Network ports between Lync front end pools

Similar Messages

• Ports between two front end pools

  Hi all,
   We plan to build 2 pools in two geographical locations. They are active-active sites, in case of one site failure we would move all the uses from the failed site to the surviving sites.
  What are the ports that need to be open between these pools?

  Hi,
  Lync firewall rule viewer tool may help you ;
  http://blogs.technet.com/b/nexthop/archive/2012/07/03/lync-firewall-rules-viewer.aspx
  Thanks
  Saleesh
  If answer is helpful, please hit the green arrow on the left, or mark as answer.
  Technet Blog

• Lync Server 2013 Front End Pool Mediation Service only works on one node

  Hello, I'm currently experiencing an interesting issue with a Lync 2013 Front End Pool implementation on a customer, and I don't know if this is by design or am I missing something.
  We implemented 3 Enterprise Front End Servers in a Pool with a hardware load balancer and we have them configured also as a mediation Pool.
  We have a SIP trunk to an Avaya PBX which was perfectly working before on a Lync 2010 Implementation that we migrated to these new 2013 Front End Pools.
  Now the SIP traffic is only working when configured directly to one node of the pool. If we configure it to any other node the calls fail. We also tried configuring the HLB for port 5060 for the pool and pointed the PBX to that IP but the calls also fail.
  Searching around I read something about that the PBX has to be Lync certified in order to use DNS load balancing to send SIP traffic to the mediation pool, however, I don't think DNS load balancing will work because the other nodes doesn't connect the calls
  from the PBX, only one node appears to be listening for the SIP Trunk.
  I also restarted the mediation service on one  non-working mediation server node and the event viewer on the working mediation server node showed events that it restarted the service, Not the non-working one, it's like only one server from the pool
  is doing as mediation server. 
  So even if I get a Lync Certified PBX/Media Gateway, the mediation service doesn't appear to be load balanced, or how does it work in order to do that?
  Thanks.
  Eduardo Rojas

  Just a few things about what should be happening.  Each front-end server should be listening on the port configured in topology builder for the mediation service. So if that is port 5060, verify that you see that port listening on all front-end servers
  by running a netstat -ano.  From a local workstation, also make sure you can connect to that port via a telnet IPAddress 5060.  As you say, you should be able to send any of the three mediation servers an inbound call.
  Outbound calls will round robin out of the enterprise pool.  So you shouldn't see all of the calls coming out of a single server.
  A few other items I would look into:
  - Make sure your ports are right.  Ensure that you are matching ports on the Avaya and Lync.  It's not a hard requirement but makes life easier to troubleshoot.  So if the Avaya is 5060, just make sure TCP/5060 enabled in your mediation pools
  and that your gateways/trunks are also set to TCP/5060.
  - Look outside the Lync Event Viewer and see if anything strange (.net errors) are being tossed anywhere else during startup of the mediation service.  I once had to remove the mediation server installer (Program and Features | Remove) and rebootstrap
  the server because something went sideways during an install.
  Thanks,
  Richard
  Richard Brynteson, Lync MVP | http://masteringlync.com | http://lyncvalidator.com

• Lync 2013 On Prem - Front End Pool - Second server in pool becomes unavailable when first server is offline

  We have one front end pool, that contains 2 front end servers running Lync Server 2013.
  When the first server, LFE01 goes offline (to be restarted for instance), the second front end server LFE02 in the same pool's Lync services will suddenly stop and will refuse to start until LFE01's Lync services have started again.
  During this time, the Lync client will go from full functioning mode whilst LFE01 is up and running, to reduced functionality (when LFE01 is restarting), to the user being signed out of Lync and not able to log back in. As soon as LFE01 comes back up, users
  can log back in to Lync.
  We'd ideally like LFE02 to take over the front end server role whilst LFE01 is restarting, and vice-versa.
  Checking the event logs on LFE02, I can see the following errors when LFE01 is offline:
  This process was not able to update its health status
  The Audio-Video Conferencing Server failed to send health notifications to the MCU factory at https://frontendpool.contoso.com:444/liveserver/mcufactory/. 
  Failure occurrences: 30, since 7/11/2013 3:40:38 PM.
  Cause: Either the Front End service is not running, or poor network connectivity.
  Resolution:
  Verify that the Front End Service is available, and its machine is visible over the network.
  This process was not able to update its health status
  The IM Conferencing Server failed to send health notifications to the MCU factory at https://frontendpool.contoso.com:444/liveserver/mcufactory/. 
  Failure occurrences: 30, since 7/11/2013 3:40:42 PM.
  Cause: Either the Front End service is not running, or poor network connectivity.
  Resolution:
  Verify that the Front End Service is available, and its machine is visible over the network.
  Server startup is being delayed because fabric pool manager is initializing.
  Cause: This is normal when Pool is bootstrapped and indicates that the Front-End is waiting for a quorum of other Front-Ends to be started.
  Resolution:
  If this event recurs persistently, ensure that 85% of the Front-Ends configured for this Pool are up and running. For 2 or 3 machine Pools, initial cold-start of the Pool requires all machines to be started. If multiple Front-Ends have been recently
  decommissioned, run Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery to enable the Pool to recover from Quorum Loss and make progress.
  Does the first server in the pool need to be up at all times for the second server to be running? If so, I may need to re-plan my redundancy.

