Migrating onto LYNC 2010 Edge Servers

Similar Messages

• What is best recommendstion for DNS LB for lync 2013 Edge servers

  What is best recommendation for DNS LB for lync 2013 Edge servers ?. We have F5 LB for edge and want to decide if we can go with DNS base LB for Edge servers.
  Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com

  It will be better to Use Hardware Load balancing (F5).
  If you choose to use DNS load balancing for a pool but still need to implement hardware load balancers for traffic such as HTTP traffic, the administration of the hardware load balancers is greatly simplified. For example, configuring the hardware load balancer
  will be simpler as it will only manage the HTTP and HTTPS traffic, while all other protocols will be managed by DNS load balancing
  Also for more info., you can check below links
  http://technet.microsoft.com/en-us/library/gg615011.aspx
  http://technet.microsoft.com/en-us/library/gg398634.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Finally about to decomission the Lync 2010 Edge. Small question

  Getting ready to finally decommission our Lync 2010 Edge in favor of a 2013 Edge. The only reason I have kept the 2010 Edge around was because we still have a single 2010 FE server. All our users are on 2013 FE servers so the 2010 FE is just sitting there
  do nothing. I thought it was best practice to remove the 2010 Edge first and then decommission the 2010 FE.
  Does it really matter which server I decommission first? I can't see how but thought I would ask. I am sure there are companies that have 2013 Edge servers with a mix of 2010 and 2013 FE servers but it doesn't hurt to ask I guess.

  Hi shadowtuck,
  In general, you could decommission the Edge server first.
  I don’t think this is a problem, all the Lync 2010 Servers are not working.
  And there’s a document about
  Uninstalling Microsoft Lync Server 2010 and Removing Server Roles
  for your reference.
  http://www.microsoft.com/en-us/download/details.aspx?id=18692
  Best regards,
  Eric

• Lync 2010 Edge Certificate Assigning issue.

  Hello,
  We are facing issue in assigning Public certificate for Lync 2010 Edge server.
  Where as i able to successfully import the certificate from Deployment wizard, but when assigning the same not able to view the certificate which is successfully imported from same wizard.
  Please suggest to fix this issue.
  FYI: I am able to view the certificate in the Local account certificate container.

  Try importing the certificate using the DigiCert's Certificate Utility: https://www.digicert.com/util/ 
  works for certificates issued by other Certificate Authorities. 
  After the cert is Imported, run the key test from the DigiCert's Certificate Utility. Run Step 3 again (Lync  Server Deployment Wizard) and select "assign" to use the new certificate.
  Please mark posts as answers/helpful if it answers your question.
  Blog
  Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

• Live Migration of Lync 2010 Servers

  Hello we have a new Hyper-V 2012R2 3-node cluster.  We are currently running our 02 nodes of Lync servers (DI, ED, etc...) and would like to know if MSFT has officially sanctioned live migration of Lync Servers.  In 2008R2 it was explicitly defined
  not to migrate certain workloads such as Exchange, SQL and Lync servers.  What is status on 12R2 and if approved is there an official document stating such as I haven't found.
  Thanks,

  Live Migration is not supported for Lync 2010 or 2013 servers. I'm not sure if there is an official doc for 2010, but here's the doc for 2013:
  http://www.microsoft.com/en-us/download/confirmation.aspx?id=41936
  They also recommend that you turn off hyperthreading and NUMA, although I think it's technically supported to leave them on.
  Eric Siron
  Altaro Hyper-V Blog
  I am an independent blog contributor, not an Altaro employee. I am solely responsible for the content of my posts.

• Lync 2010 Edge and TMG

  I have an issue where a large group of users (about 2k) have been 'migrated' into my environment without first migrating their accounts in AD.  Basically, accounts were created internally and they are just connecting to my Lync 2010 and Exchange 2010
  environment through the internet. 
  Problem is, when they leave their current network, they hit my TMG 2010 servers from a single IP address.  This triggered TMGs Flood Mitigation settings and their IP was blocked.  I fixed this by creating an exception for their IP address
  and bumping up the number of allowed tcp and http connections per minute.
  Now, we are still having issues with users that attempt desktop and application sharing.  Their sessions close sporadically. 
  My primary question is, has anyone ever attempted this type of solution before, allowing thousands of users external access from a single IP address through TMG and Lync Edge?  If so is it supported and what type of issues might I need to look
  for?    Does the Edge role also have restrictions on how many connections can be made by a single IP address from the internet?

