• Home
  • My Tools
  • Visio Stencils
  • Online Tools
  • PS Scripts
  • PS One Liners
  • Downloads
  • Product Review
  • About

Smarter Together

~ by I.M.H.O.

Smarter Together

Category Archives: Lync Edge

Edge Server Quick Reference Guide – install and Troubleshoot

26 Tuesday Jun 2012

Posted by Paul Bloem in Edge Server, Install Guide, Lync Edge, Quick Reference Guide, Troubleshoot Edge

≈ Leave a comment

I Use this page to speed up the deployment all the time :-p
#Adding the persistent Route
route add –p 192.168.99.0 mask 255.255.255.0 192.168.99.252 if ?

#Get Replication status
Get-CsManagementStoreReplicationStatus

#Force Replication
Invoke-CsManagementStoreReplication

#Exporting for Edge
export-csconfiguration -filename c:\edge.zip

#Importing to Edge
import-csconfiguration -filename c:\LXLSupportedge.zip -localstore

#Testing the External interfaces (access, webconf & AV) – From Internet

telnet Access Public IP/FQDN port 5061, 443
telnet WebConf Public IP/FQDN port 443
telnet AV Public IP/FQDN port 443

#Testing the Internal interface – From LAN
telnet from:
Lync FE to IP/FQDN port 5061, 5062, 443, 4443 – Used for Replication

#Testing the Internal interface – From DMZ
telnet from:
EDGE to IP/FQDN of Lync FE port 5061

# Ensure the Edge servers of the Federated Partners trust the certificate authority used by the other.

# Check SRV Record for Federation
nslookup -type=SRV _sipfederationtls._tcp.<sipdoamin>

# Test Edge infrastructure with MSTURNPING – Another beauty from the ResKit

It only runs on the Edge server
It needs the Edge Public cert to exist on the FE
If you have multiple Edge pools they will need to have access to each other
And of course they use internal DNS to look each other up

More Edge Stuff…

Make sure you can:-

  • Resolve the Lync server and DC on internal interface (via DNS or Hosts)
  • Resolve the internal CA to verify internal Certificates (via DNS or Hosts)
  •  External interface is used for resolving federation traffic.
  • Getting the cert from the internal CA…Of course you can add the external cert to both edge interfaces as long as the Lync server trusts the issuing authority.

How to check Lync FE Certificates for CMS from Edge Server
Exported the certificate from the server hosting the CMS (without the private key)
Copy the file to the edge server (C:tmpCMSCert.cer).
From a command prompt run:-
Certutil -verify -urlfetch “C:tmpCMSCert.cer” > c:\CRL.TXT

Then I found that you can launch the CA management console and request the cert straight from there…awesome! (newbie…)

This command runs a check on the certificate (including accessing the CRLs) and dumps the results to a text file, it may take a few minutes to complete.
Now simply check the CRL.TXT file for errors
Advertisement

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Skype (Opens in new window)
  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)

Like this:

Like Loading...

Edge Server Quick Reference Guide – install and Troubleshoot

25 Monday Jun 2012

Posted by Paul Bloem in Edge Server, Install Guide, Lync Edge, Quick Reference Guide, Troubleshoot Edge

≈ Leave a comment

I Use this page to speed up the deployment all the time :-p
#Adding the persistent Route
route add –p 192.168.99.0 mask 255.255.255.0 192.168.99.252 if ?

#Get Replication status
Get-CsManagementStoreReplicationStatus

#Force Replication
Invoke-CsManagementStoreReplication

#Exporting for Edge
export-csconfiguration -filename c:\edge.zip

#Importing to Edge
import-csconfiguration -filename c:\LXLSupport\edge.zip -localstore

#Testing the Ext interface – From Internet
telnet public IP/FQDN port 5061, 443

#Testing the Internal interface – From LAN
telnet from:
Lync FE to IP/FQDN port 5061, 5062, 443, 4443 – Used for Replication

#Testing the Internal interface – From DMZ
telnet from:
EDGE to IP/FQDN of Lync FE port 5061

# Ensure the Edge servers of the Federated Partners trust the certificate authority used by the other.

# Check SRV Record for Federation
nslookup -type=SRV _sipfederationtls._tcp.

# Test Edge infrastructure with MSTURNPING – Another beauty from the ResKit

It only runs on the Edge server
It needs the Edge Public cert to exist on the FE
If you have multiple Edge pools they will need to have access to each other
And of course they use internal DNS to look each other up

More Edge Stuff…

Make sure you can:-

  • Resolve the Lync server and DC on internal interface (via DNS or Hosts)
  • Resolve the internal CA to verify internal Certificates (via DNS or Hosts)
  • External interface is used for resolving federation traffic.

