Solved

Microsoft LYNC Server - Can it work internally AND externally without Forefront / TMG ?

Posted on 2014-11-16
3
285 Views
Last Modified: 2014-12-05
Hello,

I have deployed a Microsoft LYNC server topology, and I am able to get it working internally without any issue.  It is a great program and we are using it to increase productivity since the day that it was installed, from sharing desktops to chatting and answering questions later, to the invaluable Exchange integration and saved conversations.  MARVELOUS!  

However....I am not able to get Microsoft Lync working externally no matter what I do, and it all seems to point to the fact that I am not using Microsoft Forefront / TMG firewall (at least this is the direction that research seems to point at).

Some details:

- I am running Lync Enterprise
- I have a Lync topology published
- I have 2 servers deployed, and have Lync installed on both, and I have not been able to publish my external topology to the second server
- I started with a WILDCARD certificate on the public server, and there seems to be an issue if the host name is not one of the common names.  I Updated the cert with a SAN cert that had the public hostnames (3 of them) as SAN's in the cert, which still did not work.
- I have 2 different websites published on the server and have (2) different IP addresses bound to the server, with (1) site bound to the external and (1) bound to the internal - still no go.

Has anyone else fought with this and had similar results?  Does anyone have a step-by-step guide that they have personally used that I can use to deploy my Lync topology to make the public use work?  Throughout my changes and trials and tribulations, my internal site has stayed working without incident.  My goal is to:

- Have LYNC work from the public internet so that Lync clients like Android/Ipad/Iphone can work to keep my users even MORE connected to the internal office
- Have LYNC work from a public website so that external non-Lync users may join web chats / video conferences using the external web links.
- Have LYNC work from a web client so that an external user can log into the web client from outside of the office environment

Any help is appreciated, thank you!
0
Comment
Question by:jkeegan123
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40446574
You do not need TMG. You *do* need a reverse proxy. TMG could reverse proxy. But so can apache, squid, the web application proxy role new in server 2012, and others. Many UTM appliances offer true reverse proxy as well. Port forwarding is *not* good enough.

Make your edge server just an edge server . Don't try to colocate other roles or websites.

Yes, I've been involved with several lync deployments and it does work. But if you try to cut corners, it falls over quickly.
0
 
LVL 5

Author Comment

by:jkeegan123
ID: 40446607
@Cliff Galiher:  Do you have any tutorials on setting up the edge server as an edge server and that's all?  I tried doing that with the 2nd server, but maybe I was misunderstanding how to set this up...it's why I deployed a second server.  I didn't want to have (2) servers for this because this is for a small group BUT I did set it up since it was not working any way that I tried to set it up on a single server...so I followed the step by step MICROSOFT deployment guides to setup an edge server, and I could not get it to work.

BTW - This is LYNC 2013 running on Server 2012.  I did not mention that in the first post.
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40447038
I am not aware of any tutorials I'd specifically recommend over the MS documentation.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now