Professional Documents
Culture Documents
Edge Server
NextHop
7 Dec 2011 2:45 PM
Deploying Microsoft Lync Server 2010 Edge Server can be a daunting task. Installing the software is
straightforward, but getting every functional element of all the ancillary components configured
properly is a challenge. Before the deployment is fully functional you need to solve issues such as
firewalls, network capacities, reverse proxy, DNS, routes, certificates, and so forth. This
troubleshooting checklist was developed to facilitate a smooth deployment of Edge Server.
Authors: Patrick Kelley with Sebastiaan Poels
Publication date: December 7, 2011
Product version: Microsoft Lync Server 2010
In creating this checklist the following assumptions were made:
Lync Server 2010 is fully functional.
Edge Server is part of a workgroup and is located in a firewalled DMZ.
Lync Server 2010 is in a consolidated configuration.
VPN is not being utilized from a client perspective.
Lync Server 2010 is deployed with all roles (IM, Conferencing, and AV).
Edge Server is deployed and the Lync Server 2010 topology reflects all proper settings.
Note: For an overview of the supported Lync Server 2010 Edge Server deployment strategy please
see the following: Edge Deployment Overview.
Step 1: DNS
Table 1 below shows all the DNS entries required for a Consolidated Edge Server.
Note: All names and IP addresses are assumptive.
Table 1. DNS Entries
Because these DNS entries are public, they need to resolve externally for all users. To test this
functionality, run a simple NSLookup from any machine on a public network. As an example, Figure
1 is a lookup of Microsofts external SRV. Figure 2 shows the A records. All the DNS entries from
Table 1 should succeed with the expected IP addresses. Table 1 is a reference table that can be
used to check all the required DNS records. When you have verified that all DNS entries are correct,
you can move on to Step 2.
Figure 1. NSLookup SRV Records
Table 2 is a list of all required DNS records for a typical Edge Server environment. Verifying that
these records exist and resolve publicly, is a critical step for a proper DNS deployment.
Table 2. DNS Records Reference Table
Task
Behavior
Function
IM/Presence
Audio/Visual
Simple URL
(av.domain.com)
Edge Server
functions
Step 2: Ports
When all DNS entries from Step 1 are valid and working, the next step to verify that all ports are
open and functional. To accomplish this task perform run a series of simple Telnet tests to verify that
the firewall ports are open and accepting connections. To build off the examples above, test
connectivity to your Edge Servers external interfaces from any public network. The results should
look like Figure 3 below. When the Telnet session connects the screen goes blank. This verifies that
the port is open and properly connected.
Figure 3. C:\>Telnet FQDN Port
Table 3 is a list of all required network ports in a typical Edge Server environment. Verifying that all
ports are open is a essential step when building a network architecture.
Table 3. Firewall Ports Reference Table
Task
Port/Protocol
443/SIP
Test to SIP.domain.com
5061/SIP
Test to WebConf.domain.com
443/PSOM
Test to AV.domain.com
443/STUN
Test to WebFarm.domain.com
443/SSL
5061/SIP
Summary
Deploying an Edge Server can be the most challenging aspect of your deployment. It requires an
understanding the application layer and many ancillary components such as the network layer and
the Public Key Infrastructure (PKI). Because so many components must work in unison, it is easy to
miss important architectural details. This document provides an easy reference for DNS, Firewall,
and Certificates. We hope it will help you pinpoint issues and successfully deploy the Lync Server
2010 Edge Server.
Additional Resources
DNS Resolution for Lync 2010 Edge Server
Lync Server 2010 Troubleshooting Tips
Tools
Remote Connectivity Analyzer
The OCS & Lync Sign-In Troubleshooting Tool V3.0
The Remote UC Troubleshooting Tool (RUCT)
Deployment
Name
Comment
Post
8 Dec 2011 4:05 PM
#
Rich
For The OCS & Lync Sign-In Troubleshooting Tool V3.0, is there a way to modify the SRV lookup to
include a '.' at end the records? (ex. _sip._tcp.domain.com.) I need this in my environment to work.
Sebastiaan Poels
EAMatt
Do you have these instructions for someone that has deployed the edge server with a single edge IP
address? The ports are (Access Edge=5061, Web Conf=444, A/V Edge 443) using a single
certificate ledge.contoso.com for all services.
ponboquod
Anonymous
21 Jan 2014 9:34 AM
#
Harry Kochar
asdf
asdf