IT tutorials
 
Technology
 

Monitoring Microsoft Lync Server 2010 : Installing Edge Component Monitoring Certificates (part 1)

8/12/2013 11:20:44 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Monitoring the Edge Server role requires an install of certificate-based mutual authentication. This process has several steps, but is straightforward. To install and configure certificates to enable the Edge Transport servers to use mutual authentication, complete the following five major tasks:

1.
Create a Certificate Template to issue the correct format of X.509 certificates for Operations Manager to use for mutual authentication.

2.
Request the Root CA certificate to trust the CA and the certificates it issues. This is done for each Edge Transport server and possibly for the management servers if not using an enterprise CA.

3.
Request a certificate from the Root CA to use for mutual authentication. This is done for each Edge Transport server and for each management server.

4.
Install the Operations Manager agent manually. This is done for each Edge Transport server.

5.
Configure the agent to use the certificate. This is done for each Edge Transport server and for each management server.

These various X.509 certificates are issued from a certificate authority.

Create Certificate Template

This task creates a certificate template named Operations Manager that can be issued from the Windows Server 2008 certification authority web enrollment page. The certificate template supports Server Authentication (OID 1.3.6.1.5.5.7.3.1) and Client Authentication (OID 1.3.6.1.5.5.7.3.2), and enables the name to be manually entered rather than auto-generated from Active Directory because the Edge Transport will not be an Active Directory domain member.

The steps to create the security template follow:

1.
Log on to CA, which is DC1.companyxyz.com in this example.

2.
Launch Server Manager.

3.
Expand Roles, Active Directory Certificate Services, and select Certificate Templates (fqdn).

4.
Right-click the Computer template and select Duplicate Template.

5.
Leave the version at Windows 2003 Server, Enterprise Edition and click OK.

6.
In the General tab in the Template display name, enter Operation Manager.

7.
Select the Request Handling tab and mark the Allow Private Key to Be Exported option.

8.
Select the Subject Name tab and select Supply in the request. Click OK at the warning.

9.
Select the Security tab, select Authenticated Users, and select the Enroll check box.

10.
Click OK to save the template.

11.
Select the Enterprise PKI to expose the CA.

12.
Right-click the CA and select Manage CA.

13.
In the certsrv console, expand the CA, right-click the Certificates Templates, and select New, Certificate Template to Issue.

14.
Select the Operations Manager certificate template and click OK.

The new Operations Manager template is now available in the Windows Server 2008 web enrollment page.

Request the Root CA Server Certificate

This enables the Edge Transport Server to trust the Windows Server 2008 CA. This does not need to be done on the OpsMgr management servers because the Windows Server 2008 CA is an Enterprise CA, and all domain members automatically trust it. If the CA is not an enterprise CA, complete the steps for the management servers as well.

To request and install the Root CA certificate on the Lync Server 2010 Edge Role server, execute the following steps:

1.
Log on to the Edge Transport Server (LS2.companyxyz.com, in this example) with local administrator rights.

2.
Open a web browser and point it to the certificate server, in this case https://dc1.companyxyz.com/certsrv. Enter credentials if prompted.

3.
Click the Download a CA certificate, certificate chain, or CRL link (see Figure 1).



Figure 1. Download Root CA Certificate

4.
Click the Download CA certificate link.

Note

If the certificate does not download, add the site to the Local Intranet list of sites in IE.

5.
Click Open to open the CA certificate.

6.
Click Install Certificate to install the CA certificate.

7.
In the Certificate Import Wizard screen, click Next.

8.
Select the Place all certificates in the following store radio button.

9.
Click Browse.

10.
Click the Show physical stores check box.

11.
Expand the Trusted Root Certification Authorities folder and select the Local Computer store.

12.
Click OK.

13.
Click Next, Finish, and OK to install the CA certificate.

14.
Close any open windows.

Repeat for all Edge Transport servers. Now the Edge Transport servers trust certificates issued by the certification authority. The next step is to request the certificates to use for the mutual authentication for all servers.

 
Others
 
- Windows 8 Tile-Based Apps : Maps
- Windows 8 Tile-Based Apps : Reader
- Windows 8 Tile-Based Apps : Video
- Sharepoint 2013 : Add a Column to a List or Document Library
- Sharepoint 2013 : Create a New Folder in a Document Library, Create a New List, Create a New Survey
- Sharepoint 2013 : Create a New Document Library
- Sharepoint 2013 : Open Your Apps Page to Create Lists and Libraries
- SQL Server 2012 : SQL Azure (part 3) - Migrating Data into SQL Azure
- SQL Server 2012 : SQL Azure (part 2) - Managing a SQL Azure Database
- SQL Server 2012 : SQL Azure (part 1)
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us