Microsoft Lync Server 2010 Standard Edition Deployment Guide Microsoft Lync Server 2010

(1)

Microsoft Lync Server 2010 Standard Edition

Deployment Guide

Microsoft Lync Server 2010

Published: March 2012

(2)

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. Copyright © 2012 Microsoft Corporation. All rights reserved.

(3)

Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in Active Directory Domain Services (AD DS). This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and

protected registry such as the Local Machine hive.

Tip:

You can also delegate setup permissions to users or groups to whom you do not want to grant membership in the Domain Admins group. For details, see Granting Setup Permissions in the Deployment documentation.

Deploy.exe – Called by setup.exe, deploy.exe is responsible for the deployment of the software components for the server roles.

Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission

(7)

is required because the automatic installation of required MSI packages on the local

computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Membership in

RtcUniversalReadOnlyAdmins group is necessary to read the Central Management store.

Note:

If you are running the Windows Vista operating system or Windows 7 operating system, you will be prompted by User Account Control (UAC) to proceed with installation. If you are logged on with a standard user account, you will need someone who is a member of the Local Administrators group to provide credentials when prompted for an account with permissions to install the software. Bootstrapper.exe – Called by setup.exe,

bootstrapper.exe is responsible for

deployment and configuration of server roles.

Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local

computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive.

OCSLogger.exe – Administrative

troubleshooting tool for capturing messages

Member of the Local Administrators group on the computer from which the executable is

(8)

Lync Server Executable Group Membership Required requireAdministrator. TopologyBuilder.msc – Wizard-driven user

interface to create, view, adjust, and validate Lync Server topologies.

Member of the Local Administrators group on the computer from which the executable is run to view the topology. Member of the

RTCUniversalServerAdmins group to change configuration settings. Member of the

RTCUniversalServerAdmins group and Domain Admins group, or member of the

RTCUniversalServerAdmins group (only if the group has been granted delegate setup permissions), to publish the topology. For details about delegating setup permissions to allow members of the

RTCUniversalServerAdmins group to publish the topology without being members of the Domain Admins group, see Granting Setup Permissions in the Deployment

documentation. AdminUIHost.exe – Web-based graphical user

interface for managing Lync Server.

Member of CsAdministrator group or member of another role-based access control (RBAC) role to which the specific administrative task is assigned. Microsoft Lync Server 2010 Control Panel implements configuration changes by running Lync Server Management Shell cmdlets. For a list of predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation.

PowerShell.exe with the Lync Server module loaded – Command-line administrative tool with cmdlets specific to management of Lync Server.

Member of CsAdministrator group or member of another RBAC role to which the specific cmdlet has been assigned. For a list of

predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation. Or, member of one or more of the following

(9)

groups, depending on the cmdlet:  RTCUniversalServerAdmins  RTCUniversalUserAdmins  RTCUniversalReadOnlyAdmins

The group memberships in the preceding table represent the minimum memberships. Other memberships which will grant the permissions necessary to initiate the setup and deployment are possible, including membership in the Domain Admins group or Enterprise Admins group. See Also

Install Lync Server Administrative Tools

Delegate Setup Permissions

If you do not want to grant membership in the Domain Admins group to users or groups who are deploying Microsoft Lync Server 2010, you can enable members of the

RTCUniversalServerAdmins group to run the Enable-CsTopology Windows PowerShell cmdlet on servers running Lync Server 2010. By default, members of the RTCUniversalServerAdmins group do not have the ability to run this cmdlet. You grant permissions to run Enable-CsTopology on servers running Lync Server by using the Grant-CsSetupPermission cmdlet and specifying an organizational unit (OU) where computer objects for the server running Lync Server are located.

Note:

Enable-CsTopology is the key cmdlet to allow the RTCUniversalServerAdmins group members to set up and deploy Lync Server.

To add the ability to run Enable-CsTopology to the RTCUniversalServerAdmins group 1. Log on to a server as a member of the Domain Admins group for the domain on which

the delegated user will run Enable-CsTopology.

2. Open the Lync Server Management Shell. The Lync Server Management Shell is

automatically installed on each Front End Server or any computer where the Lync Server 2010 administrative tools have been installed. For details about the Lync Server

Management Shell, see Lync Server Management Shell in the Operations documentation.

(10)

3. Run the following cmdlet from the Lync Server Management Shell:

Grant-CsSetupPermission –ComputerOU <DN of the OU> -Domain <Domain FQDN>

In the following example, the OU is Lync Servers, which is in the contoso.com domain. Grant-CsSetupPermission –ComputerOU “OU=Lync Servers” –Domain contoso.com

Deploying Lync Server 2010 Standard Edition

Deployment of Microsoft Lync Server 2010, Standard Edition requires using Topology Builder to define your topology and the components you want to deploy, preparing your environment for deployment of the Lync Server 2010 components, importing and publishing your topology design on the Standard Edition server, and then installing and configuring Lync Server 2010 software for the components for your deployment.

Important:

If you have already established a Microsoft Lync Server 2010, Enterprise Edition infrastructure and want to deploy a Standard Edition server to an existing Lync Server 2010 deployment, see Deploying Lync Server 2010 Standard Edition into an Existing Lync Server 2010 Enterprise.

This documentation provides a staged approach to the Standard Edition deployment, starting with the minimum configuration required to get you up and running. The initial Standard Edition topology deployment described in this section includes the following environment and

components:

 A single forest, single domain Active Directory structure

 A single domain controller with Domain Name System (DNS) and an Enterprise Root certification authority (CA)

 A Standard Edition server consisting of:

 a collocated SQL Server database for all database requirements.

 a collocated Mediation Server and collocated A/V Conferencing Server on the Standard Edition server.

(11)

This documentation then describes how to add optional server roles and components to the initial Standard Edition deployment. These optional server roles and components include one or more Directors and a stand-alone Mediation Server.

After deployment of your Standard Edition server, you can deploy other server roles and features, such as Edge Servers to support external user access.

