Microsoft Lync Server is the next generation unified communication server. In this article, I will design and deploy Lync Server 2010 on a test platform. You can follow through this article to make up your own Lync Server and modify your design according to your need.
Step1: Prepare a Design Download Microsoft Lync Server 2010, Planning Tool and assess your need for Unified Communication in your company.
In this design, I have shown a full scale deployment of Lync Server. However, you can choose to deploy a standard version of Lync. Once you design Lync Server. you need to create a list of IP address, FQDN and Certificate or you might write project documents and Visio design, Sample as follows.
| SIP Domain | Microsoftguru.com.au |
| Lync Pool | MyLync.Microsoftguru.com.au |
| FQDN | Internal IP Address | External IP Address |
| Lync.Microsoftguru.com.au | 192.168.1.6 | x |
| Mediation.Microsoftguru.com.au | 192.168.1.7 | x |
| Director.Microsoftguru.com.au | 192.168.1.8 | x |
| Archiving.Microsoftguru.com.au | 192.168.1.9 | x |
| Monitor.Microsoftguru.com.au | 192.168.1.10 | x |
| Edge.Microsoftguru.com.au | 192.168.1.11 | 192.168.100.11 |
Necessary URLs and Ports
| Name | URL | Port |
| Administrative Access | https://admin.microsoftguru.com.au | 443 |
| Meeting | https://meet.microsoftguru.com.au | 443 |
| Phone Dialin | https://dialin.microsoftguru.com.au | 443 |
| Edge Access | https://edge.microsoftguru.com.au (internal) http://web.microsoftguru.com.au (External-SIP, Web, AV) |
4443 |
4061
444
443DNS SRV Service record
SRV Service: _sipinternaltls
Protocol: _TCP
FQDN: Lync.Microsoftguru.com.au
5061
Important! All the CANME and HOST (A) records must be present at internal DNS server. For external client access you must host all CNAME and public IP through your ISP. Don’t worry about the IP addresses I mentioned here. On a practical project, it will be different for sure.
SQL & File
| Name | FQDN | Instances/Share |
| SQL | Lync.Microsoftguru.com.au | RTC |
| File | Lync.Microsoftguru.com.au | Share |
Other Servers
| Domain Controller | DC.Microsoftguru.com.au |
| Certificate Authority | MyCA.Microsoftguru.com.au |
| Frontend TMG | TMG1.Microsoftguru.com.au |
| Backend TMG | TMG2.Microsoftguru.com.au |
| Reverse Proxy | TMG3.Microsoftguru.com.au |
Step2: Collect Prerequisites
Before you can actually deploy Lync Server 2010 you need to download following prerequisites, install and prepare environment.
- Windows Server 2008 R2 x64 Lync Server Roles
- Windows 7 installed on client computers.
- .NET 3.5 SP1 installed on all servers.
- Microsoft Silverlight browser plug-in installed on Standard Edition Server and Director
- Active Directory Administrative tools feature installed on Standard Edition Server and Director
- All clients and servers are up to date with patches from Windows Update.
- Domain controller is running Windows Server 2008 R2 or Windows Server 2008 configured as a DC, DNS and CA
- FF TMG 2010 is running on Windows Server 2008 R2
- Service Account or Management user account as Domain Admin
A typical Installation of Lync Server involves completion of the following installation Wizard shown as 1, 2 and 3.
Step3: Understanding Lync Server Roles
Internal Users: Lync Server Standard can provide IM, A/V Conferencing, Web Conferencing
External Users: Edge Server, Director and reverse-proxy server provide remote user access, federation, and conferencing
Step4: DNS Creationyou must create all the DNS records, CNAME record, SRV Service Location. I am showing DNS SRV Record here but you can create an Alias records and Host A record yourself. To create a DNS SRV record
- On the DNS server, click Start Menu >click Control Panel>click Administrative Tools>click DNS
- In the console tree for your SIP domain, expand Forward Lookup Zones>right-click the SIP domain in which your Lync Server will be installed> Click Other New Records.
- In Select a resource record type>click Service Location (SRV)>click Create Record>Click Service and type _sipinternaltls.
- Click Protocol and type _tcp.
- Click Port Number, and type 5061
- Click Host offering this service> type the FQDN of the pool
- Click OK>Click Done.
