Hello Readers
As continuing on Part 2, we are now going to look at Installing Lync 2013 Monitoring and Lync Edge Server before than moving on to Part 4 – Installing KEMP VLM for Reserve Proxy. As always there are a couple of pre-requisites we need to complete before inserting the media into the Server.
If you are not installing Lync 2013 Pre-requisites this way you are doing it wrong. My fellow colleague from The UC Architects Pat Richard has created the one of the best scripts that can be in any Lync Specialist tool kit.
Download .\Set-Cs2013Features from http://www.ehloworld.com/1697 and place on the Edge Server as we will need this file later in this post.
The first part of this article we are going to look at installing Lync Monitoring.
Log on to your Lync Front End Server and launch Lync Topology Builder.
Navigate –> Lync Server –> Your Site –> Lync Server 2013 –> Standard Edition Front End Servers –> Your Server
Right Click –> Edit Properties –> Scroll Down to Monitoring
Tick Monitoring –> Press New –> Enter your SQL Server FQDN –> Specify your instance –> Untick This SQL instance is in mirroring relation (As stated in Part 1 you should already have a SQL Server with an instance available) –> Press OK
Press OK –> Press Action –> Press Topology –> Press Publish
Press Next
Press Next –> This should complete successfully –> Press Finish
Launch Lync Deployment Wizard
Press Yes –> Click Deploy Monitoring Reports
Press Next
Press Specify a User Account and Password that has rights to the instance –> Press Next
Press Specify User Group (I will be using the default group) –> Press Next
Press Finish
Launch the Lync Server Control Panel
Login with an account that is apart of the CSAdministrator
Click View Monitoring reports –> Click your SQL Server FQDN
You should now see the below window 
Successful deployment of Lync Monitoring
Now we are going to move on to install Lync Edge Server. Log into your Lync Edge Server
There is a couple of things we need to do first one ensure you have two network connections
- 1 NIC to LAN (10.10.10.12/24)
- 1 NIC to DMZ (172.16.1.12/24)
The Edge Server must not be domain joined.
Next think you will need to do is go to Computer Name/Domain Changes –> Press More
Specify Primary DNS Suffix on this computer –> Press OK –> Press OK –> Press OK –> Press Close –> Press Restart Now
Once your Server has restarted launch Pat Richard Script.
Select Option 3 to install Lync Front End Server.
And following the on screen prompts, its couldn’t be any simpler. You will need an internet connection into this machine as its downloads three components to C:\_Install or you can manually place the files but doing this will not ensure you have got the latest versions.
Files can be found here http://1drv.ms/1mcSJsr – Update as of 03/07/14
Now insert your Lync Media and Run Setup.exe
Click Yes –> Click Yes
Click Install
Tick “I accept the terms” –> Press OK –> Once installation is complete you will be welcomed by the below window
We now need to go back to the Lync Front End Server and open topology builder
Tick Download Topology –> Press Ok
Save the tbxml into your choose location –> Press Save
Navigate Lync Server –> Your Site Name –> Lync Server 2013 –> Right Click Edge Pool –> Press New Edge Pool
Press Next –> Select Single Computer Pool –> Enter your Edge Name –> Press Next
Tick Enable federation (port 5061) –> Press Next
Tick Enable IPv4 on internal interface –> Enable IPv4 on external interface –> Tick External IP address this Edge pool is translated by NAT –> Press Next
You will now need to enter FQDNs for;
- Access Edge
- Web Conferencing
- AV Edge
I will be using;
- sip.lyncme.co.uk (Good practice to use SIP.domain.com)
- wc.lyncme.co.uk (Common practice)
- av.lyncme.co.uk (Common practice)
Press Next
Enter Internal IP for Server –> Press Next
Enter External IP Address(s) for Edge Services. I have used 3 IP Address from home network –> Press Next
Enter IP Public Address –> Press Next
I will be using 192.168.0.140
Press Next –> Press Finish
Press Action –> Press Topology –> Press Publish
Press Next –> Press Finish
We now need to launch Lync Management Shell to export the CsConfiguration for the Edge Server.
As you can see from below I have exported the file as .zip. This is important. Now move the .zip to the Edge Server.
We now need to go back to the Edge Server and add additonal IP Address to the DMZ NIC for Access Edge, Web Conf and AV Edge.