  Hi Ray,
  I'm pretty sure TMG is generally not the external endpoint publishing the AV/Sharing capabilities unless it is drastically different in your environment (or if TMG is your outer most firewall)
  Usual setup for reverse proxy is :
  Firewall1 (outer most) <---> DMZ <----> Firewall2 (TMG?) ---> Corp
  Firewall 2 publishes web services.
  Edge usually looks like:
  Firewall1 (outer most) <---> DMZ <----> Edge Access/AV/WebConf ---> Corp
  Can you confirm if TMG is your outer-most firewall? If it is then check if your edge has one or multiple IPs. Then check the publishing for those IPs and make sure they adhere to the exception you created. In addition, check the Firewall on the edge server
  itself.
  If TMG is not your outer-most firewall (if Firewall1 is some other device) then please check the intrusion protection on the Firewall1 device and allow for exception in there as well.
  Hope this helps.
  Cheers,
  Max

• Merge Lync 2013 Edge servers in same pool

  Hi guys.
  - We had Lync 2013 FE STD version.
  - We have added one more Lync 2013 FE STD and done front end pool pairing.
  - We had single Edge Pool, soo only 1 EDGE server being in 1 POOL.
  We wish to add another Edge server and put previous and this new Edge server in one pool.
  This is a printscreen of our current Edge Deployment.
  Because we have a federation enabled with external partners who had put in their lync configuration
  to trust to our public external address of current edge server: LyncEDGESIP.domain.com, we would like to avoid sending them new address and we have decided to keep that public address and make it EDGE POOL NAME where both edge servers would be inside.
  Now we are little bit confused/amused what to do next.
  If use LyncEDGESIP.domain.com to be FQDN of EDGE POOL with 2 two edge servers, what would we need to do with our current edge server.
  What to put for:
  Access Edge Service public address on both edge servers
  Web Conferencing Edge Service public address on both edge servers
  A/V Edge Service public address on both edge servers.
  bostjanc

  Go with cutover migration if you can take downtime. Here is the high level summary for your reference;
  Remove existing edge server from topology and publish the changes.
  Create a new edge server pool in topology builder.
  Make sure that access edge , web conference edge and AV edge name remains the same.
  Publish the topology and run the setup on both edge servers. You need to configure external and internal IP addresses based on Lync topology.
  Replicate the configuration change and run the deployment wizard.
  Import the certificate and start the services.
  Create additional DNS A records for load balancing externally.
  Thanks
  Saleesh
  If answer is helpful, please hit the green arrow on the left, or mark as answer.
  Technet Blog

• Mixed environment migration (OCS\Lync 2010 to Lync 2013) retaining BES Integration

  Hi All,
  I have an existing OCS 2007R2 and Lync 2010 environment which contains BES Collaboration for Enterprise IM on Blackberry devices. I want to migrate this environment to Lync 2013 whilst retaining the BES integration. Understanding that tri-existence is not supported
  I've been going through the process of decommissioning all of my legacy OCS servers, which I have now completed, in readiness for starting the Lync 2013 deployment and prepping AD. 
  Here's my issue - The BES collaboration service was integrating with an old OCS CWA server. I removed the CWA server and migrated the Collaboration service to a new server so that I could configure it to directly communicate directly with the Lync 2010 pool,
  however I still needed to install OCS components on the new server in order to achieve that integration. Now I've run the final step of Merging the OCS 2007R2 Topology with the Lync 2010 topology in preparation for deleting the BackCompatSite, the old OCS
  servers have gone, but the new Collaboration server has now appeared as a trusted application server within the BackCompatSite. I've done an LDIFDE export of the RTC Service container and have had a look through the contents. I can see that the new BES Collaboration
  server is there and that it has an msRTCSIP-TrustedServerVersion value of 4, whereas all the Lync 2010 values are 5, which I'm guessing is what the Lync Topology is using to establish that the BackCompatSite needs to be populated with that Trusted Server entry.
  So my question is this - What do I need to do in order to successfully remove the BackCompatSite entry and migrate my environment to Lync 2013 whilst retaining integration with BES and keeping the Enterprise IM service service running on Blackberry devices? 
  Here's some options that I've thought about - Using ADSIEdit to remove the Trusted Server Application for the new BES Collaboration server so I can merge the Topology and delete the BackCompatSite, although will this break the Enterprise IM service? Temporarily
  changing the value of the msRTCSIP-TrustedServerVersion for the Collaboration server from 4 to 5, merging the Topology, deleting the BackCompatSite and then changing the msRTCSIP-TrustedServerVersion back to 4 afterwards? Over a weekend\out of hours, removing
  the BES Collaboration server and service altogether, going through the Topology merge\BackCompatSite deletion and then reinstalling the Collaboration service?
  Has anyone else gone through this process, or got any advice\experience to pass on before I start working through my list of options?