In This Section

 Preparing the Standard Edition Server Infrastructure Environment

 Defining the Topology in Topology Builder

 Finalize and Implement Topology for Standard Edition Server

 Setting Up Standard Edition Server

 Setting Up Kerberos Authentication

 Adding Server Roles

Preparing the Standard Edition Server Infrastructure Environment

Acquiring and setting up the hardware and other components required in the infrastructure that you need to implement your topology requires that, prior to publishing your topology in

Topology Builder, you do the following:

 Acquire and install the hardware for each component in the topology design that you created and saved by using Topology Builder, including all required computers (servers running Lync Server 2010, database servers, servers running Internet Information Services (IIS), and reverse proxy servers, as appropriate), network adapters, hardware load

balancers, and storage devices (such as file servers). For details about how to define a topology that specifies the components needed for your deployment, see Defining the Topology in Topology Builder. For details about hardware requirements for servers, see Supported Hardware in the Supportability documentation.

 Ensure that the networking infrastructure meets requirements. For details, see Network Infrastructure Requirements in the Planning documentation.

 Set up Active Directory Domain Services (AD DS). Setting up AD DS includes preparing AD DS and defining all components that you want to deploy in AD DS. For details about preparing AD DS, see Preparing Active Directory Domain Services for Lync Server 2010.

(12)

Standard Edition servers can host the file share for the required file store. The permissions and group memberships required for deploying and setting the access control list (ACL) on the folder and the share must be set correctly for Topology Builder to complete successfully. You should ensure that the person running Topology Builder has the following permissions and group memberships:

 Member of Local Administrators  Member of Domain Users

 Full Control on share and folder of file store

After you complete all of the preparation tasks as described in this topic, but prior to publishing the topology, you also need to perform the other preparation tasks, including installing the Windows operating systems and other prerequisite software, setting up IIS, and configuring DNS. For details about these tasks, see System Requirements for Standard Edition Servers, Configure IIS, and Preparing the Infrastructure and Systems. Additionally, you should familiarize yourself with the clients and client requirements. For details, see Deploying Clients and Devices. See Also

Set Up Standard Edition Hardware and System Infrastructure System Requirements for Standard Edition Servers

Install Operating System and Prerequisites on Standard Edition Servers Request Certificates in Advance (Optional)

Configure IIS

Configure DNS Records for Standard Edition Server

Set Up Standard Edition Hardware and System Infrastructure

Before you set up Standard Edition server and publish your topology, set up your hardware and system infrastructure by doing the following:

 Install the hardware for each component you have planned to install in your infrastructure. This includes all required computers, such as your Standard Edition server, database server for other roles, and Edge Server as appropriate in your planned design. Confirm that you have followed the recommendations for the number and speed for network adapters. If you will be using hardware load balancers, make sure that you have the proper information from the vendor to configure them for use with Lync Server 2010. If you will be using a file server or other server to house the file share required by Lync Server, ensure that the server

(13)

is available and ready for the configuration of the file share. For details about how to define a topology that specifies the components needed for your deployment, see Defining the Topology in Topology Builder. For details about hardware requirements for servers, see Supported Hardware in the Supportability documentation.

 Ensure that the networking infrastructure meets requirements. For details, see Network Infrastructure Requirements in the Planning documentation.

 Set up Active Directory Domain Services (AD DS). Setting Up AD DS includes preparing AD DS and defining all components that you want to deploy in AD DS. For details about preparing AD DS, see Preparing Active Directory Domain Services for Lync Server 2010 in the

Deployment documentation.

 Set up the required permissions for creating the file share. Permissions for use of file shares by Lync Server are automatically configured by Topology Builder when you publish your topology. However, the user account used to publish the topology must have full control (read/write/modify) on the file share in order for Topology Builder to configure the required permissions. To ensure that the file share can be managed properly during the Topology Builder publishing process, the user or domain group that the user is a member of should be made a member of the local Administrators group on the computer where the file share is located. In a multi-domain scenario, Domain A user or Group should be made a member of the local Administrators group on the machine in Domain B where the file share will be located.

 Install and set up the hardware load balancer for Web Services. For Standard Edition server, this does not apply to the Front End Server, however, it does apply when deploying a Director because you can deploy a pool of Directors. With Domain Name System (DNS) load balancing deployed, you still need to also use hardware load balancers for these pools, but only for HTTP/HTTPS traffic. The hardware load balancer is used for HTTPS traffic from clients over ports 443 and 80. Although you still need hardware load balancers for these pools, their setup and administration will be primarily for HTTP/HTTPS traffic, which the administrators of the hardware load balancers are accustomed to.

After you complete all of the preparation tasks as described in this topic, but prior to publishing the topology, you also need to perform the other preparation tasks, including installing

Windows operating systems and other prerequisite software, setting up Internet Information Services (IIS) on the Standard Edition server, configuring SQL Server for other roles, and configuring DNS. For details about these tasks, see the following topics:

(14)

Configure IIS

Configure DNS Records for Standard Edition Server

System Requirements for Standard Edition Servers

Microsoft Lync Server 2010 Standard Edition servers are intended for smaller organizations and remote locations from the main organization deployment. A Standard Edition server is designed for a user count of approximately 5000 homed users. The main difference between Microsoft Lync Server 2010, Enterprise Edition and Microsoft Lync Server 2010, Standard Edition is Standard Edition does not support the high availability features of Enterprise Edition. Specifically, you cannot pool Standard Edition servers like you can Front End Servers in

Enterprise Edition. Also, the SQL Server database that Standard Edition uses is a collocated SQL Server Express version of SQL Server that is right sized for the workloads of a Standard Edition server. This is not to say that all roles must reside on a Standard Edition server. You can have stand-alone Mediation Servers, Edge Servers, Archiving Servers, and Monitoring Servers. The SQL Server database for the Central Management store and for the purposes of Lync Server 2010 must reside on the Standard Edition collocated SQL Server-based server. The A/V Conferencing Server must also remain collocated with the Standard Edition server. The

Monitoring Server and Archiving Server use a stand-alone server with the SQL Server database.

Operating System Installation

Important:

Lync Server 2010 is available only in a 64-bit edition, which requires 64-bit hardware and a 64-bit edition of the Windows Server operating system. A 32-bit edition of Lync Server 2010 is not available with this release.

