locked
Skype for Business External URLs RRS feed

  • Question

  • Hi, hope anyone can help me with this one.

    Skype for Business Standard Edition on-premises deployment
    Reverse proxy
    1 Edge server
    2 Front end servers

    When building the topology, I overlooked:

    “If you have more than one Front End pool or Front End Server the external Web services FQDN must be unique. For example, if you define the external Web services FQDN of a Front End Server as pool01.contoso.com, you cannot use pool01.contoso.com for another Front End pool or Front End Server”

    Which caused LSJoin Launcher Web Server 64004 errors in the eventlogs of the front-end servers. This article explains the issue quite clearly: http://www.gecko-studio.co.uk/lsjoin-launcher-web-server-64004/

    So I am planning to change pool.contoso.com to pool1.contoso.com and pool2.contoso.com, while in the process changing the external DNS, proxy config and external Certificate SANs.

    However, this new setup left me wondering what I should do with the Simple URLs (meet.contoso.com and dialin.contoso.com), and with lyncdiscover.contoso.com.
    As of now, meet, dialin and lyncdiscover are all CNAMEs of pool.contoso.com (since they all share a reverse proxy external IP address anyway).

    Wat would be te best way to handle this? Any help would be greatly appreciated. 

    Thursday, October 13, 2016 3:30 PM

Answers

  • Hi Just_tim

    The external web services urls are correct but simple urls are global setting so you only need one.

    Simple urls are global so you would have either

    Meet.domain.com and dialin.domain.com

    Or

    Lync.domain.com/meet and Lync.domain.com/dialup

    They should route to one of the reverse proxy At one time and then onto a single front end. Sfb will manage and redirect if any users are on other front end.

    Lyncdiscover is the same and must route to one public rev p addresss pointing to single front end. Have a low ttl on dns records as in DR scenario you can change them to point at other rev p and front end.

    Hope that makes sense if you need anything else just let me know.


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". Thank you. This forum post is based upon my personal experience and does not reflect the opinion or view of my employer.


    • Marked as answer by Just_Tim Thursday, October 13, 2016 7:41 PM
    • Edited by Martin Boam Friday, October 14, 2016 8:23 AM correcting formatting
    Thursday, October 13, 2016 6:40 PM

All replies

  • Hi Just_Tim,

    You would still require the simple urls but you could use consolidated one for both meet and dial in like lync.domain.com/meet and lync.domain.com/dialin that saves one SAN on a public cert but having seperate it fine and common. Some more info on this here https://technet.microsoft.com/en-us/library/gg398287(v=ocs.15).aspx

    For external web services url as long as they are unique thats fine, just make sure they are not the exact pool names and dont conflict. I tend to use LyncWeb or SkypeWebExt for example. Internal and external web services urls need to be unique and listed as SANs on internal and external certs.

    CNAMES can be used as well as you have done already. 

    Hope this helps, let me know if you need some more information.

    Martin


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". Thank you. This forum post is based upon my personal experience and does not reflect the opinion or view of my employer.

    Thursday, October 13, 2016 4:31 PM
  • Hi Martin, Thanks for your reply.

    So, just to summarise, would the following setup work?

    Skypeweb1.contoso.com ---> Reverse Proxy ---> Server1 (FE server/pool)
    Skypeweb2.contoso.com ---> Reverse Proxy ---> Server2 (FE server/pool)

    Skype.contoso.com/meet1 ---> Reverse Proxy ---> Server1 (FE server/pool)
    Skype.contoso.com/meet2 ---> Reverse Proxy ---> Server2 (FE server/pool)

    Skype.contoso.com/dialin1 ---> Reverse Proxy ---> Server1 (FE server/pool)
    Skype.contoso.com/dialin2 ---> Reverse Proxy ---> Server2 (FE server/pool)

    What remains is lyncdiscover.contoso.com, since that one is not editable. Can lyncdiscover only be routed to 1 FE server/pool?

    Thursday, October 13, 2016 5:10 PM
  • Hi Just_tim

    The external web services urls are correct but simple urls are global setting so you only need one.

    Simple urls are global so you would have either

    Meet.domain.com and dialin.domain.com

    Or

    Lync.domain.com/meet and Lync.domain.com/dialup

    They should route to one of the reverse proxy At one time and then onto a single front end. Sfb will manage and redirect if any users are on other front end.

    Lyncdiscover is the same and must route to one public rev p addresss pointing to single front end. Have a low ttl on dns records as in DR scenario you can change them to point at other rev p and front end.

    Hope that makes sense if you need anything else just let me know.


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". Thank you. This forum post is based upon my personal experience and does not reflect the opinion or view of my employer.


    • Marked as answer by Just_Tim Thursday, October 13, 2016 7:41 PM
    • Edited by Martin Boam Friday, October 14, 2016 8:23 AM correcting formatting
    Thursday, October 13, 2016 6:40 PM
  • I am having similar issue, is it require to specify both front end servers External Web Services URL in Lync topology?? as in Topology you can specify only one External Web service URL and in my topology currently its showing my first Lync front end server external web services url... Or just I have to route traffic on reverse proxy for additional FE pool web services?

    Skypeweb1.contoso.com --->  Server1 (FE server/pool)
    Skypeweb2.contoso.com --->  Server2 (FE server/pool)


    www.mytricks.in

    Monday, September 4, 2017 3:19 PM