate to their respective Edge Servers.  Also, I have read that we can only have one Edge pool responsible for Federation in the Lync org. 
  I assume that we will have to keep federation going through EU as they have the SSL certs for all domains configured in their environment.  Just a little confused before I make any changes.
  Wall

• Lync 2013 Edge Certificates

  We are planning to deploy 2 lync 2013 edge servers with F5 HLB. Can we deploy internal Certificates on LYNC 2013 Edge servers ( SIP, WebConf, and AV) and deploy external wild card certificate (Public CA) on F5 external interface, so the external users
  can be validated on F5 with public certificate and F5 can trust Edge servers in DMZ?
  Is this solution works or do we need only public certificates on Edge servers?
  Tek-Nerd

  Hi Tek-Nerd,
  Agree with others.
  I’m afraid that if you use wild card certificate on F5, the external users might not be able to access the Lync Server.
  From
  https://technet.microsoft.com/en-us/library/gg398692.aspx
  “Microsoft Lync Server 2013 uses certificates to mutually authenticate other servers and to encrypt data from server
  to server and server to client. Certificates require name matching of the domain name system (DNS) records associated with the servers and the subject name (SN) and subject alternative name (SAN) on the certificate. To successfully map servers, DNS records
  and certificate entries, you must carefully plan your intended server fully qualified domain names as registered in DNS and the SN and SAN entries on the certificate.”
  Best regards,
  Eric
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Maximum number of Edge servers within a Pool for Lync 2013

  I see no reference as to the maximum number of Lync Edge servers within a pool. Does it follow the same as that of the Front End, and so, no more than 12 per pool?
  Also, can you have more than one edge pool within the same data center? I don't see why not, though validation is needed.
  Thanks,
  Christian
  Christian Frank

  Maximum no. Edge Servers 12,000 concurrent remote session
  You can refer below link for more info. about capacity
  http://technet.microsoft.com/en-us/library/gg615015.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Lync 2013 Edge server compatibility with Lyn 2010 Front end Pool

  Hi All,
  Technet article (http://technet.microsoft.com/en-us/library/jj688121.aspx) says the following:
  If your legacy Lync Server 2010 Edge Server is configured to use the same FQDN for the Access Edge service, Web Conferencing Edge service, and the A/V Edge service, the procedures in this section are not supported. If the
  legacy Edge services are configured to use the same FQDN, you must first migrate all your users from Lync Server 2010 to Lync Server 2013, then decommission the Lync Server 2010 Edge Server before enabling federation on the Lync Server 2013 Edge Server.
  Can you tell me why it is you have to change the External Lync Web services URL during a migration to Lync 2013 from Lync 2010. What purpose does this serve?
  Also can you clarify this and explain why this is required, why would you have to migrate all of your users, would a Lync 2013 Edge not talk to a Lync 2010 front-end?
  Any help would be much appreciated. MANY THANKS.

  Thank you very much for all your inputs.
  We still have few questions:
  Questions:
  Can you tell me if Lync 2010 users will be able to login using mobility if we repoint the reverse proxy (TMG) web services publishing rule to the Lync 2013 server? Remember both systems Lync 2010 and 2013 are using the same web
  services URL so they will both end up at the Lync 2013 server. Alternatively if not we will migrate all users to 2013, this is not a problem
  In addition to this I cannot find anything that states how Exchange UM will operate when you are running from a backup pool and the exchange UM contacts are not available because they are homed on the server that is down. This
  configuration is 2 x standard edition servers pool paired. How can we make sure Exchange voice mail works during a pool failover?
  Call Park is not clear to me I read the following:
  Lync Server 2013 provides new disaster recovery mechanisms in the form of failover and failback processes. These failover and failback processes support recovery of Call Park functionality by allowing
  users who are homed in the primary pool to leverage the Call Park application of the backup pool when an outage occurs in the primary pool. Support for disaster recovery of the Call Park application is enabled as part of the configuration and deployment of
  paired Front End pools.
   Is this saying we need to deploy Call Park in the DR pool and use a different range of orbit numbers, or can we use the same range in the DR pool?
  Further, I can see that Common Area Phones will be fine as they will log into the DR pool automatically. Response Groups need to be exported and imported to the DR pool. Incidentally these did not migrate well at all and have
  caused us a big headache!
  Any inputs will be greatly appreciated. Thanks again for all of your time.

