Wednesday, January 23, 2013

Upgrading Edge server from Lync Server 2010 to Lync Server 2013

I recently wrote a blog post to demonstrate deploying Lync Server 2013’s Edge server:

Deploying Lync Server 2013 Edge Server

… and received a few emails asking whether I could provide more information about upgrading an existing Edge from Lync Server 2010 to 2013.  As many may know, there are various ways to perform an upgrade whether it’s a “big bang” or “transition” and the type of the existing deployment such as a single or multiple computer pool also changes the tasks that are required to be done.  With that being said, I have done a few single computer pools “big bang” upgrades and will use part of the information from my previous post to demonstrate upgrading a single Edge server topology.

Before I begin, the type of upgrade I will be doing will require downtime for services provided by the Edge server because what I’m essentially doing is building a new Lync Server 2013 Edge server that will take over the identity of existing Lync Server 2010 Edge server.

Backup and Document

The first item to do before you begin with the new Edge server deployment is to backup and document the existing configuration of the existing Edge deployment.  Begin by backing up the following certificates:

  • Certificate or certificates used for the Edge server’s external interface – Certificate for access, conferencing, etc services.
  • Certificate used for Edge server’s internal interface – This is the certificate used for the a/v service on the internal interface.
  • Trusted Certificate Authority certificates – Ensure that you have the root and intermediate issuing certificate authorities backed up so you can import them onto the new Edge server.

Also document the following items:

  • Edge server’s public facing NIC configuration – IP address, gateway, DNS, etc.
  • Edge server’s internal facing NIC configuration – IP address, gateway, DNS, etc.
  • Edge server’s static routes – Static routes required for the Edge server to get to the internal networks because there is no default gateway assigned.
  • Edge server name and other configuration settings – I personally prefer to just do screenshots such as the following:


Remove the Existing Edge Server From Topology

Assuming you have scheduled a window for downtime, proceed with removing the existing Lync Server 2010 Edge server from the topology by opening up the Lync Server 2013 Topology Builder, navigate to your Lync Server 2010 pool, edit the properties and remove the association to the existing Edge server:


… continue by doing the same for your Lync Server 2013 pool if you’ve associated the Edge server to it as well:


Once you’ve disassociated the existing Edge server to the front-end pools, proceed with deleting it from the existing topology:



Once the Edge server has been removed, proceed with publishing the topology:





Shutdown Existing Edge Server

With the old Lync Edge server removed the topology, you can proceed with running Lync Server 2010 setup.exe on the server to remove the components but if you don’t intend on repurposing the server, you can simply shut it down.

Preparing the New Edge Server

With the old Lync Server shutdown, begin configuring both of its NICs to be exactly the same as the old server:


Internal NIC Configuration

This is what the internal NIC settings for the Edge server looks like:


Note that there is no default gateway specified but the DNS servers are filled in with the internal DNS servers.

External DMZ NIC Configuration

This is what the DMZ NIC settings for the Edge server looks like:


Note that the default gateway is filled out but the DNS servers isn’t. Two additional IP addresses (total of 3) are assigned to the external interface:


The external interface shouldn’t attempt to register with DNS so the Register this connection’s addresses in DNS is unchecked:


The external interface also does not need Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks enabled:


Static Routes

With the NICs configured, proceed with configuring the persistent static routes needed for your Edge server to get to the internal server VLAN and workstations.  Refer to the documentation you completed at the beginning of this post and add the static routes onto the server:


Configure Name and a DNS Suffix for the Edge Server

With the static routes added, proceed by renaming the new Edge server to use the same name as the old Edge server then add a DNS suffix for the server:


Import Backed Up Certificates

The last step required to prepare the Edge server is to restore the certificates backed up so restore the certificate or certificates used for the Edge server’s external, internal interface:


… and the the root and intermediate issuing certificate authorities are imported to the Trusted Root Certification Authorities:


Prerequisites for Windows Server 2008 R2

The following packages will need to be installed if you are using Windows Server 2008 R2 as the operating system for your Edge server:

