Network_Padawan
asked on
Lync attendee without TMG or edge NOT working
I have been asked to deploy Lync attendee for external access. This company has NO DMZ, no edge server or TMG (reverse proxy).
I have almost got it working but just as the external users try to connect to the lync meeting via the attendee, they get the following error:
"Cannot sign in the Lync Attendee because of a problem connecting to the server.
Reference error ID 102 (source ID 238)"
This appears to be a popular error, though I can not get past it. From what I have read it may be a certificate or DNS issue. Can someone help?
I have the internal domain published as domain "au.domain.local"
External DNS is published as domain "domain.com"
Is this an issue? I have a signed SAN cert from digicert that covers all meeting, pool and meeting names.
Internal meeetings, no problem. I have all the correct internal SIP records on port 5061. So its not an issue.
WHat could be the issue here? I have read that you DONT NEED a DMZ and TMG to get this working, so what am I missing?
I have almost got it working but just as the external users try to connect to the lync meeting via the attendee, they get the following error:
"Cannot sign in the Lync Attendee because of a problem connecting to the server.
Reference error ID 102 (source ID 238)"
This appears to be a popular error, though I can not get past it. From what I have read it may be a certificate or DNS issue. Can someone help?
I have the internal domain published as domain "au.domain.local"
External DNS is published as domain "domain.com"
Is this an issue? I have a signed SAN cert from digicert that covers all meeting, pool and meeting names.
Internal meeetings, no problem. I have all the correct internal SIP records on port 5061. So its not an issue.
WHat could be the issue here? I have read that you DONT NEED a DMZ and TMG to get this working, so what am I missing?
wvanschaik71
you'r assumptions are right, you don't need a dmz or tmg (although the last one is advised for security). The meetings are hosted on the front end server (pool) by means of web services. There are two webservices setup, one being for internal (https listening TCP port 443) and one for external (listening TCP port 4443). For the external participants, you need to make sure that they connect to a public ip address (through meet.domain.com) and that this IP address forwards port 443 to the internal IP adress port 4443. Furthermore in the Lync deployment wizard, certificates part, you need to make sure a public certificate is assigned to the external webservices (there's a small errow before default, where you can drop-down and select the service for which you want to assign a certificate)
An Edge server is an absolute requirement for external web conferencing connectivity. The attendee client requires access to more than the internal web services (supported through a reverse proxy, but can be opened directly in an unsupported scenario as described above).
But the Web Conferencing Edge services are required to handle external Attendee client connection PSOM requests to the external Web Services FQDN over 443 which map to port 8057.
But the Web Conferencing Edge services are required to handle external Attendee client connection PSOM requests to the external Web Services FQDN over 443 which map to port 8057.
ASKER
Hi Guys, as per wvanschaik71 response, I have ALL that in place and configured.
So the question is, do I need an edge server or not? Does it need to have a public and private ip address or can I have a single internal IP with port forwarding to the edge server?
So the question is, do I need an edge server or not? Does it need to have a public and private ip address or can I have a single internal IP with port forwarding to the edge server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, an edge server was needed. Tried every way without one and couldnt get it working. An edge server got things working immediately.