lync server 2013边缘前端无法同步

  • 检查RtcReplicaRoot文件夹共享权限
  • 在windwos server 2012 R2操作系统下增加注册表HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
    Add the following DWORD values:
    New DWORD ClientAuthTrustMode Hex Value=2
    New DWORD SendTrustedIssuerList Hex Value=0
    重启边缘服务器解决问题

    Successful replication of the management store within a Lync environment is key to ensuring that each server is aware of the most current topology, configurations, and policies. Replication failures between the master central management store (typically residing on the first Front End server in the pool) and other servers (replicas) can result in an inconsistent environment where servers have differing opinions on both what their own roles and responsibilities are, as well as others. This failure might result in immediate unexpected behaviour, or remain unnoticed for an extended period without obvious indication. The remainder of this post focuses on some of the more common fixes for Lync Edge server replication failure. Having recently stripped most of the hair from my head over this issue, consider this a checklist for anyone else who is in danger of becoming follically challenged.
    The Get-CsManagementStoreReplicationStatus shell cmdlet can be used to review or confirm the replication status within your environment. Our goal is to correct the below screenshot so that the UpToDate field for each server reads true. At this time our Lync Edge server appears to have a replication issue indicated by the False value – bad times.

  • In the absence of any useful event logs or Edge traces, consider the following remedial actions. In the majority of cases at least one of the below will prove applicable and resolve your replication problem (assuming that you have configured your Edge server correctly in the first instance).
    #1 Invoke-CsManagementStoreReplication
    Attempt manual instigation of the replication process using the above cmdlet to see if the issue persists. Once invoked, you can execute the earlier mentioned cmdlet of Get-CsManagementStoreReplicationStatus to review the results. Note that all servers listed will probably report false for a short period while the replication process completes, and realistically you are likely to find that your Lync Edge server replication problem will continue. Check event logs on both the Front End server that hosts the master CMS and the problem Edge server for any reported issues, but if nothing else this acts as confirmation of the problem.
    #2 Port 4443 (Edge Replication Port)
    Unlike internal Lync servers whose replication traffic is passed over SMB/445, our Edge server will use HTTPS/4443. Confirm that the server is listening and accessible via this port using some or all of the actions listed below:
    I.) telnet EdgeServerFQDN 4443 – You should be able to telnet over 4443 from the CMS master (Front End) to the Edge server by either IP address or FQDN. The telnet client can be installed through server manager as a windows feature, and executed from a command prompt. Note that a successful connection results in a blank window, and a failure with an appropriate message.
    II.) netstat -nap tcp | find “4443” – Execute this command from a command prompt on the Lync Edge server to ensure the server is listening for connections on port 4443. This should either yield a single ‘listening’ result, or an additional ‘established’ result if a replication cycle is in progress.
    III.) https://LyncEdgeFQDN:4443/ReplicationWebService – Should be accessible via a web browser from your CMS master (Front End Server). The Windows Communication Foundation Service page should be returned.
    If you identify a replication port issue, check to ensure the Lync Server Replica Replicator Agent service is running on the Edge server, and that all firewalls are allowing this traffic through on 4443 as required.
    #3 Recreate the XDS-Replica Directory
    The XDS-Replica folder is located within the C:\RtcReplicaRoot directory. If the permissions on the XDS-Replica folder or its subfolders are insufficient then this can lead to replication issues. Follow the below steps to recreate the folder. Also note that it is expected for you to have restricted access to this folder regardless of your privileges.
    – Right click C:\RtcReplicaRoot\xds-replica and select properties
    – On the security tab, select advanced, and click change (Owner)
    – Add an appropriate account (i.e. administrator) as the new owner and select OK
    – Check the ‘Replace owner on subcontainers and objects’ box
    – Click OK, and Yes to the Windows Security Warning
    – Delete the xds-replica folder
    – Access Programs and Features from Windows Control Panel
    – Select Microsoft Lync Server 2013, Core Components, and choose ‘Repair’
    – Access the Lync Edge servers ‘Services’ management console
    – Set ‘Lync Centralised Logging Service Agent’ service to Automatic (Delayed)
    – Set ‘Lync Replica Replicator Agent’ service to Automatic (Delayed)
    – Start both services
    – Execute Invoke-CsManagementStoreReplication from Lync Management Shell
    – Execute Get-CsManagementStoreReplicationStatus and review
    Alternatively, Microsoft article kb2759117 discusses repairing of permissions on this folder as opposed to recreating it.
    #4 SChannel Registry Keys
    There are two registry entries that (depending on the cause of your issue) may resolve Lync Edge server replication problems. In reading and practice it appears that this is only relevant to Windows Server 2012 and its TLS/SSL behaviour. Using RegEdit, browse to the below registry container:
    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
    Add the following DWORD values:
    New DWORD ClientAuthTrustMode Hex Value=2
    New DWORD SendTrustedIssuerList Hex Value=0

