I have Lync standard edition server with mediation on the front end running in media bypass mode, Lync Edge server and Exchange server 2010 running on a single server with all roles.
I have decided to use IIS ARR + URL Rewrite as my reverse proxy for Exchange OWA, web services, etc and Lync reach client and web services all on my Lync Edge server. I did this because its already internet facing (and therefore ‘at risk’) and I figured its better to keep machines like this at a minimum. It is also the only machine not domain joined and has very few permissions on my network. Of course I could have setup ISA / TMG / whatever, but I want to focus on building software, not maintaining infrastructure.
- Ensure IIS and .net are installed.
- Download & Install ARR (includes rewrite).
- Add a binding for your certificate (As this is on my edge server and I use the same certificate for both SIP and HTTPS I already have it installed on the machine)
- Setup server farms for Exchange and Lync
(select advanced settings, choose ports 8080, 4443 – which point to the external bindings on the front end server))
(Choose Yes if you see this)
(double click routing rules)
(ensure URL rewrite is checked and optionally SSL offloading – depending on your bindings on the target server you may need this checked)
- Repeat from step 4 for Exchange
- Go to the URL rewrite configuration, either by clicking the link on the right pane on the routing rules screen in step 5 or on the main URL Rewrite icon under IIS when on the Features page for your server.
- Modify the Lync rule as follows:
Choose Using Regular Expressions and enter this expression :((?:^dialin|^meet|^Fonts|^Abs|^CertProv|^ColabContent|^GroupExpansion|^LMStaticData|^MeetingContent|^MeetingFiles|^Reach|^RequestHandlerExt|^RgsClients|^WebTicket).*)
- Same for Exchange with this expression :
((?:^owa|^OAB|^Microsoft-Server-ActiveSync|^EWS|^ecp|^Autodiscover).*)
Also select https protocol (depending on your bindings for exchange) - For completeness I have an OCS R2 CWA server in my Lync farm and have added a similar proxy for that too.
Now lets test
- Go to https://yourdomain/owa
- You should also run the tests here https://www.testexchangeconnectivity.com/
- Go to https://yourdomain/meet
(you can also create and join a meeting in outlook)
- Go to https://yourdomain/reach/client/webpages/reachclient.aspx
Thank you! You are a GOD! :)
ReplyDeleteThanks for the detailed steps
ReplyDeleteI configured ARR on edge server a.
I have multpile SIP domains and I need to publish simple urls for only one sip domain
my simple urls are meet.mydomain.com and dialin.mydomain.com. Edge server ext FQDN is sip.mydomain.com
After configuration I am able to access https://meet.mydomain.com/meet from external n/w but the meetnow url https://meet.mydomain.com/username/meetingid is not accessible
Do I need to change the simpleurls or regular expressions
I changed my simpleurls to all be on the same domain - if you want different domains then you need a seperate rule in ARR per domain.
ReplyDeleteI'm having difficulties implementing this. Some settings that seem to be missing?
ReplyDeleteDo you really not add any servers in step 2 when you put 8080 and 4443 in?
Do you select https as the scheme in the url rewrite in step 8 & 9? What about the path?
@Aaron, you need to enter the fqdn of the lync / exchange server in step 1 to continue.
ReplyDeleteI updated the screenshot to show the scheme and path.
You may note the new screenshot has slightly different farms than described - I had issues with the certificate issueing services for owa im integration and split out the web services into a seperate farm - this didnt fix my problem. I havent gone back to it in a while, so once I get back to solving that I will do a new post to cover it.