locked
Lync Server 2010 Standard Edition - External clients can not connect RRS feed

  • Question

  • Hope somebody can clarify this for me.

    We are a reaonably small organistaion and we decided to test drive Lync 2010 Standard Edtion. We have installed the server as a Virtual Machine on a host inside our network. Our front End Firewalls consist out of ISA Servers and TMG 2010.

    Initial setup and configuration was a breese. Our client can connect internally with IM, Video, and Voice. We don't need sip cabilities (PABX). We have published the Lync Server accoring to articles on the web. This included publishing the Lync URL and opening port 5061 to the Server. The TMG 2010 Server uses a Web Publishing rule and a Non Web Publishing rule. Externally the clients can connect via IM, but Video and Voice fails with network issues. I have looked at numerous documents and Lync Std is for single server deployments and I'm not sure whether I require an Edge Server. Some post's refer to installing Lyns Std with 2 network adapters and others say that one NIC is supported

    If it's a single deployment server surely the server should act as the edge server as well. At the moment the Virtual Machine is configured with one NIC. Should I add a second NIC, make that one part of the DMZ and then route traffic to the Lync server of that network. The existing NIC will then be used for the Internal LAN... or am I barking up the wrong tree?

    Wednesday, August 3, 2011 8:23 AM

Answers

  • Hi,Mufassa,

    Standard edition server collocated all the core server roles on a single server such as Front end server,backend database server,and generally the front end server FQDN  you defined in the topology is same as the standard edition  server FQDN.That is why you see standard edition server is under the Standard Edition Front End Servers  in the topology.If you deployed an Edge server in DMZ and define/publish it on the topology you will see it's under edge pool in the topology.

    For external access,you need deploy Lync edge and reverse proxy for fully access on your Lync server.Users can use the Lync Web App for IM and presence without the need of an edge server since it is a part of the lync core webservices which also need be published on reverse proxy.For deploying Edge server you can follow this guide http://technet.microsoft.com/en-us/library/gg398918.aspx

    I am confused on your last sentence,why  do you need move front end server to DMZ?You just need deploy an Edge server in DMZ.

    Regards,

    Sharon

    • Proposed as answer by Sharon.Shen Tuesday, August 9, 2011 10:59 AM
    • Marked as answer by Sharon.Shen Sunday, August 14, 2011 11:16 AM
    Thursday, August 4, 2011 10:53 AM

All replies

  • Okay I have been reading through the forums and its given me a bit more information,

     

    1. A one NIC Installation id fine

    2. On a single Server inside your network IM and A/V is supported

    3. On a single Server inside your network you can Publish Lync Std edition throught the TMG 2010 and Port 5061 - This will give you only IM and not A/V

     

    To enable the clients to connect to the Lync Server 2010 Std edition from the internet I need to create a DMZ on the TMG 2010 Server and assign a different Private IP which will be natted (or is it routed) from on of the External Interfaces (Public IP's) to the front Edge Server which should be placed in the DMZ

    Questions:

    1. Is the Front End Server natted / or Routed

    2. The front End Server needs access to Internal Lync Server 2010, Exchange Servers internally and AD, which ports should be opened, or does the front End Server have to Nics, one for internal and one for the external natted interface.

     

    Public IP

    196.214.?.?

            | 

    TMG Firewall  - 3Legged Perimeter Network - 172.0.0.0 - Lync Front End Server

            |

    Internal LAN

    192.168.1.0

            |

    Lync 2010 Std

     

    Or am a barking up a diffrent tree now. HELPPPPPPPP PLEASE

    Wednesday, August 3, 2011 9:00 AM
  • Hi,

    If you require access to your Lync environment from external/internet then you require a Lync EDGE Server.
    This server cannot be collocated on a Fron-End Server but can also be virtualized.
    It should be installed in a DMZ and you can use NAT to publish it to the internet.
    A Reverse Proxy is also required for full functionality to publish Web URLs required for Lync.

    Have a look at the planning guide for External Access
    http://technet.microsoft.com/en-us/library/gg399048.aspx

    Greetings,
    Johan


    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Wednesday, August 3, 2011 9:11 AM
  • Some more info...

    When I look at the Deployment Topolgy of the LYNC 2010 Server I see the following

    The Standard Edition server is part of the Standard Edition Front End Servers - does this mean that if I have to install a Server in a DMZ effectively this will also become part of the Front Edge Servers.

    I requested a certficate from a CA, with all the exteranl URL's which is

    lync.mydomainexternal.com

    dialin.mydomainexternal.com

    meet.mydomainexternal.com

    lync.mydomaininternal.local

    dialin.mydomainternal.local

    meet.mydomainternal.local

     

    I am running a split DNS and all the SRV records are in place ... both externally and internally.

    Once I bring up the front end Server in the DMZ do I have to move the certificates to the Front End Server in the DMZ and then assign certificates to the Internal Lync Std edition Server from my internal CA....

    Wednesday, August 3, 2011 9:16 AM
  • Hi,Mufassa,

    Standard edition server collocated all the core server roles on a single server such as Front end server,backend database server,and generally the front end server FQDN  you defined in the topology is same as the standard edition  server FQDN.That is why you see standard edition server is under the Standard Edition Front End Servers  in the topology.If you deployed an Edge server in DMZ and define/publish it on the topology you will see it's under edge pool in the topology.

    For external access,you need deploy Lync edge and reverse proxy for fully access on your Lync server.Users can use the Lync Web App for IM and presence without the need of an edge server since it is a part of the lync core webservices which also need be published on reverse proxy.For deploying Edge server you can follow this guide http://technet.microsoft.com/en-us/library/gg398918.aspx

    I am confused on your last sentence,why  do you need move front end server to DMZ?You just need deploy an Edge server in DMZ.

    Regards,

    Sharon

    • Proposed as answer by Sharon.Shen Tuesday, August 9, 2011 10:59 AM
    • Marked as answer by Sharon.Shen Sunday, August 14, 2011 11:16 AM
    Thursday, August 4, 2011 10:53 AM