Lync 2010 Edge server for Internet logon

參考
http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
http://blog.zegeger.net/2011/01/16/installing-microsoft-lync-2010-deploying-edge-server/

Lync server官方建議的架構

我的DMZ架構

我的網路架構本來就有DMZ網段，我不想讓Lync Edge可以對Internal Network全通，也不想多裝第二張網卡，解法為在Lync Edge設定第二個IP address作為External IP。
Ex: Lync Edge Server in DMZ with IP 192.168.1.11 for Internal, 192.168.1.101 for External.

Firewall權限

• Lync FrontEnd to Edge: All
• Lync Edge Internal IP to FrontEnd: TCP/443-444, TCP/5061
• Lync Edge Internal IP to Internal CA server: TCP/443, MS-RPC-Any (ALL_DCE_RPC)
• Internet to Lync Edge External IP: TCP/443-444, TCP/5061

Windows XP client logon Lync Edge error message: 

Lync was unable to sign in. Please verify your logon credentials and try again. If the problem continues, please contact your support team.
無法登入，因為伺服器暫時無法使用，如果問題持續發生，請與您的支援小組連絡

解法 http://ucprofessional.blogspot.com/2010/12/migrated-ocs-or-lync-server-to-windows.html

修改 Lync Edge, FrontEnd 的 Local Policy，取消 NTLM 128bit 加密要求。