Deploy Lync 2010 Edge Server


Prerequisites:Before you configure external client access, you will need the servers and clients required in the internal deployment of Lync Server 2010, plus the following:

  • Domain controller is running Windows Server 2008 R2 configured as a domain controller, DNS server, and certification authority (CA).
  • Standard Edition Server is running Windows Server 2008 R2 on which you will install Lync Server 2010.
  • Lync Director Server installed and operational
  • Prepare and publish Lync director in Microsoft Active Directory
  • Edge Server running Windows Server 2008 operating system on which you will install Lync Server 2010 Edge server role.
  • Reverse-Proxy server running Windows Server 2008 operating system on which you will install a reverse-proxy server using FF TMG 2010.
  • FF TMG 2010 Reverse Proxy and Lync Edge Servers are running as members of the same Workgroup.
  • The Edge server and reverse proxy are multi-homed and have an internal interface connected to the internal domain.

Windows Server 2012 Step by Step

6665

Picture: Successfully published Edge Topology

Step1: Configure Internal and External Network Interface Card

1. Verify two network adapters are installed in the Edge Server, one for the internal-facing interface and one for the external-facing interface. The internal and external subnets must not be routable to each other.

3

2. On the external interface, configure 3 static IP addresses on the external perimeter network subnet and published Edge pools for static IP addresses.

3. On the internal interface, configure one static IP address on the internal perimeter network subnet and do not set a default gateway. Leave adapter DNS settings empty.

Step2: DNS Records for Edge Support Verify the following DNS entries match the external topology shown earlier in standard Lync Server deployment. The procedure for creating DNS A and DNS SRV records has been configured and available for internal and external network via reverse proxy.

Description FQDN IP Address
Proxy Server Internal Interface proxy.yourdomain.com.au 192.168.100.4
Edge Server Internal Interface edge.yourdomain.com.au 192.168.100.5
Web services external URL external.yourdomain.com.au

external1.yourdomain.com.au

192.168.100.4

192.168.100.4

Step3: Configure the DNS Suffix for Edge Servers

1.On the Edge Server computer, click Start, right-click Computer, and then click Properties.

1

2. Under Computer name, domain, and workgroup settings, click Change settings.

3. On the Computer Name tab, click Change.

4. In the Computer Name/Domain Changes dialog box, click More.

5. In the DNS Suffix and NetBIOS Computer Name dialog box, in Primary DNS suffix of this computer, type yourdomain.com.au and then click OK three times.

2

6. Restart the computer

Step4: Export and Make Your Topology Data available on an Edge Server

1. From the Standard Edition server, open Lync Server 2010 Management Shell.

2. In the Lync Server 2010 Management Shell as an administrator, run the following cmdlet:

Export-CsConfiguration -FileName c:configuration.zip

6

3. Copy the exported file to c:configuration.zip on the Edge Server.

Step5: Request Root Certificate Chain from the Internal Enterprise CA

1.From the Standard Edition Server, click Start, click Run, type http://lab-pdc.contoso.net/certsrv and then click OK.

2. Under Select a task, click Download a CA certificate, certificate chain, or CRL.

3. Under Download a CA Certificate, Certificate Chain, or CRL, click Download CA certificate chain.

4. In the File Download dialog box, click Save. Save the .p7b file as certchain.p7b to the hard drive on the server, and then copy it to a folder on your Edge Server.

Step6: Install Deploy Edge Servers

1. Log on to the Edge Server as a member of the local Administrators group or an account with equivalent permissions. From the installation media, run Setup.exe. Install the Visual C++ 2008 Redistributable if asked.

2. Select the default installation directory and begin the installation.

3. Ensure that the topology configuration file, c:configuration.zip, that you created using Topology Builder, is available on the Edge Server

4. Open the Lync Server Deployment Wizard.

8

5. In the Deployment Wizard, click Install or Update Lync Server System. In the Deployment Wizard, click Install Local Configuration Store. After the wizard determines the deployment state, click Step 1. Install Local Configuration Store.

6. In the Local Server Configuration dialog box, click Local configuration from a file, and then browse to c:configuration.zip. The Deployment Wizard reads the configuration information from the configuration file and writes the XML configuration file to the local computer.

9

10

11

7. In the Deployment Wizard, click Step 2: Set Up or Remove Lync Server Components. The Deployment Wizard installs the Lync Server edge components specified in the XML configuration file that is stored on the local computer.

1213

15

12. Close the Deployment wizard.

Step7:Install Certificates for the Internal Edge Interface

1. On the Edge Server, open the Microsoft Management Console (MMC) by clicking Start, clicking Run, typing mmc in the Open box, and then clicking OK.

2. On the File menu, click Add/Remove Snap-in, and then click Add.

image

3. In the Add Standalone Snap-ins box, click Certificates, and then click Add.

4. In the Certificate snap-in dialog box, click Computer account, and then click Next.

5. In the Select Computer dialog box, ensure that the Local computer: (the computer this console is running on) check box is selected, and then click Finish.

6. Click Close, and then click OK.

7. In the console tree, expand Certificates (Local Computer), right-click Trusted Root Certification Authorities, point to All Tasks, and then click Import.

image

8. In the wizard, in File to Import, specify the filename of the certificate, certchain.p7b.

9. Select Place all certificates in the following tree and click Next.

10. Click Finish and verify the import was successful.

Step8: Create the certificate request for the internal interface

1. On the Edge Server, open the Deployment Wizard, and next to Step 3: Request, Install, or Assign Certificates, click Run. Click Request.

14

16

2. On the Delayed or Immediate Requests page, click Prepare the request now, but send it later.

17

3. On the Certificate Request File page, type the full path and file name to which the request is to be saved (for example, c:internal.req).