Standard Edition server can use one of the following:  Windows Server 2008 x64 SP2

 Windows Server 2008 R2

Install the operating system software on the Standard Edition server. Apply all updates in order to bring the operating system up to the latest update and required update level consistent with your organization’s standards. Lync Server requires Microsoft .NET Framework 3.5 with SP1. You should also apply the update discussed in Microsoft Knowledge Base article 981575, “A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServiceProvider class,” at http://go.microsoft.com/fwlink/?LinkId=202909.

Additional Software for Lync Server 2010

In addition to the updates required for the operating system, Lync Server 2010 requires operating system roles, features, and software to operate. For details about the additional

(15)

software that must be installed prior to publishing your topology and installing Lync Server 2010, see Additional Software Requirements in the Planning documentation.

Install Operating System and Prerequisites on Standard Edition Servers

After you have set up the hardware and system infrastructure, you need to install the appropriate Windows operating systems and updates, in addition to all other prerequisite software on each server that you are deploying. This includes each Lync Server 2010 server role, and any additional infrastructure servers and SQL Server-based servers required for your deployment.

Note:

This section describes installation of operating systems and prerequisite software for internal servers. If you are deploying Edge Servers to support external user access, you will also need to install operating systems and prerequisite software for those servers, including Edge Servers and reverse proxy servers. For details about preparing servers to support external user access, see Preparing for Installation of Servers in the Perimeter Network in the Deploying Edge Servers documentation.

Install Windows Operating Systems on Servers

On each server that you are deploying, install the appropriate Windows operating system:  Servers running Lync Server 2010. For details about the operating system requirements for

servers running Lync Server 2010, see Server and Tools Operating System Support in the Supportability documentation.

 Database servers. For details about operating system requirements for database servers, including the back-end database, Archiving database, and Monitoring database, see the SQL Server documentation. For SQL Server 2005, see the SQL Server Books Online 2005 at

http://go.microsoft.com/fwlink/?LinkID=202922. For SQL Server 2008, see the SQL Server 2008 Books Online at http://go.microsoft.com/fwlink/?LinkID=202921. For SQL Server 2008 R2, see the SQL Server 2008 R2 Books Online at http://go.microsoft.com/fwlink/?LinkId=218015.

Install Windows Updates on Servers

Install the Windows Updates required by Lync Server 2010 on each server:

 Windows Updates for servers running Lync Server 2010. For details about the Windows Update requirements for servers running Lync Server 2010, see Additional Software Requirements in the Planning documentation.

 Database servers. For details about Windows Update requirements for database servers, including the Archiving database and Monitoring database, see the SQL Server

(16)

http://go.microsoft.com/fwlink/?LinkID=202922. For SQL Server 2008, see the SQL Server 2008 Books Online at http://go.microsoft.com/fwlink/?LinkID=202921. For SQL Server 2008 R2, see the SQL Server 2008 R2 Books Online at http://go.microsoft.com/fwlink/?LinkId=218015.

Install Other Prerequisite Software on Servers

Lync Server 2010 requires the installation of additional software on servers:

 Prerequisite software for servers running Lync Server 2010. The additional software

prerequisites for servers running Lync Server depends on the server role being deployed. For details about the specific software requirements for each server, see Additional Software Requirements in the Planning documentation.

 Lync Server requires Microsoft .NET Framework 3.5 with SP1. You should apply the update discussed in the Microsoft Knowledge Base article 981575, “A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServerProvider class” at

http://go.microsoft.com/fwlink/?LinkId=202909. You should also apply the update discussed in the Microsoft Knowledge Base article 975954, “FIX: When you run a .NET Framework 2.0-based application, a System.AccessViolationException exception occurs, or a dead-lock occurs on two threads in an application domain” at

http://go.microsoft.com/fwlink/?LinkId=205337.

 Windows Media Format Runtime All Front End Servers and Standard Edition servers where conferencing will be deployed must have the Windows Media Format Runtime installed. The Windows Media Format Runtime is required to run the Windows Media Audio (.wma) files that the Call Park, Announcement, and Response Group applications play for

announcements and music.

We recommend that you install Windows Media Format Runtime before you install Lync Server 2010. If Lync Server 2010 does not find this software on the server, it will prompt you to install it, and then you must restart the server to complete installation.

Important

With the release of Windows Server 2008 R2 SP1, the name of the package that contains the Windows Media Format runtime has changed. The scripted methods in the Deployment Wizard for Lync 2010 Server do not yet reflect the updated package name.

If you are deploying Lync Server to a computer running Windows Server 2008 R2 SP1, you must install the Windows Media Format runtime by using the command line cited below and then restart the system to apply the change. If you use the Deployment Wizard prior to applying the runtime, the runtime will not install because the Deployment Wizard tries to apply the Windows Server 2008 or Windows Server 2008 R2 runtime, and fails because the package Deployment Wizard expects does not exist. The error may be missed because it is a subtle error. You resolve

(17)

this issue by either applying the runtime prior to running the Deployment Wizard or after you run the Deployment Wizard. Restart the computer to complete the installation of the runtime.

To install the Windows Media Format Runtime on servers running Windows Server 2008, use the following command:

%systemroot%\system32\pkgmgr.exe /quiet /ip

/m:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.0.6001.18000.mum

To install the Windows Media Format Runtime on servers running Windows Server 2008 R2, use the following command:

%systemroot%\system32\dism.exe /online /add-package

/packagepath:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum

/ignorecheck

To install the Windows Media Format Runtime on servers running Windows Server 2008 R2 SP1, use the following command:

%systemroot%\system32\dism.exe /online /add-package

/packagepath:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum

/ignorecheck

 Prerequisite software for database servers. For details about Windows Update

requirements for database servers, including the back-end database, Archiving database, and Monitoring database, see the SQL Server 2008 documentation at

http://go.microsoft.com/fwlink/?LinkId=202921 and the SQL Server 2008 R2 documentation at

http://go.microsoft.com/fwlink/?LinkId=218015. Note:

Lync Server 2010 automatically installs SQL Server 2008 Express on each Standard Edition server and each Lync Server 2010 server on which the local configuration store is located. After deploying the servers, you can upgrade the RTC database on the Standard Edition server and the RTCLocal databases on other server roles to SQL Server 2008 R2 Express by running the SQL Server 2008 R2 Express setup wizard and

(18)

 Message Queuing. Message Queuing (also known as MSMQ) role components and Directory Service Integration should be installed on the Front End Server, and the Archiving Server if you plan to deploy the Lync Server 2010 Archiving Server roles. The Message Queuing components can be found in Server Manager or can be deployed by using

servermanagercmd.exe . For details, see "Install Message Queuing" at

To install Message Queuing using the Add-WindowsFeature Windows PowerShell cmdlet, you do the following:

a. On the Windows Server 2008 R2 x64 operating system, you use Windows PowerShell 2.0.

b. At the Windows PowerShell prompt, type: Import-Module servermanager, and then press Enter.

c. Then type: Add-WindowsFeature MSMQ-Server, MSMQ-Directory, and then press Enter.

