Friday, July 22, 2011
Deploying an Edge Server with Lync 2010
For this article I am going to add an Edge server and an XMPP gateway to an existing Lync environment. All articles moving forward will be built on the RTM bits of Lync, but to build the Front End server for this environment I followed the original article here, the only difference is the name of the server and the domain. The lab has the following servers and IPs:
The active directory domain name for this lab is LyncGuy.local, with the public sip domain LyncGuy.com. I prefer to do these labs with different name spaces for AD and the public domain because that is the most common scenario I’ve run into in the real world. To make this work you have to have an internal copy of the public zone and an external copy; this is commonly referred to as “split brain DNS”.
To start with I have to create a copy of my public zone on my internal DNS server so internal clients can reach the Lync server directly. To accomplish this I’ve created the following records in DNS:
We also need to create an SRV record for client automatic sign-in. The new record will be for “_sipinternaltls._tcp.lyncguy.com” and will point to sip.lyncguy.com on port 5061.
***Note – you can utilize another name here such as the Front End servers name, however the domain must match the sip domain. You also must have a SAN entry on the front end certificate to match this entry***
Now that our DNS zone is in order we can plan for our edge server. In this example I will be using 1 internal IP, 3 DMZ IPs and 3 Public IPs. Instead of placing the public IPs directly on the edge servers public NIC, I will NAT the public IPs to the private IPs with my lab ASA. I’ve also matched the last octet of the address to make it easier to manage at a glance.
Here is what the design looks like:
To start we need to add an edge to our topology, on the front end server (lyncfe) open “Lync Server Topology Builder”. Then we need to expand our topology, right click “Edge Pools” and choose “New Edge Pool”
Click “Next” on the “Define Edge Pool” page
Enter the FQDN you will be using for your edge and select “Single Computer Pool”
Next we have a screen offering 3 options:
§ “Use a Single FQDN & IP Address” – this option will not be selected because we have plenty of public IPs to use. If you only have 1 IP this is a good option – however this will force you to use ports other than 443 which aren’t always open outbound from corporate networks and may cause usability issues on networks you cannot control.
§ “Enable Federation (port 5061) – this option will configure the edge server to listen on port 5061 of the access edge IP for inbound federation traffic from other Lync and OCS environments.
§ “The external IP address of this edge pool is translated by NAT” – this option tells Lync the IP addresses on the outside interface of the edge are not the actual public IP addresses. Putting the edge behind another firewall can give an extra layer of security and help prevent the server from being compromised.
For this scenario we have selected “Enable Federation (port 5061)” and “The external IP address of this edge pools is translated by NAT”
Next we define our public names for the edge roles, notice all roles use port 443. I would highly recommend using this method if possible.
Now we set the IP address for the internal network of our edge server. In this scenario I have placed the internal NIC on the same subnet as the domain controller and front end server. Because of limited resources in my lab I have configured the environment this way, whenever possible I recommend placing this NIC in another DMZ that has a higher security level than the DMZ for the outside interfaces.
At this point we specify the DMZ IP addresses of our edge server
In the next box we will enter the Public IP address of the A/V edge services (av.lyncguy.com). In OCS 2007 R2 we had to make sure the edge server could resolve the public name to the public IP, however, this box allows that requirement to be removed and we can just enter the IP here.
Next we select our next hop server (the front end server)
Next we click “Finish” and the wizard completes, we can now see our newly defined edge server in the Topology.
Now we can publish our topology.
Before we move on to working on the edge server we need to open the Lync Server Control Panel and configure our External User Access policies.
Under External Access Policy>Global Policy: Modify the existing policy to allow remote user access, federation and public IM connectivity (all of these are optional). Click “Commit” when you have selected the options that are right for your environment
Now under Access Edge Configuration>Global Policy: Modify the existing policy to Enable Federation, remote user access and anonymous access to meetings. I’ve also enabled dynamic domain discovery. This allows our Lync users to automatically add Lync/OCS users from other environments without requiring administrative configuration. This option may not be right for all environments, if it isn’t right for your environment you’ll want to use the “Federated Domains” tab to define the allowed domains and uncheck this option. Next click “Commit”
Now that our environment is ready, we need to export the topologies configuration to a file which we we’ll import during the Edge install. On the front end server open “Lync Server Management Shell” and run the command:
Export-csconfiguration –filename c:\topology_export.zip
The file “topology_export.zip” will now be on the C drive of your front end server. This file will need to be copied to the edge server.
