Install Server
,At this point, the target server should be fully prepared and meet all prerequisites.
Export Topology
The process for installing a local configuration store on an Edge Server varies depending on whether an Edge Server is part of the Active Directory domain and can access the configuration store directly. Typically, the Edge Server is isolated and requires a few extra manual steps to read the topology. These steps involve exporting the entire topology to an XML file and copying it to the Edge Server.
1. Open the Lync Server Management Shell.
2. Run the following command:
Export-CSConfiguration –FileName C:Lync2010.zip
3. Copy the file to the Edge Server prior to beginning the installation.
Install Local Configuration Store
To install a server role in Lync Server, the target server must first have a local configuration store installed and populated with the topology information.
1. Insert the Lync Server media on the server to be used as an Edge Server and launch Setup.exe found in the Setupamd64 folder.
2. Enter a location for the installation files to be cached and click Install.
3. Click Install or Update Lync Server system.
4. Under Step 1: Install Local Configuration Store, click Run.
5. Because the Edge Server is part of a workgroup and cannot access the Central Management Store, select import from a file, and then click Browse. If the Edge Server is part of the domain, it should be able to read the Central Management Store directly.
6. Select the .zip file copied earlier and then click Next.
7. Click Finish when the topology is imported successfully.
Install Lync Server Components
The following steps enable the server to read the topology information from the local configuration store, and then install the server roles matching its own FQDN.
1. Under Step 2: Setup or Remove Lync Server Components, click the Run button.
2. Select Next to begin the Edge Server installation published in the topology.
3. When prompted to install the Microsoft Network Service, click the Install button.
4. Click Finish when the installation completes.
Create Certificates
Like all other roles in Lync Server, the Edge Server communicates to other servers in the organization using Mutual Transport Layer Security (MTLS). The Edge Server requires a few certificates depending on the services published. At a minimum, the Edge Server always requires a certificate with its internal FQDN for communication to other servers.
• The subject name should contain the Edge pool’s internal fully qualified domain name (FQDN).
The certificate used for Access Edge services should adhere to the following guidelines:
• The subject name should be the published address for Access Edge services.
• All supported SIP domains must be entered as a subject alternative name in the format sip.<SIP domain>.
The certificate used for Web Conferencing Edge services should adhere to the following guideline:
• The subject name should be the published address for Web Conferencing Edge services.
The certificate used for A/V Authentication service has no specific guidelines. The certificate is used only to generate encryption keys, but the name used by the wizard matches the internal Edge pool FQDN.
→ See Chapter 27 for a more detailed explanation of certificate requirements.
Note
The Certificate Wizard in Lync Server automatically populates the subject name and required subject alternative names based on the published topology. This greatly simplifies certificate confusion created by prior versions. As long as the published topology is accurate, changing the certificate names or adding subject alternative names is unnecessary.
Use the following steps to request and assign the necessary certificates:
1. Under Step 3: Request, Install, or Assign Certificate, click the Run button.
2. Highlight the Edge internal option and click the Request button.
3. Click Next to begin the wizard.
4. Select to either Send the request immediately to an online certification authority or Prepare the request now, but send it later (offline certificate request) and click Next. Typically an Edge server will have to use the Prepare the request now, but send it later option.
5. Click the Browse button and select a file location for the certificate signing request (CSR) and click Next.
6. To use the standard WebServer template, click Next on the Specify Alternate Certificate Template page.
7. Enter a friendly name for the certificate such as Lync Server Internal.
8. Select a key bit length of 1024, 2048, or 4096.
9. If the certificate should be exportable, select the Mark certificate private key as exportable check box and click Next.
10. Enter an organization name, which is typically the name of the business.
11. Enter an organizational name, which is typically the name of a division or department, and click Next.
12. Select a country, enter a state or province, and enter a city or locality, and then click Next.
13. Click Next after reviewing the automatically populated subject and subject alternate names.
14. Do not add additional subject alternative names and press Next.
15. Click Next to complete the request, and then click Finish to complete the wizard.
After completing the wizard, run through it a one more time to generate a CSR for the External Edge certificate.
If the certificates are issued from an online certificate authority, they should be installed automatically. If an offline request is issued, the wizard must be re-run with the option to complete an offline request.
Assign Certificates
After creating the necessary certificates, the Edge Server services must have certificates assigned to them. This process binds each certificate to a specific Edge service. To assign a certificate, perform the following steps:
1. Under Step 3: Request, Install, or Assign Certificate, click the Run button.
2. Highlight Edge internal and click the Assign button.
3. Click the Next button to begin the wizard.
4. Select Assign an existing certificate, and then click Next.
5. Select the correct certificate for this usage. Certificates will not appear here unless they can be verified to a Trusted Root Certification Authority and have a private key associated. Press Next.
6. Verify that the certificate is selected, and then click Next.
7. Click Finish when the process is complete.
Repeat the previous steps for the External Edge services certificate.
Start Services
After the necessary certificates are requested and assigned, the Lync Server Edge Server services can be started.
1. Beneath Step 4: Start Services, and then click the Run button.
2. Click Next to start the Lync Server services.
3. Click Finish to complete the wizard.
At this point, the Edge Server installation is complete and functional.