  I can't believe how inaccurate these statements are. 
  Yes as per Microsoft it is best practice to have 3 FE in a pool but that absolutely does not mean that if you have 2 FE server in a pool that your pool will stop working!!
  In case when you do have 2 FE servers in a pool your Back End primary database server will act as a vote to keep the quorum for single server still left in a pool and all your clients will keep operating in a pool with one FE still running. 
  The problem with having 2 FE in a pool as per Microsoft documentation is as follows:
  If one of the two Front End Servers goes down, you should try to bring the failed server back up as soon as you can. Similarly, if you need to upgrade one of the two servers, bring it back
  online as soon as the upgrade is finished.
  If for some reason you need to bring both servers down at the same time, do the following when the downtime for the pool is finished:
  The best practice is to restart both Front End Servers at the same time.
  If the two servers cannot be restarted at the same time, you should bring them back up in the reverse order of the order they went down.
  If you cannot bring them back up in that order, then use the following cmdlet before bringing the pool back up:.
  http://technet.microsoft.com/en-us/library/gg412996.aspx
  I tested this in my environment which I currently am running with 2 FE servers and I can categorically confirm that pool will continue operating. 
  However, with all this said I did notice that clients with connection to FE server that is shut down take anywhere from 2-9 min to reconnect. I was trying to figure out why such a long delay until clients reconnect. Possibly it might be because there are
  2 FE servers in a pool and Back End server is taking a while to vote in turn delaying auto reconnect process for clients. Second possibility that I'm looking into is that we deployed HLB for sip traffic internally as well and I'm curious if using DNS LB would
  fix this delay.
  I'm just so disappointed how inaccurate some of these accepted answers above are.

• Lync 2013 Edge server compatibility with Lyn 2010 Front end Pool

  Hi All,
  Technet article (http://technet.microsoft.com/en-us/library/jj688121.aspx) says the following:
  If your legacy Lync Server 2010 Edge Server is configured to use the same FQDN for the Access Edge service, Web Conferencing Edge service, and the A/V Edge service, the procedures in this section are not supported. If the
  legacy Edge services are configured to use the same FQDN, you must first migrate all your users from Lync Server 2010 to Lync Server 2013, then decommission the Lync Server 2010 Edge Server before enabling federation on the Lync Server 2013 Edge Server.
  Can you tell me why it is you have to change the External Lync Web services URL during a migration to Lync 2013 from Lync 2010. What purpose does this serve?
  Also can you clarify this and explain why this is required, why would you have to migrate all of your users, would a Lync 2013 Edge not talk to a Lync 2010 front-end?
  Any help would be much appreciated. MANY THANKS.

  Thank you very much for all your inputs.
  We still have few questions:
  Questions:
  Can you tell me if Lync 2010 users will be able to login using mobility if we repoint the reverse proxy (TMG) web services publishing rule to the Lync 2013 server? Remember both systems Lync 2010 and 2013 are using the same web
  services URL so they will both end up at the Lync 2013 server. Alternatively if not we will migrate all users to 2013, this is not a problem
  In addition to this I cannot find anything that states how Exchange UM will operate when you are running from a backup pool and the exchange UM contacts are not available because they are homed on the server that is down. This
  configuration is 2 x standard edition servers pool paired. How can we make sure Exchange voice mail works during a pool failover?
  Call Park is not clear to me I read the following:
  Lync Server 2013 provides new disaster recovery mechanisms in the form of failover and failback processes. These failover and failback processes support recovery of Call Park functionality by allowing
  users who are homed in the primary pool to leverage the Call Park application of the backup pool when an outage occurs in the primary pool. Support for disaster recovery of the Call Park application is enabled as part of the configuration and deployment of
  paired Front End pools.
   Is this saying we need to deploy Call Park in the DR pool and use a different range of orbit numbers, or can we use the same range in the DR pool?
  Further, I can see that Common Area Phones will be fine as they will log into the DR pool automatically. Response Groups need to be exported and imported to the DR pool. Incidentally these did not migrate well at all and have
  caused us a big headache!
  Any inputs will be greatly appreciated. Thanks again for all of your time.

