Hi guys

I hope someone can help me sort this out.

We have 2 Lync server, 1 front-end and 1 edge server.

Everything is working (IM, A/V, etc) but replication doesn't seem to be happening.

 

The thing is, I rebuilt the Edge server few days ago.

Before the rebuild, the second network interface on the Edge server is in the same network as the Lync front-end server (in the 192.168.0.0/16 network).

After the rebuild, the second interface of the Edge server is in the 172.16.0.0/24 network and the Lync server remain on the 192.168.0.0/16.

I then edited the topology and published it, and used the ZIP file to install the Edge server. The DNS names remained the same, only the IP address changed.

Routing works, firewall ports are open, and IM + point-to-point AV are working.

 

From the Lync server, I can access https://lync-edge:4443/ReplicationWebService via IE although I am getting a "Metadata publishing for this service is currently disabled" page.

The other thing, get-csmanagementreplicationstore returns false for the edge server, and last update was the update before I rebuilt the Edge server.

Running invoke-csmanagementstorereplication didn't return anything on the Event Log as well.

Apart from that, everything seems OK, is this normal?

 

 

 

 

 

 

Is your edge server allowed to reach your front end server on TCP port 4443?

Do you have a firewall running between your 172.16.0.0 net and 192.168.0.0 net

Hi Keith

Is your edge server allowed to reach your front end server on TCP port 4443?

Yes. I can telnet to port 4443 from the Edge server to the Front End server no problems.

Connecting via IE to https://lync:4443/ (this is the front end server) , I get access denied.

Connecting via IE to https://lync:4443/ReplicationWebService, I get File Not Found.

 

Do you have a firewall running between your 172.16.0.0 net and 192.168.0.0 net

Yes, and I have allowed ports 443, 80, 4443, and 5061 to connect.

Lync management Store replication requires TCP Port 4443 to be open between the internal Edge Server interface and the Front-End Server, thus please start by checking this traffic if allowed on your internal firewall.

If it still can not work, please try to find error logs in edge server Event and get more information about the problem.

Hi Sean

Yes, the ports are open (as my initial post mentioned)

Telnet to port 4443 both ways work. IE access to port 4443 via HTTPS works as well.

There is nothing logged in the Edge server Event Log RE: replication failing. Seems like it doesn't even know it is supposed to be replicating ;)

Did you add DNS entries for the edge server computer names?  Usually the edge servers are not part of the domain and need to be manually added.  Also on the edge server you will need to add the domain suffix to the computer so that the server looks edge01.internaldomain.net  

Hi indubious

Yep, the lync server can resolve the lync-edge's IP address and vice versa.

On the Edge server, the domain suffix has been set properly as well.

Hi guys

If anyone has their Lync Edge replication working, can you share with me what you get when you use your browser to visit https://lync-edge.address:4443/ReplicationWebService ?

 

I managed to connect to that page from my Lync internal server and locally from the edge server, but what I get is a page with:

 

This is a Windows© Communication Foundation service.

Metadata publishing for this service is currently disabled.

If you have access to the service, you can enable metadata publishing by completing the following steps to modify your web or application configuration file:

1. Create the following service behavior configuration, or add the <serviceMetadata> element to an existing service behavior configuration:

<behaviors>
    <serviceBehaviors>
        <behavior name="MyServiceTypeBehaviors" >
            <serviceMetadata httpGetEnabled="true" />
        </behavior>
    </serviceBehaviors>
</behaviors>

2. Add the behavior configuration to the service:

<service name="MyNamespace.MyServiceType" behaviorConfiguration="MyServiceTypeBehaviors" >

Note: the service name must match the configuration name for the service implementation.

3. Add the following endpoint to your service configuration:

<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />

Note: your service must have an http base address to add this endpoint.

The following is an example service configuration file with metadata publishing enabled:

<configuration>
    <system.serviceModel>
 
        <services>
            <!-- Note: the service name must match the configuration name for the service implementation. -->
            <service name="MyNamespace.MyServiceType" behaviorConfiguration="MyServiceTypeBehaviors" >
                <!-- Add the following endpoint.  -->
                <!-- Note: your service must have an http base address to add this endpoint. -->
                <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
            </service>
        </services>
 
        <behaviors>
            <serviceBehaviors>
                <behavior name="MyServiceTypeBehaviors" >
                    <!-- Add the following element to your service behavior configuration. -->
                    <serviceMetadata httpGetEnabled="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
 
    </system.serviceModel>
</configuration>

For more information on publishing metadata please see the following documentation: http://go.microsoft.com/fwlink/?LinkId=65455.

