Solved

MS Lync External Clients AV

Posted on 2011-02-21
13
2,672 Views
Last Modified: 2013-11-29
Hey Experts,
I used the following guide to setup a Lync Standard server.   Chat externally works perfect but the AV does not work externally.  Internally just fine.  I am guessing there is some step not in the guide for external AV but i am missing it.  Any help with be great!  Thank you!
http://imaucblog.com/archive/2010/09/15/step-by-step-microsoft-lync-2010-consolidated-standard-server-install-guide/
0
Comment
Question by:tsukraw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 34952212
Have you deployed an EDGE pool for external comm?     External FQDNs for Edge should include names for SIP, WebConf, and AV.    HAve a look here for more information.  

http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
0
 

Author Comment

by:tsukraw
ID: 34956198
No i do not have a edge pool...It wasnt in the guide i followed i guess.  So it says to set a external FQDN.  What if they internal and external are the same? It will not let me set that.  Are we going to want to set the external to soemthing different?
0
 

Author Comment

by:tsukraw
ID: 34956272
Like in the steps it has a Front End and the edge, is it possible to run these on the same physical box?  We only have like 20users so it seems like it would be a big waste to have to have them on seperate boxes.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 33

Expert Comment

by:MikeKane
ID: 34956470
If they are all internal, then you should be able to only use the 1 front end pool server.   However, if you have anything on the outside wanting access, then you need the edge services.  


0
 

Author Comment

by:tsukraw
ID: 34956483
Can the edge services be installed on the computer running the front end pool?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34961360
I don't believe so.   You need a separate host for that.    


 
0
 

Author Comment

by:tsukraw
ID: 34966186
Alright.
So in the guide it looks like they assigned the public IPs right to the nic.

In my setup i have a single public IP that will be used.  Let say it is 4.2.2.2(PUBLIC).  Internal is (192.168.0.1)  would i want to then have a second internal say (192.168.0.2) that has the public nated to it?  Since looking at the guide i see a Internal IP address / External IP address / Public IP address...
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34966931
For the edge server, you need 2 nics.  Ideally, you want 1 nic on the inside network and 1 nic in the DMZ.  The server will span the DMZ to the internal network (this setup drives me bat-sh*t crazy since it bypasses the firewall).     The internal NIC will have an internal ip that you use to speak with the front end pool server you already have.  The external(DMZ) nic will have its own ip on that subnet.   the Public IP is the IP address you will NAT to when going outbound to the internet (if you will have a firewall controlling access to this).

The edge server will need a cert on the outside.  
I use:
sn:sip.domain.com
san:sip.domain.com
san:meet.domain.com
san:av.domain.com
san:webconf.domain.com  

It will also need a cert on the inside, but this one can come from your self-signed domain cert server (its only used to speak with the front end anyway)

Hope that helps.  

0
 

Author Comment

by:tsukraw
ID: 34967110
Ok i was able to get it working with just 1 nic.  I used 2 IPs from my internal subnet.  Set 1 to the internal to connect to the front end.  and 1 as the external.  Then i created a packet filter in my firewall and forwarded the ports to the IP i set as the external.  Tested it and everything seems to work perfectly video and audio no problems.  Even sharing programs seemed to work perfectly!  

The one thing i did notice that didnt work was PowerPoint presentations?  Do they require something special to work?

Thank you very much for all this help Mike it has been greatly appreciated!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34970701
I've had mixed luck with application sharing so far.   Some work, some don't.      Sharing the entire desktop out seems to be the better choice at the moment.  At least for me.
0
 

Author Comment

by:tsukraw
ID: 34975714
Question with Meeting / conference.  
So it worked before without the edge server.  We had the external IP NATed to the frontend server.  So when we sent out a meeting request the url looked like http://meet-lync.domain.com/bla/bla bla....  Now that we got the edge in place we only have the 1 public IP it appears to have Web Conferencing on port 444 which is indeed forwarded to the edge server.  But when we send the request for a meeting the url still looks the same and trying to use 443....Which in my edge config screen it looks like A/V service is now using 443...

Did i make any sense there?
How do we get meeting back online or do we want to have the meet-lync on a seperate IP and have it sent to the front end server?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34980422
When you setup lync, you needed to assign several simple URLs in the Topology builder.    One of these URLS was for Meetings.  The default URL for meetings is meet.domain.com and this lives on the Front End Pool.    Meetings internally should be working fine.    For external users and those outside the company without lync, you need to forward this meet.domain.com url to the front end server using either an IIS in the DMZ to publish it or open a port (or a public IP) on the firewall and send the traffic to the front end pool.  You will need an external A record for meet.domain.com to reflect the Public IP.     Meet.domain.com does not go through Edge, it's directed to the front end pool.  

0
 

Author Closing Comment

by:tsukraw
ID: 35022595
Guide was very helpful and was able to get a edge up and running and connect externally.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question