Edge Server Quick Reference Guide – install and Troubleshoot

I Use this page to speed up the deployment all the time :-p
#Adding the persistent Route
route add –p mask if ?

#Get Replication status

#Force Replication

#Exporting for Edge
export-csconfiguration -filename c:\edge.zip

#Importing to Edge
import-csconfiguration -filename c:\LXLSupportedge.zip -localstore

#Testing the External interfaces (access, webconf & AV) – From Internet

telnet Access Public IP/FQDN port 5061, 443
telnet WebConf Public IP/FQDN port 443
telnet AV Public IP/FQDN port 443

#Testing the Internal interface – From LAN
telnet from:
Lync FE to IP/FQDN port 5061, 5062, 443, 4443 – Used for Replication

#Testing the Internal interface – From DMZ
telnet from:
EDGE to IP/FQDN of Lync FE port 5061

# Ensure the Edge servers of the Federated Partners trust the certificate authority used by the other.

# Check SRV Record for Federation
nslookup -type=SRV _sipfederationtls._tcp.<sipdoamin>

# Test Edge infrastructure with MSTURNPING – Another beauty from the ResKit

It only runs on the Edge server
It needs the Edge Public cert to exist on the FE
If you have multiple Edge pools they will need to have access to each other
And of course they use internal DNS to look each other up

More Edge Stuff…

Make sure you can:-

  • Resolve the Lync server and DC on internal interface (via DNS or Hosts)
  • Resolve the internal CA to verify internal Certificates (via DNS or Hosts)
  •  External interface is used for resolving federation traffic.
  • Getting the cert from the internal CA…Of course you can add the external cert to both edge interfaces as long as the Lync server trusts the issuing authority.

How to check Lync FE Certificates for CMS from Edge Server
Exported the certificate from the server hosting the CMS (without the private key)
Copy the file to the edge server (C:tmpCMSCert.cer).
From a command prompt run:-
Certutil -verify -urlfetch “C:tmpCMSCert.cer” > c:\CRL.TXT

Then I found that you can launch the CA management console and request the cert straight from there…awesome! (newbie…)

This command runs a check on the certificate (including accessing the CRLs) and dumps the results to a text file, it may take a few minutes to complete.
Now simply check the CRL.TXT file for errors

About Paul B

My name is Paul Bloem and I am employed at Lexel Systems in New Zealand as a Principal Consultant for Unified Communications. I have been working on enterprise voice solutions for over 20 years. My first 10 years were spent working for a Telco in South Africa (Telcom SA). This is where all the groundwork happened as I was exposed to just about every aspect of telecommunication you could imagine. I develop an interest in PBX technologies and eventually became the go-to guy. Next, I had a 10 year run at Siemens South Africa, most of my time there was as a Technical Trainer. During this time VoIP hit the world stage, I had the privilege of introducing VoIP both as H.323 and later SIP across the Siemens HiPath 4000 solution stack. In 2008 I immigrated to New Zealand with my newly attained MCSE, I was ready to go where no PBX Techie had gone before. I was employed to explore OCS 2007 and that was pretty much the beginning of the end for me. I have been working on OCS and Lync ever since. My current role focuses exclusively on Lync and associated technologies.. That includes pre-sales, consulting, architecture and design, training and support. I even get to play in the development space from time to time - focus on play ;-) I was nominated as a Microsoft VTSP for Lync early in 2013 and also awarded Microsoft's MVP award for Lync in 2014.
This entry was posted in Edge Server, Install Guide, Lync Edge, Quick Reference Guide, Troubleshoot Edge. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s