locked
Skype Mobility RRS feed

  • Question

  • Hi,

    We have single FrontEnd Skype for Business server with standard version. We are planning to enable Mobility.

    As we know Skype for Business server standard version had same internal/external Web Services which server's FQDN.

    Base on below the DNS configuration, the external Web Services must pointing to Reverse proxy server.

    Currently, we have a records for server FQDN is in internal DNS. Did run the Lync connectivity analyzer (below), the request will look for lyncdiscover.<domain name>. In internal DNS, we have records for lyncdiscoverinternal.<sip domain> but not for lyncdiscover.<sip domain>

    My question:

    1. Shall we add lyncdiscover.<sip domain> in internal DNS and point to Reverse Proxy?

    2. Left the external Web Services as it is, no change requires in Topology?

    3. On Reverse Proxy server, rule for lyndiscover (https://lyncdiscover.<sip domain> is pointing to Backed server URL at https://FQDN:4443



    • Edited by Suriya25 Wednesday, June 12, 2019 6:12 AM
    Wednesday, June 12, 2019 6:10 AM

Answers

  • Do you have a Split brain DNS.

    The IP they point to will be different, the IP for the external is on your reverse proxy, using port 443 and 80 translating to the FE on 8080 and 4443. 

    the same FQDN name can be on the internal and external different DNS servers will be resolving them. on the internal it will point to the FE Pool, on the external to your reverse proxy. 

    However, its logical to override the internal FQDN and user another name. 

    • Marked as answer by Suriya25 Friday, June 14, 2019 7:47 AM
    Thursday, June 13, 2019 4:59 PM
  • Hi Suriya25,

    Yes, I think it would work.

    For the Backend server URL field, it should append ":4443" to the external web services URL and simple URLs. Refer to this blog:

    https://blogs.technet.microsoft.com/dodeitte/2013/10/29/how-to-publish-lync-server-2013-web-services-with-windows-server-2012-r2-web-application-proxy/


    Best Regards,
    Shaw Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by Shaw_Lu Friday, June 14, 2019 7:38 AM
    • Marked as answer by Suriya25 Friday, June 14, 2019 7:47 AM
    Friday, June 14, 2019 7:38 AM

All replies

  • Hi Suriya25,

    In my understanding, for standard edition server, it could change the external web service FQDN in topology (as below).

    And about your questions:

    1. Shall we add lyncdiscover.<sip domain> in internal DNS and point to Reverse Proxy?

    //It is optional, you could add lyncdiscover.<sip-domain> in your internal DNS, however, it should point to your standard edition server, not the RP.

    2. Left the external Web Services as it is, no change requires in Topology?

    //I suggest you change the external web services FQDN to another FQDN.

    3. On Reverse Proxy server, rule for lyndiscover (https://lyncdiscover.<sip domain> is pointing to Backed server URL at https://FQDN:4443

    // Yes, for Lyncdiscover, meet, dial-in, ExternalWebService, they all should point to 4443. If you use IISARR as RP, you could refer to this blog: 

    https://blogs.technet.microsoft.com/nexthop/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013/comment-page-12/

    In addition, on RP server, ensure it is able to resolve all the internal server FQDNs.


    Best Regards,
    Shaw Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by Shaw_Lu Wednesday, June 12, 2019 7:59 AM
    Wednesday, June 12, 2019 7:59 AM
  • Hi Shaw,

    I would not to change the existing settings. If we change the external web services, then we have to request to have new certificates. 

    I would like the external web services remain as it and maybe i know with below, the user able to sign skype on their mobile

    On Reverse Proxy server, rule for lyndiscover (https://lyncdiscover.<sip domain> is pointing to Backed server URL at https://FQDN of external web services:4443

    Wednesday, June 12, 2019 10:41 AM
  •  lyncdiscover.<sip domain> points to the external web services, using this address internally is not a recommended configuration. 

    The deployment of Mobility is usually a tricky one when you have users connecting to the internal network with their mobile devices. Ideally users should be using their mobile service and not the Internal network/DNS. 

    are your users connecting to the internal network and leveraging the internal DNS servers? 