• Front End pool failed over

  Hi all,
  1. I setup a pool with three Front End servers (FQDN of pool is pool.site1.sip96x2.com and it's pointed to IP address of three Front End servers). Everything works fine. But When I disable network interface on FE1 and FE2, the Lync clients are disconnected.
  I haven't understood clearly how the Lync clients failed over in a pool? Please clarify to me.
  2. I have two central site (Root site and Primary site, they have different domain sip96x2.com and site1.sip96x2.com). The simple URL dialin is pointed to Front End server at Root site. So if the link between Root site and Primary site is down, how can the
  users at Primary site connect to dialin URL? 
  3. In building topology for Front End pool, I checked Override FQDN internal web service and the FQDN is "poolint.site1.sip96x2.com". I created three A records "poolint.site1.sip96x2.com" and pointed to three IP addresses of Front End
  servers. Is it right?
  Thanks so much!

  Ah ok, well first thing if I am reading this correctly, pool pairing Standard with Enterprise is not supported. You should only pair Standard with Standard and Enterprise with Enterprise (even though topology builder won't stop you) Take a look here for
  support scenarios http://technet.microsoft.com/en-us/library/jj204697.aspx
  To deal with the simple URLs in the event of failover you need to add them using Powershell. Take a look at this article which explains and gives an example: http://blogs.perficient.com/microsoft/2012/01/configuring-simple-urls-for-multiple-lync-pools/
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
  Georg Thomas | Lync MVP
  Blog www.lynced.com.au | Twitter
  @georgathomas
  Lync Edge Port Check (Beta)

• How Front End pool deals with fail over to keep user state?

       Hello to all, I searched a lot of articles to understand how Lync 2010 keeps user state if a fail happens in a Front Pool node, but didn't find anything clear.
       I found a MS info. about ths topic : " The Front End Servers maintain transient information—such as logged-on state and control information for an IM, Web, or audio/video (A/V) conference—only for the duration of a user’s session.
  This configuration
  is an advantage because in the event of a Front End Server failure, the clients connected to that server can quickly reconnect to another Front End Server that belongs to the same Front End pool. "
      As I read, the client uses DNS to reconnect to another Front End in the pool. When it reconnects to an available server, does he lose what he/she was doing at Lync client? Can the server that is now hosting his section recover all
  "user's session data"? Is positive, how?
     Regards, EEOC.

  The presence information and other dynamic user data is stored in the RTCDYN database on the backend SQL database in a 2010 pool:
  http://blog.insidelync.com/2011/04/the-lync-server-databases/  If you fail over to another pool member, this pool member has access to the same data.
  Ongoing conversations and the like are cached at the workstation.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Are Registrar pool and Front end pool one and the same?

  Hi,
  What is the RegistrarPool parameter which is used in Enable-CsUser command? 
  Is it same as Front end pool because whenever I search for information on Registrar pool, I end up with the links explaining about Front end pools? 
  Are there any msdn or technet links which talk about this?
  Thanks in advance,
  Sandeep

  Hi Sandeep,
  The registrar pool is the pool where user's Lync account is homed.
  So if you have a single pool in your Lync environment, then the registrar pool will be same as front end pool. If you have multiple front end pools and you want to find out a user's registrar pool, you can
  1. either check the user account in control panel 
  2. Check the parameter RegistrarPool for a user by running "get-csuser -identity useralias" 
  Hope this helps.
  Regards,