Request Certificates in Advance (Optional)

Certificates are required for all internal servers that are running Microsoft Lync Server 2010, including each Enterprise Edition Front End Server, Standard Edition server, Director, stand-alone A/V Conferencing Server, and stand-stand-alone Mediation Server. Although an internal enterprise certification authority (CA) is recommended for internal servers, you can also use a public CA. For details about certificate requirements and about the use of a public CA, see Certificate Requirements for Internal Servers in the Planning documentation.

Lync Server 2010 setup includes the Certificate Wizard, which facilitates the tasks of requesting, assigning, and installing certificates during deployment. If you want to request certificates prior to installing servers (for instance, to save time during actual deployment of servers), you can do so by using a computer on which the Lync Server 2010 administrative tools are installed or by using a certificate request procedure defined in your organization, as long as you ensure that the certificates are exportable and contain all the required subject alternative names.

Requesting certificates in advance is optional; if you do not request them in advance, you must request them as part of the setup of each server that requires a certificate.

This Deployment documentation provides procedures for using the Certificate Wizard to request certificates as part of the setup process, as described in the Configure Certificates for Front End Servers, Configuring Certificates for Standard Edition Servers, Configure Certificates for the Director,

(19)

Server sections of this Deployment documentation. If you request certificates in advance, you must modify the certificate deployment procedures in those sections as appropriate to

importing and assigning the certificates instead of requesting them at the time of deployment.

Note:

Lync Server 2010 includes support for SHA-256 certificates for connections from clients running the Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows 7 operating systems, and Microsoft Lync 2010 Phone Edition. To support external access using SHA-256, the external certificate is issued by a public CA using SHA-256.

Configure IIS

Configuring Internet Information Services (IIS) for Microsoft Lync Server 2010 involves installing the correct components to support the Web Services needed by Lync Server 2010. For details about installing IIS, see IIS Configuration. If you have a policy to run the Security Configuration Wizard on servers before putting them into service or as a typical part of your maintenance, see

Re-Activate Server After Security Configuration Wizard Closes Ports in IIS for information about a side effect of running the wizard that will close ports on a Lync Server IIS configuration.

See Also

IIS Configuration

Re-Activate Server After Security Configuration Wizard Closes Ports in IIS IIS Configuration

To successfully complete this procedure, you should be logged on to the server minimally as a local administrator and a domain user.

Before you configure and install the Front End Server for Microsoft Lync Server 2010, Standard Edition or the first Front End Server in a pool, you install and configure the server role and Web Services for Internet Information Services (IIS).

Important:

If your organization requires that you locate IIS and all Web Services on a drive other than the system drive, you can change the installation location path for the Lync Server files in the Setup dialog box when you initially install the Microsoft Lync Server 2010 Administrative tools. You install the Administrative tools before installing IIS. If you install the Setup files to this path, including OCSCore.msi, the rest of the Lync Server

(20)

Windows Server Manager when installing IIS, see

The following table indicates the required IIS 7.0 and 7.5 role services. IIS Role Services

Role Heading Role Service

Common HTTP features installed Static content Common HTTP features installed Default document Common HTTP features installed HTTP errors

Application development ASP.NET

Application development .NET extensibility

Application development Internet Server API (ISAPI) extensions Application development ISAPI filters

Health and diagnostics HTTP logging

Health and diagnostics Logging tools

Health and diagnostics Tracing

Security Anonymous authentication (installed and

enabled by default)

Security Windows authentication

Security Client Certificate Mapping authentication

Security Request filtering

Performance Static content compression

Management Tools IIS Management Console

(21)

You can install IIS 7.0 or 7.5 from Server Manager or by using the command line. Run the following command from the command line to install the IIS 7.0 or 7.5 role services: ServerManagerCmd.exe -Install Server Scripting-Tools Web-Windows-Auth Web-Asp-Net Web-Log-Libraries Web-Http-Tracing

Web-Stat-Compression Web-Default-Doc Web-ISAPI-Ext Web-ISAPI-Filter Web-Http-Errors Web-Http-Logging Web-Net-Ext Web-Client-Auth

Web-Filtering Web-Mgmt-Console

Or, on the Windows Server 2008 R2 x64 operating system, you can use Windows PowerShell 2.0. You must first import the ServerManager module, and then install the IIS 7.5 role and role services.

Import-Module ServerManager

Add-WindowsFeature Web-Server, Web-Scripting-Tools, Web-Windows-Auth, Web-Asp-Net, Web-Log-Libraries, Web-Http-Tracing, Web-Stat-Compression, Default-Doc, ISAPI-Ext, ISAPI-Filter, Http-Errors, Web-Http-Logging, Web-Net-Ext, Web-Client-Auth, Web-Filtering,

Web-Mgmt-Console Note:

Anonymous authentication is installed by default with the IIS server role. You can manage anonymous authentication after the installation of IIS. For details, see “Enable Anonymous Authentication (IIS 7)“ at http://go.microsoft.com/fwlink/?LinkId=203935. See Also

IIS Requirements for Front End Pools and Standard Edition Servers

Re-Activate Server After Security Configuration Wizard Closes Ports in IIS

Some Lync Server 2010 roles run Web Services on Internet Information Services (IIS) port 4443. Running the Lync Server Deployment Wizard, Bootstrapper.exe, or using the

Enable-CsComputer cmdlet creates an exception in the firewall and opens the port. If you then run the Windows Server 2008 or Windows Server 2008 R2 Security Configuration Wizard (or other hardening scripts), port 4443 will be blocked, and external clients will not be able to contact Web Services. To reopen the port you can either modify the firewall exception directly or re-activate the server.

