19/08/2014

Using ISS ARR as a reverse proxy for Lync

Since TMG Forefront is soon to be close for sale we have to think and look into other reverse proxy solution.
From what we can read from Microsoft is this:
http://technet.microsoft.com/en-us/office/dn788945.aspx

For a new customer I have installed the ISS ARR as a reverse proxy and this is what I did.

1. I choose the Windows 2012 server (NOT the R2) since this did not work.
2. Then I installed the Public certificate and bind this into https 443 under bindings
3. Then I downloadet the ISS ARR
4. Created the server farm and named it Lync2013 (you can choose what ever name you want)
5. Added server to the farm, named IPaddress of my FronEnd (only on since I installed Lync 2013 standard edition)
6. Changed the ports from http 80 to http 8080 and https 443 to https 4443.
7. then we did some changes to the server farm
 - remove the marker Enable Disc Cache
8. Under Proxy change the value from 30 to atleast 200 seconds
9. Under Routing, remove the marker for Enable SSL offloading
Remeber to press Apply for each change.
10 The URL rewrite rules will be created and we did something to them aswell. We used Regular Expression and Match Pattern we used (.*). This is on the load Balance SSL rule.
11. Then we under Conditions we added the following:
- {HTTPS} Match pattern = on
- {HTTP_HOST} here we added the pattern: (im.domain.com|meet.domain.com|dialin.domain.com) where IM is Your external address. This could be lync or anything else.
12. Then we checked that it routes to the farm we had spesified.
13. Then we did Apply to save changes.
14. On the NeXT rule loadbalance we did this changes
- Regular Expression, Match Pattern (.*)
- added {HTTP_HOST} under Condition we added pattern lyncdiscover.domain.com
- then we did Apply again.

This is about it, and we did a restart of the server so that this sould be fresh. Since we have just external DNS I edited the hosts file with internal DNS names cos of a splitbrain DNS.

A special thanks to Kjartan Endresen for helping me fixing this. I learned a lot about this the last few nights
 
 



 



No comments:

Post a Comment