• Lync Front-end service won't start

  Hello everybody
  I have this error when a I try to start Lync front-end service:
  Failed starting a worker process.
  Process: 'C:\Program Files\Microsoft Lync Server 2013\Server\Core\RtcHost.exe'  Exit Code: C3E8302D!_HRX! (The worker process failed to initialize itself in the maximum allowable time.!_HRM!).
  Cause: This could happen due to low resource conditions or insufficient privileges.
  Resolution:
  Try restarting the server. If the problem persists contact Product Support Services.
  event id: 12330 source LS Server
  and 
  An exception caused the process to stop.
  Exception Details. System.ApplicationException: Failed to start Fabric Pool Manager.
     at Microsoft.Rtc.AppDomainHost.Launcher.Initialize(String[] args)
     at Microsoft.Rtc.AppDomainHost.Launcher.Main(String[] args)
  Cause: Check the eventlog description.
  Resolution:
  Examine prior event log entries to find and resolve the problem. If the problem persists contact product support.
  event ID 500006 Source LS AppDomain Host Process
  When I try this powershell command  Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery -poolfqdn poolfqdn
  I have this message
  Reset-CsPoolRegistrarState : Could not connect to any server in Pool lync2013servername during Phase 1.
  At line:1 char:1
  + Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Reset-CsPoolRegistrarState], Exception
      + FullyQualifiedErrorId : Error resetting fabric state. For details, see inner exception.,Microsoft.Rtc.Management.Hadr.ResetPoolFabric 
     StateCmdlet
  Can you help me please

  Have you check your Sql database? Maybe a problem with correct accessing the SQL Database.
  How looks you Lync pool? Enterprise, Standard, how much FE server?
  regards Holger Technical Specialist UC

• Lync front end - Lost Connection to all Web Conferencing Edge Services

  I keep getting the error Lost Connection to all Web Conferencing Edge Services  on my lync front end server 2010
  The lync edge services are all starte the certs are fine and I disable ipv6
  Anything else  I can try

  Hi,
  Did you solve the issue with the help of the people above provided?
  Which type of certificate did you use for Edge server (both internal and external interface)?
  Please double check Edge server certificate with the help of the link below:
  http://www.technotesblog.com/2011/07/06/lync-server-2010-error-lost-connection-to-all-web-conferencing-edge-services/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Please try to restart Edge server and test again.
  Please also check the part of certificate configuration of Edge server with the help of the link below of “Useful Tips for Testing Your Lync Server 2010 Edge Server”:
  http://blogs.technet.com/b/nexthop/archive/2011/12/07/useful-tips-for-testing-your-lync-edge-server.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Could you tell me if it would be supported to pair a two node enterprise edition front end pool inc mirror sql with a one node enterprise edition front end pool inc single sql?

  Hi all,
  Could anyone tell me if it would be supported to pair a two node enterprise edition front end pool inc mirror sql with a one node enterprise edition front end pool inc single sql?
  MUCH THANKS.

  The answer from TechNet found at http://technet.microsoft.com/en-us/library/jj204697.aspx Is, and I quote:-
  Enterprise Edition pools can be paired only with other Enterprise Edition pools. Similarly, Standard Edition pools can be paired only with other Standard Edition pools.
  Also, "Neither Topology Builder nor topology validation will prohibit pairing two pools in a way that does not follow
  these recommendations. For example, Topology Builder allows you to pair an Enterprise Edition pool with a Standard Edition pool.
  However, these types of pairings are not supported."
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Unable to search GAL on Lync 2013 Front End Pool through Lync 2013 client

  I'm in the beginning of a 2010 to 2013 migration and I'm currently testing co-existence functionality between pools.  I've noticed that users cannot search the GAL from their Lync client after being moved to the 2013 pool. 
  When trying to access the internal URL https://fepool13.domain.com/abs/handler the user is prompted to login and after three failed attempts, receives "401 - Unauthorized: Access is denied due to invalid credentials.  You do not have permission
  to view this directory or page using the credentials that you supplied".
  Searching withing a Lync 2010 or Lync 2013 client returns no results, but there are no errors as well as nothing in the event logs or tracing folder regarding not being able to search.
  The 2010 pool has been in production for a few years now and when accessing its internal ABS URL https://fepool10.domain.com/abs/handler the user is granted access after a successful login. 
  In the IIS logs there are slightly more detailed 401 error codes, but I’m not sure what to make of them.
  The rtcab database appears to have user information and all three front end servers appear to be syncing with active directory.  I say the rtcab database appears to have user info because the AbUserEntry table is filled with User ID'd, GUID's and a
  bunch of other stuff.
  The authentication on 2013 front end servers “internal lync website/abs/handler” is set to 1. Negotiate, 2. Ntlm - which is the same as the 2010 front end servers.
  Any ideas?