Now that the topology has been updated we need to log into our edge server and configure it.
First we need to make sure that all the IP Addresses get assigned to the appropriate NIC.
On the internal NIC we will use only an IP Address and subnet mask, we cannot put a default gateway on this interface.
Next, on the external NIC we will fill in an IP address, subnet mask, default gateway and DNS, do not click “OK” yet
We also need to bind our other 2 IP addresses to the external NIC, to do this click the “Advanced” button and then click “Add” under “IP Addresses” and add each IP address
At this point we’ll want to add a route back to any internal networks the internal NIC. For this example I will be adding a route back to an internal network of 10.255.200.0/24, this could be another client or server subnet that the edge server will need to know how to route to. The edge’s internal interface must be able to route to all internal networks via a gateway on the same network as its internal NIC, so if you have multiple networks you will have to add them all. To do this we will use the route add command from a command prompt (Run As Administrator):
Route add –p 10.255.200.0 mask 255.255.255.0 10.255.106.1
The “-p” portion of this command makes the route persistent, “10.255.106.1” is the next hop router to reach the other internal networks.
Next we need to configure hostname of our edge server. When we configure this value we must also add a primary DNS suffix. This is different than adding the computer to the domain, but it does tell the computer it’s full name (i.e. LyncEdge.lyncguy.local).
Once you have updated the name and primary DNS suffix and you click “OK” you will be prompted to reboot the edge server.
While the edge server is rebooting we can add a DNS entry on the domain controller so all internal resources know how to reach the server by its “FQDN” – it’s not actually an FQDN because it isn’t domain joined, but the rest of the systems will need to be able to route to it like it is.
Once the edge has rebooted we will need to add the feature “Microsoft .NET Framework 3.5”, to do this open Server Manager, go to Features, click “Add Features” and choose “Microsoft .NET Framework 3.5”.
You can click “next” through all other screens and then click “Install”. Once the install completes we can move on to starting the Lync install. First we need to copy the topology_export.zip file created above to the C drive of the edge server.
Now we can run the CD, we will immediately be prompted to install the “Microsoft Visual C++ 2008 Redistributable”, click OK here:
The install window for Lync will pop up when the C++ install completes
Click “Install” and then accept the terms and click “OK”
Now we are back in the familiar Lync Server Deployment Wizard
Click on “Install or Update Lync Server System”
Under Step 1 we click “Run”
Select the topology_export.zip file from the C drive and click “Next”. This will allow the edge server to gather its settings from the export file.
A number of pre-requisites are installed at this point. When this completes click “Finish”
Now click “Run” under Step 2
Click “Next” and a number of pre-requisites are installed
Once the install completes we can open up the Services snap-in and see the Lync Services are now present
Before we can move on to Step 3 (Requesting Certificates), we need to make it possible for the edge server to resolve names of the internal servers it will talk to. This will include the CA because we will need to request the certificate for the internal interface from the internal CA. Also, we will need to trust the internal CA so we will need to export its certificate and install it on the edge server.
To allow the edge server to resolve some internal names but not all we have a few options, a DNS server in the DMZ is one, but for this article we will be editing the host file. The reason I’ve chosen not to utilize the internal DNS servers is to limit the number of servers the edge server can look up in case it is compromised.
The host file is located at “C:\windows\system32\drivers\etc”, the best method of editing this file is to run Notepad as administrator and then open this file (You’ll have to switch to “All Files” in the file type selection box)
For this scenario I will add entries for the CA and the Front End server:
Now that we can resolve the CA, we’ll use the web enrollment page to download the Root CA chain.
Open IE and go to https://lyncdc.lyncguy.local/certsrv, you may have to authenticate, if you do use your domain account. Click on “Download a CA Certificate, Certificate Chain, or CRL”
Click on “Download CA Certificate”
Save the file to the desktop or another location on the edge server.
Open the certificates snap-in for the local computer, expand “Trusted Root Certificate Authorites”, right click “Certificates” and choose “Import”
Browse to the file you download in the last step and click “Open”
This will import the certificate into the trusted store for the local computer.
