Solved

MS Lync External Clients AV

Posted on 2011-02-21
13
2,667 Views
Last Modified: 2013-11-29
Hey Experts,
I used the following guide to setup a Lync Standard server.   Chat externally works perfect but the AV does not work externally.  Internally just fine.  I am guessing there is some step not in the guide for external AV but i am missing it.  Any help with be great!  Thank you!
http://imaucblog.com/archive/2010/09/15/step-by-step-microsoft-lync-2010-consolidated-standard-server-install-guide/
0
Comment
Question by:tsukraw
  • 7
  • 6
13 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
Comment Utility
Have you deployed an EDGE pool for external comm?     External FQDNs for Edge should include names for SIP, WebConf, and AV.    HAve a look here for more information.  

http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
0
 

Author Comment

by:tsukraw
Comment Utility
No i do not have a edge pool...It wasnt in the guide i followed i guess.  So it says to set a external FQDN.  What if they internal and external are the same? It will not let me set that.  Are we going to want to set the external to soemthing different?
0
 

Author Comment

by:tsukraw
Comment Utility
Like in the steps it has a Front End and the edge, is it possible to run these on the same physical box?  We only have like 20users so it seems like it would be a big waste to have to have them on seperate boxes.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
If they are all internal, then you should be able to only use the 1 front end pool server.   However, if you have anything on the outside wanting access, then you need the edge services.  


0
 

Author Comment

by:tsukraw
Comment Utility
Can the edge services be installed on the computer running the front end pool?
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
I don't believe so.   You need a separate host for that.    


 
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:tsukraw
Comment Utility
Alright.
So in the guide it looks like they assigned the public IPs right to the nic.

In my setup i have a single public IP that will be used.  Let say it is 4.2.2.2(PUBLIC).  Internal is (192.168.0.1)  would i want to then have a second internal say (192.168.0.2) that has the public nated to it?  Since looking at the guide i see a Internal IP address / External IP address / Public IP address...
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
For the edge server, you need 2 nics.  Ideally, you want 1 nic on the inside network and 1 nic in the DMZ.  The server will span the DMZ to the internal network (this setup drives me bat-sh*t crazy since it bypasses the firewall).     The internal NIC will have an internal ip that you use to speak with the front end pool server you already have.  The external(DMZ) nic will have its own ip on that subnet.   the Public IP is the IP address you will NAT to when going outbound to the internet (if you will have a firewall controlling access to this).

The edge server will need a cert on the outside.  
I use:
sn:sip.domain.com
san:sip.domain.com
san:meet.domain.com
san:av.domain.com
san:webconf.domain.com  

It will also need a cert on the inside, but this one can come from your self-signed domain cert server (its only used to speak with the front end anyway)

Hope that helps.  

0
 

Author Comment

by:tsukraw
Comment Utility
Ok i was able to get it working with just 1 nic.  I used 2 IPs from my internal subnet.  Set 1 to the internal to connect to the front end.  and 1 as the external.  Then i created a packet filter in my firewall and forwarded the ports to the IP i set as the external.  Tested it and everything seems to work perfectly video and audio no problems.  Even sharing programs seemed to work perfectly!  

The one thing i did notice that didnt work was PowerPoint presentations?  Do they require something special to work?

Thank you very much for all this help Mike it has been greatly appreciated!
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
I've had mixed luck with application sharing so far.   Some work, some don't.      Sharing the entire desktop out seems to be the better choice at the moment.  At least for me.
0
 

Author Comment

by:tsukraw
Comment Utility
Question with Meeting / conference.  
So it worked before without the edge server.  We had the external IP NATed to the frontend server.  So when we sent out a meeting request the url looked like http://meet-lync.domain.com/bla/bla bla....  Now that we got the edge in place we only have the 1 public IP it appears to have Web Conferencing on port 444 which is indeed forwarded to the edge server.  But when we send the request for a meeting the url still looks the same and trying to use 443....Which in my edge config screen it looks like A/V service is now using 443...

Did i make any sense there?
How do we get meeting back online or do we want to have the meet-lync on a seperate IP and have it sent to the front end server?
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
When you setup lync, you needed to assign several simple URLs in the Topology builder.    One of these URLS was for Meetings.  The default URL for meetings is meet.domain.com and this lives on the Front End Pool.    Meetings internally should be working fine.    For external users and those outside the company without lync, you need to forward this meet.domain.com url to the front end server using either an IIS in the DMZ to publish it or open a port (or a public IP) on the firewall and send the traffic to the front end pool.  You will need an external A record for meet.domain.com to reflect the Public IP.     Meet.domain.com does not go through Edge, it's directed to the front end pool.  

0
 

Author Closing Comment

by:tsukraw
Comment Utility
Guide was very helpful and was able to get a edge up and running and connect externally.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now