Install Microsoft .NET Framework 4.5:

Proceed with downloading and installing Microsoft .NET Framework 4.5 from the following URL:

Install PowerShell 3.0:

Continue and PowerShell 3.0 from the following URL:

There’s a list for 4 items for download and the way to determine which one you’re supposed install is actually noted at the bottom. Since we’re installing PowerShell 3.0 onto a Windows Server 2008 R2 SP1 server, proceed by downloading the following file:


Install Windows Identity Foundation:

Continue and Windows Identity Foundation from the following URL:


Prerequisites for Windows Server 2012

The only package you’ll need to install when using Windows Server 2012 as the operating system is the Windows Identity Foundation which can be added via the following cmdlet in PowerShell:

Add-WindowsFeature Windows-Identity-Foundation

Defining the Edge Topology

Once the Edge server has been configured, the next step is to re-define the new Edge server with the same parameters and then publish the topology:

Fire up Topology Builder:

Right click on the Edge pools folder and select New Edge Pool…:


The wizard to define a new edge pool will launch:


Refer to the documentation created earlier:


Select the appropriate settings:


**Note that the Edge server external IPs I’ll be using are NAT-ed IPs which is why the “The external IP address of this Edge pool is translated by NAT.” is selected.


Specify the internal interface’s IP address from the documentation:


Specify the Edge server’s external IP addresses (these will be my NAT-ed internal IP addresses):


Since I selected The external IP address of this Edge pool is translated by NAT checkbox earlier, I will need to provide the true external IP address for my A/V Edge service:


Select the Next hop pool to the new Lync Server 2013 pool:


Select the front end pools you would like to associate the Edge server with. Note that this environment still have users in both pools listed so I’ve selected both of them:


Clicking the Finish button will bring you back to the Topology Builder:


With the new topology defined, proceed with publishing it:




Exporting the Topology for the Edge Install

Since the Edge server is not a part of the domain, there is no easy way for it to download the topology during the install which is why we will need to manually export the topology on your front-end server and copy it over to the Edge server:

Open up the Lync Server Management Shell and execute:

Export-CsConfiguration -FileName <>


Copy the zip package to your Edge server:


Installing Edge Server

Launch setup.exe from the Lync installation binaries:


Setup will automatically install Microsoft Visual C++ 2012 x64 Minimum Runtime – 11.0.50727:




Choose Install or Update Lync Server System from the Deployment Wizard:


Install Local Configuration Store:

Select Install Local Configuration Store:


There is no option to retrieve the topology from the CMS because the Edge server is not joined to the domain so choose Import from a file and locate the zip package we copied over from the front-end server:



Setup Lync Server Components:

Once the local configuration store has been installed, proceed with installing the Lync Server Components:




Request, Install or Assign Certificates:

Proceed with assigning the imported certificates for the Edge server’s internal and external interfaces:



Start Services:

With the certificates issued and assigned, proceed with starting the services:




Check Service Status:

Every though the last step Service Status is listed as option, it’s always best to perform it anyways to ensure that all the services are listed as Started:



Once the services have been verified to be started, proceed with testing remote connectivity, federation and other Edge services.  The old Edge server can be left shutdown for a week or two before it gets deleted.


Steven Lim said...

Love your posts they have been very helpful!
One question though, in a migration scenario, can the Lync 2010 users use the new Lync 2013 Edge server(while they are not migrated yet to the new pool)?

Poirot said...

Same question here. Before the transition it seems you had defined the old edger server in the Lync 2013 topology as well, do we need to define the new Lync 2013 Edge into the Lync 2010 topology so the users still in Lync 2010 can use it? Thanks!

Rag said...

I assume in order to reuse the same certificate the 2013 Edge server name and IP will be the same, correct?

Unknown said...

Terence - I have the same question as the previous poster, is the server name relevant at this phase? I know the cert will be tied to a FQDN on the FE... but what about the edge?