none
Lync 2010 Mobile Internal only without Proxy RRS feed

  • Question

  • Is it possible to configure Lync Mobility to work only internally with no proxy server.

    Basically been asked by our teams if they can utilise Lync on iPad using our Wi-Fi network, we dont have a proxy server unfortunately.

    Thanks!

    Friday, July 27, 2012 11:24 AM

Answers

  • Both the internal Mobility Service URL and the external Mobility Service URL are associated with the external Web Services FQDN.

     Therefore, regardless of whether a mobile device is internal or external to the network, the device always connects to the Microsoft Lync Server 2010 Mobility Service externally through the reverse proxy.

    So I think it is necessary to have a reverse proxy. If you don’t deploy reverse proxy, others play as the role of reverse proxy.

    For you have to forward 443 request to port 4443 which is done by reverse proxy.

    Here is a thread you can refer to:

    http://social.technet.microsoft.com/Forums/en-US/ocsmobility/thread/c133170e-4230-47bc-adec-d9d65215a527/

    Regards,

    Lisa

    Monday, July 30, 2012 8:40 AM
    Moderator

All replies

  • Hi,

    If you enable mobility access only for internal users, you can point the Lyncdiscoverinternal record to frontend pool FQDN/Server FQDN , it does work.

    Thanks

    Saleesh


    If answer is helpful, please hit the green arrow on the left, or mark as answer.

    Friday, July 27, 2012 11:36 AM
  • I did change mobility access to internal only and added a cname for lyncdiscoverinternal.internaldomain.local to point to lyncfe.internaldomain.local for the FE pool.

    But didnt seem to want to connect, it doesnt autodiscover it.

    Friday, July 27, 2012 12:14 PM
  • Can you check following ;

    • Make sure that mobility weburl is set to internal , Set-CsMcxConfiguration –ExposedWebUrl Internal.
    • Can you install internal root CA on mobile device if you are not using public certificate on frontend ?
    • Ensure that Lync discover record is added to the FE certificate SAN list ?

    Thanks

    Saleesh


    If answer is helpful, please hit the green arrow on the left, or mark as answer.

    Friday, July 27, 2012 12:44 PM
  • Ok I did Set-CsMcxConfiguration - ExposedWebUrl Internal and my server certificate has all the relevant internal domain names.

    LyncdiscoverInternal.mydomain.local is also added to DNS pointing to the FE server and is also in the certificate too.

    When trying to connect iPhone it doesnt auto discover so I manually added server address as https://LyncdiscoverInternal.mydomain.local.

    It just keeps saying on the main screen Lync is signing in... and does nothing more.

    Friday, July 27, 2012 12:51 PM
  • If you are using an internal private Certificate Authority for the certificates issued to the Lync server then you will need to manually import the root (and any issuing) CA certificates into any mobile devices attempting to connect.

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    Friday, July 27, 2012 12:56 PM
    Moderator
  • I have now manually installed the certificate, basically our public CA allows us to put internal domain names as SAN's which we did for all our internal domains that require a CA.
    Friday, July 27, 2012 1:05 PM
  • Quick update I tried checking the https://lyncdiscoverinternal.mydomain.local from Internet Explorer it gives me this below;

    {"AccessLocation":"Internal","Root":{"Links":[{"href":"https:\/\/lync.mydomain.local\/Autodiscover\/AutodiscoverService.svc\/root\/domain","token":"Domain"},{"href":"https:\/\/lync.mydomain.local\/Autodiscover\/AutodiscoverService.svc\/root\/user","token":"User"}]}}

    Lync.mydomain.local is the internal name for our FE Pool server.

    Is this correct?

    Friday, July 27, 2012 1:30 PM
  • Both the internal Mobility Service URL and the external Mobility Service URL are associated with the external Web Services FQDN.

     Therefore, regardless of whether a mobile device is internal or external to the network, the device always connects to the Microsoft Lync Server 2010 Mobility Service externally through the reverse proxy.

    So I think it is necessary to have a reverse proxy. If you don’t deploy reverse proxy, others play as the role of reverse proxy.

    For you have to forward 443 request to port 4443 which is done by reverse proxy.

    Here is a thread you can refer to:

    http://social.technet.microsoft.com/Forums/en-US/ocsmobility/thread/c133170e-4230-47bc-adec-d9d65215a527/

    Regards,

    Lisa

    Monday, July 30, 2012 8:40 AM
    Moderator
  • Hi Saleesh,

    I am in the same situation 

    We are trying to Enable Lync Mobility for internal only (No Edge and Reverse Proxy)

    I have installed latest CU for Lync Server 2010 4.0.7577.728

    Set Exposedweburl as internal.

    Included additional SAN to Certificate and assigned to services.

    Set the MCXSip Primary and External Listening port to 5086 and 5087

    Still i am not able to Lync Mobility. 


    • Edited by SonarPal Tuesday, June 14, 2016 5:54 AM
    Tuesday, June 14, 2016 4:47 AM