18

4. On the Specify Alternate Certificate Template page, click Next.

19

5. On the Name and Security Settings page, do the following:  In Friendly name, type InternalEdge. In Bit length, select, the default of 2048). Clear the Mark certificate private key as exportable check box and click Next.

20

6. On the Organization Information page, type Contoso for the Organization name, and Marketing for the Organizational Unit name.

21

7. On the Geographical Information page, specify:

Country/Region: Australia

State/Province: WA

City/Locality: Perth

22

8. On the Subject Name/Subject Alternate Names page, click Next.

23

9. On the Configure Additional Subject Alternate Names page, click Next.

24

10. On the Request Summary page, review the certificate information to be used to generate the request.

25

11. After the commands complete, click Next.

26

12. On the Certificate Request File page, click Finish.

27

Step9: Copy the certificate request to your CA and create a certificate for the internal interface

1. Copy internal.req from the Edge server to a location on your Domain Controller (c:internal.req).

2. On the Domain Controller, open CA from the Administrative Tools group.

3. Right-click on Contoso CA, select All Tasks,then Submit new request.

61

4. In the Open Request File page, browse to c:internalreq.

5. Save the certificate as c:internal.cer.

63

6. Copy c:internal.cer to c:internal.cer on the Edge Server.

Step10: Import the certificate and assign it to the internal interface

1. In the Deployment Wizard, next to Step 3: Request, Install, or Assign Certificates, click Run. In the Certificate Wizard page, click Import Certificate.

28

2. On the Import Certificate page, type the full path and file name of the certificate that you requested and received for the internal interface. This lab used c:internal.cer.

29

30

33

34

31

3. Click Next twice and then Finish. Click Assign.  You should see internal listed. Click Nextto assign it to the internal Edge interface.

3235

Step11:Create the certificate request for the external interface

1. On the Edge Server, open the Deployment Wizard, and next to Step 3: Request, Install, or Assign Certificates, click Run. Select External Edge Certificate. Click Request.

36

37

2. On the Delayed or Immediate Requests page, click Prepare the request now, but send it later.

38

3. On the Certificate Request File page, type the full path and file name to which the request is to be saved (for example, c:external.req).

39

4. On the Specify Alternate Certificate Template page, click Next.

40

5. On the Name and Security Settings page, do the following:

In Friendly name, type ExternalEdge.

In Bit length, select, the default of 2048).

Clear the Mark certificate private key as exportable check box and click Next.

42

6. On the Organization Information page, type Contoso for the Organization name, and Contoso for the Organizational Unit..

43

7. On the Geographical Information page, specify:

Country/Region: Australia

State/Province: WA

City/Locality: Perth

44

8. On the Subject Name/Subject Alternate Names page, click Next.

45

9. On the SIP Domain Setting Window Select Contoso.net

46

10. On the Configure Additional Subject Alternate Names page, click Next.

47

11. On the Request Summary page, review the certificate information to be used to generate the request.

48

12. After the commands complete, click Next.

49

13. On the Certificate Request File page, click Finish.

50

Step12: Copy the certificate request to your CA and create a certificate for the external interface

1. Copy external.req from the Edge server to a location on your Domain Controller (ie,c:external.req).

2. On the Domain Controller, open CA from the Administrative Tools group.

3. Right-click on contoso CA, select All Tasks, then Submit new request.

61

4. In the Open Request File page, browse to c:external.req.

62

5. Save the certificate as c:external.cer.

64

6. Copy c:external.cer to c:external.cer on the Edge Server.

Step13: Import the certificate and assign it to the external interface

1. In the Deployment Wizard, next to Step 3: Request, Install, or Assign Certificates, click Run.

2. In the Certificate Wizard page, click Import Certificate.

58

3. On the Import Certificate page, type the full path and file name of the certificate that you requested and received for the internal interface. This lab used c:external.cer.

51

52

4. Click Next twice and then Finish.

53

54

55

5. Click Assign.

56

6. You should see external listed. Click Next to assign it to the external Edge interface.

57

Step14: Start Edge Servers

1. On each Edge Server, in the Deployment Wizard, next to Step 4: Start Services, click Run.

2. On the Start Lync Server 2010 Services page, review the list of services, and then click Next to start the services.

59

3. After the services are started, do the following: To view the log for the certificate request, click View Log.

4.To close the wizard, click Finish.

60

About Raihan Al-Beruni

My Name is Raihan Al-Beruni. I am working as an Infrastructure Architect in Data Center Technologies in Perth, Western Australia. I have been working on Microsoft technologies for more than 15 years. Other than Microsoft technologies I also work on Citrix validated solution and VMware data center virtualization technologies. I have a Masters degree in E-Commerce. I am certified in Microsoft, VMware, ITIL and EMC. My core focus is on cloud technologies. In my blog I share my knowledge and experience to enrich information technology community as a whole. I hope my contribution through this blog will help someone who wants more information on data center technologies.
This entry was posted in Windows Server and tagged , , , , , , , . Bookmark the permalink.

3 Responses to Deploy Lync 2010 Edge Server

  1. Pingback: Building Lync 2010 Server Infrastructure | Blog by Raihan Al-Beruni

  2. Mohammed Hamada says:

    Hello Raihan,

    I have deployed a new lync server along with the edge and now i’m in the process of publishing my Lync server for external connection.

    I learned from some guys in Microsoft that I will only need RP for this! and I see that you have listed FF TMG and Reverse proxy ? Aren’t them both the same ? or can’t I use FF TMG as a RP ?

    Also noticed that you mentioned they need to be in the same work group along with Lync Edge server?

    My TMG is on a domain which I can’t demote and I can’t join my Edge to the same domain as it’s different one from where I have my Lync on! Can’t I simply use TMG as a reverse proxy for my lync without join it to the same domain ?

    Please your advice!
    Thanks

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s