To re-activate the server by using the Deployment Wizard

1. On the Lync Server Deployment Wizard page, click Run next to Step 2: Setup or Remove Lync Server Components.

(22)

2. On Setup Lync Server components page, click Next.

3. On the Executing Commands page, when the task status is shown as completed, click Finish.

Note:

You can also use bootstrapper.exe or Enable-CsComputer to re-activate the server.

Configure DNS Records for Standard Edition Server

You need to configure all required Domain Name System (DNS) records for your deployment prior to publishing your topology.

In This Section

 DNS Requirements for Standard Edition Servers

 DNS Requirements for Simple URLs

 Configure DNS Host Records

 Create and Verify DNS SRV Records

DNS Requirements for Standard Edition Servers

This section describes the Domain Name System (DNS) records that are required for deployment of Standard Edition servers.

DNS Records for Standard Edition Servers

The following table specifies DNS requirements for Microsoft Lync Server 2010 Standard Edition server deployment.

DNS Requirements for a Standard Edition Server

Deployment scenario DNS requirement

Standard Edition server An internal A record that resolves the fully qualified domain name (FQDN) of the server to its IP address.

Automatic client sign-in For each supported SIP domain, an SRV record for _sipinternaltls._tcp.<domain> over port 5061 that maps to the FQDN of the Standard

(23)

Deployment scenario DNS requirement

Edition server that authenticates and redirects client requests for sign-in. For details, see DNS Requirements for Automatic Client Sign-In. Device Update Web service discovery by

unified communications (UC) devices

An internal A record with the name ucupdates-r2.<SIP domain> that resolves to the IP address of the Standard Edition server hosting Device Update Web service. In the situation where a UC device is turned on, but a user has never logged into the device, the A record allows the device to discover the server hosting Device Update Web service and obtain updates. Otherwise, devices obtain the server

information though in-band provisioning the first time a user logs in. For details, see Updating Devices in the Planning documentation.

Important:

If you have an existing deployment of Device Update Web service in Office Communications Server 2007, you have already created an internal A record with the name ucupdates.<SIP domain>. For Office Communications Server 2007 R2, you must create an additional DNS A record with the name ucupdates-r2.<SIP domain>.

A reverse proxy to support HTTP traffic An external A record that resolves the external web farm FQDN to the external IP address of the reverse proxy. Clients and UC devices use this record to connect to the reverse proxy. For details, see Determining DNS Requirements in the Planning documentation.

(24)

DNS Requirements for Simple URLs

Microsoft Lync Server 2010 introduces simple URLs, which make joining meetings easier for your users, and make getting to Microsoft Lync Server 2010 administrative tools easier for your administrators. For details about simple URLs, see Planning for Simple URLs.

Lync Server 2010 supports the following three simple URLs: Meet, Dial-In, and Admin. You are required to set up simple URLs for Meet and Dial-In, and the Admin simple URL is optional. The Domain Name System (DNS) records that you need to support simple URLs depend on how you have defined these simple URLs. There are three different ways you can define the URLs. Simple URL Option 1

In Option 1, you create a new base URL for each simple URL. Note:

When a user clicks a simple URL meeting link, the server that the DNS A record resolves to determines the correct client software to start. After the client software is started, it automatically communicates with the pool where the conference is hosted. This way, users are directed to the appropriate server for meeting content no matter which server or pool the simple URL DNS A records resolve to.

Simple URL Option 1

Simple URL Example

Meet https://meet.contoso.com,

https://meet.fabrikam.com, and so on (one for each SIP domain in your organization)

Dial-in https://dialin.contoso.com

Admin https://admin.contoso.com

If you use Option 1, you must define the following:

 For each Meet simple URL, you need a DNS A record that resolves the URL to the IP address of the Director, if you have one deployed. Otherwise, it should resolve to the IP address of the load balancer of a Front End pool. If you have not deployed a pool and are using a Standard Edition server deployment, the DNS A record must resolve to the IP address of one Standard Edition server in your organization.

If you have more than one SIP domain in your organization and you use this option, you must create Meet simple URLs for each SIP domain and you need a DNS A record for each

(25)

Meet simple URL. For example, if you have both contoso.com and fabrikam.com, you will create DNS A records for both https://meet.contoso.com and https://meet.fabrikam.com. Alternatively, if you have multiple SIP domains and you want to minimize the DNS record and certificate requirements for these simple URLs, use Option 3 as described later in this topic.

 For the Dial-in simple URL, you need a DNS A record that resolves the URL to the IP address of the Director, if you have one deployed. Otherwise, it should resolve to the IP address of the load balancer of a Front End pool. If you have not deployed a pool and are using a Standard Edition server deployment, the DNS A record must resolve to the IP address of one Standard Edition server in your organization.

 The Admin simple URL is internal only. It requires a DNS A record that resolves the URL to the IP address of the Director, if you have one deployed. Otherwise, it should resolve to the IP address of the load balancer of a Front End pool. If you have not deployed a pool and are using a Standard Edition server deployment, the DNS A record must resolve to the IP address of one Standard Edition server in your organization.

With Option 2, the Meet, Dial-in, and Admin simple URLs all have a common base URL, such as lync.contoso.com. Therefore, you need only one DNS A record for these simple URLs, which resolves lync.contoso.com to the IP address of a Director pool or Front End pool. If you have not deployed a pool and are using a Standard Edition server deployment, the DNS A record must resolve to the IP address of one Standard Edition server in your organization.

Note that if you have more than one SIP domain in your organization, you must still create Meet simple URLs for each SIP domain and you need a DNS A record for each Meet simple URL. In this example, while three simple URLs are all based on lync.contoso.com, an additional Meet simple URL for fabrikam.com is set up with a different base URL. In this example, you must create DNS A records for both https://lync.contoso.com and https://lync.fabrikam.com. Simple URL Option 3 shows another way to handle naming and DNS A records if you have multiple SIP domains. Simple URL Option 2

Meet https://lync.contoso.com/Meet,

https://lync.fabrikam.com/Meet, and so on (one for each SIP domain in your organization)

(26)

Admin https://lync.contoso.com/Admin

Option 3 is most useful if you have many SIP domains, and you want them to have separate simple URLs but want to minimize the DNS record and certificate requirements for these simple URLs. In this example, you need only one DNS A record, which resolves lync.contoso.com to the IP address of a Director pool or Front End pool.

