In Part-1 I talked about the preparations and requirements for installing Microsoft Lync 2013 Edge server. In this part-2 of the series I’ll write a step-by-step guide on installing Lync Edge role.
10.04.2014 Updated the software prerequisites section
Add Edge server to the topology
So now log-in to your Lync Front End and start the “Lync Topology Builder”.
1. Select “Download Topology from existing deployment”
2. Save it to a file
3. Expand the topology tree and click on “Edge Pools”
4. Right Click “Edge Pools” then select “New Edge Pool”
6. In “Define the New Edge Pool” page click next
8. In “Define the Edge Pool FQDN” page, in the FQDN field write the FQDN of the Edge server.
9. Select “Single computer Pool” then click “Next”
11. In “Select Features” page select the features you want to deploy and click next.
- most of the times I select “Enable Federation” & “Enable XMPP Federation”
13. In the “Select IP Options” page, as I mentioned in part-1, my External face of the Edge server is NAT-ed to the public IP-addresses, so select the following
NOTE: if you going to use 3 public IP-address and dedicate each IP to a service, then do not select this option.
15. In “External FQDNs” page, for each Edge services put the external URL of it as in the screenshot below.
17. In “Define the Internal IP address” page, put the IP-address of the internal NIC “iNIC”.
19. In “Define the external IP address” page, put for each service the correct eDMZ IP-address you planned for it and click next
NTOE: Put here the public IP-address of the services directly if you not using NAT-ing
21. In “Define the Public IP address” page, put the Public IP-address that will be used for the AV services.
23. In “Define the next hop server” page, select from the list the next hop after edge, it should be your Front-end server ONLY IF you don’t have a Lync Director in your deployment.
24. In “Associate Front end or Mediation Pools” page, select the front end server and click “Finish”
25. Now Publish the topology.
Export the Central Management store Configurations
Now that we published the new changes to the CMS database, we need to export those configurations to a file that we will be using on the Lync Edge server to install the edge role.
So still on the Lync Front-end, start a Lync Management Shell and using the following command line export the CS-Configuration to a ZIP file
>> Export-CSConfiguration c:tempedge.zip
Copy the file to the Edge server.
Installing Lync Edge
Create a routing rule
Now log-in to the Lync Edge server and start a command prompt using Administrative privileges.
Because Lync Edge is in a DMZ network and only one card have a default gateway you need to add a route rule to your edge box so that it can transfer the data from and to the front end server that is on a totally different subnet.
Identify the NIC that will be used for routing the traffic to internal corporate network by using ipconfig /all and taking a note of the “Physical Address” of the iNIC (the one connected to the internal DMZ, in another word the one without default gateway).
>> ipconfig /all
Then run the route print command line to get the routing table on the edge server and then in the beginning of the table you see the “Interface list”, this is a list of the NIC connected to your machine, look for the one with the same Physical Address that you took a note of. There will be an identification number before it take a note of it as this is the one we will be using for creating route rule.
>> route print
Now create the rout rule using the following syntax.
>> route add <corporate network ip> mask <subnet mask> <default gateway of your NIC> if <ID of the Interface> -p
So in my case
>> route add 192.168.1.0 mask 255.255.255.0 172.16.1.167 if 12 -p
Now you are ready to install the Edge role.
Make sure you have installed:
1. .NET Framework 4.5
2. Windows identity foundation
>>Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, NET-HTTP-Activation, Web-Asp-Net, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Telnet-Client, BITS
Now run the Lync Deployment wizard from the Installation media
1. Click “Yes” when prompt for installation of C++ Minimum runtime package.
2. Click install
4. Read and understand the agreement and then click OK
6. Click Install Administrative Tools and wait till it finish installation
7. Click on “Install or update Lync server system”
8. Run Step one by click on “Install Local Configuration Store”
10. In “Configure Local Replica of Central Management Store” page, select the option “Import from a file….”
12. Browse to the location of the ZIP file you exported from the Lync Front End and copied it to the Edge in pervious step.
13. Click Next
14. After Importing is finished, click Finish.
16. Now run Step 2, “Setup or remove Lync server component”
18. In Setup Lync Server Component page, click Next
19. Wait for it to finish installing then click Finish
21. Now Run Step 3 “Request, Install or Assign Certificates”.
23. Select the “Edge Internal” and click Request
25. Click Next
27. In “Delayed or Immediate Requests” page, select “Prepare the request now…” and click Next
29. In “Certificate Request File” page, select the file and path you want to save the request file to it.
31. Click Next
32. In “Specify Alternative Certificate Template” page, if you have a custom template created for your use, then write the name of it, otherwise just click next.
34. In “Name and Security Settings” page, choose a friendly name for your certificate and select “Mark the Certificate private key as exportable”
36. Click Next
37. In the next two pages fill the required information about your organization
38. In “Subject Name / Subject alternative names” page, click Next.
40. In “Configure Additional Subject Alternative names” page, click next or add the SANs you need in case you have multiple domains.
42. Check the setting of your request and if correct click “Next”
44. After the request is created with no errors click “Next”
46. In “Certificate Request File” page, click Finish.
Now you should have a request file for certificate created for you that you can use to submit a request to your CA.
Same to do with the External Edge services. But with the following differences:
1. Select the “External Edge Certificates” and click on “Request”
2. Follow the wizard same like before but with giving this certificate a different Friendly Name “Edge public Cert”.
3. In “Subject Name / Subject Alternative Names” page, make sure that the services are listed.
5. Click Next
6. Select the SIP domain of your deployment
8. Click Next
9. Review the configuration of your request and hit “Next” if all correct.
11. Follow same as above (step 44 – 46)
Now using this request file, submit the request to your CA for the certificate, then import the new two certificate you will get to your Edge server.
· Run step-3 again of the Lync Deployment wizard “Request, Install Assign Certificates”.
· Select the Edge Internal, then click on Assign and assign to it the certificate you got for Edge Internal and do the same with External Edge Services assign the certificate you got for it.
· Once finished you can run step-4 “Start Services”.
And by this you are done my friend.