locked
lync meeting URL not working in external network RRS feed

  • Question

  • HI All,

    We have Lync 2013 setup with Edge server .

    I can connect Lync client from external network and its works fine without any issue ... but am having issue when accessing meeting URL from external network.

    Am assigning *.domain.com (external) certificate for Lync edge server , and am assigning internal CA certificate for Lync FE server  , i can access Lync meeting URL from internal network , it works fine with Lync web app client also .

    But when i tried to access the same meeting URL from external network its not working , meeting URL is https:meet.domain.com   .  Port 8080 and 4443 assigned for External web services in FE IIS setup.

    My internal domain is  domain.local and for external  domain.com , am using SIP address  .com to connect Lync client from external network .

    is something wrong with the meet.domain.com certificate?  please advise to fix this issue.

    Thanks,

    Mani L


    Mani L

    Thursday, January 28, 2016 7:45 AM

Answers

All replies

  • Hi All ,   any update for my issue?       do i need to assign external certificate for Lync FE external web services IIS?

    Please Advise .

    Thanks,

    Mani L


    Mani L

    Friday, January 29, 2016 7:49 AM
  • Hi Manikandan Loganathan,

     

    No, you need to deploy a Reverse Proxy, and you must have a public certificate installed on it.

    Lync Server uses the reverse proxy to publish a number of features, such as conferencing meetings, conference join locations, the address book, distribution list expansion, downloading meeting content, device updates, Mobility services, and more.

     

    Certificate for Reverse Proxy:

    CN - WebExt.domain.com

    SAN - dialin.domain.com

    SAN - meet.domain.com

    SAN - lyncdiscover.domain.com

    SAN - WebExt.domain.com

     

    You can use IIS ARR or TMG as the Reverse Proxy.

    IIS ARR: https://blogs.technet.microsoft.com/nexthop/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013/

    TMG: http://social.technet.microsoft.com/wiki/contents/articles/9807.how-to-configure-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx

     

     

    Best regards,

    Eric


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, January 29, 2016 9:15 AM
  • Hi Eric ,  thanks for your reply .

    Why we have to build new server for Lync Mobility and Lync external conference?  is there any specific reason?

    Can we use the same Edge server for both Lync mobility and Lync external conference?

    Please advice.

    Thanks,

    Mani L


    Mani L

    Tuesday, April 12, 2016 4:15 PM
  • Hi Mani, 

    Lync mobility is not something served by edge server, it is handled by RP. Edge handles only webconf,av, external thick client signin. Anything related to Mobility, meet and dialin urls should go via reverse proxy. 

    In short both Edge and Reverse proxy have their own stand alone roles and cannot be collocated.


    Thanks,
    Anoop Karikikuzhiyil Babu | Erstwhile Microsoft Premier Unified Communication Engineer. My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    Tuesday, April 12, 2016 7:56 PM
  • Hi Eric ,

    i have completed the Lync reverse proxy setup for my Lync 2013 environment except DNS entries part.

    i have big doubt in DNS entries part .

    we have sip domain called domain.local  and domain.com . i have created reverse proxy IIS ARR server farm with below address.

    dialin.domain.com ,

    meet.domain.com ,

    lyncdiscover.domain.com and

    extweb.domain.com (My Lync FE external web service name) , also i completed all other procedure for reverse proxy URL rewrite.

    i have assigned two NIC for reverse proxy , one is for internal and another for DMZ network.

    How should i enter DNS entries in my AD DNS and how will be the local host entry record for reverse proxy machine?

    This is what i done for my reverse proxy machine local host record.

    Lync frond end IP      Lync FE FQDN

    Lync frond end IP      meet.domain.com

    Lync frond end IP      dialin.domain.com

    Lync frond end IP      lyncdiscover.domain.com

    Lync frond end IP      extweb.domain.com

    AD DNS Entries :

    A Host name for sip domain  domain.com

    dialin.domain.com  with  Reverse proxy  Internal network IP ,

    meet.domain.com   with  Reverse proxy  Internal network IP ,

    lyncdiscover.domain.com  with  Reverse proxy  Internal network IP  and

    extweb.domain.com  with  Reverse proxy  Internal network IP

    Where i use the DMZ IP for DNS entries?

    This DNS entries are correct for both AD DNS and  Reverse proxy local host record? or am i wrong anything? Please advise.

    also for external network NAT IP , can we assign all the four URL names (meet , dialin , lyncdiscover and extweb.domain.com) for only one IP while enabling NAT'ing process and SAN?

    Thanks,

    Mani L

    Mani L

    Thursday, May 12, 2016 4:01 AM