  I've asked this question several times:
  Does the 2007 R2 CWA server count as tri-coexistence?
  I've asked that both in MCM rotations and directly of people on the PG and the answer is always something along the lines of "nope, it's a trusted app server and not a pool".  When I've run into this issue in other deployments, we simply left the backcompatsite
  in the deployment into production.
  I've never found the above as a publically approved statement just something I've asked previously and been told is OK to do.  This is one of those situations that will work but was most likely not tested.
  Thanks,
  Richard
  Richard Brynteson, Lync MVP | http://masteringlync.com | http://lyncvalidator.com

• Topology not replicating to Lync 2013 Edge servers

  Hello all,
  I have installed Lync 2013 with a FE Pool (three servers HW Load Balanced), Director Pool (two servers HW Load Balanced), and an Edge Environment (2 servers, in DMZ, member of a work group, also HW load balanced).  All servers are Windows 2012
  server (not R2).
  I am able to login remotely and have green checks across the board at
  https://testconnectivity.microsoft.com.  So things are looking good.
  My issue is that I am unable to replicate to my Edge servers from the FE.  I am not seeing errors in the event viewer, just a big red 'x' on the topology tab in the control panel for the Edge servers.  Also, when trying to force replication
  the Edge servers continue to show 'False'.
  Here are things I have done/checked to resolve this - so I need your assistance please:
  1. From the FE, I can visit
  https://EdgeFQDN:4443/replicationwebservice  - there are no errors, no certificate errors so things look good
  2. I have verified that I the Edge servers have the domain suffix added to them. The HW Load balancer is configured as the EdgeInternal.domain.com entry and the physical edge servers are named Edge01 and Edge02 (obviously with the domain suffix added). 
  So this seems correct based on recommendations.
  3. I have added the following reg keys to all Lync Servers in the org
  HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL ->DWORD ClientAuthTrustMode Value=2 and SendTrustedIssuerList DWORD Value: 0
  I am trying to avoid having to resort to this as possible resolution -
  http://ucken.blogspot.com/2012/04/resetting-lync-cms-replication.html, but if this is my next step, please let me know.
  May be useless info, but here it is anyway....
  One thing I will mention - during my setup, I setup Kerberos Authentication for Lync 2013.  I followed
  http://howdouc.blogspot.com/2011/07/kerberos-web-authentication-for-lync.html and
  http://technet.microsoft.com/en-us/library/gg398976.aspx to configure this. 
  I am unable to access the RtcReplicaRoot\xds-replica directory on the primary FE server or any other lync server for that matter.  I assume this is because it is locked down to the Kerberos account that
  was created.  However, I am unable to run the command "Set-CsKerberosAccountPassword -FromComputer FEFQDN.Domain.com -ToComputer EdgeFQDN.Domain.com".  Obviously
  this fails because the Edge servers are in a workgroup and cant see the Kerberos account that was created.  Would this break the replication?   Just thinking outloud...
  Thanks in advance for any input.
  Wall

