Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

MS Lync External Clients AV

Posted on 2011-02-21
13
Medium Priority
?
2,676 Views
Last Modified: 2013-11-29
Hey Experts,
I used the following guide to setup a Lync Standard server.   Chat externally works perfect but the AV does not work externally.  Internally just fine.  I am guessing there is some step not in the guide for external AV but i am missing it.  Any help with be great!  Thank you!
http://imaucblog.com/archive/2010/09/15/step-by-step-microsoft-lync-2010-consolidated-standard-server-install-guide/
0
Comment
Question by:tsukraw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 2000 total points
ID: 34952212
Have you deployed an EDGE pool for external comm?     External FQDNs for Edge should include names for SIP, WebConf, and AV.    HAve a look here for more information.  

http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
0
 

Author Comment

by:tsukraw
ID: 34956198
No i do not have a edge pool...It wasnt in the guide i followed i guess.  So it says to set a external FQDN.  What if they internal and external are the same? It will not let me set that.  Are we going to want to set the external to soemthing different?
0
 

Author Comment

by:tsukraw
ID: 34956272
Like in the steps it has a Front End and the edge, is it possible to run these on the same physical box?  We only have like 20users so it seems like it would be a big waste to have to have them on seperate boxes.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 33

Expert Comment

by:MikeKane
ID: 34956470
If they are all internal, then you should be able to only use the 1 front end pool server.   However, if you have anything on the outside wanting access, then you need the edge services.  


0
 

Author Comment

by:tsukraw
ID: 34956483
Can the edge services be installed on the computer running the front end pool?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34961360
I don't believe so.   You need a separate host for that.    


 
0
 

Author Comment

by:tsukraw
ID: 34966186
Alright.
So in the guide it looks like they assigned the public IPs right to the nic.

In my setup i have a single public IP that will be used.  Let say it is 4.2.2.2(PUBLIC).  Internal is (192.168.0.1)  would i want to then have a second internal say (192.168.0.2) that has the public nated to it?  Since looking at the guide i see a Internal IP address / External IP address / Public IP address...
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34966931
For the edge server, you need 2 nics.  Ideally, you want 1 nic on the inside network and 1 nic in the DMZ.  The server will span the DMZ to the internal network (this setup drives me bat-sh*t crazy since it bypasses the firewall).     The internal NIC will have an internal ip that you use to speak with the front end pool server you already have.  The external(DMZ) nic will have its own ip on that subnet.   the Public IP is the IP address you will NAT to when going outbound to the internet (if you will have a firewall controlling access to this).

The edge server will need a cert on the outside.  
I use:
sn:sip.domain.com
san:sip.domain.com
san:meet.domain.com
san:av.domain.com
san:webconf.domain.com  

It will also need a cert on the inside, but this one can come from your self-signed domain cert server (its only used to speak with the front end anyway)

Hope that helps.  

0
 

Author Comment

by:tsukraw
ID: 34967110
Ok i was able to get it working with just 1 nic.  I used 2 IPs from my internal subnet.  Set 1 to the internal to connect to the front end.  and 1 as the external.  Then i created a packet filter in my firewall and forwarded the ports to the IP i set as the external.  Tested it and everything seems to work perfectly video and audio no problems.  Even sharing programs seemed to work perfectly!  

The one thing i did notice that didnt work was PowerPoint presentations?  Do they require something special to work?

Thank you very much for all this help Mike it has been greatly appreciated!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34970701
I've had mixed luck with application sharing so far.   Some work, some don't.      Sharing the entire desktop out seems to be the better choice at the moment.  At least for me.
0
 

Author Comment

by:tsukraw
ID: 34975714
Question with Meeting / conference.  
So it worked before without the edge server.  We had the external IP NATed to the frontend server.  So when we sent out a meeting request the url looked like http://meet-lync.domain.com/bla/bla bla....  Now that we got the edge in place we only have the 1 public IP it appears to have Web Conferencing on port 444 which is indeed forwarded to the edge server.  But when we send the request for a meeting the url still looks the same and trying to use 443....Which in my edge config screen it looks like A/V service is now using 443...

Did i make any sense there?
How do we get meeting back online or do we want to have the meet-lync on a seperate IP and have it sent to the front end server?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34980422
When you setup lync, you needed to assign several simple URLs in the Topology builder.    One of these URLS was for Meetings.  The default URL for meetings is meet.domain.com and this lives on the Front End Pool.    Meetings internally should be working fine.    For external users and those outside the company without lync, you need to forward this meet.domain.com url to the front end server using either an IIS in the DMZ to publish it or open a port (or a public IP) on the firewall and send the traffic to the front end pool.  You will need an external A record for meet.domain.com to reflect the Public IP.     Meet.domain.com does not go through Edge, it's directed to the front end pool.  

0
 

Author Closing Comment

by:tsukraw
ID: 35022595
Guide was very helpful and was able to get a edge up and running and connect externally.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question