Lync 2013 Edge Server Prerequisites

To install the required server roles for a Lync 2013 Edge server, run the following in Powershell

Add-WindowsFeature Windows-Identity-Foundation


  1. Good day Mark,
    Thanks for always being there when we need you.
    I have a series of questions to ask you which i would have asked via twitter but i decided to come here due to it’s length
    My present situation/deployment is:
    I currently have an FE, edge server 2013 and RP to allow external access and federation. Both have an Internal cert (Not Public)
    Firewall disabled on both servers ( since its a lab environment).
    All features works well from Internal client. Only IM works externally. A/V calls goes through and failed when you pick the call from external. File transfer not working also.
    All public DNS records and internal DNS all configured well.
    4 Public IPs for both Edge and RP
    External access policy, Access Edge configuration have be enabled globally only Sip Federated domain hasn’t been touched.

    My question is
    1. can you federate with external domain with an internal certificate?
    2. Since the windows firewall on all the server have been disabled that means internal firewall rules are not needed anymore. only external firewall rule is required since the Edge and reverse proxy sits behind an ASA firewall.
    3.Do you think anything is off from my config?


    • Hi Femi
      Federation can happen with an internal certificate. But either side must have the complete chain installed on their edge and front end servers. for instance if I wanted to federate with you, I would need your internal root and intermediate certificates (if any) as I would need to trust your side. And the same if my lab had internal certs, you would have to have mine. Your problem will be around TLS handshakes and authentication for the reason i explained just.

