Publish Lync 2013 Services in TMG 2010

publishing rules on your Threat Management Server (TMG) 2010 to implement the following additional services:

  • Enabling external users to download meeting content for your meetings.
  • Enabling external users to expand distribution groups.
  • Enabling remote users to download files from the Address Book service.
  • Accessing the Microsoft Lync Web App client.
  • Accessing the Dial-in Conferencing Settings webpage.
  • Accessing the Location Information service.
  • Enabling external devices to connect to Device Update web service and obtain updates.

In our environment, the external Lync clients connect directly to the Lync Edge Server. This Edge Server is also used for federation services with other partners. The TMG Server is a different server with a different external IP address.

image

 

The FQDN for this server is defined in the External Web Services FQDN in the Topology Builder:

image

 

So, the lyncpool.exchangelabs.nl FQDN will point to the TMG Server, while the edgepool.exchangelabs.nlwill point to the Lync 2013 Edge Server. As you can see in the picture above, the web service is listening on port 4443 and published on port 443. This should also be configured in the TMG rule later on.

To configure a Web Publishing Rule in TMG2010 use the following steps:

1. On the TMG Server, start the Management Console and create a new Web Site Publishing Rule:

image

 

2. Follow the wizard, set the rule to Allow and select Publish a single Web site or load balancer;

3. On the Server Connection Security page, select Use SSL to connect to the published Web server or server farm;

4. On the Internal Publishing Details page, type the fully qualified domain name (FQDN) of the internal web farm that hosts your meeting content and Address Book content in the Internal Site name box. This is the Front-End pool, or the Front-End server (in case of Standard deployment);

image

 

5. On the Internal Publishing Details page, in the Path (optional) box, type /* as the path of the folder to be published.

6. On the Public Name Details page, confirm that This domain name is selected under Accept Requests for, type the external Web Services FQDN, in the Public Name box;

image

 

7. On Select Web Listener page, click New to open the New Web Listener Definition Wizard;

8. On the Web Listener IP Address page, select External, and then click Select IP Addresses. ;

image

 

9. Again, follow the wizard and assign a certificate. Besides the FQDN lynpool.exchangelabs.nl it also needs meet.exchangelabs.nl and dialin.exchangelabs.nl configured in the Subject Alternative Names field.

image

 

10. On the Authentication Settings page, select No Authentication;

image

 

11. Finish the Web Listener wizard;

12. On the Authentication Delegation page, select No delegation, but client may authenticate directly;

image

 

13. Now finish the wizard and click Apply in the details pane to save the changes and update the configuration.

 

The basic TMG rule is now created it can be changed to redirect to the Lync port, i.e. 4443. To do this follow these steps:

 

1. On the TMG Server, open the Management Console and open the properties of the Lync Services rulethat was created in the previous step;

2. On the Properties page, on the Fromtab, do the following:

  • In the This rule applies to traffic from these sources list, click Anywhere, and then click Remove;
  • Click Add;
  • In Add Network Entities, expand Networks, click External, click Add, and then click Close;

image

 

3. On the To tab, ensure that the Forward the original host header instead of the actual onecheck box is selected;

image

 

4. On the Bridging tab, select the Redirect request to SSL portcheck box, and then specify port 4443;

image

 

5. On the Public Name tab, add the additional simple URLs (for example, meet.exchangelabs.nl and dialin.exchangelabs.nl). Make sure these FQDNs are entered in the public DNS as well so that they point to the correct IP address on the TMG Server;

image

 

6. Click Apply to save changes and click Apply in the details pane to save the changesand update the configuration.

Note: For more information or more detailed steps go to the Microsoft Technet Website: http://technet.microsoft.com/en-us/library/gg429712.aspx – Configure Web Publishing Rules for a Single Internal Pool

 

To test the web publishing rules in OWA you can navigate to the published web server, i.e. https://lyncpool.exchangelabs.nl/meet. You should see the meeting landing page, but can ignore the meeting URL error at this point of course:

image

 

Or you can navigate to the dialin page https://dialin.exchangelabs.nl:

image

 

It is possible to test the group expansion service (https://lyncpool.exchangelabs.nl/groupexpansion/service.svc) since this is published as a web service, although it won’t reveal too much information:

image

 

Summary

The Lync 2013 Front-End now works correctly and for external connectivity and federation with other parties the Lync 2013 Edge server can ben used. The TMG server in this blog will publish additional web services that are used in a Lync environment via the Internet.

Since TMG 2010 is basically end-of-life this reverse proxy can be configured using an F5 load balancer, I’ll get back on this in a future blog.

Advertisements

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s