Lync Server 2010 Standard SSL Deployment Question
Working on deploying a Lync 2010 Standard server, and would like to keep all of the roles dedicated to just one box. While this is a supported configuration from Microsoft, I am having issues connecting to the system externally. My issue is that the internal AD domain is a ".net" extension, and the external domain is a .com, and unfortunately, we do not own the public .net domain name. This is causing an issue when it comes to our SSL certificate, because I am having to use a private internal CA to generate the .net SSL cert, and then using GoDaddy to give us the .com cert. Is this going to be possible to use both certs on the one system, and have clients connect correctly? Right now, internal connections work normally, but externally, users get "unable to verify server certificate" message from the Lync Client.
When I went through the Lync SSL wizard, I did assign the internally created cert to the server default section, and the internal web server section, and the GoDaddy cert to the external web server. If I hit https://server.domain.com:4443 from the external side, I get a "403 - Forbidden: Access is denied" message, but it does show the correct SSL cert. So at this point, I am not sure if I have something configured wrong, or if I am going about this the wrong way. Part of me is thinking that I am going to have to deploy a dedicated edge server because of the separate domains, but I am hoping to avoid that.
Currently, we have ports 80, 443, 8080, 4443, and 5061 forwarded through the firewall to the lync server. I was also unable to definitively determine which ports were needed through the firewall for Lync 2010, so if anyone can shed some light on that side, that would be helpful as well.
Please ask for any other information you may need!
When I went through the Lync SSL wizard, I did assign the internally created cert to the server default section, and the internal web server section, and the GoDaddy cert to the external web server. If I hit https://server.domain.com:4443 from the external side, I get a "403 - Forbidden: Access is denied" message, but it does show the correct SSL cert. So at this point, I am not sure if I have something configured wrong, or if I am going about this the wrong way. Part of me is thinking that I am going to have to deploy a dedicated edge server because of the separate domains, but I am hoping to avoid that.
Currently, we have ports 80, 443, 8080, 4443, and 5061 forwarded through the firewall to the lync server. I was also unable to definitively determine which ports were needed through the firewall for Lync 2010, so if anyone can shed some light on that side, that would be helpful as well.
Please ask for any other information you may need!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, I knew that I didnt have to have two different servers, at least not if I could get the correct SSL cert. But that was the problem all along, I dont have a good way of getting an SSL cert with the subject alt names that cover both my .net internal domain and .com external domain. And at this point we are only planning on using Lync for the IM/Presence features, so not having the edge server was not a huge deal for now.
But, since we cannot over come the SSL issue, we are spinning up an Edge box. I just wanted to verify there was no other options!