none
Lync Mobility Service deployment edge server

    Question

  • I've been reading the Lync Mobility Service deployment guide. The guide says that the updates need to be installed on all Lync server roles and various other things that needs to be done on the server roles. However, while it says to do certain things on all server roles, the document does not really mention what to do on edge servers until enabling push notifications...

    Please correct me on the following if I'm wrong...

    1. I need to install the cumulative update on the edge server (and on Front End, Director)

    2. Configuring listening ports 5086/5087 are only done on front end servers (not on Director nor Edge)

    3. Dynamic Content Compression component of IIS needs to be installed only on front end servers, not director/edge servers

    4. The McxStandalone.msi needs to be installed on frontend and director server, but not on edge server

    5. Edge server does NOT need its certificates updated. Certificates on the Front End, Director, and reverse-proxy needs additional SAN entries

    Thanks in advance!

    Another point I need clarified: Do I need to install the cumulative update and the McxStandalon.msi and certificates on the Archiving/Monitoring server as well? My guess is no...
    • Edited by eyesoft2222 Wednesday, February 15, 2012 7:12 PM
    Wednesday, February 15, 2012 5:19 PM

Answers

  • Hi,

    1. Do I need to create a new certificate request from Front End and Director separately? Or can I just do one certificate request from Front End, and export that certificate out to Director Server once I get the certificate from the public CA?

    FE servers and Director servers have different FQDN, so you'd better create two separate certificates to them. If you use a public certificate with all the FE servers and Director servers and web services FQDN in the SAN entries, it is possible works for them. But it is not recommended. I think you'd better deploy enterprise ROOT CA in you domain. You can request all certificates of internal servers from it. You just need to request public certificate for Edge server and reverse proxy.

    About certificate for lync server you can read the following article: http://technet.microsoft.com/en-us/library/hh202161.aspx

    2. I'm assuming that for reverse-proxy server, I just export whatever certificate I get returned from the public CA to the reverse proxy server?

    You need to request a public certificate with SAN entries(FQDN of meet, dialin, lyncdiscover services). You can request the public certificate from Godaddy.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, February 21, 2012 2:08 AM
  • I think the complete answers to your questions are:

    1. Every CU needs to be installed on every Lync role to have a supported environment. While it might work, you cannot mix different CU updated versions on different roles. That also answers your question regarding Monitoring & Archiving role: yes, they have to be upgraded to CU4 to remain in a supported environment.
    2. That's right. In the Installing the Mobility and Autodiscover Services it says "you first set the ports for the pool that you want to enable for mobility" and the director is not a member server in the front-end pool. Also, the ports are only required for the mobility service and the director will only host the autodiscover service.  Please follow the steps in Install Mobility Service and Autodiscover Service to perform the installation.
    3. No, you'll also need it on the Director. The Director will host the autodiscover service and Installing the Mobility and Autodiscover Services says: "The Mobility and Autodiscover Services installer requires that the vices (IIS) module for Dynamic Content Compression be installed"
    4. That's right. The McxStandalone.msi is the installer package that installs either the Mobility or Autodiscover service, or both. None of these need to be installed on the Edge.
    5. That's right.

    Certified IT Professional Lync Server 2010 / Exchange 2007 - http://www.uwictpartner.be
    If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.



    Thursday, February 23, 2012 6:38 AM

All replies

  • Your steps and your guess are correct.  You missed adding DNS records but I assume you found that information in your research.  Make sure you run the McxStandalone.msi from the management shell.

    Good job

    Thursday, February 16, 2012 4:38 PM
  • You have to put the McxStandalone.msi in the "C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup" folder and re-run Lync Server Deployment Wizard using the start-menu shortcut.

    Please see the Mobility deployment post on pro-exchange.


    Certified IT Professional Lync Server 2010 / Exchange 2007 - http://www.uwictpartner.be
    If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.

    Friday, February 17, 2012 6:24 AM
  • Is that something that is not in the documentation?

    Friday, February 17, 2012 6:45 AM
  • Hi,

    You're right.

    After you install the CU4 on FE, Director, Edge server, you'd better install the some of the update on the Monitoring server and Stand-alone Mediation Server. For detail, please read the following article about List of server roles and the updates that apply to them:

    http://support.microsoft.com/kb/2493736


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, February 17, 2012 8:08 AM
  • Thanks for the help guys... I'm a complete Lync newbie...