Meet https://lync.contoso.com/contosoSIPdomain/Meet

https://lync.contoso.com/fabrikamSIPdomain/Meet Dial-in https://lync.contoso.com/contosoSIPdomain/Dialin

https://lync.contoso.com/fabrikamSIPdomain/Dialin

Admin https://lync.contoso.com/contosoSIPdomain/Admin

https://lync.contoso.com/fabrikamSIPdomain/Admin

Configure DNS Host Records

To successfully complete this procedure, you should be logged on to the server or domain at minimum as a member of the Domain Admins group or a member of the DnsAdmins group.

To configure DNS Host A records

1. On the Domain Name System (DNS) server, click Start, click Administrative Tools, and then click DNS.

2. In the console tree for your domain, expand Forward Lookup Zones, and then right-click the domain in which Microsoft Lync Server 2010 will be installed.

3. Click New Host (A or AAAA).

4. Click Name, type the host name for the pool (the domain name is assumed from the zone that the record is defined in and does not need to be entered as part of the A record).

(27)

5. Click IP Address, type the virtual IP (VIP) of the load balancer for the Front End pool. Important:

In deployments that use a Director pool, the host (A) records for the simple URLs should point to the VIP of the Director load balancer.

Note:

If you deploy only one Enterprise Edition server or Director that is connected to the topology without a load balancer, or if you deploy a Standard Edition server, type the IP address of the Enterprise Edition server, Standard Edition server, or Director. A load balancer is required if you deploy more than one Enterprise Edition server or Director in a pool. Load balancers are not used with Standard Edition servers.

6. Click Add Host, and then click OK.

7. To create an additional A record, repeat steps 4 and 5.

8. When you are finished creating all the A records that you need, click Done.

Create and Verify DNS SRV Records

To successfully complete this procedure, you should be logged on to the server or domain minimally as a member of the Domain Admins group or a member of the DnsAdmins group. This topic describes how to configure the Domain Name System (DNS) records that you are required to create in Microsoft Lync Server 2010 deployments, and those required for automatic client sign in. When you create a Front End pool, Setup creates Active Directory objects and settings for the pool, including the pool fully qualified domain name (FQDN). Similar objects and settings are created for a Standard Edition server. For clients to be able to connect to the pool or Standard Edition server, the FQDN of the pool or Standard Edition server must be registered in DNS. You must create DNS SRV records in your internal DNS for every SIP domain. This

procedure assumes that your internal DNS has zones for your SIP user domains.

To configure a DNS SRV record

1. On the DNS server, click Start, click Administrative Tools, and then click DNS.

2. In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which Lync Server 2010 will be installed.

(28)

4. In Select a resource record type, click Service Location (SRV), and then click Create Record.

5. Click Service, and then type _sipinternaltls. 6. Click Protocol, and then type _tcp.

7. Click Port Number, and then type 5061.

8. Click Host offering this service, and then type the FQDN of the pool or Standard Edition server.

9. Click OK, and then click Done.

To verify the creation of a DNS SRV record

1. Log on to a client computer in the domain with an account that is a member of the Authenticated Users group or has equivalent permissions.

2. Click Start, and then click Run.

3. In the Open box, type cmd, and then click OK.

4. At the command prompt, type nslookup, and then press ENTER. 5. Type set type=srv, and then press ENTER.

6. Type _sipinternaltls._tcp.contoso.com, and then press ENTER. The output displayed for the Transport Layer Security (TLS) record is as follows:

Server: <dns server>.contoso.com Address: <IP address of DNS server> Non-authoritative answer:

_sipinternaltls._tcp.contoso.com SRV service location: priority = 0

weight = 0 port = 5061

svr hostname = poolname.contoso.com (or Standard Edition server A record) poolname.contoso.com internet address = <virtual IP Address of the load balancer>

(29)

or <IP address of a single Enterprise Edition server for pools with only one Enterprise Edition server> or <IP address of the Standard Edition server >

7. When you are finished, at the command prompt, type exit, and then press ENTER.

To verify that the FQDN of the Front End pool or Standard Edition server can be resolved 1. Log on to a client computer in the domain.

2. Click Start, and then click Run.

3. In the Open box, type cmd, and then click OK.

4. At the command prompt, type nslookup<FQDN of the Front End pool> or <FQDN of the Standard Edition server>, and then press ENTER.

5. Verify that you receive a reply that resolves to the appropriate IP address for the FQDN.

Defining the Topology in Topology Builder

Topology Builder is an installation component of Microsoft Lync Server 2010. You use Topology Builder to display and adjust your planned topology. It also validates topologies, and when you are ready to begin deployment, you use it to author a topology for your Lync Server 2010 deployment. When you install Lync Server 2010 on individual servers, the server reads the authored deployment as part of the installation process, and the installation program deploys the server as directed in the topology. This section describes how to prepare for and then install Topology Builder, and how to use it to define a new Enterprise Edition topology and Front End pool, or a Standard Edition deployment.

After defining your topology, you must publish it before you can install Lync Server 2010. Before you publish it, however, you must set up your environment. The topics in this section describe how to use Topology Builder to define the topology, but not how to publish it. The procedures required to prepare your production environment and publish your topology are described in a later section of this Deployment documentation.

In This Section

 Topology Builder Installation Requirements

(30)

See Also

Preparing the Infrastructure and Systems

Finalizing and Implementing the Topology Design

Topology Builder Installation Requirements

You can install and run Topology Builder on a workstation or server that meets the requirements described in this section. This makes it possible to use Topology Builder independently of the intended environment.

In This Section

 Administrator Rights and Permissions Required for Setup and Administration

 Server and Tools Operating System Support

 Administrative Tools Software Requirements

 Requirements to Publish a Topology

Administrator Rights and Permissions Required for Setup and Administration

Setup and deployment of Microsoft Lync Server 2010 requires that the person installing and deploying the software be a member of local or domain-level groups. Administrative tools for Lync Server 2010 can require additional permissions.

Group Membership Requirements

The following table summarizes the group or groups that a person should belong to in order to successfully install, manage, and troubleshoot Lync Server 2010.

Setup.exe – Executable that starts the installation of the Lync Server administrative tools.

Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in Active Directory Domain Services (AD DS). This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and

(31)

Lync Server Executable Group Membership Required hive.

Tip:

You can also delegate setup permissions to users or groups to whom you do not want to grant membership in the Domain Admins group. For details, see Granting Setup Permissions in the Deployment documentation.

Deploy.exe – Called by setup.exe, deploy.exe is responsible for the deployment of the software components for the server roles.

Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local

computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Membership in

RtcUniversalReadOnlyAdmins group is necessary to read the Central Management store.

Note:

If you are running the Windows Vista operating system or Windows 7 operating system, you will be prompted by User Account Control (UAC) to proceed with installation. If you are logged on with a standard user account, you will need someone who is a member of the Local Administrators group to provide credentials when prompted for an account with permissions to install the software.

(32)

Lync Server Executable Group Membership Required bootstrapper.exe is responsible for

deployment and configuration of server roles.

the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local

computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive.

OCSLogger.exe – Administrative

troubleshooting tool for capturing messages on server roles.

Member of the Local Administrators group on the computer from which the executable is run. The executable is manifested as requireAdministrator.

TopologyBuilder.msc – Wizard-driven user interface to create, view, adjust, and validate Lync Server topologies.

Member of the Local Administrators group on the computer from which the executable is run to view the topology. Member of the

RTCUniversalServerAdmins group to change configuration settings. Member of the

RTCUniversalServerAdmins group and Domain Admins group, or member of the

RTCUniversalServerAdmins group (only if the group has been granted delegate setup permissions), to publish the topology. For details about delegating setup permissions to allow members of the

RTCUniversalServerAdmins group to publish the topology without being members of the Domain Admins group, see Granting Setup Permissions in the Deployment

documentation. AdminUIHost.exe – Web-based graphical user

interface for managing Lync Server.

Member of CsAdministrator group or member of another role-based access control (RBAC) role to which the specific administrative task is assigned. Microsoft Lync Server 2010 Control Panel implements configuration changes by

(33)

running Lync Server Management Shell cmdlets. For a list of predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation.

PowerShell.exe with the Lync Server module loaded – Command-line administrative tool with cmdlets specific to management of Lync Server.

Member of CsAdministrator group or member of another RBAC role to which the specific cmdlet has been assigned. For a list of

predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation. Or, member of one or more of the following groups, depending on the cmdlet:

 RTCUniversalServerAdmins  RTCUniversalUserAdmins  RTCUniversalReadOnlyAdmins

The group memberships in the preceding table represent the minimum memberships. Other memberships which will grant the permissions necessary to initiate the setup and deployment are possible, including membership in the Domain Admins group or Enterprise Admins group. See Also

Install Lync Server Administrative Tools Server and Tools Operating System Support

All server roles support the same Windows Server operating systems. The required operating system support for other server roles, such as database servers, depends on what software you install on those servers.

Microsoft Lync Server 2010 communications software administrative tools are installed by default on the server running Lync Server 2010, but you can install administrative tools

separately on other computers running Windows operating systems. For example, you can use a client computer running Windows 7 as an administrative console for planning purposes.

(34)

Important:

Lync Server 2010 is available only in 64-bit, which requires 64-bit hardware and 64-bit editions of Windows Server. Lync Server 2010 is not available in a 32-bit version. This means that all server roles and computers running Lync Server administrative tools run a 64-bit edition operating system.

Operating Systems for Server Roles

Microsoft Lync Server 2010 supports the 64-bit editions of the following operating systems:  The Windows Server 2008 R2 Standard operating system (required) or latest service pack

(recommended)

 The Windows Server 2008 R2 Enterprise operating system (required) or latest service pack (recommended)

 The Windows Server 2008 R2 Datacenter operating system (required) or latest service pack (recommended)

 The Windows Server 2008 Standard operating system with Service Pack 2 (SP2) (required) or latest service pack (recommended)

 The Windows Server 2008 Enterprise operating system with SP2 (required) or latest service pack (recommended)

 The Windows Server 2008 Datacenter operating system with SP2 (required) or latest service pack (recommended)

Notes:

If you have an existing server running Windows Server 2008 with Service Pack 1 (SP1), you must upgrade it to either Windows Server 2008 SP2 (or latest service pack), or Windows

Server 2008 R2 (or latest service pack) before deploying Lync Server 2010.

To deploy Lync Server 2010 on a computer that is running either the Windows Server 2008 R2 Datacenter operating system or the Windows Server 2008 Datacenter operating system with Service Pack 2 (SP2) and that is configured for multiple processor groups (dynamic hardware partitioning), you must upgrade Microsoft SQL Server 2008 Express database software, which is installed by default when you install Lync Server 2010, to Microsoft SQL Server 2008 R2 Express. The SQL instance name is RTC for a Standard Edition server back-end database and RTCLocal for the local configuration store (on each server role). A server running Lync Server 2010 Standard Edition has both SQL instances, and each needs to be upgraded separately.

(35)

 The Server Core installation option of Windows Server 2008 R2 or Windows Server 2008  The Windows Web Server 2008 R2 operating system or the Windows Web Server 2008

operating system

 Windows Server 2008 R2 HPC Edition or Windows Server 2008 HPC Edition Operating Systems for Other Servers

Operating system support for servers other than those on which you deploy Lync Server 2010 server roles is dependent on the software you plan to install on those servers. For details about requirements for Back End Servers and other database servers, see Database Software and Clustering Support. For details about requirements for reverse proxy servers (for edge

deployment), see Internet Information Services (IIS) Support. For details about other software requirements, including infrastructure and virtualization support, see the other topics in the Server Software and Infrastructure Support section.

