Microsoft Lync 2010 installation

  Domain controller, Exchange and Lync installation

Please note that reverse proxy information has been omitted. The installation procedures written below by Frozen Tiger Ltd are for testing purposes only.

Lync Diagram

DC - Windows Server 2008 R2 Enterprise

Run Windows Update

Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings > Local Area Connection > Properties
[ ] Internet Protocol Version 6 (TCP/IPv6)
[x] Internet Protocol Version 4 (TCP/IPv4) > Properties
(x) Use the following IP address:
IP address: 192.168.2.200
Subnet mask: 255.255.255.0
Default gateway: 192.168.2.254
(x) Use the following DNS server addresses:
Preferred DNS server: 192.168.2.200
Alternative DNS server: .   .   .   .

Control Panel > Network and Internet > Network and Sharing Center > View your active networks > Network
Change Public network to Work network

Command - Disable Local Firewall
netsh advfirewall set allprofiles state off

Server Manager > Change System Properties > Change
Computer name: dc
(x) Workgroup: WORKGROUP
Restart Now

Command - Promote to Domain Controller
dcpromo

Active Directory Domain Services Installation Wizard
[ ] Use advanced mode installation
(x) Create a new domain in a new forest
FQDN of the forest root domain: frozentiger.com
Forest functional level: Windows Server 2008 R2
[x] DNS Server > Yes
Database folder: C:\Windows\NTDS
Log files folder: C:\Windows\NTDS
SYSVOL folder: C:\Windows\SYSVOL
Password: [      ] Confirm password: [      ]
[x] Reboot on completion

Server Manager > Roles > Add roles
[x] Skip this page by default
[x] DHCP Server
[x] 192.168.2.200 IPv4
Parent domain: frozentiger.com
Preferred DNS server IPv4 address: 192.168.2.200
(x) WINS is not required for application on this network
Add...
Scope name: Default Scope
Starting IP address: 192.168.2.100
Ending IP address: 192.168.2.149
Subnet type: Wired (lease duration will be 8 days)
[x] Activate this scope
Subnet mask: 255.255.255.0
Default gateway (optional): 192.168.2.254
(x) Disable DHCPv6 stateless mode for this server
(x) Use current credentials

Exchange - Windows Server 2008 R2 Enterprise + Exchange 2010 SP1

Run Windows Update

Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings > Local Area Connection > Properties
[ ] Internet Protocol Version 6 (TCP/IPv6)
[x] Internet Protocol Version 4 (TCP/IPv4) > Properties
(x) Use the following IP address:
IP address: 192.168.2.201
Subnet mask: 255.255.255.0
Default gateway: 192.168.2.254
(x) Use the following DNS server addresses:
Preferred DNS server: 192.168.2.200
Alternative DNS server: .   .   .   .

Control Panel > Network and Internet > Network and Sharing Center > View your active networks > Network
Change Public network to Work network

Command - Disable Local Firewall
netsh advfirewall set allprofiles state off

Server Manager > Change System Properties > Change
Computer name: exchange
(x) Workgroup: WORKGROUP
Restart Now
Server Manager > Change System Properties > Change
Computer name: exchange
(x) Domain: frozentiger.com
Enter the name and password of an account with permission to join the domain.
Restart Now

Switch User > Other User
Administrator@frozentiger.com
[password]

PowerShell - Exchange Server Prerequisites

Import-Module ServerManager

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,Web-Asp-Net,Web-Client-Auth,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Http-Redirect,Web-Http-Tracing,Web-ISAPI-Filter,Web-Request-Monitor,Web-Static-Content,Web-WMI,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart

Insert - en_exchange_server_2010_sp1_x64_dvd_587827.iso

Command - Prepare Active Directory Schema for Exchange
D:
setup /ps
setup /p /on:frozentiger

Prerequisite Installs
Install Microsoft Office 2010 Filter Packs - FilterPack64bit.exe
http://go.microsoft.com/fwlink/?LinkID=191548
Install Microsoft Unified Communications Managed API, Core Runtime 64-bit - UcmaRuntimeSetup.exe
http://go.microsoft.com/fwlink/?LinkID=180957
Install Microsoft Server Speech Platform Runtime (x64) - SpeechPlatformRuntime.msi
http://go.microsoft.com/fwlink/?LinkID=180958
Reboot

