Check out the most comprehensive, actively managed Lync blog roll in the known universe, your one-stop source for links to over 100 of the very best Lync blogs. Here you will also find weekly blog highlights and a feed for a dozen of the top blogs.
Lync Server Support Home
Top Lync Solutions RSS Feed
Microsoft Senior Support engineers walk you through real-life support cases, giving you an insider’s view into the systematic approach they use to troubleshoot Lync Server issues.
These short videos focus on specific tasks and show you how to accomplish them for Microsoft Lync Server 2010.
Deploying Microsoft Lync Server 2010 Edge Server can be a daunting task. Installing the software is straightforward, but getting every functional element of all the ancillary components configured properly is a challenge. Before the deployment is fully functional you need to solve issues such as firewalls, network capacities, reverse proxy, DNS, routes, certificates, and so forth. This troubleshooting checklist was developed to facilitate a smooth deployment of Edge Server.
Authors: Patrick Kelley with Sebastiaan Poels
Publication date: December 7, 2011
Product version: Microsoft Lync Server 2010
In creating this checklist the following assumptions were made:
Note: For an overview of the supported Lync Server 2010 Edge Server deployment strategy please see the following: Edge Deployment Overview.
Table 1 below shows all the DNS entries required for a Consolidated Edge Server.
Note: All names and IP addresses are assumptive.
Table 1. DNS Entries
Because these DNS entries are public, they need to resolve externally for all users. To test this functionality, run a simple NSLookup from any machine on a public network. As an example, Figure 1 is a lookup of Microsoft’s external SRV. Figure 2 shows the A records. All the DNS entries from Table 1 should succeed with the expected IP addresses. Table 1 is a reference table that can be used to check all the required DNS records. When you have verified that all DNS entries are correct, you can move on to Step 2.
Figure 1. NSLookup SRV Records
Figure 2. NSLookup A Records
Table 2 is a list of all required DNS records for a typical Edge Server environment. Verifying that these records exist and resolve publicly, is a critical step for a proper DNS deployment.
Table 2. DNS Records Reference Table
Nslookup from the External client
Nslookup for Access Edge (sip.domain.com)
Reply with the external IP of your Access Edge interface
Nslookup your Web Conferencing Edge (WebCon.domain.com)
Reply with the external IP of your Web Conferencing interface
Nslookup for AV edge
Reply with the external IP of your AV Edge interface
Nslookup for Meet Simple URL
Reply with the external IP of your Reverse Proxy interface
Nslookup for Dial-In Conferencing Simple URL
Nslookup for Lync External Web Farm
Lync Web Services
Nslookup for Open Federation Discovery
Reply with a SRV record pointing to the Access Edge interface on port 5061
Nslookup for Automatic sign-on
Reply with a SRV record pointing to the Access Edge interface on port 443
Nslookup from the Lync 2010 Edge Server
Nslookup the Internal Lync 2010 Pool (Pool.domain.com)
Reply with the Internal Pool IP address
Next Hop to internal Lync 2010 Pool
Nslookup from the Lync 2010 Pool
Nslookup the Lync 2010 Internal Edge interface
Reply from the internal interface of the Lync Edge server
Edge Server functions
When all DNS entries from Step 1 are valid and working, the next step to verify that all ports are open and functional. To accomplish this task perform run a series of simple Telnet tests to verify that the firewall ports are open and accepting connections. To build off the examples above, test connectivity to your Edge Servers external interfaces from any public network. The results should look like Figure 3 below. When the Telnet session connects the screen goes blank. This verifies that the port is open and properly connected.
Figure 3. C:\>Telnet FQDN Port
Table 3 is a list of all required network ports in a typical Edge Server environment. Verifying that all ports are open is a essential step when building a network architecture.
Table 3. Firewall Ports Reference Table
Telnet from External Client
Test to SIP.domain.com
Test to WebConf.domain.com
Test to AV.domain.com
Test to WebFarm.domain.com
Telnet from Lync 2010 Edge
Telnet to Pool.domain.com
Telnet from Lync 2010 Pool
Telnet to LyncEdge.domain.com
When your DNS resolves perfectly and ports are open and communicating — you are ready to address certificates.
The Lync Server 2010 Deployment Wizard facilitates the certificate setup process, but multiple issues need to be clarified to ensure a successful deployment.
Note: For assistance with setting up certificates please see the following TechNet URL: Set Up Edge Certificates.
Request-CsCertificate -New -Type AccessEdgeExternal -Output C:\ <certfilename.txt or certfilename.csr> -ClientEku $true -Template <template name>
Figure 4. FQDN
Deploying an Edge Server can be the most challenging aspect of your deployment. It requires an understanding the application layer and many ancillary components such as the network layer and the Public Key Infrastructure (PKI). Because so many components must work in unison, it is easy to miss important architectural details. This document provides an easy reference for DNS, Firewall, and Certificates. We hope it will help you pinpoint issues and successfully deploy the Lync Server 2010 Edge Server.