    • Edited by Tola Neks Wednesday, June 12, 2019 1:21 PM mistake
    Wednesday, June 12, 2019 1:21 PM
  • Hi Tola,

    Per above screenshot, the lyncdiscover.<sip domain> is not require in internal DNS but i have doubt for "external Web Services". It said that "external Web Services" must pointing to Reverse Proxy. However, we have only standard skype for business and the external Web Services was set to FQDN of skype server by previous engineer.

    If i configure current "external web services" to proxy server is same like to allow DNS to resolve FQDN of skype to IP address of Reverse proxy which it is not right. I wouldn't like to change existing configuration because it will require another certificated to be installed. Currently we have both public and internal SAN certificate that contains the FQDN of Skype server name, hence i can make use of it as "external Web Services"

    Based my current infra and below configuration, may i know if mobility services will work if the user's phone to internal WIFI and phone provider?

    On Reverse Proxy server, rule for lyndiscover (https://lyncdiscover.<sip domain> is pointing to Backed server URL at https://<FQDN of Skype Server>:4443

    Thursday, June 13, 2019 2:14 AM
  • Hi Suriya25,

    Do you want to keep internal and external web service as the same as the Server FQDN?

    For Mobility outside your network, it may work with the RP rule, however, for internal wifi mobile client, the mobile is still treated as an external source even it connected to the internal Wifi. This means all signaling and web service requests for things like address book search, presence etc will be handled by your reverse proxy and using your external web services FQDN. Then it may have issue when using internal DNS servers by DHCP over Wifi.

    For more details, you could refer to this blog.


    Best Regards,
    Shaw Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by Shaw_Lu Thursday, June 13, 2019 3:29 AM
    Thursday, June 13, 2019 3:29 AM
  • Hi Shaw,

    Meaning with current Topology, Skype Mobility will work unless the user will not connect their phone to internal WIFI?

    Thank you

    Thursday, June 13, 2019 7:37 AM
  • Do you have a Split brain DNS.

    The IP they point to will be different, the IP for the external is on your reverse proxy, using port 443 and 80 translating to the FE on 8080 and 4443. 

    the same FQDN name can be on the internal and external different DNS servers will be resolving them. on the internal it will point to the FE Pool, on the external to your reverse proxy. 

    However, its logical to override the internal FQDN and user another name. 

    • Marked as answer by Suriya25 Friday, June 14, 2019 7:47 AM
    Thursday, June 13, 2019 4:59 PM
  • Hi Tola,

    That is what i'm planning to do. Use FQDN (lyncwebserver01.contoso.com)=external Web Services in external DNS and point to reverse proxy. We are going to use WAP (Web Application Proxy). In WAP, will create a rule 

    1. On the Publishing Settings page, do the following, and then click Next:
      • In the Name box, enter a friendly name for the application (for example, External Lync Web Services – Bostom Pool)
      • In the External URL box, enter the external URL for the application : https://lyncwebserver01.contoso.com
      • In the External certificate list, select a certificate that contains the external URL
      • In the Backend server URL box, enter the URL : https://lyncwebserver01.contoso.com:4443

    With this solution, the user will able to sign-in skype on their phone even their phone are on 4G or internal WIFI, right?
    • Edited by Suriya25 Friday, June 14, 2019 3:46 AM
    Friday, June 14, 2019 1:52 AM
  • Hi Suriya25,

    Yes, I think it would work.

    For the Backend server URL field, it should append ":4443" to the external web services URL and simple URLs. Refer to this blog:

    https://blogs.technet.microsoft.com/dodeitte/2013/10/29/how-to-publish-lync-server-2013-web-services-with-windows-server-2012-r2-web-application-proxy/


    Best Regards,
    Shaw Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by Shaw_Lu Friday, June 14, 2019 7:38 AM
    • Marked as answer by Suriya25 Friday, June 14, 2019 7:47 AM
    Friday, June 14, 2019 7:38 AM