Solved

Microsoft LYNC Server - Can it work internally AND externally without Forefront / TMG ?

Posted on 2014-11-16
3
277 Views
Last Modified: 2014-12-05
Hello,

I have deployed a Microsoft LYNC server topology, and I am able to get it working internally without any issue.  It is a great program and we are using it to increase productivity since the day that it was installed, from sharing desktops to chatting and answering questions later, to the invaluable Exchange integration and saved conversations.  MARVELOUS!  

However....I am not able to get Microsoft Lync working externally no matter what I do, and it all seems to point to the fact that I am not using Microsoft Forefront / TMG firewall (at least this is the direction that research seems to point at).

Some details:

- I am running Lync Enterprise
- I have a Lync topology published
- I have 2 servers deployed, and have Lync installed on both, and I have not been able to publish my external topology to the second server
- I started with a WILDCARD certificate on the public server, and there seems to be an issue if the host name is not one of the common names.  I Updated the cert with a SAN cert that had the public hostnames (3 of them) as SAN's in the cert, which still did not work.
- I have 2 different websites published on the server and have (2) different IP addresses bound to the server, with (1) site bound to the external and (1) bound to the internal - still no go.

Has anyone else fought with this and had similar results?  Does anyone have a step-by-step guide that they have personally used that I can use to deploy my Lync topology to make the public use work?  Throughout my changes and trials and tribulations, my internal site has stayed working without incident.  My goal is to:

- Have LYNC work from the public internet so that Lync clients like Android/Ipad/Iphone can work to keep my users even MORE connected to the internal office
- Have LYNC work from a public website so that external non-Lync users may join web chats / video conferences using the external web links.
- Have LYNC work from a web client so that an external user can log into the web client from outside of the office environment

Any help is appreciated, thank you!
0
Comment
Question by:jkeegan123
  • 2
3 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
Comment Utility
You do not need TMG. You *do* need a reverse proxy. TMG could reverse proxy. But so can apache, squid, the web application proxy role new in server 2012, and others. Many UTM appliances offer true reverse proxy as well. Port forwarding is *not* good enough.

Make your edge server just an edge server . Don't try to colocate other roles or websites.

Yes, I've been involved with several lync deployments and it does work. But if you try to cut corners, it falls over quickly.
0
 
LVL 5

Author Comment

by:jkeegan123
Comment Utility
@Cliff Galiher:  Do you have any tutorials on setting up the edge server as an edge server and that's all?  I tried doing that with the 2nd server, but maybe I was misunderstanding how to set this up...it's why I deployed a second server.  I didn't want to have (2) servers for this because this is for a small group BUT I did set it up since it was not working any way that I tried to set it up on a single server...so I followed the step by step MICROSOFT deployment guides to setup an edge server, and I could not get it to work.

BTW - This is LYNC 2013 running on Server 2012.  I did not mention that in the first post.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
I am not aware of any tutorials I'd specifically recommend over the MS documentation.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
how to add IIS SMTP to handle application/Scanner relays into office 365.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now