Go to the Properties of the Internet Protocal Version 4 (TCP/IPv4) Properties –> Advanced –> Add the IP Address for
- Access Edge
- Web Conf
- AV Edge
Note: This is step not completed the Lync Services wont start
We now need to go back to the Lync Deployment Wizard, Click Install or Update Lync Server System
Under Step 1: Install Local Configuration Store, Click Run
Specify the .zip file to Import as shown below –> Press Next
Press Finish once complete
Under Step 2: Setup or Remove Lync Server Components, Click Run
Press Next –> Press Finish
Under Step 3: Request, Install or Assign Certificates, Click Run
Press Request for Edge Internal
Press Next –> Tick Prepare the request now –> Press Next
Press Browse –> Type Name for File –> Press Open
Press Next
Press Next –> Type Friendly Name –> Press Next
Enter Organization –> Enter Organization Unit –> Press Next
Specify Country/Region –> Enter State –> Enter City –> Press Next
Press Next –> Press Next –> Press Next –> Press Next
Press Next –> Press Finish
As you can the request file has been created on my Desktop.
We now need to open Internet Explorer and go to the Web Certificate Request for your domain
Type http://caserver.domain.local/certsrv –> Enter Domain Administrator Username and Password –> Press OK
Press Request a Certificate
Press Advance Certificate Request
Press Submit a Certificate request by using a base 64-encoded CMC
Now open your Certificate Request with Notepad –> Copy Request –> Paste into Saved Request –> Select Web Server Certificate Template –> Press Submit
Press Download Certificate Chain
Save to a location on your Edge Server with a name you can easily identify –> Press Save
Open Certificate Chain –> Export both Certificates to your Edge Server
Right Click your Root Certificate –> Press Install Certificate
Tick Local Machine –> Press Next
Tick Place all certificate in the following store –> Select Trusted Root Certificate Authorities –-> Press OK –> Press Next –> Press Finish –> Press OK
Now going back to the Certificate Wizard –> Press Import Certificate
Press Browse –> Select the certificate you exported –> Press Next –> Press Next
Press Finish
Press Assign –> Press Next
Select the Edge Internal Certificate –> Press Next –> Press Next
Press Finish
Select Edge External –> Press Request
Press Next –> Tick Prepare the request now –> Press Next
Press Browse –> Type Name for File –> Press Open
Press Next –> Type Friendly Name –> Mark sure the Tick for Mark this certificates private key as exportable is ticked –> Press Next
Enter Organization –> Enter Organization Unit –> Press Next
Specify Country/Region –> Enter State –> Enter City –> Press Next
Press Next –> Press Next –> Press Next –> Press Next
Press Next –> Press Next –> Press Next
I am going to add in 2 additional SAN Names
- lyncdiscover.lyncme.co.uk
- web.lyncme.co.uk
Lync Discover is just a good habit to have and web is because it will be required for Reserve Proxy as if you remember in part 2 I specified the External URL as web.lyncme.co.uk
Press Next once you have added SAN Names
Press Next –> Press Next –> Press Finish
As you can the request file has been created in my chosen location.
We now need to open Internet Explorer and go to the Public Web Certificate Request for your domain
Type http://publicca.domain.local/certsrv or http://10.10.10.50/certsrv
Press Request a Certificate
Press Advance Certificate Request
Press Submit a Certificate request by using a base 64-encoded CMC
Now open your Certificate Request with Notepad –> Copy Request –> Paste into Saved Request –> Select Web Server Certificate Template –> Press Submit
Your request is now pending on the Public CA Server. We now need to issue that certificate from PublicCa Server.
Login into PublicCa Server –> Open Certificate Authority
Navigate –> Pending Requests –> Right Click Request –> All Tasks –> Issue
Go back to the Edge Server and open
http://publicca.domain.local/certsrv or http://10.10.10.50/certsrv
Press View the status of pending certificate request
Press Saved-Request Certificate
Press Download Certificate Chain
Save to a location on your Edge Server with a name you can easily identify –> Press Save
Open Certificate Chain –> Export both Certificates to your Edge Server
When exporting ensure you specify Base-64 encoded X.509 (.cer)
Right Click your Root Certificate –> Press Install Certificate
Tick Local Machine –> Press Next
Tick Place all certificate in the following store –> Select Trusted Root Certificate Authorities –-> Press OK –> Press Next –> Press Finish –> Press OK
Now going back to the Certificate Wizard –> Press Import Certificate
Press Browse –> Select the certificate you exported –> Press Next –> Press Next
Press Finish
Press Assign –> Press Next
Select the Edge External Certificate –> Press Next –> Press Next
Press Finish
Once complete press Close
Under Step 4: Start Services, Click Run
If you open Services you should see all the Services up and running
If everything is configured correctly you should see the below from Lync Front End and running command Get-CsManagementStoreReplicationStatus
If Edge shows False then check if you can ping the Edge Server by FQDN, ensure port 4443 is open from Lync End to Edge Server
This concludes this post
Regards
Andrew Price