Last week, we stop at exporting of the configuration file from Lync FE to Lync Edge.
This week, let’s continue the installation.
On the Edge Server, right-click Start, and then click Open Windows Explorer. Navigate to Lync Setup.exe. and double click. Wait a few moments for setup to start.
On the Installation Location page, leave the default location and click Install. On the License Agreement page, select the I accept the terms in the license agreement check box,
and then click OK.
On the Lync Server 2010 – Deployment Wizard page, click Install or Update Lync Server System.
On the Lync Server 2010 – Deployment Wizard page, next to Step 1: Install Local Configuration Store, click Run.
On the Configure Local Replica of Central Management Store page, verify that Import from a file is selected, and then click Browse.
Navigate to the location that store Config.zip, click Open, and then click Next.
On the Executing Commands page, when the Task Status shows as Completed, click Finish.
On the Lync Server 2010 – Deployment Wizard page, next to Step 2: Setup or Remove Lync Server Components, click Run.
On the Setup Lync Server components page, click Next.
On the Executing Commands page, when the Task Status shows as Completed, click Finish.
Request and assign certificates.
After you have done the first two steps. Now you come to the certificate. you will use private certificates from the internal CA, for internal Edge.
On Lync Edge, on the Lync Server 2010 – Deployment Wizard page, next to Step 3: Request, Install or Assign Certificates, click Run. (due to I already run once, that why you will see “Run Again”
In the Certificate Wizard window, verify that Edge Internal is selected, and then click Request.
On the Certificate Request page, click Next.
On the Delayed or Immediate Requests page, verify that Send the request immediately to an online certification authority is not selected, and then click Next.
On the Certificate Request File page, enter the path and file name and then click Next.
On the Specify Alternate Certificate Template page, leave the check box clear, and then click Next.
On the Name and Security Settings page, in the Friendly Name box, enter the name of the Internal Cert, verify that the Bit Length is 2048, and then click Next.
On the Organization Information page, in the Organization box, enter the organization name. In the Organizational Unit box, type IT, and then click Next.
On the Geographical Information page, in the Country/Region drop-down list, click the country you belong to. In the State/Province box, type the state. In the City/Locality box, type the city, and then click Next.
On the Subject Name/Subject Alternate Names page, review the Subject Name that is automatically populated, and then click Next.
On the Configure Additional Subject Alternate Names page, leave the fields blank and then click Next.
On the Certificate Request Summary page, click Next.
On the Executing Commands page, when the Task Status shows as Completed, click Next.
On the Certificate Request File page, and then click Finish.
After you have generate the internal certificate from the DC. You need to import the certificate into the Edge Server. Open up the Certificate Wizard, Select Internal Edge and click “Assign.
The Certificate Assignment wizard will open. On the Certificate Assignment page, click Next.
On the Certificate Store Select the internal Certificate, click Next.
On the Certificate Assignment Summary, click Next
On the Executing Commands page, when the Task Status shows as Completed, click Finish.
Back on the Certificate Wizard, under Certificate, click External Edge certificate (public internet), and then click Request.
On the Certificate Request page, click Next.
On the Delayed or Immediate Requests page, verify that Send the request immediately to an online certification authority is not selected, and then click Next.
On the Certificate Request File page, enter the path and file name and then click Next.
On the Specify Alternate Certificate Template page, leave the check box clear, and then click Next.
On the Name and Security Settings page, in the Friendly Name box, enter the name of the External Cert, verify that the Bit Length is 2048, and then click Next.
On the Organization Information page, in the Organization box, type the organization name. In the Organizational Unit box, type IT, and then click Next.
On the Geographical Information page, in the Country/Region drop-down list, click the country you belong to. In the State/Province box, type the state. In the City/Locality box, type the city, and then click Next.
On the Subject Name/Subject Alternate Names page, review the Subject Name, and then click Next.
On the SIP Domain setting on Subject Alternate Names (SANs) page, select the SIP domain check box, and then click Next.
On the Configure Additional Subject Alternate Names page, you may enter the additional SAN and click Next.
On the Certificate Request Summary page, click Next.
On the Executing Commands page, when the Task Status shows as Completed, click Next.
On the Online Certificate Request Status page, verify that the Assign this certificate to Lync Server certificate usages check box is selected, and then click Finish.
From here, you require to request to the public SSL Cert provider. And download the Certificate and import to the Edge server using MMC.
After you have done that, go back to the deployment wizard and assign the cert.
On the Certificate Assignment page, click Next.
On the Certificate Store Select the External Certificate that you have just import, click Next.
On the Certificate Assignment Summary page, click Next.
On the Executing Commands page, when the Task Status shows as Completed, click Finish.
Back on the Certificate Wizard, click the down arrow next to External Edge certificate (public Internet), verify that Sip Access Edge external, Web Conferencing Edge external, and A/V Edge external show a Status of Assigned, and then click Close.
On the Edge Server, on the Lync Server 2010 – Deployment Wizard page, next to Step 4: Start Services, click Run.
On the Start Services page, click Next.
Wait a few minutes for the services to start. On the Executing Commands page, when the Task Status shows as Completed, click Finish.
Now you have done the setup of the Edge server role. You need to create the necessary DNS records for external user access. Go to your public DNS Server to create the records.
A Record
sip.domain.com – 192.168.250.250 (External IP)
webconf.domain.com – 192.168.250.251 (External IP)
avcondf.domain.com – 192.168.250.252 (External IP)
if you choose consolidate into Single IP than you to point all to same IP
Service Location (SRV)
_sipexternaltls._tcp.domain.com
Leave the Priority and Weight entries as their defaults.
Port Number: 443
Point to sip.domain.com
_sipfederationtls._tcp.domain.com
Leave the Priority and Weight entries as their defaults.
Port Number: 5061
Point to sip.domain.com
_sip._tls.domain.com
Leave the Priority and Weight entries as their defaults.
Port Number: 443.
Point to sip.domain.com
Once done. you are all set.
below there is reference for you.
http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
Next you may follow the link to configure the reverse proxy
http://blog.ucmadeeasy.com/tag/publish-lync-tmg/