I was setting up a Lync Server 2010 Edge Server in my lab and I wondered what would happen if I didn't configure the full computer name on the Edge Server. In previous OCS 2007 environments, I've seen this happen where the domain name is not configured and the full computer name is left as just the computer name:
Since Lync Server 2010 uses a local copy of the Central Management Store to determine which roles to install on the server, and Topology Builder is expecting you to enter the FQDN of the Edge Server, I was curious to see what happens. I left the full computer name as above and proceeded to install the Edge Server. Step 1: Install Local Configuration Store completed successfully, which I expected, since all this is doing is installing SQL Express for the local copy of the CMS database. It was Step 2: Setup or Remove Lync Server Components that I expected something to happen. Running step 2 resulted in the following in the log:
As you can see, the host name found was the computer name, not the full computer name. Since this short name didn't match the FQDN entered in Topology Builder, the installer didn't find any roles to install.
The other interesting part is that since no roles were found, the installer skipped running Enable-CsComputer. This is important because in the beginning of this step the installer ran Disable-CsComputer. So what does the Disable-CsComputer cmdlet do? Here's an excerpt from the RTCCmdlets document:
Removing a service or server role from a computer does not automatically update the Lync Server 2010 topology. Instead, that service or role must be disabled before the changes are fully updated in the topology. The Disable-CsComputer cmdlet provides a way for administrators to disable any services or server roles that have been removed from the local computer.
So the Disable-CsComputer cmdlet disables services, but what services do we have installed for Lync Server 2010 at this point? Looking in the Services MMC shows that there is only one, the Lync Server Replica Replicator Agent service. It gets installed as part of Step 1: Install Local Configuration Store. After that step completes, the service looks like this:
But after running Step 2: Setup or Remove Lync Server Components, the service looks like this:
As you can see, Disable-CsComputer disabled the service from starting. This is interesting, but does it have any impact on the Edge Server? In order to find out I fixed the computer full name and continues on with the install.
After restarting the server, I ran Step 2: Setup or Remove Lync Server Components again.
This time the full computer name was found by the installer.
Since there was a matching entry in the local CMS database, the installer determined that this server is supposed to be configured as an Edge Server and the Edge Server role was installed. I was then able to complete the rest of the installation and start the services, but what about the Lync Server Replica Replicator Agent service that was disabled before? Looking in the Services MMC you can see that it's still disabled.
With this service disabled, no replication of any configuration changes will be sent to the Edge Server. This is especially important if you make any changes to the Edge Server configuration using the Lync Server 2010 Control Panel, like adding/removing a federation partner, PIC, or any Edge Server changes in Topology Builder. If you look at the Topology section in the Lync Server 2010 Control Panel, you will see that replication for the Edge Server will have a red 'X'.
To fix this issue all you need to to is set the Lync Server Replica Replicator Agent to Automatic and start the service. After a couple of minutes, replication should start and the Lync Server 2010 Control Panel should show the following:
Also on the Edge Server you should see the following events in the Lync Server Event Log:
Log Name: Lync ServerSource: LS Replica Replicator Agent ServiceDate: 10/16/2010 3:56:04 PMEvent ID: 3017Task Category: (3003)Level: InformationKeywords: ClassicUser: N/AComputer: TEST-LS14-EDGE.test.deitterick.comDescription:Successfully started replication service using current configuration.
Service Uri: https://TEST-LS14-EDGE.test.deitterick.com:4443/ReplicationWebService
Log Name: Lync ServerSource: LS Replica Replicator Agent ServiceDate: 10/16/2010 4:00:19 PMEvent ID: 3013Task Category: (3003)Level: InformationKeywords: ClassicUser: N/AComputer: TEST-LS14-EDGE.test.deitterick.comDescription:Microsoft Lync Server 2010 (RC), Replica Replicator Agent reported the latest replica status.
Status report reason: DataReceived
Which direction for the Replica Replicator Agent Service has to be open on the firewall?
Master Replicator Agent > Edge: 4443 or
Edge > Master Replication Agent: 4443
It's the first one...Central Management Store > Edge on 4443/TCP.
Thanks for this, had me stumped for a while! I had the name of my edge server set, and had joined my edge server into a workgroup called lynctest.local, thus presuming the FQDN would be picked up from the configuration store as <hostname>.lynctest.local........ Evidently not! You need the DNS suffix filled in.
How do you stop and start the edge services from the Lync control panel, I can't seem to be able to control the edge server from the Lync CPanel and I get no status for the services running on the edge.
You can't start/stop the Edge Server services from the LSCP. You would need to user the Lync Management Shell and the Start/Stop-CsWindowsService -ComputerName <Edge Server FQDN>. Even though it's possible to remotely run those cmdlets against an Edge Server, in most environments, the internal firewall would block you from doing so.
I have a new Lync deployment and I'm planning to publish the edge on free open source firewall e.g. (pfsense, untangled, clearos) Which one would you recommend the most?
We don't provide any recommendations on which firewall to use, so you can use whichever one you'd like.
I already have it working with no issues on TMG with 3 Leg setup! but will give it a shot on Pfsense, I have configured Pfsense as a second firewall and will test it with the edge!
It seems that TMG can only be good for reverse proxy for the variety of options it supports as a RP.