Additional Operating Systems for Administrative Tools

Lync Server 2010 supports installation of the administrative tools, which includes the Topology Builder, on computers running any of the 64-bit editions of the operating systems supported for deployment of server roles (as described in the previous section). Additionally, you can install administrative tools on the 64-bit editions of the following operating systems:

 The Windows 7 operating system (required) or latest service pack (recommended)  The Windows Vista operating system with SP2 (required) or latest service pack

(recommended)

Operating System for the Planning Tool

Lync Server 2010 supports installation of the Planning Tool on computers running any of the following operating systems:

 The 32-bit version of Windows 7 operating system (required) or latest service pack (recommended)

 The 64-bit version of Windows 7 operating system (required) or latest service pack (recommended) using the WOW64 x86 emulator

 The 32-bit edition of Windows Vista with SP2 operating system (required) or latest service pack (recommended)

(36)

 The 32-bit edition of Windows XP with SP3 operating system (required) or latest service pack (recommended)

 The 64-bit edition of Windows XP with SP3 operating system (required) or latest service pack (recommended) using WOW64 x86

 The 32-bit edition of Windows Server 2008 operating system (required) or latest service pack (recommended)

 The 64-bit edition of Windows Server 2008 operating system (required) or latest service pack (recommended) using WOW64 x86

 The 64-bit edition of Windows Server 2008 R2 operating system (required) or latest service pack (recommended) using WOW64 x86

Administrative Tools Software Requirements

This topic describes the software required to install and use Microsoft Lync Server 2010 administrative tools in addition to the operating system requirements.

Microsoft .NET Framework 3.5 with Service Pack 1 (SP1)

The 64-bit edition of Microsoft .NET Framework 3.5 with SP1 is required for Microsoft Lync Server 2010. Setup prompts you to install this prerequisite and it automatically installs it if it is not already installed on the computer. .NET Framework 4.0 can be installed on the same computer as well, but does not take the place of .NET Framework 3.5 with SP1, which is the required version for Lync Server 2010.

After installing the .NET Framework 3.5 SP1 package, you should immediately install the following updates:

 Microsoft Knowledge Base article 959209, “An update for the .NET Framework Service Pack 1 is available,” at http://go.microsoft.com/fwlink/?linkid=197396, which addresses a set of known application compatibility issues.

 Microsoft Knowledge Base article 967190, “Update for .NET Framework 3.5 SP1 (KB967190),” at http://go.microsoft.com/fwlink/?linkid=197397, which addresses a file association issue for XPS document types.

 Microsoft Knowledge Base article 981575, “A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServiceProvider class,” at

(37)

 Microsoft Knowledge Base article 974954, “FIX: When you run a .NET Framework 2.0-based application, a System.AccessViolationException occurs, or a dead-lock occurs on two threads in an application domain,” at http://go.microsoft.com/fwlink/?linkid=205337.

Windows Installer Version 4.5

Microsoft Lync Server 2010 uses Windows Installer technology to install, uninstall, and maintain various server roles. Windows Installer version 4.5 is available as a redistributable component for the Windows Server operating system.

Download Windows Installer 4.5 from the Microsoft Download Center at

http://go.microsoft.com/fwlink/?linkid=197395. Windows PowerShell 2.0

Windows PowerShell 2.0 command-line interface is automatically installed with the Windows Server 2008 R2 operating system and the Windows 7 operating system. On servers running the Windows Server 2008 SP2 operating system or Windows Vista operating system with Service Pack 2 (SP2), you must install Windows PowerShell 2.0 manually. Before doing so, you must remove any previous versions of Windows PowerShell from the computer.

To install Windows PowerShell 2.0, see the Microsoft Knowledge Base article 968929, “Windows Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0),” at

http://go.microsoft.com/fwlink/?linkid=197390. Microsoft Silverlight 4 browser plug-in

Microsoft Lync Server 2010 Control Panel is a web-based tool and requires that you install Microsoft Silverlight 4 browser plug-in version 4.0.50524.0 or the latest version. When you start Lync Server 2010 Control Panel, if this software is not installed or if an earlier version earlier than 4.0.50524.0 is installed, Lync Server Control Panel prompts you to install the required version.

See Also

Server and Tools Operating System Support

Administrative Tools Infrastructure Requirements

Administrator Rights and Permissions Required for Setup and Administration

Requirements to Publish a Topology

This topic describes the infrastructure and software requirements that are specific to publishing a topology, whether by using Topology Builder or the Lync Server Management Shell

(38)

command-and permissions requirements applicable to all Microsoft Lync Server 2010 administrative tools. Ensure that you satisfy all administrative tools requirements before you publish a topology.  You must run Topology Builder on a computer that is joined to the same domain or forest of

the Lync Server 2010 deployment you are creating so that Active Directory Domain Services (AD DS) preparation steps are already completed, enabling you to use the administrative tools on that computer to successfully publish your topology.

Note:

For details about preparing AD DS, see Preparing Active Directory Domain Services for Lync Server 2010 in the Deployment documentation.

 The computers defined in the topology must be joined to the domain, except for Edge Servers, and in AD DS. However, the computers do not need to be online when you publish the topology.

 The file share for the pool must be created and available to remote users.

 In order to publish an Enterprise Edition Front End pool, the SQL Server-based Back End Server must be joined to the domain in which you are deploying the servers, online, and configured with the appropriate firewall rules to make it available to remote users. For details about specifying firewall exceptions, see Understanding Firewall Requirements for SQL Server. For other details about configuring SQL Server, see Configure SQL Server for Lync Server 2010.

Note:

Standard Edition server has a collocated database that will accept the published configuration. You must first run the Prepare first Standard Edition server setup task in the Lync Server Deployment Wizard.

 If you run Topology Builder on a computer where you plan to later install Lync Server, then you must install the Microsoft SQL Server 2005 backward compatibility components by running the first setup task in the Lync Server Deployment Wizard before you publish the topology. For details, see Install the Local Configuration Store or Install the Standard Edition Local Configuration Store.

Note:

You do not need the Microsoft SQL Server 2005 backward compatibility components to publish the topology if you run Topology Builder on a dedicated administrative console or if you run Topology Builder on a computer where Lync Server is already installed. (Lync Server setup automatically installs the backward compatibility components along with other component files required by Lync Server.)

Microsoft Lync Server 2010 Standard Edition Deployment Guide Microsoft Lync Server 2010