Hello all. I have problem with the Lync 2013 Edge server not listening to its access edge service. I have followed this guide to do the migration: http://www.oiboran.com/?p=1140

It clearly says this about the Lync Edge server:

3.Next, stop the Lync Server Access Edge from each Edge Server computer.

4.From each legacy Edge Server computer, open the Services applet from the Administrative Tools.

5.In the services list, find Lync Server Access Edge.

6.Right-click the services name, and then select Stop to stop the service.

7.Set the Startup type to Disabled.

8.Click OK to close the Properties window.

As says this guide as well: http://technet.microsoft.com/en-us/library/jj688121.aspx

Which to my understanding stops the edge server (2010) from listening SIP address port 443. How can I test federation if the SIP domain is not answering which is the next phase of the guide? Thanks for all the help.

Hi,

the federation is on 5061 not on 443. can you confirm that the access edge service stated?

Hello, thanks for the quick reply.

The Edge Server doesn't seem to listen on 5061 either. Access Edge Service won't start due to:

Unable to use the certificate configured for the internal edge of the Access Edge Server.

Error 0xC3FC7D95 (LC_E_VALIDATION_CERT_NO_KEYEXCHANGE).
Cause: The certificate may have been deleted or may be invalid, or permissions are not set correctly.

I have imported the old certificate chain from previous edge server and we are using the same service URLs with the new Edge Server. Only thing that differs is the server name.

Hi

For internal interface certificate of 2013 Edge server, please try to request a new certificate from public CA or your internal Enterprise CA and assign it to internal interface of 2010 Edge.

For external interface certificate, export the external access proxy certificate, with the private key, from the legacy Lync Server 2010 Edge Server and import it to 2013 Edge server.

As Thamara said, please make sure Edge is listening on port 5061 for federation. Here is a great blog how to check the listening port on Edge server:

http://blog.schertz.name/2012/07/understanding-lync-edge-server-ports/

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

if the Edge is not joined to Domain, you need to import the internal Root CA certificate to Trusted Root CA container so that the internal communication will be trusted by the FE server.

thank you for your answers. The problem was the internal access certificate which I should have requested from the Lync deployment wizard instead of using the certificates snap-in from mmc.  ROOT CA certificate was installed already. Edge server is not joined to domain.

Now the Access Edge Service started up fine and the Edge Server is listening for the sip.domain.com (its ip) port 443.

However if If I'll telnet outside the Lync Edge server to sip.domain.com 443 the request times outs. It doesn't happen inside the Lync Edge server which confirms the DNS records are fine, right? I have confirmed this is not a firewall issue.

So if you do a netstat -ano on the server do you see the access edge IP address listening on port 443 (and 5061 if federation) is enabled?  If it's there (and you are positive firewall is setup correctly) than make sure you have the default gateways all setup correctly.  The "DMZ/public" NIC should have a default gateway setup and the internal/private NIC should have no gateway but rather static routes directing traffic.  Lastly, take DNS out of the mix and just try your external telnet test with IP addresses.

It sounds like a firewall issue so I would double check that to be sure.

Thanks,

Richard

thank you for the reply! The external interface was missing a gateway which caused the problem. Lync federation is back online!

thank you for the reply! The external interface was missing a gateway which caused the problem. Lync federation is back online!

• Marked as answer by Kent-HuangModerator 1 hour 39 minutes ago

thank you for the reply! The external interface was missing a gateway which caused the problem. Lync federation is back online!

• Marked as answer by Kent-HuangModerator Friday, October 04, 2013 9:08 AM