Install Lync 2010 Edge Server – Part 2

ByRajith Enchiparambil

In part one of this two part series, we went through the server setup and created a new edge pool, published and exported the topology. We will be going through the rest of the steps in this final part. So, let’s get started. First things first. We need to configure both the internal and external…

In part one of this two part series, we went through the server setup and created a new edge pool, published and exported the topology. We will be going through the rest of the steps in this final part. So, let’s get started.

First things first. We need to configure both the internal and external NIC of the Edge server. The internal NIC will only have IP and subnet mask.

Internal NIC

The external NIC will have all fields filled in (from the DMZ range).

External NIC

The topology.zip file which we exported from the internal Lync server (covered in the first part) needs to be copied into the Edge server’s local drive.

Topology file in Edge server

We will need to provide a route back to the internal network so that the edge knows where to send the packet to. In our case, anything destined to the internal network 172.16.0.0/16 should have a next hop of 172.16.0.1. Run the following from an elevated command prompt on the Edge server to configure a persistent route.

Route add –p 172.16.0.0 mask 255.255.0.0 172.16.0.1

Next step is to give the edge server an fqdn, similar to the internal AD domain. For that, change the primary DNS suffix of the edge server to exchangemaster.local, so that the fqdn becomes lyncedge.exchangemaster.local.

Edge Fqdn

Reboot the edge for the changes to take effect.

Now that the edge server has an fqdn, login to the internal DNS server and add an “A” record for lyncedge.exchangemaster.local to point to the Edge server’s internal NIC IP (172.16.0.10 in my case).

EdgeLync A record in DNS

All the work from now on will be done on the Edge server. One of the pre-req for Lync 2010 Edge server is to have .Net framework 3.5.1. Install it using Server Manager.

Dot Net Framework 3.5.1

It’s time to put the Lync DVD into the drive / mount the ISO. Running setup immediately prompts you to install Visual C++ 2008 package. Click Yes.

Install_1

Choose the installation folder and click Install.

Install_2

Agree to the terms and conditions and click OK.

Install_3

The deployment wizard will be launched automatically after the installation of the core components. Click on Install or Update Lync Server System.

Install_4

Click the Run button against Install Local Configuration Store.

Install_5

Browse to the location where you have the copied (from internal Lync) topology.zip file and click Next.

Install_6

Click Finish once the task is completed.

Install_7

Make sure you will have a green tick mark against step one. Click the Run button against step two.

Install_8

This runs the actual Lync setup. Click Finish once the setup is completed.

Install_9

Next step is to request the certificates from the internal CA and external (if you want to). We need to have name resolution working and the internal CA’s root certificate should be in the trusted root cert authorities before hand. Keep the deployment wizard open in the background, we will come back to it.

For name resolution, we will edit the host file of the edge server and add in DC & internal Lync details. I won’t be going through the steps of editing the host file, as it is pretty basic. You will end up with a file similar to the screenshot below.

EM host file

To tackle the issue of trusting the certificate from the internal CA, we need to have the root CA certificate in the trusted certificate store of the edge server. For that, launch the browser from edge and go to http://dc/certsrv, login with your admin credentials and select the third option (download a CA certificate).

Download the CA Chain

Select the first option in the next page, Download CA Certificate.

Download CA Certificate Wizard

Download the CA cert to the edge server’s local drive. Launch the certificate snap-in (mmc) and import the certificate into the trusted store.

Import CA Chain

You will now have your intertal CA cert in the trusted root and hence any cert issued by your CA will be trusted by the edge server (that is what we want anyway!).

It’s time to click the Run button against step 3 in the deployment wizard.

Install_10

Highlight Edge Internal and click the Request button.

Cert Internal_1

Select to send the request immediately.

Cert Internal_2

Select the second option and put in the fqdn of your internal CA.

Cert Internal_3

Punch in your internal admin account credentials.

Cert Internal_4

Don’t select any custom template and click Next.

Cert Internal_5

Type in a friendly name for your internal Lync certificate and click Next.

Cert Internal_6

The subject name for the cert will be filled in automatically. Click Next.

Cert Internal_7

Go through the summary, verify all options and click Next.

Cert Internal_8

The Request-CsCertificate cmdlet will be run and click Next when enabled.

Cert Internal_9

Like with the internal Lync server, you will be able to assign the certificate straightaway using the wizard. Make sure the checkbox to assign the cert is selected and click Next.

Cert Internal_10

The Set-CsCertificate cmdlet is run and click the Finish button when enabled.

Cert Internal_12

You will now have a cert assigned against Edge Internal.

Select External Edge and go through the same process if you want a cert from the internal CA (if in a lab). If you are doing it in production, you need a third party certificate. The process is the same, but select the second option while creating the cert request.

External Cert Request Send Later

You will have the external fqdn filled up automatically in the subject name of the certificate.

External Cert Namespace

If you go with a third party company, create the CSR as mentioned above, send it to the public CA and use the Process Pending Certificate option to import the cert back. Once you have done that, the certificate window should look like below.

Certs Summary

Click the Run button against step 4 in the deployment wizard to start all Lync Edge services.

Start Services

Click the Finish button when enabled.

Start Serrvices Wizard Success

That completes the Lync edge installation.

The remaining step (to make the Edge fully functional) are given below:

  • NAT the traffic and forward 5061, 444 and 443 traffic to your Edge server’s external IP. If you have three public IPs, you will only need to open port 443.
  • Create an “A” record in the public DNS sip.exchangemaster.me to point to your public IP. Again, if you use three public IPs, you will have three “A” records to create.
  • Create an SRV record _sip._tls.exchangemaster.me (in the public DNS ) pointing to the access edge server (sip.exchangemaster.me)
  • Create an SRV record (for federation) _sipfederationtls_.tcp.exchangemaster.me (in the public DNS ) pointing to access edge.

The last step is to test whether what you have done so far works! Use the Microsoft OCS Test website. Select the test and run it with a test account enabled for Lync. Make sure you get all green Winking smile

Test Successful

This completes the article series. Phew!

Rajith Enchiparambil

Cloud Architect & Blogger with interests in Microsoft 365, Azure, AWS & PowerShell. I am active on Experts Exchange & TechNet forums and I am a technical author for SearchExchange. Follow me on Twitter, LinkedIn, or Facebook for the latest updates. For consultancy opportunities, drop me a line.

One Comment

  1. Hi
    What is your gateway for the internal network? is it 172.16.0.1? I am trying to put a picture of your network

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *