1.

2.

Configuring the SFB 2015 Edge Server in Express for Lync 3.0

Overview

This document will walk you through the steps of setting up your Skype for Business (SFB) 2015 Edge Server on your Express for Lync appliance. All the Microsoft SFB related software has been pre-installed on your Express for Lync appliance. In order to complete this process, you would need to complete the following steps in order:

Setup the SFB Edge Server through the SFB topology builder and deployment wizardRun a complete windows update to make sure all features and hotfixes get applied to all SFB components.

Please note that the creation of the initial SFB topology can take between 1-2 hours. If you plan on installing all the latest cummulative updates, it is recommended that you install them with the SFB service disabled. The latest cummulative updates can be found at https://www.microsoft.com/en-us/download/details.aspx?id=47690

Configuring The Edge Virtual Machine To Start Automatically

Open Hyper V and right click on the SFB 2015 Edge Server, then select Settings from the list. 

Once in the Settings click on Automatic Start Action. On this page select Always Start this Virtual Machine Automatically. Once done click Apply. Now the Edge server will be powered up every time you boot your Express for Lync appliance. 

1.

2.

3.

Adding the Edge Server To The Topology

Log into the SFB Front End Server and click on the Skype for Business Server Topology Builder. 

Once in the Topology Builder go to Skype for Business Server 2015 and right click on Edge Pools. From the menu select New Edge Pool. 

Once in the Wizard click Next. 

4.

5.

6.

Next type in the FQDN of the Edge Server and click Next. : This is the internal FQDN of the Edge Server.Note

On the Enable Federation page select the Federation types you would like enabled. 

For this setup we are sharing a single IP address on the Edge Server. If you plan to only have one public IP (rather then three) for your Edge Server Check this box. 

7.

8.

9.

On the Select IP options page select the IP options for your Edge server. In this setup we will only enable IPv4 and the Edge Server will be behind NAT using a 1-1 NAT translation. 

On the External FQDNs page type in the single FQDN for the Edge Server. Multiple FQDN's are needed if use three public IPs for the Edge Server.

Input the internal IP address of the Edge Server and click Next.

10.

11.

12.

Input the IP address of the Edge Server's External Interface. This will be a private IP address since we the Edge Server is behind NAT.

Input the Public IP address of the Edge Server's External Interface. 

On the Define the next hop server page select your Front End Server from the list. 

13.

14.

15.

Next you can select your Front End server from the list.

Once the Edge server Wizard is complete right click on the SFB Site and click Edit Properties.

Next go to Federation route and you can apply CAC and Apply Federation route assignments to all sites for SIP and XMPP. Once done click OK. 

16.

17.

18.

1.

At this point the Topology is completely configured all that is left to do is publish it. Rigth click on the SFB site and click Publish.

At this point wait a 1-2 minutes and then run the SFB power shell command Get-CsManagementStoreReplicationStatus to verify your Front End Server is up to date. 

Once replication has been verified run the command Export-CsConfiguration -FileName c:\topo.zip to export the configuration to topo.zip on the C: drive. Copy this file over to the Edge Server via USB drive at this point. 

 

 

Installing SFB on the Edge Server

1.

2.

3.

Log into the Edge Server and click on the Skype for Business Server 2015 Deployment Wizard. Once in the Wizard click Install or Update SFB Server System. 

Next click Run to Install the local Configuration Store. 

At this point browse to the topo.zip saved from the Front End server in the previous steps. Once done click Next. 

4.

5.

6.

At this point click Run Next to Request, Install or Assign Certificates. 

Select Edge Internal and click Request. 

Select Prepare the request now, but send it later (offline certifcate request). 

7.

8.

9.

Select the path and file name for your Internal Certificate Request. 

Click Next on the Specify Alternate Certifcate Template. 

Click Next at the Name and Security Settings. 

10.

11.

12.

On the Organization Information page input your Organization and OU details. 

Next select your Country, State/Province and City. 

On the subject name page ensure your local FQDN is in the subject name field. 

13.

14.

15.

On the Configure Additional Subject Alternative Names page click Next. 

On the Summary page click Next. 

On this page click Next. 

16.

17.

18.

Next click Finish to Exit the Wizard. 

Locate the Certificate Request file on the server and edit it in notepad. Once in notepad select everything (CTRL + A) and then copy the text.

Next open Internet Explore on a domain joined computer. Then go to http://<FQDN of your certificate server>/certsrv/ once there login with you domain administrator account. 

19.

20.

21.

On the webpage click on Request a Certificate. 

On the next page click on Advanced Certificate Request. 

Select the second option, Submit a Certificate Request by using a base-64-ended........file. 

22.

23.

24.

Next paste the certificate info the saved request text box. Change the template to Web Server. Then click Submit. 

Download both the certificate and certificate chain. 

Go back to the main Certificate Services website and click Download a CA Certificate, certifcate chain or CRL. 

25.

26.

27.

Download both the CA certificate and CA certificate chain. Copy them to the Edge server. 

|Back on the Edge server search for certificates and then click on Manage computer certificates. 

Once the Certificate Management opens right click on Certificates under Trusted Root Certificate Authorities. Then go to All Tasks and click Import. 

28.

29.

30.

Click Next on the Wizard splash screen. 

Browse for the Root CA Certificate and click Next. 

Select Place all Certificates in the following store. Ensure the store is Trusted Root Certification Authorities. Click Next and wait for the Wizard to Finish.

31.

32.

33.

Next back in the SFB Deployment Wizard click Import Certificates (bottom middle).

Next browse for the Internal certificate and click Next. 

Click Next on the summary page. 

34.

35.

36.

Click Finish once the commands finish executing. 

Next select the internal certificate and then click Assign. Once you get the splash screen click Next. 

Next select the Internal certificate and click Next. 

37.

38.

39. 40.

Click Next on the summary page. 

Once the commands finish executing click finish.

Repeat steps 5-38 using an External CA such as Go Daddy for your External Certificate.Your Edge server is now completed.

Below is a full list of External DNS Requirements. This can all be found in the Lync Poster located at   http://zoom.it/mafE#full