Step5: Prepare Environment Prior to deployment, you must install all the servers as their required platform and join domain. On Lync Server, install following windows roles and features
- IIS 7.0
- Active Directory Admin Tools
- SQL Server 2008 with Native Tools (Available in Lync ISO )
- Windows PowerShell
- Enable Remote Admin
- Prepare File Share
On the Standard Edition server, create a file share named share. Configure the administrator account to have full rights. Configure everyone else to have read only privileges. On the Standard Edition server and Director, enable remote administration of the server. Allow Firewall Rules exception for SQL Server and remote administration. Open Command Prompt in Lync Server as an Administrator and Type as follows
netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT
and
netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN
To create an exception for SQL Server in Windows Firewall, follow these steps:
- In Windows Firewall, click the Exceptions tab>click Add Program.
- In the Add a Program window, click Browse.
- Click the C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe executable program, click Open, and then click OK.
Open SQL Server Configuration Manager>Expand SQL Server Network Configuration>Select Protocols>Enable TCP/IP
Step6: Prepare Domain, Forest and Schema
Insert Lync Server DVD>Run Lync Server 2010 Setup
Click on Prepare Active Directory. Follow the screenshots. Run Prepare Schema, Prepare Domain, Prepare Forest.
Step7: Lync Server Privileged Access
Now Open Active Directory Users and Computer Console. Add Users Account whoever installing Lync Server and will be administering Lync Server to the following Groups.
- CSAdministrator
- RTCUniversalServerAdmins
Step8: Create a Topology using Topology Builder
In this step, we’ll use the Planning Tool to define our initial topology. The Planning Tool populates the topology with some initial sample data that will be exported to Topology Builder. Once you import .xml file in Topology Builder, you can edit Topology according to desired IP, Port and URLs.
To configure Admin Site, In Topology Builder, click Lync Server 2010 from the left hand pane>Click Edit Properties>Click Simple URLs. Under Administrative access URL: type https://admin.contoso.net. Click OK to close the Edit Properties window.
Step9: Deploy Lync Server 2010 Standard Edition
Now that the topology has been published to the Central Management Store, you must install a local replica on the Standard Edition Server, followed by the Director. Additionally, you can install the core components and start the services.
On the Deployment Wizard page, click Install or Update Lync Server System. On the Lync Server 2010 page, Install Local Configuration Store, click Run. On the Local Server Configuration page, ensure that the Retrieve configuration automatically from the Central Management Store option is selected, and then click Next. When the Local Server Configuration installation is complete, click Finish.
Setup or Remove Lync Server Components, click Run. On the Setup Lync Server Components page, click Next to set up components as defined in the published topology. When Lync Server components setup completes, click Finish.
In the Lync Server Deployment Wizard, Request, Install or Assign Certificates, click Run.
On the Certificate Wizard page, click Request>click Next.
Immediate Requests page, accept the default Send the request immediately option, and then click Next>accept the default. On the Certification Authority Account page, click Next. On the Name and Security Settings page, for Friendly Name enter Lync Server, accept the remaining defaults, and then click Next.
On the Organization Information page, optionally provide organization information>click Next. On the Geographical Information page>provide State, Country, City, click Next>click Next. On the SIP Domain setting page, select the SIP Domain and then click Next>click Next. On the Certificate Request Summary page, click Next>click Next>click Finish. On the Certificate Assignment page, click Next>click Next>click Finish>click Close.
In the Lync Server Deployment Wizard, on the Lync Server 2010 page, click the Run button>Click Start Services. On the Start Services page, click Next to start the Lync Server services on the server. On the Executing Commands page, after all services have started successfully, click Finish.
In the Lync Server Deployment Wizard, Start Services>Click Run
Open Command Prompt>Type Services.msc hit Enter. Now check all the services related Lync Server are running.
Click on Start Menu>Click All Program>Click Lync Server 2010>Click Lync Server Control Panel
Click Users>Find Active Directory test users>Enable users for Lync Server.
Define SIP Domain, Log on format and Lync Pool. Click Enable.
Step10: Install Lync Client and Test Lync
Install Lync Client on any Windows7 SIP domain client. Click Start Menu>Click All Program>Click Microsoft Lync Client>Click Tools>Click Option as shown on the picture.
Click Manual Configuration>Type Lync.Microsoftguru.com.au>Click Ok.
Type sign-in address as test.account@microsoftguru.com.au
Type users name as microsoftgurutest and password. Hit Sign-in. you are not logged on to Lync Client.
Relevant References:
Microsoft Lync Server 2010, Planning Tool
How to Configure Reverse proxy Using TMG 2010
Thank you for the great post Raihan.
I have a question regarding Lync topology with 2 data centers.