Now we move on to Step 3 in the Deployment Wizard, requesting and installing certificates
Highlight “Edge Internal” and click “Request” – this will allow us to request the certificate for our internal communications between the edge server and the front end.
I won’t cover every step in this wizard; you should be using all defaults here other than information specific to your environment. I will however strongly suggest you do not add any SANs to this certificate. One other thing of note, you will want to do this certificate request online, specifying your internal CA as show below
You will also have to provide domain credentials to request the certificate
Once the request is completed the wizard will automatically take you to the next wizard to assign the certificate. Again, this is a next-next-finish scenario.
Because this is a lab scenario and I will not be requesting public certificates I will just re-run this wizard select “External Edge Certificate” for the second certificate. If you are using public certificates you will want to choose “Prepare Request now but send later (offline request)” for your request.
***One important difference between OCS 2007 R2 and Lync is the edge roles can now all share one certificate with a subject (CN) of only the access edge, you no longer need to re-generate the certificate for each role, utilizing that roles FQDN as the subject name. For information on how that worked in OCS 2007 R2 please see this article***
The new certificate will have the following fields automatically, unless you are configuring multiple sip domains there is no need to modify this or add additional SANs.
Now we can run Step 4 to start the services and our edge server should be up and running.
Once this process is complete the NATs and access lists must be created on the firewall to allow the appropriate traffic in and out. I have only covered the inbound rules in the table below, please see the edge server documentation or the Lync Server Planning Tool for more detail.
After the firewall changes are made we need to create the A records for each of our services on the public DNS server
You will also need to create an SRV record for auto sign-in on the domain and federation. For automatic sign-in you can create an SRV record for _sip._tls.lyncguy.com pointing to your access edge server (sip.lyncguy.com) on port 443. For federation you will need to createn an SRV record for _sipfederationtls._tcp.lyncguy.com pointing to your access edge server on port 5061.
Now we can test the server using https://www.testocsconnectivity.com/ and get ready to deploy reverse proxy. For that I’m going to point you to Randy Wintle’s article on the subject.
| Server Name | Role | IP Address |
| LyncDC.lyncguy.local | Domain Controller/DNS/CA | 10.255.106.160 |
| LyncFE.lyncguy.local | Lync Standard Edition Front End | 10.255.106.161 |
| Lyncedge.lyncguy.local | Lync Edge server – not domain joined | 10.255.106.162 (internal NIC) |
The active directory domain name for this lab is LyncGuy.local, with the public sip domain LyncGuy.com. I prefer to do these labs with different name spaces for AD and the public domain because that is the most common scenario I’ve run into in the real world. To make this work you have to have an internal copy of the public zone and an external copy; this is commonly referred to as “split brain DNS”.
To start with I have to create a copy of my public zone on my internal DNS server so internal clients can reach the Lync server directly. To accomplish this I’ve created the following records in DNS:
| Record Type | DNS Entry | IP Address |
| A | meet.lyncguy.com | 10.255.106.161 |
| A | dialin.lyncguy.com | 10.255.106.161 |
| A | sip.lyncguy.com | 10.255.106.161 |
We also need to create an SRV record for client automatic sign-in. The new record will be for “_sipinternaltls._tcp.lyncguy.com” and will point to sip.lyncguy.com on port 5061.
***Note – you can utilize another name here such as the Front End servers name, however the domain must match the sip domain. You also must have a SAN entry on the front end certificate to match this entry***
Now that our DNS zone is in order we can plan for our edge server. In this example I will be using 1 internal IP, 3 DMZ IPs and 3 Public IPs. Instead of placing the public IPs directly on the edge servers public NIC, I will NAT the public IPs to the private IPs with my lab ASA. I’ve also matched the last octet of the address to make it easier to manage at a glance.
| Public Name | Public IP | DMZ IP |
| Sip.lyncguy.com | XX.102.182.163 | 10.255.110.163 |
| Webconf.lyncguy.com | XX.102.182.164 | 10.255.110.164 |
| Av.lyncguy.com | XX.102.182.165 | 10.255.110.165 |
Here is what the design looks like:
To start we need to add an edge to our topology, on the front end server (lyncfe) open “Lync Server Topology Builder”. Then we need to expand our topology, right click “Edge Pools” and choose “New Edge Pool”
Click “Next” on the “Define Edge Pool” page
Enter the FQDN you will be using for your edge and select “Single Computer Pool”
Next we have a screen offering 3 options:
§ “Use a Single FQDN & IP Address” – this option will not be selected because we have plenty of public IPs to use. If you only have 1 IP this is a good option – however this will force you to use ports other than 443 which aren’t always open outbound from corporate networks and may cause usability issues on networks you cannot control.
