Walk Through – Lync Server 2010 Edge Deployment (Part 7)

Last week, we stop at exporting of the configuration file from Lync FE to Lync Edge.

This week, let’s continue the installation.

On the Edge Server, right-click Start, and then click Open Windows Explorer. Navigate to Lync Setup.exe. and double click. Wait a few moments for setup to start.

On the Installation Location page, leave the default location and click Install. On the License Agreement page, select the I accept the terms in the license agreement check box,
and then click OK.

On the Lync Server 2010 – Deployment Wizard page, click Install or Update Lync Server System.

PrtScr capture

On the Lync Server 2010 – Deployment Wizard page, next to Step 1: Install Local Configuration Store, click Run.

PrtScr capture_2

On the Configure Local Replica of Central Management Store page, verify that Import from a file is selected, and then click Browse.

PrtScr capture_3

Navigate to the location that store Config.zip, click Open, and then click Next.

PrtScr capture_4

On the Executing Commands page, when the Task Status shows as Completed, click Finish.

PrtScr capture_5

On the Lync Server 2010 – Deployment Wizard page, next to Step 2: Setup or Remove Lync Server Components, click Run.

PrtScr capture_6

On the Setup Lync Server components page, click Next.

PrtScr capture_7

On the Executing Commands page, when the Task Status shows as Completed, click Finish.

PrtScr capture_8

Request and assign certificates.

After you have done the first two steps. Now you come to the certificate. you will use private certificates from the internal CA, for internal Edge.

On Lync Edge, on the Lync Server 2010 – Deployment Wizard page, next to Step 3: Request, Install or Assign Certificates, click Run. (due to I already run once, that why you will see “Run Again”

PrtScr capture_9

In the Certificate Wizard window, verify that Edge Internal is selected, and then click Request.

PrtScr capture_10

On the Certificate Request page, click Next.

PrtScr capture_11

On the Delayed or Immediate Requests page, verify that Send the request immediately to an online certification authority is not selected, and then click Next.

PrtScr capture_12

On the Certificate Request File page, enter the path and file name and then click Next.

PrtScr capture_13

On the Specify Alternate Certificate Template page, leave the check box clear, and then click Next.

PrtScr capture_14

On the Name and Security Settings page, in the Friendly Name box, enter the name of the Internal Cert, verify that the Bit Length is 2048, and then click Next.

PrtScr capture_15

On the Organization Information page, in the Organization box, enter the organization name. In the Organizational Unit box, type IT, and then click Next.

PrtScr capture_16

On the Geographical Information page, in the Country/Region drop-down list, click the country you belong to. In the State/Province box, type the state. In the City/Locality box, type the city, and then click Next.

PrtScr capture_17

On the Subject Name/Subject Alternate Names page, review the Subject Name that is automatically populated, and then click Next.

PrtScr capture_18

On the Configure Additional Subject Alternate Names page, leave the fields blank and then click Next.

PrtScr capture_19

On the Certificate Request Summary page, click Next.

PrtScr capture_20

On the Executing Commands page, when the Task Status shows as Completed, click Next.

PrtScr capture_21

On the Certificate Request File page, and then click Finish.

PrtScr capture_22

After you have generate the internal certificate from the DC. You need to import the certificate into the Edge Server. Open up the Certificate Wizard, Select Internal Edge and click “Assign.

PrtScr capture

The Certificate Assignment wizard will open. On the Certificate Assignment page, click Next.

PrtScr capture_2

On the Certificate Store Select the internal Certificate, click Next.

PrtScr capture_3

On the Certificate Assignment Summary, click Next

PrtScr capture_4

On the Executing Commands page, when the Task Status shows as Completed, click Finish.

PrtScr capture_5

Back on the Certificate Wizard, under Certificate, click External Edge certificate (public internet), and then click Request.

PrtScr capture

On the Certificate Request page, click Next.

PrtScr capture_2

On the Delayed or Immediate Requests page, verify that Send the request immediately to an online certification authority is not selected, and then click Next.

PrtScr capture_3

On the Certificate Request File page, enter the path and file name and then click Next.

PrtScr capture_4

On the Specify Alternate Certificate Template page, leave the check box clear, and then click Next.

PrtScr capture_5

On the Name and Security Settings page, in the Friendly Name box, enter the name of the External Cert, verify that the Bit Length is 2048, and then click Next.

PrtScr capture_6

On the Organization Information page, in the Organization box, type the organization name. In the Organizational Unit box, type IT, and then click Next.

PrtScr capture_7

On the Geographical Information page, in the Country/Region drop-down list, click the country you belong to. In the State/Province box, type the state. In the City/Locality box, type the city, and then click Next.