Install Exchange Server 2010
D:\Setup.exe
Step 3: Choose Exchange language option
Install only languages from the DVD
Step 4: Install Microsoft Exchange
(x) I accept the terms in the license agreement.
Error Reporting - (x) No
Custom Exchange Server Installation
[x] Automatically install Windows Server roles and features required for Exchange Server
[x] Mailbox Role
[x] Client Access Role
[x] Hub Transport Role
[x] Unified Messaging Role
Outlook 2003 in your organisation - (x) No
[x] The Client Access server role will be internet-facing.
Enter the domain name you will use with your external Client Access server: exchange.frozentiger.com
(x) I don’t want to join the program at this time
Reboot

Exchange Management Console > Server Configuration > Enter Product Key...
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Exchange Management Console > Organization Configuration > Hub Transport > Right Click New Send Connector...
Name: Outbound (Smarthost)
Select the intended use for this Send connector: Custom
Address space - Add...
Address space: *
[x] Include all subdomains
Cost: 1
[ ] Scoped send connector (x) Route mail through the following smart hosts:
Add...
(x) Fully qualified domain name (FQDN): mail.authsmtp.com
(x) Basic Authentication
User name: ftiger
Password: [ ]

PowerShell - Smarthost Ignore SSL
Add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010
Set-SendConnector -identity "Outbound (Smarthost)" -IgnoreSTARTTLS $true

Exchange Management Console > Server Configuration > Hub Transport > Receive Connectors
Default EXCHANGE > Properties > Permission Groups
[x] Anonymous users

Lync - Windows Server 2008 R2 Enterprise + Lync 2010

Run Windows Update

Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings > Local Area Connection > Properties
[ ] Internet Protocol Version 6 (TCP/IPv6)
[x] Internet Protocol Version 4 (TCP/IPv4) > Properties
(x) Use the following IP address:
IP address: 192.168.2.202
Subnet mask: 255.255.255.0
Default gateway: 192.168.2.254
(x) Use the following DNS server addresses:
Preferred DNS server: 192.168.2.200
Alternative DNS server: .   .   .   .

Control Panel > Network and Internet > Network and Sharing Center > View your active networks > Network
Change Public network to Work network

Command - Disable Local Firewall
netsh advfirewall set allprofiles state off

Server Manager > Change System Properties > Change
Computer name: lync
(x) Workgroup: WORKGROUP
Restart Now
Server Manager > Change System Properties > Change
Computer name: lync
(x) Domain: frozentiger.com
Enter the name and password of an account with permission to join the domain.
Restart Now

Switch User > Other User
Administrator@frozentiger.com
[password]

PowerShell - Lync Server Prerequisites

Import-Module ServerManager

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Static-Content,Web-Default-Doc,Web-Http-Errors,Web-Http-Redirect,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Http-Logging,Web-Log-Libraries,Web-Http-Tracing,Web-Windows-Auth,Web-Client-Auth,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools -Restart

Insert - en_lync_server_2010_x64_dvd_598415.iso

Install Lync Server 2010
D:\Setup.exe
Install Location: C:\Program Files\Microsoft Lync Server 2010
Prepare Active Directory
Prepare Schema - Run
Prepare Current Forest - Run
(x) Local domain
Prepare Current Domain - Run
      Create new Active Directory User - LyncAdmin
      Add LyncAdmin user to CSAdministrator group
Back
Install Topology Builder
Prepare first Standard Edition server
Start > All Programs > Microsoft Lync Server 2010 > Lync Server Topology Builder
(x) New Topology
Save topology
Primary SIP domain: frozentiger.com
Name: frozentiger.com
[x] Open the New Front End Wizard when this wizard closes
FQDN: lync.frozentiger.com
(x) Standard Edition Server
[x] Conferencing, which includes audio, video, and application sharing
[ ] Dial-in (PSTN) conferencing
[x] Enterprise Voice
[ ] Call Admission Control
[x] Collocate A/V Conferencing service
[ ] Collocate Mediation Server
[ ] Enable Archiving
[ ] Enable monitoring (call detail recording and logging of quality of experience metrics)
[ ] Enable an Edge pool to be used by the media component of the Front End pool
      Create a new folder > C:\LyncShare > Properties > Sharing > Share > Everyone Read/Write > Share
      Security > Edit > Everyone
      Full control Allow [ ]
      Modify [ ]
File Server FQN: lync.frozentiger.com
File Share: LyncShare
External Base URL: lync.frozentiger.com
Edit Properties...
Phone access URLs
Edit URL
URL: https://sip.frozentiger.com/dialin
Meeting URLs
Edit URL
URL: https://sip.frozentiger.com/meet
Administrative access URL: https://sip.frozentiger.com/admin
Front End Server to install Central Management Server on: lync.frozentiger.com frozentiger
Publish Topology...
Select the Front End pool that will host the Central Management Store: lync.cganalsysts.com frozentiger
Reboot

D:\Setup.exe
Install or Update Lync Server System
Install Local Configuration Store - Run
(x) Retrieve directly from the Central Management Store
Setup or Remove Lync Server Components - Run
      Server Manager > Roles > Add Roles
      [x] Skip this page by default
      [x] Active Directory Certificate Services
      [x] Certification Authority
      (x) Enterprise
      (x) Root CA
      (x) Create a new private key
      Common name for this CA: Root-CA
      Select Validity period for the certificate generated for this CA: 10 Years
Request, Install or Assign Certificates - Run
Request
(x) Send the request immediately to an online certification authority
Select a CA from the list detected in your environment: lync.frozentiger.com\Root-CA
Friendly Name: Lync Cert
[x] Mark the certificate’s private key as exportable
Subject Name: lync.frozentiger.com
Subject Alternative Name: lync.frozentiger.com sip.frozentiger.com
Configure SIP domains [x] frozentiger.com
[x] Assign this certificate to Lync Server certificate usages
Start Services - Run
      Service start "Lync Server Master Replicator Agent (MASTER)".
      Service start "Lync Server Replica Replicator Agent (REPLICA)".
      Service start "Lync Server Front-End (RTCSRV)".
      Service start "Lync Server Audio Test Service (RTCATS)".
      Service start "Lync Server IM Conferencing (RTCIMMCU)".
      Service start "Lync Server Web Conferencing (RTCDATAMCU)".
      Service start "Lync Server Audio/Video Conferencing (RTCAVMCU)".
      Service start "Lync Server Application Sharing (RTCASMCU)".
      Service start "Lync Server Web Conferencing Compatibility (RTCMEETINGMCU)".
      Service start "Lync Server File Transfer Agent (FTA)"

Install Silverlight
http://silverlight.dlservice.microsoft.com/download/6/A/1/6A13C54D-3F35-4082-977A-27F30ECE0F34/10329.00/runtime/Silverlight.exe

Run Windows Update - on all servers

Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings > Local Area Connection > Properties
[x] Internet Protocol Version 4 (TCP/IPv4) > Properties
Advanced...
IP Addresses > Add...
IP address: 192.168.2.212
Subnet mask: 255.255.255.0

Server Manager > Roles > Web Server (IIS) > Internet Information Services (IIS) Manager
LYNC > Sites > Lync Server External Web Site > Right Click - Edit Bindings...
http > Edit...
IP address: 192.168.2.212 Port: 8080
https > Edit...
IP address: 192.168.2.212 Port: 4443
LYNC > Sites > Lync Server Internal Web Site > Right Click - Edit Bindings...
http > Edit...
IP address: 192.168.2.202 Port: 80
https > Edit...
IP address: 192.168.2.202 Port: 443

Command - Restart IIS
iisreset /noforce

Port Forward - Draytek (External Facing Router/Firewall)

WAN >> Internet Access >> WAN IP Alias

Aux. WAN IPJoin Pool
86.30.80.56x
86.30.80.1x

NAT >> Port Redirection

ServiceProtocolWAN IPPublic PortPrivate IPPrivate PortStatus
LYNC HTTPTCP86.30.80.5680192.168.1.20280v
LYNC HTTPSTCP86.30.80.56443192.168.1.202443v
LYNC SIPTCP86.30.80.565061192.168.1.2025061v
EXCHANGE HTTPTCP86.30.80.180192.168.1.20180v
EXCHANGE HTTPSTCP86.30.80.1443192.168.1.201443v
EXCHANGE SMTPTCP86.30.80.125192.168.1.20125v

Port Forward - pfSense (Internal Facing Router/Firewall)

Firewall: NAT: Port Forward

IfProtoSrc. addrSrc. portsDest. addrDest. portsNAT IPNAT PortsDescription
WANTCP**192.168.1.20280 (HTTP)192.168.2.2128080LYNC HTTP
WANTCP**192.168.1.202443 (HTTPS)192.168.2.2124443LYNC HTTPS
WANTCP**192.168.1.2025061192.168.2.2025061LYNC SIP
WANTCP**192.168.1.2028057192.168.2.2028057LYNC PSOM
WANTCP**192.168.1.20180 (HTTP)192.168.2.20180EXCHANGE HTTP
WANTCP**192.168.1.201443 (HTTPS)192.168.2.201443EXCHANGE HTTPS
WANTCP**192.168.1.20125 (SMTP)192.168.2.20125EXCHANGE SMTP

Domain Controller - Add DNS Entry

Server Manager > Roles > DNS Server > DNS > DC > Forward Lookup Zones > frozentiger.com > Right Click - Other New Records...
Service Location (SRV)
Create Record...
Domain: frozentiger.com
Service: _sipinternaltls
Protocol: _tcp
Priority: 0
Weight: 0
Port number: 5061
Host offering this service: lync.frozentiger.com
Server Manager > Roles > DNS Server > DNS > DC > Forward Lookup Zones > frozentiger.com > Right Click - New Host (A or AAAA)...
Name: sip
Fully qualified domain name (FQDN): sip.frozentiger.com
IP address: 192.168.2.202
Add Host

External DNS Records - Namecheap

SUB-DOMAIN SETTINGS

autodiscover86.30.80.1A (Address)n/a192.168.1.2021800
exchange86.30.80.1A (Address)n/a192.168.1.2021800
lync86.30.80.56A (Address)n/a192.168.1.2021800
sip86.30.80.56A (Address)n/a192.168.1.2021800
exchangefrozentiger.comTXT Recordn/a192.168.1.2021800

MAIL SETTINGS
User (Mail Server’s Host Name Required)

HOSTNAMEMAILSERVER HOST NAMEMAIL TYPEMX PREFTTL
@exchange.frozentiger.com.MX101800

SRV SETTINGS

_SERVICE._PROTOCOLPRIORITYWEIGHTPORTTARGET
_sip._tls00443sip.frozentiger.com.
_sipfederationtls._tcp005061sip.frozentiger.com.

Exchange Server - Add Users

Exchange Management Console > Recipient Configuration > Mailbox > New Mailbox
(x) User Mailbox
(x) New user
First name: Jason
Last name: Davey
User logon name (User Principle Name): j.davey      [@frozentiger.com]
Password: [ ] Confirm password: [ ]
Alias: j.davey
(x) Don’t create an archive
New

Domain Controller - Password Expiry

Server Manager > Configuration > Local Users and Groups > Users > Jason Davey > Properties
[x] Password never expires

Lync - Enable - Users

Start > All Programs > Microsoft Lync Server 2010 > Lync Server Control Panel
Lync server won’t work if loopback uses IPv6 address - visit https://sip.frozentiger.com/admin from another PC
      Username: Lync Admin
      Password: [      ]
      Internet Explorer Enhanced Security Configuration
      https://lync.frozentiger.com
      Add...
Users
Enable Users
Add...
(x) Search: Jason
Jason Davey
OK
Assign users to a pool: lync.frozentiger.com
(x) Use user’s email address
Telephony: Audio/video disabled
Enable
Sign out

Workstation - Install Lync Client

Install en_lync_2010_x86_598490.exe or en_lync_2010_x64_598497.exe
Install Lync.msp Updates
32-bit Download
http://www.microsoft.com/download/en/details.aspx?id=25055
64-bit Download
http://www.microsoft.com/download/en/details.aspx?id=14490

Export Root-CA from Lync Certification Authority

Import Root-CA into Workstations’ Trusted Root Certification Authorities