    Restart the Lync Edge server and check / invoke Central Management Store replication. I was recently able to resolve a problem of this nature using these keys (which is what prompted me to post this article), but was also required to implement them on the CMS master (Front End Server) in order to correct the issue.
    #5 Invalid Root Store Certificates
    A root store that contains certificates which are not actually root certificates can cause replication and services issues within Lync (Edge replication is just one symptom of such a problem). The second of the two registry keys mentioned above should address this issue, and prevent incorrectly stored certificates from causing a problem. However if you have implemented the key without any results, or indeed would rather not make the registry change, then check for invalid certificates in the root store.
    All certificates in the root store should have the same value as the Issuer and the Subject when looking at the details tab of any given certificate. On the certificate path tab there should be just a single certificate listed under the Certification Path. This problem can present itself when certificates are published to servers through group policy. In larger environments it may not be feasible to inspect all root store certificates; the below PowerShell command can be used to compare the Issuer and Subject values, and pipe any non-confirming certificate details to a text file. Simply move any flagged certificates to the correct store or remove them completely.
    Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$.Issuer -ne $.Subject} | Format-List * | Out-File “c:\computer_filtered.txt”
    If you have an Edge server replication issue, then consider all of the above. This is not a definitive list of things you should go through and do in a chronological order (indeed I wouldn’t recommend that!)…. but it is a list of the most likely causes to any difficulty you might be having. Hopefully consolidating it will prove useful.

    原文地址:https://blog.51cto.com/10981246/2362405

    时间: 2024-10-19 19:20:26

    lync server 2013边缘前端无法同步的相关文章

    Lync Server 2013 部署前端池支持NLB吗?

    部署Lync server 2013前端池时遇到负载均衡的问题,没有HLB的硬件负载均衡设备,使用DNS负载轮询pool A记录建立多条指向不同的前端服务器地址,在没有HLB对方发布时,使用路由器映射端口443-4443只能指向一台前端服务器地址,问题就来了. 想到了使用windows自带的NLB,在Technet没有查到相关Lync server 2013部署支持NLB的明确说法,在Technet论坛里有人这样问题,也得到了not supported 的回答. http://social.te

    四 Lync Server 2013 部署指南-前端部署(1)

    4.1.Lync先决条件安装 部署Lync Server 2013的前端服务器,我们需要在做前端服务器的机器上安装一些Lync必备的一些组件,具体如下: 1.安装.netframework 4.5 2.安装powershell 3.0 3.安装消息列队和桌面体验: 重启服务器以完成以上组件的安装,如下图: 4.再安装IIS的相关组件: 运行Windows Powershell,输入以下命令: Import-Module ServerManager 5.安装IIS相关组件: Add-Windows

    Lync Server 2013 标准版部署(十)边缘服务器部署[四]

    边缘服务器证书申请完成后,进行证书导入.1.打开运行界面,输入mmc,确定2.选中证书,选择添加3.选择计算机帐户,下一步4.选择完成5.选择确定6.选择个人-所有任务-导入7.选择下一步8.浏览到Lync 边缘服务器证书存放位置,下一步9.选择下一步10.选择完成11.选择确定12.两张Lync Server 边缘证书导入步骤相同13.选中收信任的根证书颁发机构14.选择导入15.选择下一步16.浏览到根证书存放的位置,下一步17.选择下一步18.选择完成19.选择确定20.根证书导入成功21

