How can Unified Communications Command Suite - Diagnostics connect to the Exchange EDGE Transport Server in the perimeter network?
To allow the UC diagnostic console and MC (Management Console) to connect to an Edge Server in the DMZ, UC-D requires Local Admin rights on the server in the DMZ. This is usually not achievable, because EDGE Servers sit in the Perimeter Network and is not a member of the AD Domain.
The workaround is using a well known windows vulnerability. In Windows, for different domains, if you have the exact same account name and same password, you will have full access to the other domain. So in this case, it is possible to create a local admin account on the EDGE Server with the exact account name and password that the UC-D service account is using. Then the SOM service account will be able to get the local admin rights it requires on the EDGE server.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ LocalAccountTokenFilterPolicy
as per the instructions in the Microsoft:
http://msdn.microsoft.com/en-us/library/aa826699(VS.85).aspx?ppud=4
