Solved

MS Lync External Clients AV

Posted on 2011-02-21
13
2,669 Views
Last Modified: 2013-11-29
Hey Experts,
I used the following guide to setup a Lync Standard server.   Chat externally works perfect but the AV does not work externally.  Internally just fine.  I am guessing there is some step not in the guide for external AV but i am missing it.  Any help with be great!  Thank you!
http://imaucblog.com/archive/2010/09/15/step-by-step-microsoft-lync-2010-consolidated-standard-server-install-guide/
0
Comment
Question by:tsukraw
  • 7
  • 6
13 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 34952212
Have you deployed an EDGE pool for external comm?     External FQDNs for Edge should include names for SIP, WebConf, and AV.    HAve a look here for more information.  

http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
0
 

Author Comment

by:tsukraw
ID: 34956198
No i do not have a edge pool...It wasnt in the guide i followed i guess.  So it says to set a external FQDN.  What if they internal and external are the same? It will not let me set that.  Are we going to want to set the external to soemthing different?
0
 

Author Comment

by:tsukraw
ID: 34956272
Like in the steps it has a Front End and the edge, is it possible to run these on the same physical box?  We only have like 20users so it seems like it would be a big waste to have to have them on seperate boxes.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34956470
If they are all internal, then you should be able to only use the 1 front end pool server.   However, if you have anything on the outside wanting access, then you need the edge services.  


0
 

Author Comment

by:tsukraw
ID: 34956483
Can the edge services be installed on the computer running the front end pool?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34961360
I don't believe so.   You need a separate host for that.    


 
0
Why are Office 365 signatures so complicated?

Trying to setup transport rules for Office 365 email signatures and can’t quite figure it out? Having to test the signature over and over? Make things simple by using Exclaimer Cloud - Signatures for Office 365.

 

Author Comment

by:tsukraw
ID: 34966186
Alright.
So in the guide it looks like they assigned the public IPs right to the nic.

In my setup i have a single public IP that will be used.  Let say it is 4.2.2.2(PUBLIC).  Internal is (192.168.0.1)  would i want to then have a second internal say (192.168.0.2) that has the public nated to it?  Since looking at the guide i see a Internal IP address / External IP address / Public IP address...
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34966931
For the edge server, you need 2 nics.  Ideally, you want 1 nic on the inside network and 1 nic in the DMZ.  The server will span the DMZ to the internal network (this setup drives me bat-sh*t crazy since it bypasses the firewall).     The internal NIC will have an internal ip that you use to speak with the front end pool server you already have.  The external(DMZ) nic will have its own ip on that subnet.   the Public IP is the IP address you will NAT to when going outbound to the internet (if you will have a firewall controlling access to this).

The edge server will need a cert on the outside.  
I use:
sn:sip.domain.com
san:sip.domain.com
san:meet.domain.com
san:av.domain.com
san:webconf.domain.com  

It will also need a cert on the inside, but this one can come from your self-signed domain cert server (its only used to speak with the front end anyway)

Hope that helps.  

0
 

Author Comment

by:tsukraw
ID: 34967110
Ok i was able to get it working with just 1 nic.  I used 2 IPs from my internal subnet.  Set 1 to the internal to connect to the front end.  and 1 as the external.  Then i created a packet filter in my firewall and forwarded the ports to the IP i set as the external.  Tested it and everything seems to work perfectly video and audio no problems.  Even sharing programs seemed to work perfectly!  

The one thing i did notice that didnt work was PowerPoint presentations?  Do they require something special to work?

Thank you very much for all this help Mike it has been greatly appreciated!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34970701
I've had mixed luck with application sharing so far.   Some work, some don't.      Sharing the entire desktop out seems to be the better choice at the moment.  At least for me.
0
 

Author Comment

by:tsukraw
ID: 34975714
Question with Meeting / conference.  
So it worked before without the edge server.  We had the external IP NATed to the frontend server.  So when we sent out a meeting request the url looked like http://meet-lync.domain.com/bla/bla bla....  Now that we got the edge in place we only have the 1 public IP it appears to have Web Conferencing on port 444 which is indeed forwarded to the edge server.  But when we send the request for a meeting the url still looks the same and trying to use 443....Which in my edge config screen it looks like A/V service is now using 443...

Did i make any sense there?
How do we get meeting back online or do we want to have the meet-lync on a seperate IP and have it sent to the front end server?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34980422
When you setup lync, you needed to assign several simple URLs in the Topology builder.    One of these URLS was for Meetings.  The default URL for meetings is meet.domain.com and this lives on the Front End Pool.    Meetings internally should be working fine.    For external users and those outside the company without lync, you need to forward this meet.domain.com url to the front end server using either an IIS in the DMZ to publish it or open a port (or a public IP) on the firewall and send the traffic to the front end pool.  You will need an external A record for meet.domain.com to reflect the Public IP.     Meet.domain.com does not go through Edge, it's directed to the front end pool.  

0
 

Author Closing Comment

by:tsukraw
ID: 35022595
Guide was very helpful and was able to get a edge up and running and connect externally.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
Remote Desktop Protocol or RDP has become an essential tool in many offices. This article will show you how to set up an external IP to point directly to an RDP session. There are many reasons why this is beneficial but perhaps the top reason is con…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now