• Lync 2013 Edge and Reverse proxy on same server with SNI

  Hello
  I cannot find information if it is possible to create a single Lync 2013 Edge server with a Reverse proxy on the same server?
  Would it not be possible to share port 443 with SNI support? That way we could use only one public IP?
  Thanks!

  Sorry, it doesn't work.  Remember that 443 isn't HTTPS for the Edge.  If you went with the single IP model for the edge, 443 would be used for the A/V role which would be STUN/TURN. 
  The edge will always want to listen on 443, it just doesn't work to collocate a reverse proxy.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Lync 2013 Edge Server Deployment

  We have already deployed 5 Frontend Server (1 Standard Server and 1 Pool with 4 FE Servers) and one Edge Server some Days ago. Now we are trying to Setup another Lync 2013 Edge Server and get stucked.
  When we try to Import the Configuration File, which we had exported from a Frontend Server (export-Csconfiguration..) we get the following error:
        Cannot open database "xds" requested by the loging
  We can publish the topology on the Frontend Server without Errors.
  We have already deinstalled all the lync and SQL componentes and tried again  - no success
  Best regards
  Bueschu
  Bueschu

  On reviewing the error and confirming the backup service was started, in order to resolve the issue the following actions were performed.
  1. In the Lync Topology Builder remove the front end resiliency settings that were previously applied and publish the topology.
  2. Connect to each front end server that comprises the pool pairing and run step two of the deployment wizard, by performing this the replicator and backup services will be removed and essentially the pairing will be broken.
  3. In the topology Builder re-apply the resiliency settings and publish the topology in order to recreate the pairing.
  4. Connect to each front end server that comprises the pool pairing and run step two of the deployment wizard, by performing this the replicator and backup services will be added again. Once the deployment wizard is completed, ensure the
  backup services are started on each front end and ensure the Invoke-CSBackupServiceSync PowerShell commands are run as per the "What to do next" information.
  5. In the Lync Server Mangement Shell run the "Get-CsBackupServiceStatus -PoolFqdn yourpool.domain.local" and ensure the services is operating in a normal state for both front end servers.
  That's it, the deployment wizard and associated xds database access error should now be cleared.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Lync 2013 Edge - Windows Standard 2012 - Set-CSCertificate gives me "The buffer supplied to a function was too small."

  Hello,
  I'm having some issues during the installation of our new Edge 2013 server, specifically when trying to assign the external certificate.
  We have a Lync 2010 deployment already, and this is a step in the migration to the new version.
  On the 2010 Edge server, we have a Geotrust SAN certificate currently which it has been running nicely with for the past couple of years since we installed it.
  However, after trying to assign the certificate to the Lync 2013 Edge server, it just keeps giving me "set-cscertificate : Command execution failed: The buffer supplied to a function was too small."
  If I request a certificate from our Internal CA, it assigns fine and there's no problem - however I've gone over all the Subject Alternate Names on the Geotrust Cert and all of them are present, the certificate was exported and imported with the private
  key so that should not be the issue either. The common name on them are the same, and all the SAN's are there, along with quite a few others (Though I expect this should not present any problems.)
  We didnt have the intermediate Geotrust CA in the "Intermediate Certification Authorities" list, so I've imported that along with a current CRL but it still refuses to assign the certificate.
  Trying to find some more details on the error message seems rather futile - some more details to the error messages would have been helpful, but I'm hoping someone here might be able to give me a hand in diagnosing the actual issue.
  Thanks in advance,
  Johan

