You can use Internet Information Services Application Request Routing (IISARR) in lieu of the now discontinued Forefront Threat Management Gateway (TMG) 2010 for Lync 2013 Reverse Proxy.
IIS ARR will run on Server 2008/2008 R2 and Server 2012.
Prereqs:
You'll need two NICs; an external NIC with a default gateway going out to the Internet, and internal NIC going to your Lync environment. As with an Edge server, do not join the IIS ARR machine to your domain.
Installation:
Install IIS on your ARR machine.
Next, Export your public Lync 2013 certificate and import it into your ARR machine.
Next, Bind the imported cert to port 443 in IIS.
Download and install the Web Platform Installer.
Once you have the WPI, search for KB2589179 and grab that.
Configuration:
If you have IIS Manager open, close and reopen and under Sites, you'll see the new Server Farm option.
Right-click Server Farms > Create Server Farm
Give your Server Farm a name for instance lyncweb.exchangeitup.com
Next specify the FQDN of your Front-End or Standard Edition Lync Server.
In the drop down hit Advanced Settings and change the default ports to 8080 and 4443; these are the External Web Service ports.
Click Finish.
Click Yes to rewrite the rules.
Select Caching and Disable Disk Caching.
For Lync External web services, under Proxy, change the time-out to 200 seconds; this stops the Lync Web App from disconnecting and reconnecting.
Under Routing Rules, disable SSL offloading.
Repeat these steps for each simple URL.
Edit the URL rewriting rules in the IIS root.
Double-click on the current URL Rewrite rule. It will have the default name of ARR_Lync_loadbalance. Make these changes in Edit page for the Inbound Rule.
Pattern needs to be changed to (.*)
Using needs to be changed to Regular Expression
Action needs to be changed to https://
Apply your Rewrite rules.
To test, open https://meet.domain.com (substitute domain.com for your org details) externally and see that you can get to your Lync 2013 external services.
Microsoft Enterprise Messaging tips, tricks, and general help.
No comments:
Post a Comment