§ “Enable Federation (port 5061) – this option will configure the edge server to listen on port 5061 of the access edge IP for inbound federation traffic from other Lync and OCS environments.
§ “The external IP address of this edge pool is translated by NAT” – this option tells Lync the IP addresses on the outside interface of the edge are not the actual public IP addresses. Putting the edge behind another firewall can give an extra layer of security and help prevent the server from being compromised.
For this scenario we have selected “Enable Federation (port 5061)” and “The external IP address of this edge pools is translated by NAT”
Next we define our public names for the edge roles, notice all roles use port 443. I would highly recommend using this method if possible.
Now we set the IP address for the internal network of our edge server. In this scenario I have placed the internal NIC on the same subnet as the domain controller and front end server. Because of limited resources in my lab I have configured the environment this way, whenever possible I recommend placing this NIC in another DMZ that has a higher security level than the DMZ for the outside interfaces.
At this point we specify the DMZ IP addresses of our edge server
In the next box we will enter the Public IP address of the A/V edge services (av.lyncguy.com). In OCS 2007 R2 we had to make sure the edge server could resolve the public name to the public IP, however, this box allows that requirement to be removed and we can just enter the IP here.
Next we select our next hop server (the front end server)
Next we click “Finish” and the wizard completes, we can now see our newly defined edge server in the Topology.
Now we can publish our topology.
Before we move on to working on the edge server we need to open the Lync Server Control Panel and configure our External User Access policies.
Under External Access Policy>Global Policy: Modify the existing policy to allow remote user access, federation and public IM connectivity (all of these are optional). Click “Commit” when you have selected the options that are right for your environment
Now under Access Edge Configuration>Global Policy: Modify the existing policy to Enable Federation, remote user access and anonymous access to meetings. I’ve also enabled dynamic domain discovery. This allows our Lync users to automatically add Lync/OCS users from other environments without requiring administrative configuration. This option may not be right for all environments, if it isn’t right for your environment you’ll want to use the “Federated Domains” tab to define the allowed domains and uncheck this option. Next click “Commit”
Now that our environment is ready, we need to export the topologies configuration to a file which we we’ll import during the Edge install. On the front end server open “Lync Server Management Shell” and run the command:
Export-csconfiguration –filename c:\topology_export.zip
The file “topology_export.zip” will now be on the C drive of your front end server. This file will need to be copied to the edge server.
Now that the topology has been updated we need to log into our edge server and configure it.
First we need to make sure that all the IP Addresses get assigned to the appropriate NIC.
On the internal NIC we will use only an IP Address and subnet mask, we cannot put a default gateway on this interface.
Next, on the external NIC we will fill in an IP address, subnet mask, default gateway and DNS, do not click “OK” yet
We also need to bind our other 2 IP addresses to the external NIC, to do this click the “Advanced” button and then click “Add” under “IP Addresses” and add each IP address
At this point we’ll want to add a route back to any internal networks the internal NIC. For this example I will be adding a route back to an internal network of 10.255.200.0/24, this could be another client or server subnet that the edge server will need to know how to route to. The edge’s internal interface must be able to route to all internal networks via a gateway on the same network as its internal NIC, so if you have multiple networks you will have to add them all. To do this we will use the route add command from a command prompt (Run As Administrator):
Route add –p 10.255.200.0 mask 255.255.255.0 10.255.106.1
The “-p” portion of this command makes the route persistent, “10.255.106.1” is the next hop router to reach the other internal networks.
Next we need to configure hostname of our edge server. When we configure this value we must also add a primary DNS suffix. This is different than adding the computer to the domain, but it does tell the computer it’s full name (i.e. LyncEdge.lyncguy.local).
Once you have updated the name and primary DNS suffix and you click “OK” you will be prompted to reboot the edge server.
