Tag Archives: Lyncdiscover

IIS ARR on Windows 8.1 for Lync 2013


Reverse Proxy is a key part of the infrastructure topology which help users to access application from the internet. As Microsoft has no futuristic road-map for TMG/UAG and other products which provide same kind of functionality may expensive and costly. Therefore, Microsoft came up with inexpensive reverse proxy solution which works on IIS 7 onwards. It is very simple to configure and can be configured on Windows server operating system as well as on client operating system.

Let’s start step by step procedure to configure Internet Information Service Application Request Routing (IIS ARR) on window 8.1. The basic requirements to configure IIS ARR is 2 NIC’s and IIS 7 & above.

(Note: If you are using IIS ARR behind the internal firewall then don’t forget to add the route for inbound traffic and don’t specify any gateway in your internal NIC.)

The system should not be part of the domain. One network will connect to your internal network and another network will connect to the internet.

 

 

Install windows 8.1 Enterprise.

 

Add DNS Suffix.

 

Configure both NIC’s. In my setup “Edge” will talk to internal network and “External” will talk to Internet. Don’t configure gateway and dns in internal NIC.

 

Install IIS with default features.

 

There are two ways two install IIS ARR components.

  1. Automatic (If you have internet connection on your IIS ARR, you can use this option.)
  2. Manual (if you don’t have internet connectivity.)

For automatic installation just download “Windows Platform Installer” and run wpilauncher.exe.

 

Type ARR in search menu and enter, you will get Application Request Routing 3.0 and click on add and then click on install.

 

You will get the list of dependency including AAR 3.0. Click on I accept to install.

 

If you don’t have internet connection on your IIS ARR server, you can follow the same steps till now on any machine where you have internet connection and can download all dependencies by clicking on “Direct Download Link”.

Now, you can install everything manually including IIS features which are not installed by default by cross checking in the above window.

 

 

 

 

 

 

 

 

 

 

 

Once you have done with installation, please assign certificate to IIS which should have following SAN’s.

  1. Lyncdiscover.doamin.com
  2. Dailin.domain.com
  3. Meet.domain.com
  4. LyncExternalWebSerivice.domain.com (FQDN of external Lync Web Services)
  5. WACExt.domain.com (FQDN of external WAC services) – only if you are publishing WAC url.

     

Open IIS Manager and cross verify assigned certificate.

 

Right click on Server Farms and create new server farm.

 

Define server farm name and click on next.

 

Define IP address of you FE Pool or FQDN* of your FE Pool.

(Note: If you use FQDN then you should make entry in host file.)

 

Make server entry and change the port in advance settings as below.

 

Now, you can see your server farm.

 

Follow the same steps and add all your require server farms.

 

Now go to you websites and click on bindings.

 

Do the necessary bindings with port 443 for https.

 

 

 

Now, you have to go to in each farm and change configuration under Caching, Proxy and Routing rules.

 

Uncheck “Enable disk cache”

 

Click on apply.

 

Now, change time-out (seconds) to 180-200.

 

Click on apply.

 

Uncheck “Enable SSL offloading” in Routing Rules.

 

Click on apply.

 

Now, It is time to configure URL Rewrite settings.

 

You have to keep only _SSL URL path.

 

Click on each and add the condition (HTTP_HOST)

 

 

 

 

 

Follow the same steps for all server farms.

Now, we are done with the configuration.

Autodiscovery and Lync 2013


Autodiscover is an integrated part of Lync 2013 which was first introduced in Lync 2010 CU4. Basically, autodiscover was launched for Lync 2010 mobile client and then continued for all Lync 2013 clients. Lync 2013 Windows store app only connects through autodiscover service and does not rely on SRV & other A records.

Lync 2010 mobile clients had connectivity issues from internal network because most of the organizations use private CA for internal services and mobile client does not rely on that. To mitigate this problem, there were work around such as use public certificate for internal network also but this is not very easy because of different DNS names internally and externally or another way was redirect mobile clients to external DNS so that they can connect using public certificate.

You need to create lyncdisoverinternal.domain.com in internal DNS and lyncdiscover.domain.com in external DNS to get the Lync clients connected mainly Lync mobile clients and Lync 2013 Windows store app.

Once Lync 2013 windows clients try to login. The following process mechanism starts to connect to the Lync Server:

 

While Lync 2013 windows store app try only lyncdiscoverinternal.domain.com and lyncdiscover.domain.com to log in.

In other ways, we can say Lync 2013 mobile connectivity has been hoodwinked. Lync 2013 mobile clients are hard coded to look for a unique parameter which looks for external services to connect regardless of client network location. Lync 2013 mobile clients use Ucwa parameter for internal and external connectivity while Lync 2010 mobile clients use MCX web service parameter for the same.