  Michael, Thank you for your response.  We are currently in coexistence with a Lync 2010 environment. 
  Our environment consists of a European domain and a North American domain, both in the same forest.  The European environment has had 2010 up and running for a couple of years and we (North America) just installed 2013 Lync.  The EU domain has
  many domain names they support (.uk, .net, .ie, etc.)  NAm only manages .com domain name space.
  I tell you this because I have configured the NAm environment to support only .com (save $ for SSL UCC licensing) and to provide separate paths to our services.  There is a EU site and a NAm site in the Lync topology.  The issues are with the FE
  servers in NAm. 
  Based on your response above, the NAm servers are fine with your suggestions in #2 and #3.  The CMS database is still on 2010 in the EU site.
  Given that the NAm domain is configured to support only .com domain namespace, I am worried that moving the CMS to NAm FE's as it would break EU's ability for federation.
  Any guidance or expertise is greatly appreciated.
  My ultimate goal is to have NAm employees authenticate to their Edge servers in the site and EU to authenticate to their respective Edge Servers.  Also, I have read that we can only have one Edge pool responsible for Federation in the Lync org. 
  I assume that we will have to keep federation going through EU as they have the SSL certs for all domains configured in their environment.  Just a little confused before I make any changes.
  Wall

• Lync 2013 migration from Lync 2010

  Hi All,
  I have a problem after I've successfully migrated our Lync environment from Lync 2010 (what was migrated from OCS 2008 R2) to Lync 2013.
  When I would like to delete the old Lync 2010 Front End server from the topology I cannot do that, because there are some TrustedApplicationPool registered to that. And I cannot delete this unused TrustedApplicationPools, because I got the following error:
  "Remove-CsTrustedApplicationPool : Cannot remove legacy trusted application pool. Use the legacy tools to remove the pool, then run Merge-CsTopology."
  I've tried that many ways, I've tried the merging etc. but it was unsuccessful. Has anybody any idea, step-by-step or something what can helpful to me?
  Many thanks,
  Tamás Dobos

  Hi,
  Did you check this step by step migration lync 2010 to 2013
  http://www.oiboran.com/?p=1073
  To remove Trusted application pools
  Get-CSTrustedApplicationPool
  Remove-CSTrustedApplicationPool -Identity nameofthepool 
  Removing Lync 2010
  http://terenceluk.blogspot.nl/2012/12/removing-lync-server-2010-standard.html
  Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

• User migration from Lync 2010 to Lync 2013

  We have Lync 2013 pool co-existence with Lync 2010 pool. Need to move users based on their AD Group membership. In a particular AD group, only few of the users are enabled for LYNC 2010, not all users. How to get the list of only Lync enabled users in AD
  group and move them on to Lync 2013 by PowerShell script?
  Thanks in advance for your help
  Tek-Nerd

  When I ran the below command
  Get-ADGroupMember Mygroup | where {$_.msRTCSIP-UserEnabled -eq "true"}
  on my Lync 2013 server, got the below error message...
  At line:1 char:46
  + Get-ADGroupMember MyGroup | where {$_.msRTCSIP-UserEnabled -eq "true"}
  +                                             
  ~~~~~~~~~~~~
  Unexpected token '-UserEnabled' in expression or statement.
  At line:1 char:59
  + Get-ADGroupMember MyGroup | where {$_.msRTCSIP-UserEnabled -eq "true"}
  +                                                          
  ~~~
  Unexpected token '-eq' in expression or statement.
      + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordExcep
      + FullyQualifiedErrorId : UnexpectedToken
  Tek-Nerd

• Trouble with publishing topology. Migration from Lync 2010 standard to 2013 standard.

  Hi,
  I have a problem with "Microsoft.Rtc.Applications.Testbot". When I publish the topology I receive an error,  I've found many solutions to my problem. One of the best descriptions 
  I've found here: http://lyncme.co.uk/microsoft-lync-server-2013/unable-to-publish-topology-a-trusted-server-with-the-type-mcxinternal-and-fully-qualified-domain-name-fqdn/
  I'm going to do the same method, but I do not understand whether I should remove both entries or only one. If I delete the record 2010, will the 2010 lync continue to work?