While the edge server is rebooting we can add a DNS entry on the domain controller so all internal resources know how to reach the server by its “FQDN” – it’s not actually an FQDN because it isn’t domain joined, but the rest of the systems will need to be able to route to it like it is.
Once the edge has rebooted we will need to add the feature “Microsoft .NET Framework 3.5”, to do this open Server Manager, go to Features, click “Add Features” and choose “Microsoft .NET Framework 3.5”.
You can click “next” through all other screens and then click “Install”. Once the install completes we can move on to starting the Lync install. First we need to copy the topology_export.zip file created above to the C drive of the edge server.
Now we can run the CD, we will immediately be prompted to install the “Microsoft Visual C++ 2008 Redistributable”, click OK here:
The install window for Lync will pop up when the C++ install completes
Click “Install” and then accept the terms and click “OK”
Now we are back in the familiar Lync Server Deployment Wizard
Click on “Install or Update Lync Server System”
Under Step 1 we click “Run”
Select the topology_export.zip file from the C drive and click “Next”. This will allow the edge server to gather its settings from the export file.
A number of pre-requisites are installed at this point. When this completes click “Finish”
Now click “Run” under Step 2
Click “Next” and a number of pre-requisites are installed
Once the install completes we can open up the Services snap-in and see the Lync Services are now present
Before we can move on to Step 3 (Requesting Certificates), we need to make it possible for the edge server to resolve names of the internal servers it will talk to. This will include the CA because we will need to request the certificate for the internal interface from the internal CA. Also, we will need to trust the internal CA so we will need to export its certificate and install it on the edge server.
To allow the edge server to resolve some internal names but not all we have a few options, a DNS server in the DMZ is one, but for this article we will be editing the host file. The reason I’ve chosen not to utilize the internal DNS servers is to limit the number of servers the edge server can look up in case it is compromised.
The host file is located at “C:\windows\system32\drivers\etc”, the best method of editing this file is to run Notepad as administrator and then open this file (You’ll have to switch to “All Files” in the file type selection box)
For this scenario I will add entries for the CA and the Front End server:
Now that we can resolve the CA, we’ll use the web enrollment page to download the Root CA chain.
Open IE and go to https://lyncdc.lyncguy.local/certsrv, you may have to authenticate, if you do use your domain account. Click on “Download a CA Certificate, Certificate Chain, or CRL”
Click on “Download CA Certificate”
Save the file to the desktop or another location on the edge server.
Open the certificates snap-in for the local computer, expand “Trusted Root Certificate Authorites”, right click “Certificates” and choose “Import”
Browse to the file you download in the last step and click “Open”
This will import the certificate into the trusted store for the local computer.
Now we move on to Step 3 in the Deployment Wizard, requesting and installing certificates
Highlight “Edge Internal” and click “Request” – this will allow us to request the certificate for our internal communications between the edge server and the front end.
I won’t cover every step in this wizard; you should be using all defaults here other than information specific to your environment. I will however strongly suggest you do not add any SANs to this certificate. One other thing of note, you will want to do this certificate request online, specifying your internal CA as show below
You will also have to provide domain credentials to request the certificate
Once the request is completed the wizard will automatically take you to the next wizard to assign the certificate. Again, this is a next-next-finish scenario.
Because this is a lab scenario and I will not be requesting public certificates I will just re-run this wizard select “External Edge Certificate” for the second certificate. If you are using public certificates you will want to choose “Prepare Request now but send later (offline request)” for your request.
***One important difference between OCS 2007 R2 and Lync is the edge roles can now all share one certificate with a subject (CN) of only the access edge, you no longer need to re-generate the certificate for each role, utilizing that roles FQDN as the subject name. For information on how that worked in OCS 2007 R2 please see this article***
The new certificate will have the following fields automatically, unless you are configuring multiple sip domains there is no need to modify this or add additional SANs.
| Subject (Common Name) | Sip.lyncguy.com |
| SAN 1 | Webconf.lyncguy.com |
| SAN2 | Sip.lyncguy.com |
Now we can run Step 4 to start the services and our edge server should be up and running.
