We publishing rule - which ports should be opened for internal communication?
-
Monday, February 18, 2013 12:12 PM
Hi,
I'm in the middle of a deployment process for Lync 2010 to Lync 2013. The two systems coexist for now until all user will be moved to the new deployment.
What I would like to know is, I have created a new Web Publishing rule in TMG following the actions bellow from technet:
To create a web publishing rule for port 80
- Start, point to Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management.
- ServerName, right-click Firewall Policy, point to New, and then click Web Site Publishing Rule.
- Welcome to the New Web Publishing Rulepage, type a display name for the new publishing rule (for example, Lync Autodiscover (HTTP)).
- Select Rule Actionpage, select Allow.
- Publishing Typepage, select Publish a single Web site or load balancer.
- Server Connection page, select Use non-secured connections to connect to the published Web server or server farm.
- Internal Publishing Detailspage, in Internal Site name, type the internal Web Services FQDN for your Front End pool (for example, lyncpool01.contoso.local).
- Internal Publishing Detailspage, in Path (optional), type /*as the path of the folder to be published, and then select Forward the original host header instead of the one specified in the Internal site name field.
- Public Name Detailspage, do the following:
- Under Accept Requests for, select This domain name.
- In Public Name, type lyncdiscover.<sipdomain>(the external Autodiscover Service URL).
- In Path, type /*.
10. On Select Web Listenerpage, in Web Listener, select a Web Listener or use the New Web Listener Definition Wizard to create a new one.
11. On the Authentication Delegationpage, select No delegation, and client cannot authenticate directly.
12. On the User Setpage, select All Users.
13. On the Completing the New Web Publishing Rule Wizardpage, verify that the web publishing rule settings are correct, and then click Finish.
14. In the Forefront TMG list of web publishing rules, double-click the new rule you just added to open Properties.
15. On the Bridgingtab, configure the following:
- Select Web server.
- Select Redirect requests to HTTP port, and type 8080for the port number.
- Verify that Redirect requests to SSL portis not selected.
16. Click OK.
17. Click Applyin the details pane to save the changes and update the configuration.
18. Click Test Ruleto verify that your new rule is set up correctly.
19. Verify that the external Autodiscover Service URL is not defined on any other web publishing rule.
After having completed these steps, I am trying to test the rule and it fails with the following message:
Time reported by the Microsoft Forefront TMG Firewall Service: 62.998 seconds
Testing http://lyncdiscover.MySipDomain:8080/
Category: Connectivity error
Error details: 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Action: Go to http://go.microsoft.com/fwlink/?LinkId=115965Any ideas what could be wrong? Can you tell me which ports do I need to open between TMG and internal server?
- Edited by ArgiDio Monday, February 18, 2013 12:40 PM
All Replies
-
Friday, February 22, 2013 4:20 AMModerator
Hi,
Thank you for the post.
To publish lync server, please refer to this link: http://blog.ucmadeeasy.com/2010/09/24/publishing-lync-server-2010-rc-simple-urls-and-web-components-with-forefront-tmg-2010/
Regards,
Nick Gu - MSFT
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, February 25, 2013 1:42 AM
.png)
