Today I decided that it would be a good idea to get my “old” OCS 2007 R2 Edge server upgraded to Lync RTM before the big launch next week. I have already moved all of our users to the new Lync Enterprise pool.
The Lync Edge Server configuration went something like this:
- Create Edge configuration in Topology builder
- Define Internal IP for internal interface
- Define External IP and port 443 for Access Edge Interface and FQDN
- Define External IP and port 443 for Web Conferencing Interface and FQDN
- Define External IP and port 443 for A/V interface and FQDN
- Publish the topology
- export the topology export-cstopology -filename C:\edge.zip
- Install pre-req’s on Edge
- Run setup.exe and choose install or update Lync Server system
- Install Local Configuration Store choosing to import the configuration from the edge.zip file (copy it to the edge server)
- choose option 2 to Setup or Remove Lync Server Components
- Then request, install or assign Certificates (I generated a new access edge certificate because of the following in the RTM docs
To create a certificate request for the external interface of the Edge Server to support public IM connectivity with AOL
- When the required template is available to the CA, use the following Windows PowerShell cmdlet from at the Edge server to request the certificate:
Request-CsCertificate -New -Type AccessEdgeExternal -Output C:\<certfilename.txt or certfilename.csr> -ClientEku $true -Template <template name>
The default certificate name of the template provided in Lync Server 2010 is Web Server. Only enter the <template name> if you need to specify a different template from the default
Note: If your organization wants to support public IM connectivity with AOL, you must use Windows PowerShell instead of the Certificate Wizard to request the certificate to be assigned to the external edge for the Access Edge service. This is because the Lync Server 2010 Web Server template that the Certificate Wizard uses to request a certificate does not support client EKU configuration. Before using Windows PowerShell to create the certificate, the CA administrator must create and deploy a new template that supports client EKU.
13. Assign the certificates and then Step 4 is to start the services.
14. If any of the services fail to start ensure that you have assigned all the correct IP addresses in the topology builder, if they are not correct the service will fail to bind to the IP address as it doesn’t exist.
15. Here are some thing I did that caused some delay:
- I failed to change the Site Federation route assignment for my site in topology builder to the new Lync RTM edge server. The Edge deployment wizard will automatically associate the edge server with the edge pool for your Enterprise Server. It will not set the federation box. This will cause all of your contacts that you are federated with to show presence unknown
- So after that everything should be good right NO!
- You need to verify the users that are using federation are assigned the appropriate External Access Policy in the user property page and that policy has the external compnents allowed or enabled
- So at that point everything should be good right NO again! I can now see my federated OCS 2007 R2/Lync contacts presence but no AOL, MSN, YAHOO!
- Under External User Access in the Lync Server Control Panel you need under the provider tab you need to allow communication with the public provider by editing the properties and enabling them and choosing the appropriate type of verification level.
- So at this point everything should be good right YES!
Tested and everything is working.