Once this process is complete the NATs and access lists must be created on the firewall to allow the appropriate traffic in and out. I have only covered the inbound rules in the table below, please see the edge server documentation or the Lync Server Planning Tool for more detail.
| Rule 1 | Public IP | Private IP | Allowed Protocol – Port |
| Access Edge (client access) | XX.102.182.163 | 10.255.110.163 | TCP – 443 |
| Access Edge (federation) | XX.102.182.163 | 10.255.110.163 | TCP – 5061 |
| Web Conferencing Edge | XX.102.182.164 | 10.255.110.164 | TCP – 443 |
| A/V Edge | XX.102.182.165 | 10.255.110.165 | TCP – 443 |
| A/V Edge | XX.102.182.165 | 10.255.110.165 | UDP – 3478 |
| A/V Edge | XX.102.182.165 | 10.255.110.165 | TCP – 50,000 through 59,999 |
| A/V Edge | XX.102.182.165 | 10.255.110.165 | UDP – 50,000 through 59,999 |
After the firewall changes are made we need to create the A records for each of our services on the public DNS server
| Record Type | Name | IP Address |
| A | Sip.lyncguy.com | XX.102.182.163 |
| A | Webconf.lyncguy.com | XX.102.182.164 |
| A | Av.lyncguy.com | XX.102.182.165 |
You will also need to create an SRV record for auto sign-in on the domain and federation. For automatic sign-in you can create an SRV record for _sip._tls.lyncguy.com pointing to your access edge server (sip.lyncguy.com) on port 443. For federation you will need to createn an SRV record for _sipfederationtls._tcp.lyncguy.com pointing to your access edge server on port 5061.
Now we can test the server using https://www.testocsconnectivity.com/ and get ready to deploy reverse proxy. For that I’m going to point you to Randy Wintle’s article on the subject.
Step By Step For Installing Lync Server 2010 consolidated standardedition server
Pre-requirements
I will base this server one Windows 2008 R2 Standard and it is placed on a Hyper-V 2008 R2 host.
First we need to start with installing the pre-requirements. Please make sure that you have installed all available updates from Microsoft Update before you continue. To start the requirements installation we can use PowerShell.
To import the Server manager module run the following command:
Import-Module ServerManager
Now we can start the actual installation of all required components with the following command:
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Static-Content,Web-Default-Doc,Web-Http-Errors,Web-Http-Redirect,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Http-Logging,Web-Log-Libraries,Web-Http-Tracing,Web-Windows-Auth,Web-Client-Auth,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools -Restart
After the installation the server will restart automatically since we added the -Restart parameter.
Also, install Microsoft Silverlight, this is needed to run the Lync Server 2010 installation GUI. Silverlight can be found here: http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx
The installation of Silverlight is very straight forward, after the download run Silverlight.exe and click on Install now. The installation process will start and when finished click Next and then Close.
We also need to create a file share on the Lync server 2010 server. I will place my directly under C: and name it LyncShare.
Share the folder and make sure that everyone has full control.
We will also be needing a number of DNS entries. Add the following records to your domain controllers DNS servers.
Now we are ready for the fun stuff!
Installing Lync Server 2010
Insert your Lync Server 2010, if AutoPlay does not start, navigate to your drive \Setup\amd64 and execute setup.exe. The first thing you will need to do is to install Microsoft Visual C++ 2008 Redistributable Package, click Yes to proceed.
When Microsoft Visual C++ 2008 Redistributable Package is installed you will need to choose the installation directory. The default location will be just fine for me, change the location to match your preferences and then click Install.
Next you need to accept the license agreement, check I accept the terms in the license agreement and then click Ok.
Now the Deployment Wizard launches and you will have a number of choices. We will start with Prepare Active Directory.
We will now have number of steps to complete, go through each of them starting from the top with Prepare Schema, click Run to start the wizard.
When the wizard starts click Next to continue.
The schema preparation is automatic, click Finish when the Task Status says Completed.
The next step is to Prepare Current Forest, click Run to start the wizard.
When the wizard starts click Next to continue.
We will configure the local domain, click Next to continue with defaults.
The forest preparation is also automatic, click Finish when the Task Status says Completed.
The last preparation wizard we need to run is Prepare Current Domain, click on Run to start the wizard.
When the wizard starts click Next to continue.
Again, the preparation is automatic, click Finish when the Task Status says Completed.
The last step is to grant access to the Microsoft Lync Server 2010 Control Panel, do the following:
Moving on, The Topology Builder is next and with this tool we create a topology that we use to deploy the actual Lync Server 2010 system. To start the installation click on Install Topology Builder.