    Getting the cert from the internal CA…Of course you can add the external cert to both edge interfaces as long as the Lync server trusts the issuing authority.


A little pain I had was that after generating the request I tried connecting to the CA web (https:\\\certsrv) with no joy of course. I wouldnt even connect from the CA itself, very frustrating.

How to check Lync FE Certificates for CMS from Edge Server
Exported the certificate from the server hosting the CMS (without the private key)
Copy the file to the edge server (C:\tmp\CMSCert.cer).
From a command prompt run:-

Then I found that you can launch the CA management console and requet the cert straight from there…awesome! (newbie…)

Certutil -verify -urlfetch “C:\tmp\CMSCert.cer” > c:\CRL.TXT
This command runs a check on the certificate (including accessing the CRLs) and dumps the results to a text file, it may take a few minutes to complete.
Now simply check the CRL.TXT file for errors

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Skype (Opens in new window)
  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)

Like this:

Like Loading...

Lync SRV Records

21 Saturday Jan 2012

Posted by Paul Bloem in DNS, Lync Edge, SRV, SRV Record

≈ Leave a comment

I was configuring a new Edge environment today and thought I’d done it enough times not to have to refer to my notes. It was at this time that I realized that I hadn’t clearly documented the different SRV record options…only noticed as I had to take a peek 🙂

Internal DNS SRV
_sipinternaltls._tcp.  #for each sip domain (multiplied by each Front End Server)
If not using split brain DNS it is wise to add a sip. A record (I usually add it either way)

External DNS SRV
_sip._tls.    #for each sip domain
_sipfederationtls._tcp.  #for each sip domain

HOWEVER…
I did come across an environment that didn’t have the ability to add SRV records externally and were  not using split brain DNS.

External DNS add the following:-
       sipexternal. point it the the Edge Server Public FQDN (the consolidated name also works as long as its in the certificate as a SAN)

Internal DNS add the following:-
     sip. pointing to the Front End Server

More details on SRV records…

Lync Auto login SRV Record
Service: _sipinternaltls
Protocol: _tcp

Priority = 0
Weight = 0
Port Number: 5061
Host:

OCS Auto login SRV Record
Service: _autodiscover
Protocol: _tls

Priority = 0
Weight = 0
Port Number: 443
Host: sip.

Federation (Autodiscover)SRV Record
Service: _sipfederationtls
Protocol: _tcp

Priority = 0
Weight = 0
Port Number: 5061
Host:

PB

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Skype (Opens in new window)
  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)

Like this:

Like Loading...
← Older posts
Newer posts →

IMHO YouTube Channel

Follow Smarter Together on WordPress.com

Enter your email address to subscribe and receive notifications of new posts.

Join 674 other subscribers

Show your appreciation by donating

Archives

Category

ABS ABServer ADContacts Address Book AddressBook AddressBook Service Communicator contacts CX500 Devices DHCP DNS Edge Server Error Codes event id Exchange UM 2010 GAL Install Guide Lync 2013 Tools Lync Edge Lync Tools Microsoft Teams Monitoring Polycom Powershell Scripts Product Review QOS Quick Reference Guide Reskit RGS RTC Database SIP SIP Options Skype for Business Skype for Business Monitoring Skype for Business Tools SQL Teams TMG Tool Tools Troubleshoot Edge UC Sorted Tools UM Uncategorized Unified Messaging visio Visio Stencil voicemail

Create a free website or blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Smarter Together
    • Join 63 other followers
    • Already have a WordPress.com account? Log in now.
    • Smarter Together
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: