On a recent job, I was aiding a customer setting up a new Lync Server 2013 Edge. It was a mixed topology, with a Lync Server 2010 Front End still acting as Central Management Server, but all users moved to the Lync Server 2013 pool and the new Edge destined to handle external media relay.
Upon the install completion and successfully starting services we noticed that the edge server did not replicate with the CMS. Having experienced different issues on the matter previously, we did the following checks:
- Verify that Edge server host name equals the one defined in Topology Builder, so that host name + DNS suffix matches FQDN. This is case sensitive, e.g. UPPER CASE host name will not match lower case TB definition.
- Verify network connectivity. Make sure you can ping the FQDN of the edge server, this will verify that both internal DNS is correctly set and that there is a route to the host (including static routes on edge server, as best practice from Microsoft describes that the default gateway should only reside on external NIC).
- Verify communications from CMS master (Front End) to replica server (Edge) file system. This communication runs on SMB protocol, using port 445 to other internal servers and port 4443 to the Edge. Testing telnet on that port to the Edge server will verify that firewall exceptions have been made and that the service is accepting connections.
Everything checked out as expected.
Next, we tried removing the Edge from Topology and did a complete removal. Then we defined the Edge server once more in TB using the same parameters and reinstalled it. Problem persisted.
Running the OCSlogger (including the XDS options in the logging) from the Lync Server 2010 CMS showed little sign of errors. As I could not find a decent scenario within Lync Server 2013 CLS logging (none containing any XDS options) logging on the Edge side was omitted.
A little research online pointed me to Kevin Peters’ blog post (http://ocsguy.com/2011/09/07/troubleshooting-cms-replication/) and to check out certificate issues. A little farfetched, as the Lync Server 2013 Front End was replicating fine with CMS.
Exporting the default certificate from the CMS server to the Edge, and using both certutil and importing it to the Personal Store through MMC. Both tests showed there was a problem with the certificate signature (for some weird reason).
In the end, the problem was to request a new certificate from internal PKI and assigning it to the CMS. Replication was up and running within minutes.