Tuesday, March 15, 2011

Lync 2010 Deployment Guide (adding Edge Role - part II)

Of course, first we must add our Edge server in Topology Builder first and publish the topology.

*** Note that is used here the internal FQDN (edgeint.drago.local)

Here we use the DMZ IP address which we will later map to Public IP address on our firewall

…and now we enter the Public IP address mapped to

The next hop is out only Lync FE server in the deployment.

…and mark our pool for external media traffic.

Let’s recap what we have done so far, because this is VERY important and misunderstanding this ultimately will lead to problems later!

  • 1.        Our internal server FQDN is exdgeint.drago.local
  • 2.       The internal IP address (typically in DMZ) is
  • 3.       The Federation is enabled, thus we MUST have _sipfederationtls._tcp.drago.ws SRV record pointing to the A Record of sip.drago.ws ( in our Public DNS
  • 4.       ***ALERT*** this is the IP address of the A/V service, where the media will flow later. This is the major pain point of every deployment where voice problems via the edge are observed.
  • 5.       This is the port via which the Edge will receive Configuration update
  • 6.       The next hope for this Edge server. If this server is not functional, our Edge will be pretty much useless
  • 7.       The external FQDN used for External access (port 5061) and Federation (port 5061). This is my first deployment with single IP address, so we will see how it goes later.
  • 8.       The IP address we will S-NAT and D-NAT to
  • 9.       The Edge Access Port (will be used from external Lync clients to sign-in)
  • 10.   Note that the port is different
  • 11.   …and so this one
 Now we will publish the Topology. 

This will make all other servers (besides the Edge) aware of the change (new server added).


Aaron said...

Hi. I have followed your guide but am getting stumped big time.
I have deployed a FE and an Edge, single IP, internal DMZ etc all along your guides but I am having problems.
The error message I get with recite.microsoft.com is "Subscription for provisioning data did not return a valid MRAS URI."
Would you be able to give me a full rundown on how your external and internal DNS zones are configured as far as what records are present, where they point to, how many public IPs are needed, etc
I think I'm missing one of the requirements but can't figure it out because this information is scattered across several posts.

Drago said...


Since this is on fly lab setup, it is king of confusing :-)

Frankly, the best resorce for help is http://social.technet.microsoft.com/Forums/en-US/category/ocs. I am not trying to get away from helpin you, but there many Pro's and MVP's are helping other folks... many heads think better than one.

koe61831 said...

You need to be able to allocate time correctly, so I can get a rest, because ewriters pro, will do my work for me, competently and quickly do the work for me, in which any written work is done well and quickly