  Hi,
  Which step did you do among migration from Lync Server 2010 to Lync Server 2013?
  Did you already move CMS from Lync Server 2010 to Lync Server 2013?
  Please create a new Lync account on Lync Server 2013 pool and test the issue again.
  Please check if User Replication has completed with the help of the link below:
  http://technet.microsoft.com/en-us/library/jj204680.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Strange issue with Lync 2013 Front end pool and UC Endpoints.

  I have two servers in a Lync Pool.
  S1 and S2.  I also have an ACD server that has Trusted endpoints within Lync.
  With both servers running, if a call is answered by S2 there are a bunch of weird delays in transfers.  IF I shut down S2, everything works right.  If I just run S2, the endpoints just ring forever and never pick up.  
  Additionally, with just the S1 server running, in and out calls are fine.   With just the S2 server, outbound is delays and no inbound work.
  It seems like there is something wrong with the S2 server, but what could it be?
  Alex.

  Hi,
  Agree with Edwin.
  Did you receive any error message from FE S2 when the issue happen?
  Please double check the network status between FE S2 and ACD Server, on Lync Server Control Panel, check if FE S2 replication status normally.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync Front End and VMware CPU Ready %

  We are running an Enterprise Lync 2013 environment with Voice. It's running in on ESX with 3 front end boxes and 2 edge servers. Every now and then we get users complaining of poor audio quality on conference calls. Although there can be many reasons for
  this that are not "Technology" related we have been digging into it. We noticed that our CPU ready % was kind of high on the Front End boxes. It was pushing 10%... after some ongoing back and forth with our VMWare engineers we got them to isolate
  our boxes for a few weeks to see if that helped. It seemed to have done the trick but our VMware engineers don't like wasting resources so they put Lync back in with general population. Now CPU ready % is hovering more around 5% so it's better than it was
  before. My questions is what % CPU ready are you guys calling "Too High" in your environments?

  Thanks for your response Ben. We have gone through the white paper with our ESX engineer. Unfortunately they don't think it applies to ESX because it focuses on HyperV. Although much of it is applicable. My hope in this post is just to get a community benchmark
  on what people are finding in their environments that "work well" for them. The main topic we have been pushing is this part of the Virtualization White Paper.
  8.1.11 Resource Over-Allocation
  Lync Server 2013 guests should not be provisioned on hypervisor hosts which are configured for CPU over allocation. For example, if the physical host has 24 cores, no more than 24 cores total should
  be allocated to all of the guests on the system.
  Lync Server includes several real-time workloads (such as audio/video and conferencing) that require real-time access to components such as processor, memory, network, and storage. If these components
  are shared among other guests and Lync does not have access to these as required, the result can be a negative user experience including dropped calls, dropped audio, choppy audio, inability to join a conference, paused video, and other user-noticeable results.
  These can be difficult to troubleshoot, as an analysis of the physical servers and virtual guests at a later point in time may show all is fine, with the issues surfacing only during periods of high utilization from other guests.

• Lync front end connectivity test fails (SSL certificate / URL problem)

  We have a weird problem in our installation where Lync keeps complaining about connectivity issues to external reach proxy on our front end server.
  The event log error codes are 41024 and 41026.
  Here's the error from the snooper utility: 
  TL_ERROR(TF_COMPONENT) [0]1A14.0EE4::12/12/2014-10:31:30.901.0000000d (DataMCURunTime,DataProxies.ProcessResponse:1197.idx(601))
  (0000000001595A27)Failed poking Proxy error=[The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.], type=[ExternalReachProxy], url=[https://dunords36.du.local:4443/Reach/DataCollaborationRelayWebService.svc]
  The problem is that it makes the test with the INTERNAL FQDN (dunords36.du.local) and thus the SSL trust fails as the certificate is for our EXTERNAL FQDN on the front end server! I have verified this by testing the above URL with the external address and
  the internal one. With the external one the certificate is OK.
  If you're wondering; we do not use a reverse proxy. Instead we just have the firewall change the port and forward the traffic to our front end server. Our lync setup is a NAT'ed setup.
  I know about the security risks so this is not what the discussion is about.
  I can't find anywhere where i can change the above behaviour and tell lync to make the test on the correct, external FQDN. The settings in the topology builder all seems to be OK. And as you can see it does make the test on port 4443 which in our topology
  builder is configured for our external FQDN.

  Hi,
  Would you please elaborate your Lync Server environment (Standard Edition or Enterprise Edition)?
  Please double check if you enter the correct external base URL on Lync Topology.
  Please also check if the SAN of FE Server certificate correctly.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support