PrtScr capture_8

On the Subject Name/Subject Alternate Names page, review the Subject Name, and then click Next.

PrtScr capture_9

On the SIP Domain setting on Subject Alternate Names (SANs) page, select the SIP domain check box, and then click Next.

PrtScr capture_10

On the Configure Additional Subject Alternate Names page, you may enter the additional SAN and click Next.

PrtScr capture_11

On the Certificate Request Summary page, click Next.

PrtScr capture_12

On the Executing Commands page, when the Task Status shows as Completed, click Next.

PrtScr capture_13

On the Online Certificate Request Status page, verify that the Assign this certificate to Lync Server certificate usages check box is selected, and then click Finish.

PrtScr capture_14

From here, you require to request to the public SSL Cert provider. And download the Certificate and import to the Edge server using MMC.

After you have done that, go back to the deployment wizard and assign the cert.

On the Certificate Assignment page, click Next.

PrtScr capture_15

On the Certificate Store Select the External Certificate that you have just import, click Next.

PrtScr capture_16

On the Certificate Assignment Summary page, click Next.

PrtScr capture_17

On the Executing Commands page, when the Task Status shows as Completed, click Finish.

PrtScr capture_18

Back on the Certificate Wizard, click the down arrow next to External Edge certificate (public Internet), verify that Sip Access Edge external, Web Conferencing Edge external, and A/V Edge external show a Status of Assigned, and then click Close.

PrtScr capture_19

On the Edge Server, on the Lync Server 2010 – Deployment Wizard page, next to Step 4: Start Services, click Run.

PrtScr capture_20

On the Start Services page, click Next.

PrtScr capture_21

Wait a few minutes for the services to start. On the Executing Commands page, when the Task Status shows as Completed, click Finish.

PrtScr capture_23

Now you have done the setup of the Edge server role. You need to create the necessary DNS records for external user access. Go to your public DNS Server to create the records.

A Record
sip.domain.com – 192.168.250.250 (External IP)
webconf.domain.com – 192.168.250.251 (External IP)
avcondf.domain.com – 192.168.250.252 (External IP)

if you choose consolidate into Single IP than you to point all to same IP

Service Location (SRV)
_sipexternaltls._tcp.domain.com
Leave the Priority and Weight entries as their defaults.
Port Number: 443
Point to sip.domain.com

_sipfederationtls._tcp.domain.com
Leave the Priority and Weight entries as their defaults.
Port Number: 5061
Point to  sip.domain.com

_sip._tls.domain.com
Leave the Priority and Weight entries as their defaults.
Port Number: 443.
Point to sip.domain.com

Once done. you are all set.

below there is reference for you.

http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/

Next you may follow the link to configure the reverse proxy

http://blog.ucmadeeasy.com/tag/publish-lync-tmg/

Advertisements

About David Lim

David has over 15 years of experience in IT industry in designing and implementing Microsoft Solutions ranging from small to enterprise customer. He also has experience in designing and developing Microsoft Unified Communications, Collaboration and Office 365 solutions with focus on Exchange, Lync & SharePoint as well as strategic migration planning in complex business environments. He is specializing in architecture and design of Lync Voice deployments. He has been actively involved in various speaking engagements, the recent being the sessions on Lync On-Premise and Office Interoperability in September 2011 and Office 365 Introduction in November 2011. In recognition of his high-quality real-world technical excellence with the community and with Microsoft, David received the prestigious Microsoft Most Valuable Professional (MVP) Award in April 2011.
This entry was posted in Microsoft Lync Server 2010. Bookmark the permalink.

5 Responses to Walk Through – Lync Server 2010 Edge Deployment (Part 7)

  1. Denny says:

    Hi ,

    This is Denny, the creator of this free automated employee
    provisioning/termination app– Z-hire. I wrote this app for the TechNet community a year ago.

    Since you run a very informative blog, I would like your help
    spread the word. Since my application is free, i need supporters from the
    community. It would means a lot if you can help.

    Here is a link to my app
    http://www.zohno.com

    Thanks
    Denny

  2. It is perfect time to make some plans for the long run and it’s time to be happy. I have read this put up and if I may just I wish to recommend you some fascinating issues or advice. Perhaps you could write next articles referring to this article. I want to learn more issues about it!

  3. Jacky says:

    Hi ,
    This is Jacky,
    and when i assign the certificate,but the certificate store is empty,
    Could you help..??

  4. sip provider says:

    I pay a visit daily a few blogs and sites to read articles or reviews, but this weblog presents feature based posts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s