locked
Lync 2013 Mobile can sign-in in Internal and External RRS feed

  • Question

  • How to implement the sign-in Lync 2013 mobile client in internal and external

    Monday, July 8, 2013 10:42 AM

Answers

  • The best guide is http://technet.microsoft.com/en-us/library/hh690055.aspx - have a look at it. Any questions, let us know. :)


    Murali Krishnan| My blogs: UnifiedMe | Twitter: @Mkris9

    • Proposed as answer by Lisa.zheng Wednesday, July 17, 2013 11:59 AM
    • Marked as answer by Lisa.zheng Thursday, July 18, 2013 9:07 AM
    Monday, July 8, 2013 11:09 AM
  • you need to publish the mobility URL (lyncdiscover.ddeng.com.hk) in TMG and get it to reverse proxy in to internal server address. in mobility policy, you need to set it "expose Web URL". this is default set to external so that it will ignore the lyncdiscoverinternal.ddhk.ddeng.com record. 

    to get around this, to have lyncdiscover.ddeng.com.hk resolve internally in to the TMG external interface force it to come through the TMG.

    • Proposed as answer by Lisa.zheng Wednesday, July 17, 2013 11:59 AM
    • Marked as answer by Lisa.zheng Thursday, July 18, 2013 9:08 AM
    Tuesday, July 9, 2013 9:33 AM

All replies

  • Monday, July 8, 2013 10:47 AM
  • The best guide is http://technet.microsoft.com/en-us/library/hh690055.aspx - have a look at it. Any questions, let us know. :)


    Murali Krishnan| My blogs: UnifiedMe | Twitter: @Mkris9

    • Proposed as answer by Lisa.zheng Wednesday, July 17, 2013 11:59 AM
    • Marked as answer by Lisa.zheng Thursday, July 18, 2013 9:07 AM
    Monday, July 8, 2013 11:09 AM
  • Hi,

    agreed with Murali, it's better to go through the official documents firstly, and then reference other step-by-step guides.

    if you want other language support (e.g. Chinese), i can help.

     

    thanks,


    If this post meets your needs, please Vote/Propose/Mark it. Have a nice day!

    Tuesday, July 9, 2013 5:14 AM
  • better to user the Official technet documentation as the Lync 2013 mobility deployment is less confusing than Lync 2010. 

    but look for a better guide when you try to make it work for both internal and external because it's a bit tricky configuration involve in TMG.

    Tuesday, July 9, 2013 5:20 AM
  • In my environment, SIP domain and AD domain is different, Now I can sign-in Lync 2013 in External.

    My FE server name is CNFELYNC.ddhk.ddeng.com, but External Web Service is lync13web.ddeng.com.hk, so these two DNS records exist two two different DNS zones in our DNS server, and they both point to interanl IP address; for this situation, how we will implement Lync 2013 logon in both internal and External. below is my topology capture? which DNS records need to be created?

    i not use TMG to publish Lync 2013, using NAT.

    Another question is whether the external FQDN Lync13web.ddeng.com.cn need to be used in internal?

     

    Tuesday, July 9, 2013 8:28 AM
  • What is your SIP domain?

    You need to create CNAME or A record for lyncdiscoverinternal.<sipdomain>. Please also add the DNS A record pointing to public IP address of Reverse proxy.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    • Edited by Lisa.zheng Tuesday, July 9, 2013 9:28 AM add content
    Tuesday, July 9, 2013 9:27 AM
  • you need to publish the mobility URL (lyncdiscover.ddeng.com.hk) in TMG and get it to reverse proxy in to internal server address. in mobility policy, you need to set it "expose Web URL". this is default set to external so that it will ignore the lyncdiscoverinternal.ddhk.ddeng.com record. 

    to get around this, to have lyncdiscover.ddeng.com.hk resolve internally in to the TMG external interface force it to come through the TMG.

