Lync 2010 Edge Server – OCS R2 FE Pool Problems
Let me premise this by saying you should follow Microsoft support guidance when migrating from OCS 2007 R2 to Microsoft Lync Server 2010. It is recommended that you migrate internal services and users to Microsoft Lync Server 2010 before migrating the Edge services to a Lync 2010 Edge Pool. (Migrating from OCS 2007 R2 to Lync Server 2010 – http://technet.microsoft.com/en-us/library/gg413057.aspx)
Sometimes however you want to add new features to your environment that were not previously available. This was the case when I began to assist a colleague today with an interesting issue. Existing OCS 2007 R2 users were amazed that when they took their laptops home with Communicator R2 running that they were able to connect without VPN. They did not previously have this capability and this was due to corporate policy. In an attempt to resolve this issue, user policy was updated to remove “External Remote User Access”
This however did not resolve the issue. Communicator R2 users were still able to login via the Lync Edge Server. The topology was as follows for external user connectivity: Lync Edge Pool next hop = Lync FE Pool, Lync FE Pool and OCS R2 Pool Federation Route = Lync Edge Pool.
We logged SIPStack on the OCS FE server and Edge Servers and identified that the flag ms-edge-proxy-message-trust is being set. A call to PSS and our engineer was able to easily replicate the issue in less than 15 minutes. The important part about this post isn’t that OCS R2 clients are able to log in when remote user access is disabled, that is understandable given that it isn’t supported. The problem is that when you add a Lync Edge Pool to the environment and merge the topologies it adds the edge server as the federation route for OCS 2007 R2. Regardless of your policies you have in place, users will be able to connect via edge services during this time until they are either migrated to Lync and disabled for external user access or you remove the Edge server from the OCS 2007 R2 environment.