This blog post is all about how to go about setting up a collocated Lync Server Mediation server with separate NIC’s for Primary (or Lync if you will) and PSTN traffic. I wrote it due to the fact that I find this setup poorly documented, and hopefully others will escape the pitfalls that I encountered by reading it.
If you stumbled upon this post directly you might also find the previous one describing the problem in more detail interesting. If not, or if you are more into just fixing problems, then please keep reading.
Important: When you go with the dual NIC solution you need to make sure that the interfaces are put in distinct and separate (no routing possible between them) subnets/VLAN’s. This is crucial due to the fact that only the correct interface should be able to communicate with it’s respective peers (Lync client or IPT provider respectively), just as this article referenced in my previous article says. It’s a make or break deal!
Before proceeding, you should also consider adjusting your IPv6 settings. If you are not at all into IPv6 in your infrastructure yet, it is better to disable it altogether – and do so at the OS Level, and not just disable it on the NIC’s themselves. If IPv6 is already in use or imminent, then consider whether to prefer IPv4 over IPv6, at least for Lync Server. To make this priority, open regedit and edit or create the registry key DisabledComponents. 0x20 (hex) will make IPv4 a priority over IPv6, to disable IPv6 completely the key should be 0xffffffff (hex).
The first thing to do, although it might sound like an unnecessary detail, is to clearly label your NIC’s. This will ease the rest of your configuration when referencing the interfaces, as well as give you a better overview.
The next step is to set up the NIC binding order. This will give you sort of a “preference” of which NIC is used first and last. Open the Control Panel, navigate to the Network and Internet -> Network Connections menu. From within that window, press and release the Alt key to reveal the Advanced configurations menu. Select Advanced Settings and make sure your Primary NIC is on top of the PSTN NIC.
Next thing to configure is IP settings for the interfaces:
- The Primary NIC will have a default Gateway and DNS server defined.
- The PSTN NIC will have no default Gateway nor DNS server (optional) defined.
Instead of a default Gateway for the PSTN NIC we will manually create a route telling the server where to send traffic destined for IPT provider (or PBX for that matter, if destination address is not on the same subnet). This can be achieved by the following command:
netsh interface ipv4 add route <IPT provider subnet>/<subnet mask> <NIC Reference> <Next-hop address>
For example: netsh interface ipv4 add route 148.122.250.0/24 "FK-TELEFONI" 172.22.30.1
Obviously you will need to replace the info with the proper one from your IPT provider. It should look something like this when you do a “show route“:
Lastly, you will have to tell your server to always prioritize the Primary NIC unless the more specific route you created above is applicable. Unless you do this, and go with the automatic route metric applied by the OS, you will get into trouble. Use the following commands to set manual metrics for each NIC, always favoring the Primary over the PSTN one:
netsh interface ipv4 set interface <PRIMARY NIC Reference> metric=1
netsh interface ipv4 set interface <PSTN NIC Reference> metric=99
For example:
netsh interface ipv4 set interface "FK-ADM" metric=1
netsh interface ipv4 set interface "FK-TELEFONI" metric=99
When you do a “show interface” it should look like this:
For the final configuration, if you have not done so already, start Topology Builder and define the Collocated Mediation server. In my case I also needed to specify that the IPT provider requires TCP port 5060 for the Mediation server listening peer, but this may differ:
Still in Topology Builder, tell the Front End server to limit it’s services to the specific IP addresses of your two separate NIC’s:
Now, after Publishing the Topology and possibly having to rerun Deployment Wizard to activate/finalize the install, you should be good to go with your dual homed collocated Mediation Server.
Rune's blog about things I see and UC 
Lync 2013 dual homed collocated Mediation server – the problem – Rune's blog about things I see and UC
Lync 2013 dual homed collocated Mediation server – the solution – Unified Communications, My experiences.
https://stoknes.wordpress.com/2013/12/15/lync-2013-dual-homed-collocated-mediation-server-the-solution/ | JC's Blog-O-Gibberish
NeWay Technologies – Weekly Newsletter #74 – December 19, 2013 | NeWay
NeWay Technologies – Weekly Newsletter #74 – December 20, 2013 | NeWay
Desember Blog artikler fra Atea konsulenter – LyncAtea.no
Lync 2013 Mediation Server Direct SIP with Gamma Telecom & Sonicwall | The Geek in Disguise
Would you really put a colocated domain joined Lync server in what is in effect a DMZ? Surely there are security considerations to this? Great blog btw
Hi there. Thanks for reading my blog and commenting as well.
This approach is for connecting a dedicated SIP trunk provider directly to your Front End server, and which is relying on SIP/TCP 5060 to work. In Norway, where I live, we have providers that deliver a VPN directly to their back-end PSTN infrastructure (including QoS etc). Instead of putting this traffic directly on your LAN (where the Front End communicates with the internal clients) I find it to be a much better solution to have a separate leg on the Front End where only the Mediation service is “working it’s “magic”. There is also the consideration of setting up the internal FW on the Front End to only allow for inbound SIP traffic.
You should not by any means set up your Front End to allow for IP Telephony Service Providers operating via the Internet this way, at least not without a Firewall inbetween that would only allow traffic to/from your provider.
Rune
Great post. Thank you!
Hi,
Have you been able to get federated conferencing working with this setup? I have a dual homed, collocated mediation server which works fine for almost everything except for federated users joining a conference. The federated users receive the PSTN interface IP in their list of media candidates and try to connect using that instead of using the edge server addresses.
Thanks,
Logan.