    • Proposed as answer by Lisa.zheng Wednesday, July 17, 2013 11:59 AM
    • Marked as answer by Lisa.zheng Thursday, July 18, 2013 9:08 AM
    Tuesday, July 9, 2013 9:33 AM
  • From your reply, i summary them, i must let lyncdiscover or lyncdiscoverinternal point to a Public IP in Internal DNS server, is it?

    Whether there is a way that a DNS record in Internal DNS server points to a internal IP to realize lync 2013 mobile logon when work in internal, Lync Mobile will use public IP in external?

    Thanks!

    Tuesday, July 9, 2013 11:02 AM
  • Lyncdiscoverinternal should resolve in to FE server FQDN and lyncdiscover should be in Public DNS resolving to External Web Services FQDN. those 2 URLs take care of the server finding based on it's internal or Public

    Tuesday, July 9, 2013 11:18 AM
  • I took above actions, but Lync 2013 mobile clients still not work in Internal.

    Tuesday, July 9, 2013 12:02 PM
  • can you go to Lync management shell and try get-csmcxconfiguration and see to where the URL is exposed in to. if it's external, then it will not going to work internally. 

    set it to internal, restart the FE service and check whether it works

    Tuesday, July 9, 2013 2:22 PM
  • The URL is exposed in to External. My requirement is Lync 2013 mobile client can sign-in in Internal and External. Now mobile client can normally sign-in in External.

    Tuesday, July 9, 2013 2:54 PM
  • it either internal or external. and usually it's ser to external. 

    what you need to do is that have A record as lyncdiscover.domain.com and resolve it to TMG's external interface to force it to come through the reverse proxy (you need to have a TMG)

    Tuesday, July 9, 2013 3:05 PM
  • May no ways realize logon in Internal, as well as External?
    Tuesday, July 9, 2013 3:13 PM
  • given that you don't have a TMG and using a NAT, try creating the CNAME DNS record lyncdiscove.domain.com to resolve in to FE server FQDN. i have not tried this and not sure if it works.

    the recommended way to do this is that rout the internal traffic to TMG and then reverse proxy in to FE server as simulated external connection

    Tuesday, July 9, 2013 10:43 PM
  • "lyncdiscove.domain.com to resolve in to FE server FQDN"

    I tried it, but it not works.

    Wednesday, July 10, 2013 12:07 AM
  • that's what i thought. you need to have a TMG to reverse proxy it in to the FE server

    Wednesday, July 10, 2013 12:33 AM
  • "that's what i thought. you need to have a TMG to reverse proxy it in to the FE server"

    If I take action as you said, whether there are some issue on voice routing etc.? Whether you tried it?

    Wednesday, July 10, 2013 12:53 AM
  • there won't be any problem with Voice routing as Voice doesn't flow through the TMG. voice will flow through the Edge. only the connectivity and auth handled by the TMG. 

    Wednesday, July 10, 2013 1:11 AM
  • if the lyncdiscover record points to public IP in internal DNS zone,  and mobile clients sign-in successfully by Internal, the Voice flow still go to Edge? 
    Wednesday, July 10, 2013 1:51 AM
  • Yes. even though it's internal, it get treated like an external connectivity. Remember above i told you to set the URL expose to External?

    Wednesday, July 10, 2013 1:57 AM
  • Yes, we has set the URL exposed to External.

    Whether I may have the scene?

    1. UR; exposed to Internal

    2. In External DNS, i will publish LyncdiscoverInternal as a host record, and NAT policy transfer port 443 to 443

    Thanks!

    Wednesday, July 10, 2013 2:39 AM
  • that's simply throwing MS best practice out of the window. it might work but no guarantee.

    Wednesday, July 10, 2013 12:17 PM
  • Could you help to explain the words "No guarantee", your meaning is that it is not sure whether it can be successful for this scene, or other?
    Thursday, July 11, 2013 12:28 AM
  • yah.. exactly. it might not going to work as it's not the recommended procedure and it's highly unlikely that some one else tested this before. Thant's what i meant :)

    Thursday, July 11, 2013 4:21 AM