  In our case we traced the problem to the version of the certificate template. We could not utilize a v3 template from our Enterprise CA. Once the CA administrator configured and granted us the permissions to a v2 certificate template we were able to successfully
  assign a certificate to Lync.
  The problems comes in regarding the cryptography provider of the certificate template. Certificates based upon a v2 template utilize CryptoAPI (Cryptography API), and v3 templates utilize CNG (Cryptography API: Next Generation) as the cryptography
  provider.
  Lync Server 2010 and 2013 it appears, do not seem to utilize v3 certificates properly. This article explains how to determine which version of cryptography provider is being used by for the certificates in your environment:   http://www.ehloworld.com/751.
  You may consider checking the template version of your certificate to see if that helps your situation, perhaps Geotrust can reissue you a v2 certificate if necessary.
  Further background info:  http://msdn.microsoft.com/en-us/library/windows/desktop/bb931355(v=vs.85).aspx
  Regards,
  Jason
  Jason Hindson

• Lync 2013 edge-no reverse proxy question

  I deployed lync 2013 edge server and no reverse proxy yet.I am trying to connect from my windows 7 machine with no luck and I can see a top reset on the firewall,my question is is reverse proxy required for the normal client to connect and do basic IM?
  Plz confirm.thx

  *****Update**********
  now when i am trying to test connevity using microsoft connecvitry analyer i am getting error realted to the external certifictare stating that " certificate couldn't be validated because SSL negotiation
  wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation." with UC troubleshotter i am getting the same.any idea?
  PS certificate is from Digi
  cert and i have checked the installation with thier tool and all was green
  regards
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with
  the certificate installation.

• Lync 2013 Edge Server Issues

  Forgive me if this question sounds rather "entry level", I have never worked with Lync and this project was handed to me by my boss, who hasn't worked with Lync either.
  I have been reading various posts and forum messages until I went cross eyed about setting up Lync 2013 Edge server correctly.  I am still running into some questions and issues with the Access, Web, and A/V services starting.  Here is my main
  question, and below is my setup. 
  Question:
  Is there a need for both an external and internal nic card IF all three external IP's for the external services are programmed at the firewall and router to go directly to 1 internal IP address?
  Setup:
  Currently I have 1 FE-Standard server that also acts as the Mediation Server, and 1 Edge Server both of which are virtual and running Server 2012.  Originally I did have 2 network cards setup, as all other documentation suggested, 1 external and 1 internal. 
  However my boss, who setup the DNS/Firewall entries stated to remove the External Card since the external address that was setup for the 3 services was routed to 1 internal address. The Access Services, Web Services, and A/V services are all running on three
  separate ports with their own unique FQDN- 443, 444, and 445.  The cert that was deployed is a wild card cert from GoDaddy, this has been used by other servers that point inside and outside without issues.  
  Issues and Errors Messages:
  I have run into a few different issues and error messages from the Event Viewer:
  System
  Provider
  [ Name]
  LS Protocol Stack
  EventID
  14352
  [ Qualifiers]
  50153
  Level
  2
  Task
  1001
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2013-09-09T15:44:51.000000000Z
  EventRecordID
  2885
  Channel
  Lync Server
  Computer
  edgesvr01
  Security
  EventData
  0xC3E93C0A
  SIP_E_STACK_TRANSPORT_FAILED
  System
  Provider
  [ Name]
  LS Server
  EventID
  12303
  [ Qualifiers]
  50152
  Level
  2
  Task
  1000
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2013-09-09T15:44:51.000000000Z
  EventRecordID
  2884
  Channel
  Lync Server
  Computer
  edgesvr01
  Security
  EventData
  80072741
  The requested address is not valid in its context.
  System
  Provider
  [ Name]
  LS Protocol Stack
  EventID
  14336
  [ Qualifiers]
  50153
  Level
  2
  Task
  1001
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2013-09-09T15:44:51.000000000Z
  EventRecordID
  2883
  Channel
  Lync Server
  Computer
  edgesvr01
  Security
  EventData
  TLS
  external IP address that is now used now
  5061
  Please help, I am at a loss as to where to go from here.