How they has to be configured using one domain name ex: Lync.com
the two datacenters are connected through DS3 link.
the requirement is to provide both datacenters with all Lync functionalities.
I couldn’t find any information about how this design has to be done.
for example let’s say: – one domain “Lync.com”-
FrontEndPool1.Lync.com – 10.0.0.100 – would be the first FE pool at site 1 and FrontEndPool2.Lync.com – 10.0.0.200 – second site front end pool
is this acceptable topology?
If this is the correct topology how the FE server would replicate btw each other
or – “two child domains” –
FrontEndPool.Site1.Lync.com – 10.0.0.100 – would be the first FE pool at site 1 and FrontEndPool.Site2.Lync.com – 10.0.1.200 – second site front end pool
In this scenario both sites maybe has to be federated or trusted or …?
I am really confused about the whole idea
Once the Lync would host one company how these Front end and back end servers would talk and synchronize btw each other?
If you lose one of the FE Pools that host half of the users they couldn’t connect to the other pool as site resiliency solution or DR or … because they will not be present in other SQL database. (in case there is not sync available)
I`ve seen topology with shared SQL between 2 geo separated FE Pools, but in my scenario is impossible because of the connection limitation.
Ok I wrote too much 🙂
If you could help I will really appresiate
LikeLike
I am not sure how many users you have but regardless of geographic location a single FrondEnd Pool can handle up to10000 users in a single forest. I dont think it would an wise idea to make it a complex design. I have clients who got 8000 users and 49 locations working under single forest.
To make it more resilience, you can have enterprise deployment such as clustered SQL, clustered server roles. that is a good idea. http://technet.microsoft.com/en-us/library/gg398616.aspx
LikeLike
Pingback: Deploy Lync 2010 Director Server | Blog by Raihan Al-Beruni
Thanks
LikeLike
Pingback: How did this blog perform in the year of 2011 | Blog by Raihan Al-Beruni
Man have you got MaxACD configuration instruction? I want it detailed but unlike the the original MaxACD documentation.. it’s too long, boring and sometimes too much information that’s useless..
I’m deploying Lync, MaxACD, DC servers and SIP gateway in order to have a call center. this is the first time I do this and I’m stuck in few things with MaxACD.
Please let me know if you can help me with that!
Thanks
LikeLike
How do you distibute rolls between multiple servers?? Do I have to install just like this on each server? If so how to you separate the director and back end roll from the front end server role? ( step by step would be appreciated )
LikeLike
Each of the server can have individual roles. However you can install everything on single server. depending on your budget and infrastrcuture.
FrontEnd Server is for IM and management
Backend is SQL server
Director for enterprise voice and communication with IP BPX
than Edge Server is for external AV Conf
http://microsoftguru.com.au/2011/12/31/building-lync-2010-server-infrastructure/
http://microsoftguru.com.au/2011/10/16/deploy-lync-2010-edge-server/
http://microsoftguru.com.au/2011/10/15/deploy-lync-2010-director-server/
LikeLike
Salaam,
Thanks for your write up. I’m not a professional, just someon that likes tech. I’ve setup a virtual environment based on your back to back firewall blog. I have setup Lync SE server along with Edge and another TMG in the perimeter. (Like this setup, except everything is on one server without archiving, monitoring or director)
Just a few questions, how do I allow traffic
from the front end tmg to lync edge?
from front end tmg to perimeter tmg (reverse proxy)
also the same for
edge (through back end tmg) to Lync Front End?
reverse proxy (through back end tmg) to Lync Front End?
Thank you for your help.
LikeLike
you need to configure lync Edge http://microsoftguru.com.au/2011/10/16/deploy-lync-2010-edge-server/
Than Publish Lync in TMG 2012 reverse proxy. use Lync Topology builder and see the firewall port and publish those port for external users
http://microsoftguru.com.au/2011/12/31/building-lync-2010-server-infrastructure/
reverse proxy http://microsoftguru.com.au/2010/08/08/how-to-configure-reverse-proxy-using-forefront-tmg-2010-step-by-step/
LikeLike
Can I do the lync enterprise in a 2 phase deployment?
Phase 1 would be the 2 front end servers a director and a A/V conferencing server (is this a separate server or or can that role be installed on one of the front end servers?
Phase 2 would then be the edge server and the Proxy.
We are thinking of using a Cisco HLB, do we use that for the the front end server or the edge, or is DNS LB recommeneded?
LikeLike
Yes you can do it but remember without edge you will not be able serve external client with AV conf
LikeLike