    I got to the step where I request certificates with the additional SANs... The official document is a bit confusing, so thought I might ask for clarification...

    1. Do I need to create a new certificate request from Front End and Director separately? Or can I just do one certificate request from Front End, and export that certificate out to Director Server once I get the certificate from the public CA?

    2. I'm assuming that for reverse-proxy server, I just export whatever certificate I get returned from the public CA to the reverse proxy server?

    Thanks again guys, 


    me

    Monday, February 20, 2012 8:51 PM
  • Hi,

    1. Do I need to create a new certificate request from Front End and Director separately? Or can I just do one certificate request from Front End, and export that certificate out to Director Server once I get the certificate from the public CA?

    FE servers and Director servers have different FQDN, so you'd better create two separate certificates to them. If you use a public certificate with all the FE servers and Director servers and web services FQDN in the SAN entries, it is possible works for them. But it is not recommended. I think you'd better deploy enterprise ROOT CA in you domain. You can request all certificates of internal servers from it. You just need to request public certificate for Edge server and reverse proxy.

    About certificate for lync server you can read the following article: http://technet.microsoft.com/en-us/library/hh202161.aspx

    2. I'm assuming that for reverse-proxy server, I just export whatever certificate I get returned from the public CA to the reverse proxy server?

    You need to request a public certificate with SAN entries(FQDN of meet, dialin, lyncdiscover services). You can request the public certificate from Godaddy.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, February 21, 2012 2:08 AM
  • In the document that the person who deployed Lync servers here wrote, the person described that he requested one certificate from the front end server with all the necessary s and URL'son that cert request. He then exported the cert from the front end to import into Director and Edge. So I'm guessing I can do one cert request and export/import?


    me

    Question about certificate requirements.... is frontendpool.<sip-domain> required to be on the cert? on the Lync server poster, it is not listed as a requirement (only frontendpool.<ad-domain>)...

    Ran out of space on the certs and seeing if I can do without some of the URL's on the cert...

    • Edited by eyesoft2222 Tuesday, February 21, 2012 3:21 PM
    Tuesday, February 21, 2012 10:53 AM
  • HI,

    In theory, it can work for you. So please have a try.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, February 23, 2012 2:18 AM
  • I think the complete answers to your questions are:

    1. Every CU needs to be installed on every Lync role to have a supported environment. While it might work, you cannot mix different CU updated versions on different roles. That also answers your question regarding Monitoring & Archiving role: yes, they have to be upgraded to CU4 to remain in a supported environment.
    2. That's right. In the Installing the Mobility and Autodiscover Services it says "you first set the ports for the pool that you want to enable for mobility" and the director is not a member server in the front-end pool. Also, the ports are only required for the mobility service and the director will only host the autodiscover service.  Please follow the steps in Install Mobility Service and Autodiscover Service to perform the installation.
    3. No, you'll also need it on the Director. The Director will host the autodiscover service and Installing the Mobility and Autodiscover Services says: "The Mobility and Autodiscover Services installer requires that the vices (IIS) module for Dynamic Content Compression be installed"
    4. That's right. The McxStandalone.msi is the installer package that installs either the Mobility or Autodiscover service, or both. None of these need to be installed on the Edge.
    5. That's right.

    Certified IT Professional Lync Server 2010 / Exchange 2007 - http://www.uwictpartner.be
    If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.



    Thursday, February 23, 2012 6:38 AM
  • To create the public DNS record for the external Autodiscover service, I'll need to contact GoDaddy (our public DNS provider)? And what should the record be? The name of the A record is lyncdiscover, and what IP should it point to?

    Again, thanks guys for helping out!


    Andrew Shin, TechNet Forum replies

    Friday, February 24, 2012 12:11 PM
  • You're right and it should point to the reverse proxy server that is publishing your autodiscovery service.


    Certified IT Professional Lync Server 2010 / Exchange 2007 - http://www.uwictpartner.be
    If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.

    Friday, February 24, 2012 12:53 PM
  • This is more a general Edge server question that I've ran into while reading a few Lync guides... In every blogs / guides that I've gone through, FQDN of edge servers is lyncedge.<contoso.com>... Edge servers seem to be joined to the domain... I thought Edge isn't supposed to be joined to the domain... Could anyone explain?

    How can the Edge server not be joined to the domain but still have an FQDN of edge.<ad-domain>??


    me


    • Edited by eyesoft2222 Friday, February 24, 2012 3:22 PM
    Friday, February 24, 2012 3:18 PM