Solved. Thank you to all who replied.

Turns out the solution (as per usual) is already available somewhere in this forum.

I found the solution here: http://social.technet.microsoft.com/Forums/en-AU/ocsedge/thread/1cd3be72-1f65-48ae-aa8c-498f79917492

 

And what I have to do on the Edge server was:

 

Edit the registry on the Edge server to add a DWord value, SendTrustedIssuerList, to the

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

key and assign it a value of 0.  This will prevent schannell.dll from truncating the Root CA list from the edge server, and allow validation tests to pass.

I rebooted the server, and all is well.

• Marked as answer by Jafaruddin Lie Wednesday, September 28, 2011 5:22 AM

Solved. Thank you to all who replied.

Turns out the solution (as per usual) is already available somewhere in this forum.

I found the solution here: http://social.technet.microsoft.com/Forums/en-AU/ocsedge/thread/1cd3be72-1f65-48ae-aa8c-498f79917492

 

And what I have to do on the Edge server was:

 

Edit the registry on the Edge server to add a DWord value, SendTrustedIssuerList, to the

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

key and assign it a value of 0.  This will prevent schannell.dll from truncating the Root CA list from the edge server, and allow validation tests to pass.

I rebooted the server, and all is well.

• Marked as answer by Jafaruddin Lie Wednesday, September 28, 2011 5:22 AM

Hi Jafaruddin Lie

I am planning to move my lync edge server to a different subnet just like you did

and was wondering if you could help on this question

do we need to rerun the install using the zip file

can we just change the IP's on the topology, publish it and change the IP addresses on teh nIC card level at the edge server, would'nt this be sufficient ?

Hi GuneetS

I re-ran the install with the ZIP file.

I don't think replicating the config would work, considering you need to tell the Edge server about the new config first (which involves the new IP address), if that makes any sense.

 

*Yeah, too early.. Need coffee..

Hello, regarding this article port 4443 needs to be opened only from frontend server to the edge internal interface and not in both ways?

 

regards

Hi guys

If anyone has their Lync Edge replication working, can you share with me what you get when you use your browser to visit https://lync-edge.address:4443/ReplicationWebService ?

 

I managed to connect to that page from my Lync internal server and locally from the edge server, but what I get is a page with:

 

This is a Windows Communication Foundation service.

Metadata publishing for this service is currently disabled.

If you have access to the service, you can enable metadata publishing by completing the following steps to modify your web or application configuration file:

1. Create the following service behavior configuration, or add the <serviceMetadata> element to an existing service behavior configuration:

<behaviors>
    <serviceBehaviors>
        <behavior name="MyServiceTypeBehaviors" >
            <serviceMetadata httpGetEnabled="true" />
        </behavior>
    </serviceBehaviors>
</behaviors>

2. Add the behavior configuration to the service:

<service name="MyNamespace.MyServiceType" behaviorConfiguration="MyServiceTypeBehaviors" >

Note: the service name must match the configuration name for the service implementation.

3. Add the following endpoint to your service configuration:

<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />

Note: your service must have an http base address to add this endpoint.

The following is an example service configuration file with metadata publishing enabled:

<configuration>
    <system.serviceModel>
 
        <services>
            <!-- Note: the service name must match the configuration name for the service implementation. -->
            <service name="MyNamespace.MyServiceType" behaviorConfiguration="MyServiceTypeBehaviors" >
                <!-- Add the following endpoint.  -->
                <!-- Note: your service must have an http base address to add this endpoint. -->
                <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
            </service>
        </services>
 
        <behaviors>
            <serviceBehaviors>
                <behavior name="MyServiceTypeBehaviors" >
                    <!-- Add the following element to your service behavior configuration. -->
                    <serviceMetadata httpGetEnabled="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
 
    </system.serviceModel>
</configuration>

For more information on publishing metadata please see the following documentation: http://go.microsoft.com/fwlink/?LinkId=65455.

Step 1: Go to C:\Program Files\Microsoft Lync Server 2010\Server\Replica Replicator Agent

Step 2: Open the ReplicaReplicatorAgent.exe.config

Step 3: Change enabled="false" to enabled="true:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <runtime>
    <generatePublisherEvidence enabled="true"/>
  </runtime>
</configuration>

Step 4: Revert any registry changes that you did.

Step 5: Reboot the Server.

AND IT WORKS THAN EDITING THE REGISTRY......