Use lync outside the network

I have installed lync2010 and is working perfectly from inside the org.
Now I need important users to connect to lync when they are out.

Without edge is possible? without edge is recommended?
As of now I am using my internal CA certificate.
LVL 30
MAS (MVE)EE Solution GuideAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Radhakrishnan RSenior Technical LeadCommented:
Without edge interface you will be not install the certificate for external linc access.
Have a look at this MS article which detsils the steps
technet.microsoft.com/en-us/library/gg398409.aspx
0
MAS (MVE)EE Solution GuideAuthor Commented:
You mean I have to install Lync on another hardware?
0
Radhakrishnan RSenior Technical LeadCommented:
If only you have multiple edge severs, You should purchase a public certificate for external access and import this on each edge server.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

MAS (MVE)EE Solution GuideAuthor Commented:
As of now I have only one server.
what all things I have to do to make it available from outside (except NAT in firewall)
0
Radhakrishnan RSenior Technical LeadCommented:
Purchase a public certificate and install it as per the tech article. Then it will be accessible externally.
0
MAS (MVE)EE Solution GuideAuthor Commented:
How lync client will reach the server. Using what name?
servername.internaldomain.com
or
I have to configure external name ?
0
Radhakrishnan RSenior Technical LeadCommented:
Obviously it should be external one for external access.
0
MAS (MVE)EE Solution GuideAuthor Commented:
Where Io will configure external name in such a way a user go out from office and open laptop it should work.
0
MAS (MVE)EE Solution GuideAuthor Commented:
Where I will configure external name in such a way a user go out from office and open laptop it from outside and it works?
0
Radhakrishnan RSenior Technical LeadCommented:
Yes, it will work
0
MAS (MVE)EE Solution GuideAuthor Commented:
Where I will configure external name?
0
Radhakrishnan RSenior Technical LeadCommented:
You can can configure the server and the certificate should be https://servername.yourpublicdomain.com
0
MAS (MVE)EE Solution GuideAuthor Commented:
"The server is not responding or cannot be reached...."
This is the error I get when I try to login from outside

What could be wrong
0
MAS (MVE)EE Solution GuideAuthor Commented:
Now getting this error.
Your help is appreciated to finish this question
error.png
0
Radhakrishnan RSenior Technical LeadCommented:
Could you add the site into trusted list from IE and provide admin credentials to login.
Ensure that the logon users are member os Csadministrator group in AD.
Also, check the dns entries whether its present.
0
MAS (MVE)EE Solution GuideAuthor Commented:
It is only working with internal servername/IP
It is not working with external servername/IP

From internal network I configured internal and external name. it is working
But outside network it is not working. when I connect VPN from outside it is working with the internal name

What shall I do to make it working from outside with the external name?
0
Radhakrishnan RSenior Technical LeadCommented:
The name should be configure in the certificate.
0
MAS (MVE)EE Solution GuideAuthor Commented:
It is already configured
0
MAS (MVE)EE Solution GuideAuthor Commented:
BTW
SIP domain is internal domain name (i.e. xyz.com)
external FQDN is abc.com (I added this as additional SIP domain)
0
MAS (MVE)EE Solution GuideAuthor Commented:
Now I added SRV records (_kpasswd, _ldap, _gc) now it is working with external name from inside.

Do I have to create SRV records in external DNS?
0
Radhakrishnan RSenior Technical LeadCommented:
The host A record would be sufficient, since it's working internally after adding the srv records, it's worth to try creating a srv record.
0
MAS (MVE)EE Solution GuideAuthor Commented:
_internaltls._tcp.externalname.com
or
_sip._tls.externalname.com
?
0
Radhakrishnan RSenior Technical LeadCommented:
Its sip.tls.externalname.com
0
MAS (MVE)EE Solution GuideAuthor Commented:
I have created SRV records same like as in internal DNS but still no luck.
0
Radhakrishnan RSenior Technical LeadCommented:
Please have a look at this MS article which details the steps to check the policies and configuration of linc 2010. http://technet.microsoft.com/en-us/library/gg413051.aspx

Make sure that you have configured everything.
0
MAS (MVE)EE Solution GuideAuthor Commented:
Do you know how it works from outside?
So that I can check and trouble shoot in a short time.
0
MAS (MVE)EE Solution GuideAuthor Commented:
Please help it is not working from outside
0
Paul SolovyovskySenior IT AdvisorCommented:
Any thought of connecting the users to a VPN internally and then they should be able to connect as if they were in the office..have many customers set up this way.
0
MAS (MVE)EE Solution GuideAuthor Commented:
Already users connected through VPN from outside. I want users to connect without vpn from outside.
0
MAS (MVE)EE Solution GuideAuthor Commented:
awaiting your reply
0
Paul SolovyovskySenior IT AdvisorCommented:
I think the only way to connect without VPN is either to setup a reverse proxy (have seen customers do this, essentially publish Lynch on the DMZ) or have everyone register with an outiside entity such as Microsoft.
0
MAS (MVE)EE Solution GuideAuthor Commented:
how to setup reverse proxy
I do not have DMZ
0
Paul SolovyovskySenior IT AdvisorCommented:
Here's what MS recommends:  Publish through Edge Role

http://www.microsoft.com/download/en/details.aspx?id=11379
0
MAS (MVE)EE Solution GuideAuthor Commented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MAS (MVE)EE Solution GuideAuthor Commented:
I have managed to work from outside by doing a port forwarding from 8080/4443 to 80/443
but no audio and video calls can you help to configure
0
MAS (MVE)EE Solution GuideAuthor Commented:
I found another site to configure without reverse proxy
0
FarrellFritzCommented:
I am interested in comments by abbasiftt.  I have thus far been unable to get it working via VPN (this should be easier).

Getting "There was a problem verifying the certificate from the server"

From what I've read it's been suggested that I manually import the certificate from the server to the VPN client.  No problem but cannot identify which cert is the one (for Lync) I should be exporting/importing?

Is this the right suggestion?  If so, how do I identify which cert to import?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.