  Hi Alan,
  Lync is not that dependent on what is stored in Active Directory, and the topology builder should recreate any missing entries when it is rerun. I don’t think this operation is a high risk
  for the deployment as a whole, but do be careful when using ADSI edit, it’s all at your own risk.
  Here’s a similar case for your reference.
  https://social.technet.microsoft.com/Forums/lync/en-US/01404c0c-ba63-4471-a5b2-8e110be451e3/lync-server-2013-topology-builder-errors-global-activation-?forum=lyncdeploy
  Hope it can be helpful.
  Best regards,
  Eric

• LYNC 2010 Edge server deployment issues

  I've been able to install LYNC and have the meet and dialin function working properly internal/external. I'm attempting to test setting up external access to the client with an edge server. All seems to install properly etc with no errors being thrown my
  way. But in the services i have a few that will not start with the below errors. Can anyone point me to a deployment scenario with an edge server how-to?
  Any help would be greatly appreciated.
  The Lync Server Access Edge service terminated with service-specific error %%-1008124918.
  The Lync Server Web Conferencing Edge service terminated with the following error:
  The requested address is not valid in its context.

  Hi every body, I am trying to do  a
  proof of concept before we buy the public Certificate for my Edge server but I have this error..
  I have the same error as you guys (1008124918 )
  Here is my setup
  Active directory with a CA on it. ( I used this CA for my Front-End, and for both Internal/External Edge Certificate )
  FrontEnd ;
  -In the domain
  -192.168.16.55 255.255.255.0
  ==
  Edge:
  Inside NIC : 192.168.16.57 255.255.255.0, no gateway
  Outside NIC (dmz ) : 192.168.18.80 255.255.255.0   . Gateway 192.168.18.0
  The edge is not in the domain.
  ==
  My Public IP : 69.70.xx.xx
  =====================
  In the wizzard for the edge-pool
  I choose:
  -Single computer pool
  I check :
  - Use a single FQDN & IP
  -Enable federation ( port 5061 )
  -The external IP address of this edge pool is translated by Nat
  external fqdn : sip.OurCie.com / 5061 Port
  Internal IP : 192.168.16.57
  External IP ( for sip access, web conf, A/V Edge services )  : 192.168.18.80
  Public IP used by nat : 69.70.xx.xx
  =====================
  So when I start the service I have this error code :  Windows could not start the Lync Server Access Edge....code : 1008124918
  in the eventvwr here is ther error that I have :
  Transport TLS has failed to start on local ip : 69.70.xx.xx at port 5061
  cause: config error, low system ressources or another proram is using this port
  can also happen if the ip address has become invalid
  Any idea ?

• Migration to Lync 2013 - Unable to remove 2010 Edge Server

  Hi
  We did a migration from Lync 2010 to Lync 2013. Everything worked without any problems. But now we are unable to remove the Lync 2010 Edge Pool. Everything has been done according to
  https://technet.microsoft.com/en-us/library/jj205369.aspx “Migration from Lync Server 2010 to Lync Server 2013”.
  I am able to remove the 2010 Edge pool, but by trying to publish the topology, I receive the following error: “Error: An error occurred: "System.InvalidOperationException" "Cannot publish topology changes. Call orbit still
  exists on one or more deleted application servers."
  How can I resolve this error?
  Regards
  Peter

  Hi Peter,
  You have to change the Call Park Destination FQDN to the Lync 2013 Pool.
  Please check out the following article.
  Migrate Call Park application settings
  Best regards,
  Eric
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Lync 2010 to Lync 2013 migration - Dialin conferencing

  While migrating from Lync 2010 to Lync 2013, i have stopped all services on the Lync 2010 servers to make sure all is okay and everything is working fine with Lync 2013.
  Nevertheless, when someone on Lync 2013 schedule a meeting, and someone dial one of the PSTN Dialin conference number and enter the conference ID, this scenario is not working.
  If i start the Lync 2010 front end services, then the previous scenario works.
  So i did something else. I have scheduled a meeting and i change the meeting options to get a new conference ID. this makes the conference work over dial in pst number while Lync 2010 services are down.
  This means:
  - When someone (Lync 2013 user) schedule a meeting, the default conference ID that is generated, requires the existence of Lync 2010 services for a PSTN Dial in user to connect
  -When someone (Lync 2013 user) schedule a meeting and change the meeting options to get a new conference ID, then the PSTN Dial in user can connect even if all Lync 2010 services are down.
  Any clue?
  ammarhasayen

  i have found it. moving the conference directories from Lync 2010 to Lync 2013 solves the whole thing.
  ammarhasayen