The installation will now run and it is automatic, when it is finished we will move on to Preparing the first Standard Edition server.
On the introduction screen click Next to continue.
The installation will begin and when completed click Finished to close the wizard.
Now it is time to start with some configuration, locate the Lync Server Topology Builder on the Start Menu.
The first thing we need to do is to select if we have a topology we want to open or if we want to create a new one. Choose New Topology and click Ok.
Choose where to save your topology files, I will save my files in C:\Lync Server 2010 Topology Builder and call it sundis.tbxml. When you are finished choosing name ad location click Save.
Then enter a SIP domain that matches your preferences, I will enter sundis.local. This is the internal domain name in my family domain and will work well for the purpose of this installation, click Next to continue.
We will not add any additional SIP domains at this point, click Next to continue.
Enter a name for you default site, I will enter Sundis, then click Next to continue.
Enter your City, State and country and click Next to continue.
We want to continue to configure a front end pool so click Finish. When the New Front End Pool wizard starts click Next to continue.
Now we must define a FQDN for our Front End Pool. Wine this is a simple single server installation I will use the servers FQDN sundis-lync01.sundis.local. Chose Standard Edition Server and click Next to continue.
We will chose the following components for this installation:
We will collocate the mediation server, check Collocate Mediation Server and then click Next.
We will not enable any more components, click Next to continue.
We have already installed SQL server on the Lync Server 2010 server and the wizard finds it automatically. Click on Next to continue.
Now we will enter the share name we used when creating the file share earlier. I named the share LyncShare, enter your share name and click Next to continue.
We will not enter a public FQDN at the moment and will leave it as default, click Next when finished.
We will not add a gateway at this moment, click on Finish to end the wizard.
When the wizard closes you will be presented with the Topology builder, Take a moment to go through the configuration, then go back to the original screen an click on Edit Topology.
In the left pane, select Simple URLs, in the main pane, enter a URL in the field Administrative access URL. In my case this is https://admin.sundis.local, then choose the Front end server to install Central Management Server on. If all is well you should only have one choice here, click Ok when done.
Now it is time to publish our topology to the management server. Back in the topology builder, click on Publish Topology in the Actions Pane.
When the wizard has loaded, click on Next to start the publishing.
You should only have one Central Management Server, make sure it is selected in the drop-down list and then click Next.
When the wizard completes, make sure that all steps are successful an then click Finish.
Thanks for reading, I hope that you find it helpful!
I will base this server one Windows 2008 R2 Standard and it is placed on a Hyper-V 2008 R2 host.
First we need to start with installing the pre-requirements. Please make sure that you have installed all available updates from Microsoft Update before you continue. To start the requirements installation we can use PowerShell.
To import the Server manager module run the following command:
Import-Module ServerManager
Now we can start the actual installation of all required components with the following command:
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Static-Content,Web-Default-Doc,Web-Http-Errors,Web-Http-Redirect,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Http-Logging,Web-Log-Libraries,Web-Http-Tracing,Web-Windows-Auth,Web-Client-Auth,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools -Restart
After the installation the server will restart automatically since we added the -Restart parameter.
Also, install Microsoft Silverlight, this is needed to run the Lync Server 2010 installation GUI. Silverlight can be found here: http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx
The installation of Silverlight is very straight forward, after the download run Silverlight.exe and click on Install now. The installation process will start and when finished click Next and then Close.
We also need to create a file share on the Lync server 2010 server. I will place my directly under C: and name it LyncShare.
Share the folder and make sure that everyone has full control.
We will also be needing a number of DNS entries. Add the following records to your domain controllers DNS servers.
| Name | Target |
| meet.sundis.local | <Lync 2010 Server IP> |
| admin.sundis.local | <Lync 2010 Server IP> |
| dialin.sundis.local | <Lync 2010 Server IP> |
Now we are ready for the fun stuff!
Installing Lync Server 2010
Insert your Lync Server 2010, if AutoPlay does not start, navigate to your drive \Setup\amd64 and execute setup.exe. The first thing you will need to do is to install Microsoft Visual C++ 2008 Redistributable Package, click Yes to proceed.
