Publish Topology
After the topology has
been modified to include the Director pool, the configuration can be
published. This step publishes the changes to the Central Management
Store and all existing Lync Servers update their local configuration
stores to match.
1. | Ensure that the Lync Server Topology Builder is still open and contains the Director pool recently added.
|
2. | Click the top node of the management console, Lync Server.
|
3. | Click the Action menu and select Publish, or select Publish from the Actions pane on the right side of the console.
|
4. | Click Next to begin publishing the topology.
|
5. | When the log indicates a successful update, click Finish to complete the wizard.
|
Install Server
At this point, the target server should be fully prepared and meet all prerequisites.
Install Local Configuration Store
To install server roles in Lync
Server, the target server must have a local configuration store
installed and populated with the topology information.
1. | Insert the Lync Server media on the server to be used as an Edge Server and launch Setup.exe found in the Setup\amd64 folder.
|
2. | Enter a location for the installation files to be cached, and click Install.
|
4. | Click Install or Update Lync Server system.
|
5. | Under Step 1: Install Local Configuration Store, click Run.
|
6. | Select Retrieve configuration automatically from the Central Management Store and click Next.
|
7. | Click Finish after the local store is successfully created.
|
Update and Verify Configuration Store
The
following steps verify that the local configuration store has been
synchronized with the Central Management Store before server roles are
installed.
1. | Launch the Lync Server Management Shell.
|
2. | Check the CMS replication status with the following command:
Get-CSManagementStoreReplicationStatus
|
3. | Check the ReplicaFQDN for the current server and verify that the UpToDate parameter reads True.
UpToDate : True
ReplicaFQDN : lyncdirector1.companyabc.com
IsDeleted : False
LastStatusReport : 7/3/2010 10:02:17 PM
LastUpdateCreation : 7/3/2010 10:02:10 PM
|
4. | If the UpToDate parameter is False, update the store data with the following command:
Invoke-CSManagementStoreReplication
|
5. | Check the replication status again and verify that it is now updated and in sync with the Central Management Store.
|
Warning
If the local store is not in sync with the central store, the installation of Lync Server components will not proceed.
Install Lync Server Components
The following steps enable
the server to read the topology information from the local configuration
store and then install the server roles matching its own FQDN.
1. | Under Step 2: Setup or Remove Lync Server Components, click the Run button.
|
2. | Select Next to begin the Director installation published in the topology.
|
3. | Click Finish when the installation completes.
|
Create Certificates
Like all other roles in Lync
Server, the Director communicates to other servers in the organization
using Mutual Transport Layer Security (MTLS). To leverage MTLS, the
Director needs one certificate installed meeting a few requirements. A
separate certificate can be used for each function, or a single
certificate meeting the following requirements can be used:
The Director pool fully qualified domain name should be the subject name.
The individual pool member fully qualified names should be included as a subject alternative name.
If the internal or external web services FQDN differs from the pool name, it should be included as a subject alternative name.
All supported SIP domains must be entered as a subject alternative name in the format sip.<SIP domain>.
Note
The certificate wizard in Lync
Server automatically populates the subject name and required subject
alternative names based on the published topology, which greatly
simplifies certificate confusion created by prior versions. If only one
certificate is used for the default, internal web services, and external
web services, the subject alternative names must be manually added when
running the wizard.
Use the following steps to request and assign the necessary certificates:
1. | Under Step 3: Request, Install, or Assign Certificate, click the Run button.
|
2. | Highlight Default certificate and click Request.
|
3. | Click Next to begin the wizard.
|
4. | Select either Send the request immediately to an online certification authority or Prepare the request now, but send it later if an offline request will be generated. Click Next.
|
5. | If creating an online request then select a certification authority detected in the environment and click Next.
|
6. | Specify alternate credentials for the certification authority if required or click Next to use the currently logged on credentials.
|
7. | Select Use an alternate certificate template for the selected certification authority if necessary. The default is to not select this option which will use the WebServer template. Click Next.
|
8. | Enter a Friendly Name for the certificate such as Director.
|
9. | Select a key Bit Length of 1024, 2048, or 4096.
|
10. | If the certificate is exportable, select the Mark the certificate’s private key as exportable check box.
|
11. | Enter an Organization name, typically the name of the business.
|
12. | Enter an Organizational Unit name, typically the name of a division or department, and click Next.
|
13. | Select a Country, enter a State or Province, enter a City or Locality, and click Next.
|
14. | Review the automatically populated subject and subject alternative names. Click Next.
|
15. | Place a check mark next to any SIP domains that will use the Director pool for automatic sign-in and click Next.
|
16. | Include additional subject alternative names if necessary. Click Next.
|
17. | Click Next to complete the request, and then click Finish to complete the wizard.
|
Tip
After completing the wizard, it
might be necessary to run through it at least two more times—once to
generate an internal web services certificate and once to generate an
external web services certificate. It’s also possible to use the same
certificate for all three functions if the internal and external web
service URLs match the pool FQDN.
If the certificates are issued
from an online certificate authority, they should be installed
automatically. If an offline request is issued, the wizard must be
re-run with the option to complete an offline request.
Assign Certificates
After creating
the necessary certificates, the Director services must have certificates
assigned to them. This process binds each certificate either to the
Front End Service or IIS websites, depending on the selection. The
following steps show how to assign a certificate:
1. | Under Step 3: Request, Install, or Assign Certificate, click the Run button.
|
2. | Highlight Default certificate and click Assign an existing certificate.
|
3. | Click Next to begin the wizard.
|
4. | Highlight the certificate to be assigned and click Next.
|
5. | Click Next to confirm the selection.
|
6. | Click Finish when the wizard completes.
|
Start Services
After the necessary certificates are requested and assigned, the Lync Server Director services can be started.
1. | Below Step 4: Start Services, click the Run button.
|
2. | Click Next to start the Lync Server services.
|
3. | Click Finish to complete the wizard.
|
At
this point, the Director installation is complete and functional. The
Director pool is not used automatically by internal clients, so the DNS
SRV records for automatic client sign-in must be updated to point users
to the new Director pool.
