none
Lync and IIS RRS feed

  • Question

  • Hi All,

    I'm having some trouble understanding using IIS and LYNC. 

    Based on my reading i originally:

    1. Imported my public Cert

    2. Binded the default website with port 443 for SSL 

    2. created server farms with their FQDN on ports 8080 and 4443 for:

    (All configured to turn ssl offloading off, disk caching off, etc)

    Audio and Video 
    Web Conferencing 
    External Edge Access
    Lync Discover
    Meet 
    Dialin

    This allowed me to navigate to the IIS 7 welcome page from both the reverse gateway and other network machines for most/all of the URLs. Is this normal, meaning the IIS is doing its job?

    Unsure if it was i read from another article to add sites for internal and external connections. So i added an Internal site with FE public ip http 194.1.1.1:80, https 194.1.1.1:443 and an external site for  http 194.1.1.2:8080, https 194.1.1.2:4443. 

    Now when i navigate to URLs i get HTTP Error 404.

    Am i missing out any vital steps? or configuring something incorrectly?

    Thanks,

    Joel

     

    Monday, September 16, 2013 11:42 AM

Answers

  • Hi,

    Would you please provide the link of another article you said?

    Please double check the certificate requirement for external lync access:

    http://technet.microsoft.com/en-us/library/gg398920.aspx

    The subject name of the certificate is the Access Edge service external interface fully qualified domain name (FQDN).

    The subject alternative name list contains the Access Edge service external interface and web conferencing Edge external interface.


    Kent Huang
    TechNet Community Support

    • Marked as answer by Kent-Huang Thursday, September 26, 2013 2:31 AM
    Thursday, September 19, 2013 7:50 AM

All replies

  • Some more Info...Lync is showing no errors in event viewer and certs are from Digicert. 

    Using Lync Remote Analyser i get the following:

    Testing the SSL certificate to make sure it's valid.
      The SSL certificate failed one or more certificate validation checks.
     
    Test Steps
     
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server accessedge.excelerate.info on port 443.
      The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
     
    Additional Details
     

    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

    Monday, September 16, 2013 12:02 PM
  • A couple questions:

    Did you follow the steps here? http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx

    Also when you exported your public certificate did you export the private key with it? (you would have to have saved it as a PFX file with a password)

    Are you able to resolve your Lync front end server/pool from your IIS box?


    Blog http://ucfoc.us | Twitter @georgathomas

    Monday, September 16, 2013 5:46 PM
  • Thanks for the reply, 

    To confirm:

    The certificate was exported as PFX and imported to the trusted root of the reverse proxy with key.
    I can resolve all FQDN and URLs.
    And i have followed all the steps in the guide minus the OWA parts. 


    Wednesday, September 18, 2013 2:52 PM
  • Hi,

    Would you please provide the link of another article you said?

    Please double check the certificate requirement for external lync access:

    http://technet.microsoft.com/en-us/library/gg398920.aspx

    The subject name of the certificate is the Access Edge service external interface fully qualified domain name (FQDN).

    The subject alternative name list contains the Access Edge service external interface and web conferencing Edge external interface.


    Kent Huang
    TechNet Community Support

    • Marked as answer by Kent-Huang Thursday, September 26, 2013 2:31 AM
    Thursday, September 19, 2013 7:50 AM
  • Can you tell me what services are you going to access form external ! Basically you need TMG for web publishing 


    Friday, September 20, 2013 7:39 AM
  • Can you tell me what services are you going to access form external ! Basically you need TMG for web publishing 


    You do not need to use TMG in order to publish your web services. IIS ARR is also a viable solution, particularly as you can't even buy TMG mainstream anymore and I believe support will cease towards the end of the decade. You can acutally use ANY reverse proxy solution as long as it meets Microsofts Reverse Proxy Prerequisites for Lync as per ; http://technet.microsoft.com/en-us/library/jj945651.aspx

    Friday, September 20, 2013 12:30 PM
  • Yes i agreed with you...but if your concern about the cost cutting same solutioncan be done from the router..but router should be capable for web-publishing 


    • Edited by Hirantha_ Friday, September 20, 2013 2:27 PM
    Friday, September 20, 2013 2:27 PM