When Microsoft Visual C++ 2008 Redistributable Package is installed you will need to choose the installation directory. The default location will be just fine for me, change the location to match your preferences and then click Install.
Next you need to accept the license agreement, check I accept the terms in the license agreement and then click Ok.
Now the Deployment Wizard launches and you will have a number of choices. We will start with Prepare Active Directory.
We will now have number of steps to complete, go through each of them starting from the top with Prepare Schema, click Run to start the wizard.
When the wizard starts click Next to continue.
The schema preparation is automatic, click Finish when the Task Status says Completed.
The next step is to Prepare Current Forest, click Run to start the wizard.
When the wizard starts click Next to continue.
We will configure the local domain, click Next to continue with defaults.
The forest preparation is also automatic, click Finish when the Task Status says Completed.
The last preparation wizard we need to run is Prepare Current Domain, click on Run to start the wizard.
When the wizard starts click Next to continue.
Again, the preparation is automatic, click Finish when the Task Status says Completed.
The last step is to grant access to the Microsoft Lync Server 2010 Control Panel, do the following:
- Log on as a member of the Domain Admins group or the RTCUniversalServerAdmins group.
- Open Active Directory Users and Computers, expand your domain, right-click the Users container, and then click Properties.
- In CSAdministrator Properties, click the Members tab.
- On the Members tab, click Add. In Select Users, Contacts, Computers, Service Accounts, or Groups dialog, locate the Enter the object names to select. Type the user name(s) or group name(s) to add to the group CSAdministrators. Click OK.
- On the Members tab, confirm that the users or groups that you selected are present. Click OK.
Moving on, The Topology Builder is next and with this tool we create a topology that we use to deploy the actual Lync Server 2010 system. To start the installation click on Install Topology Builder.
The installation will now run and it is automatic, when it is finished we will move on to Preparing the first Standard Edition server.
On the introduction screen click Next to continue.
The installation will begin and when completed click Finished to close the wizard.
Now it is time to start with some configuration, locate the Lync Server Topology Builder on the Start Menu.
The first thing we need to do is to select if we have a topology we want to open or if we want to create a new one. Choose New Topology and click Ok.
Choose where to save your topology files, I will save my files in C:\Lync Server 2010 Topology Builder and call it sundis.tbxml. When you are finished choosing name ad location click Save.
Then enter a SIP domain that matches your preferences, I will enter sundis.local. This is the internal domain name in my family domain and will work well for the purpose of this installation, click Next to continue.
We will not add any additional SIP domains at this point, click Next to continue.
Enter a name for you default site, I will enter Sundis, then click Next to continue.
Enter your City, State and country and click Next to continue.
We want to continue to configure a front end pool so click Finish. When the New Front End Pool wizard starts click Next to continue.
Now we must define a FQDN for our Front End Pool. Wine this is a simple single server installation I will use the servers FQDN sundis-lync01.sundis.local. Chose Standard Edition Server and click Next to continue.
We will chose the following components for this installation:
- Conferencing (without Dial-in for now)
- Enterprise Voice
- Call Admission Control
We will collocate the mediation server, check Collocate Mediation Server and then click Next.
We will not enable any more components, click Next to continue.
We have already installed SQL server on the Lync Server 2010 server and the wizard finds it automatically. Click on Next to continue.
Now we will enter the share name we used when creating the file share earlier. I named the share LyncShare, enter your share name and click Next to continue.
We will not enter a public FQDN at the moment and will leave it as default, click Next when finished.
We will not add a gateway at this moment, click on Finish to end the wizard.
When the wizard closes you will be presented with the Topology builder, Take a moment to go through the configuration, then go back to the original screen an click on Edit Topology.
In the left pane, select Simple URLs, in the main pane, enter a URL in the field Administrative access URL. In my case this is https://admin.sundis.local, then choose the Front end server to install Central Management Server on. If all is well you should only have one choice here, click Ok when done.
Now it is time to publish our topology to the management server. Back in the topology builder, click on Publish Topology in the Actions Pane.
When the wizard has loaded, click on Next to start the publishing.
You should only have one Central Management Server, make sure it is selected in the drop-down list and then click Next.
When the wizard completes, make sure that all steps are successful an then click Finish.
Thanks for reading, I hope that you find it helpful!
Subscribe to:
Posts (Atom)