  Thanks for the quick responses. 
  I have re-enabled the external NIC.  All services are running now.  When I ran the Remote Connectivity tester this was the outcome.
  Testing remote connectivity for user: username@domain... to the Microsoft Lync server.
   Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
  Test Steps
  Attempting to resolve the host name lync.metisconnect.com in DNS.
   The host name resolved successfully.
  Additional Details
   IP addresses returned: xxx.xxx.xxx.xxx (external address)
  Testing TCP port 443 on host: host fqdn to ensure it's listening and open.
   The port was opened successfully.
  Testing the SSL certificate to make sure it's valid.
   The certificate passed all validation requirements.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server host fqdn on port 443.
   The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
   Remote Certificate Subject: CN=*.ourdomain.com, OU=Domain Control Validated, Issuer: SERIALNUMBER=######, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona,
  C=US.
  Validating the certificate name.
   The certificate name was validated successfully.
  Additional Details
   The host name that was found, lync.metisconnect.com, is a wildcard certificate match for common name *.ourdomain.com.
  Certificate trust is being validated.
   The certificate is trusted and all certificates are present in the chain.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.ourdomain.com, OU=Domain Control Validated.
   One or more certificate chains were constructed successfully.
  Additional Details
   A total of 1 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
  Analyzing the certificate chains for compatibility problems with versions of Windows.
   Potential compatibility problems were identified with some versions of Windows.
  Additional Details
   The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
  Testing the certificate date to confirm the certificate is valid.
   Date validation passed. The certificate hasn't expired.
  Additional Details
   The certificate is valid. NotBefore = 7/31/2013 4:02:03 PM, NotAfter = 7/31/2014 4:02:03 PM
  Testing remote connectivity for user username@domain to the Microsoft Lync server.
   Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
    Tell me more about this issue and how to resolve it
  Additional Details
   Couldn't sign in. Error: Error Message: Operation failed because the network connection was not available..
  Error Type: ConnectionFailureException.
  External calls from a 3g/4g data connection are not connecting when using the Lync call feature to an internal users Lync Client.  Outcome is: Connecting Call and No Audio.  Then call ends.

• Lync 2013 Edge replication not working

  hi, I have a Lync 2013 Edge replication issue - it is simply not working.
  UpToDate           : False
  ReplicaFqdn        : LyncEdge.contoso.com
  I have already checked the following:
  1) telnet from FEP servers to the Edge sever on port 4443 is working
  2) Certificates are installed correctly - Lync Federation, Voice/Video to Skype, Lync Mobile is all working fine.
  3) Replication traffic checking showing the following error in XDS logs:
  (000000000126DB35)[FileTransferTask(11, 9/03/2015 2:44:24 PM): {TASK_NOT_STARTED, fromReplica, [lyncedge.contoso.com, HttpsWebService, 4443], 0}] Failed to copy files from replica. Exception: [System.ServiceModel.Security.MessageSecurityException: The HTTP
  request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace:
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.Rtc.Xds.Replication.Common.IReplicationWebService.DownloadFiles(String senderFqdn, String sourceDirPath, String tempDirPath)
     at Microsoft.Rtc.Xds.Replication.FileTransfer.FileTransferTask.CopyFilesFromReplicaUsingWcf(String fromDir, String tmpDir, String toDir)]
  I have checked certificate stores: there are only 34 certificates in the Root folder and the SendTrustedIssuerList reg. key has been configured, which did not solve the issue.
  Any idea how to troubleshoot this or possible root causes?

  Try Test-CsComputer on the Frontend Servers and the Edge Servers. This should check Windows Firewall exceptions are correct. Then check permissions on your Lync fileshare. You can also try to reinstall CMS Database with the following command (user must be
  memeber of CsAdministrator group and sysadmin group of SQL Server)
  Install-CsDatabase -CentralManagementDatabase -SqlServerFqdn CMS.FQDN 
  -SqlInstanceName DBInstance -Verbose

• Lync 2013 Edge Server

  I have a few questions on setting up a Lync 2013 Edge Server.  Let me give a little background into what is going on.  My comapny currently still has the old Communicator server(1 user left to migrate to Lync!) and a Lync 2013 that is all setup
  and functional.  Our current Lync environment is only internal, since we do not have a Edge Server setup.  That is what I am task to work on now.  I have read alot of guides on how to build this server, where it needs to be placed in the DMZ,
  and what is needed for it. 
  First question - Is there a hardware spec needed for this server?
  Second question - I read that 3 public ip are needed.   What are they needed for?  So I can explain to our network guys why I need this.
  Third question - Does it matter if the Edge server is on the domain or not?  I read it shouldnt be.  I dont think it will be an issue either way for me, but its easier to manage if on the domain.
  Fourth question - Should I finish my Communicator server decom before worrying about the Edge server? 
  Final question - is there a guide on how to get rid of the Communicator Server Connections to our Lync Server?
  Thanks in advance.