    Lync Server 2013 标准版部署(十)边缘服务器部署先决条件

    现将需要部署边缘服务器的操作系统安装完成,进行初始化配置:防火墙.Windows不行.注:Lync Server 2013 边缘服务器部署在DMZ区域,不推荐加域. Lync Server 2013 边缘服务器的网络适配器配置有多种方式,需要考虑边缘服务器上的三个服务采用几个公网IP地址进行发布&公网IP的数量情况. 如果公网IP地址不是很富裕,可以采用一个公网IP地址对边缘服务器上的三个服务进行发布(采用不同的端口):使用一个公网IP地址进行发布,需要两个网络适配器: 如果公网IP地址富裕,可

    Lync Server 2013客户端通讯簿报错404

    Lync Server 2013部分客户端无法同步通讯簿,在服务端测试发现404错误:按照http://blog.51cto.com/liujb/2058521博客检查DFS共享目录权限正常通过查看IIS日志发现大量的404错误:尝试禁用其中一台DFS命名空间服务器后发现同步正常解决方法:删除有问题的命名空间服务器,重建后用户通讯簿同步正常. 原文地址:http://blog.51cto.com/10981246/2104603

    Lync Server 2013 的 Enterprise Edition 前端池部署中的服务器并置

    本节描述可在 Lync Server 2013 前端池部署中并置的服务器角色.数据库和文件共享. 1.服务器角色,在 Lync Server 2013 中,A/V 会议服务.中介服务.监控和存档并置在前端服务器上,但需要进行额外配置才能启用它们.如果不想将中介服务器与前端服务器并置,则可以在单独的计算机上将其部署为独立中介服务器. 可以将受信任应用程序服务器与前端服务器并置.以下服务器角色必须分别部署在不同的计算机上: 控制器边缘服务器中介服务器(若未与前端服务器并置)Office Web Ap

    Lync Server 2013 部署 _ 前端中添加第二台Server&DNS轮询实现高可用

    这一章介绍如何向Lync Server前端池中添加Lync服务器 Lync Server前端高可用实现方法三种,其实微软官网的方法只列出了两种,并且网络上的文章很多都强调了无法使用Windows自带的网络负载平衡进行高可用配置 DNS轮询,可分摊Lync Server的网络访问流量,这章节会介绍DNS轮询实现前端高可用 硬件负载平衡 Windows组件网络负载平衡,这个功能官网没有指出可以使用,并且网络上很多文章都说网络负载平衡这个组件不支持Lync Server前端高可用,我们将会通过Wind

    Lync Server 2013 标准版部署(四)前端拓扑发布

    在Lync Server 2013 数据库安装完成后.1.打开开始菜单,选择拓扑生成器2.选择新建拓扑,确定3.输入主SIP域,下一步 下一步5.输入站点名称和说明,下一步6.输入城市,下一步7.默认,下一步8.下一步9.输入前端服务器的FQDN名称,选择标准版前端服务器,下一步10.勾选功能会议.企业语音.呼叫允许控制(存档和监控以后进行部署),下一步11.并置中介服务器,下一步12.暂时不关联边缘服务器,下一步13.下一步14.在C盘创建一个新的共享文件夹,共享名称为LyncDataShar

    Lync Server 2013 标准版部署(十)边缘服务器部署拓扑发布

    在边缘服务器先决条件准备完成后,在Lync Server 2013 前端服务器上进行拓扑发布.由于环境中公网IP地址有限,将采用一个公网IP地址进行边缘服务器发布. 一个公网IP地址发布,不可路由IP地址1.在Lync Server 2013 前端服务器上打开开始菜单,选择拓扑生成器2.选择从现有部署下载拓扑,确定3.选中边缘池4.右键选择新建边缘池5.下一步6.选择单计算机池,输入边缘服务器的FQDN名称,下一步7.勾选使用一个FQDN和IP地址,下一步8.勾选此边缘池的外网IP地址是由NAT