  First question - Is there a hardware spec needed for this server?
  Second question - I read that 3 public ip are needed.   What are they needed for?  So I can explain to our network guys why I need this.
  Third question - Does it matter if the Edge server is on the domain or not?  I read it shouldnt be.  I dont think it will be an issue either way for me, but its easier to manage if on the domain.
  Fourth question - Should I finish my Communicator server decom before worrying about the Edge server? 
  Final question - is there a guide on how to get rid of the Communicator Server Connections to our Lync Server?
  First question- HW spec  https://technet.microsoft.com/en-us/library/gg398835.aspx
  For your reference, my edge servers happen to have 40 GB ram and 2x'E5-2690 2.9GHz' ... they don't have to be physical ... can be virtual however.
  Second - 3 IP's are recommended ... it makes it easier because you can use standard ports as opposed to straying from 443 etc. ... and it makes troubleshooting easier.  All three of the edge services include a 443 requirement - and, with SSL you can't
  just share that socket on a single IP - so, lucky service gets 443.  Also, you can segregate the traffic and see exactly what is happening.  If you only had 1 IP - many scenarios in Lync would not work (e.g., I'm at a hotel and yoru AV port is not
  allowed through the firewall). 
  Here is a wonderful reference - https://blogs.perficient.com/microsoft/2012/12/lync-scaled-consolidated-edge-public-ip-addresses/
  Third - it is recommened that it is NOT domain joined - however, it's ok that it is.  Mine IS domain joined because I have a domain in my DMZ and it assists with management (etc.) and may be required for yoru security.  Your call.  IMO, if
  you have a domain , join it.  Why not?
  RE: OCS - there is a migration path from OCS 2007 R2 to Lync 2013 as per https://technet.microsoft.com/en-us/library/gg425764.aspx   and several documents on the Internet that show the process for those who need to do so.   It's not trivial.
  Another interesting link:  http://blogs.technet.com/b/saleesh_nv/archive/2014/04/24/lync-2013-tri-co-existance.aspx

• Lync 2013 Edge Server Migration

  Hi,
  Our organisation is in the process of changing gateway providers, so we have to move our currently deployed Lync 2013 Edge Server and TMG (Lync related sites) to the new provider datacentre. We have new public and DMZ IP addresses allocated for these services
  and we can't use the current addresses.
  Has someone been through this and is there a best practice to follow to transition these services with minimal outages to the users?
  Any help would be appreciated.

  the steps that you mentioned would work. I need to add some bits in to it,
  1. Take a copy of the current Edge Server (VM) and place into the new datacentre
  2. changed the IP addressing (of services) for the Edge Pool in the Topology builder and publish/sync
  3. Change the IP address of the edge server and run the deployment wizard with "Add remove Lync server component step" 
  3. Start services
  4. Publish the Lync services on the new TMG reverse proxy
  5. Test connectivity
  http://thamaraw.com

• Lync 2013 Edge and routing algorithm

  Hi
  I have problem with Lync 2013 Edge server. I'm tring resolve problem but for now I 'm totally lost.
  Short description for a problem:
  What works:
  IM and presence communication to Internet and federation
  A/V conferences with remote users and federated organizations.
  File transfer to remote users and federated org.
  What doesn't work:
  Audio and video P2P connections to remote user and federated org. SIP signalization works, but media connection doesn't.
  Tracing at wireshark shows that Edge server trying establish stun connection to INTERNAL clients on EXTERNAL interface.
  Persistent route for internal subnets are added to routing table on server.
  All ports are opened on firewall between DMZ and LAN.
  I can ping and connect via RDP to stations on internal network.
  Why  A/V Edge service trying establish connection on external interface ?
  What is algorithm/mechanism for network interface selection
  Regards
  Mawik

  Hi,
  Please check if all server settings were correct (check if Global Settings had the A/V Edge server defined and assigned as the A/V Authentication Service in the pool properties).
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support