Forum Discussion

Joe_8700's avatar
Joe_8700
Icon for Nimbostratus rankNimbostratus
Jun 10, 2014

Lync Reverse Proxy Question

Hi Devcentral Team,

 

We have a client who have deployed MS LYNC 2013, we have used BIG IP 1600 as the reverse proxy, we have used the latest iApp Template, we have answered the first question "Which version of Lync Server are you using? 2013" and the last question "Should this system include a reverse proxy virtual server for external Lync web services? Yes" then asnwer the question as seen from the image below. IP and FQDN's are mask for protection

 

 

But after creating the service thru iApp, the service was mark down by the monitor that it created "AGPLyncReverseProxy_edge_external_reverse_proxy_front_end_https_monitor"

 

 

So it wasn't working, but if I manually create the https monitor and set the alias service port to 4443 the service would went up.

 

 

But still we can't connect to the links as suggested from the site http://www.jaapwesselius.com/2014/03/23/using-an-f5-ltm-load-balancer-for-reverse-proxy-with-lync-2013/ by replacing the X.X.X.X by the public IP, but when connected internally and replace the X.X.X.X by the IP of the Front End Server it is working.

 

https://x.x.x.x/Reach/Client/WebPages/ReachClient.aspx (you need Silverlight on your client to do this) https://x.x.x.x/dialin/conference.aspx https://x.x.x.x/Scheduler/Default.aspx

 

using internal IP

 

using external IP

 

application delivery
deployment
devops
iApps
LTM
microsoft

6 Replies

Sort By
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Jun 10, 2014

    Hi Joe, a few questions for you:

     

    1) I assume that this is a 2 BIG-IP setup, that is, you are forwarding reverse proxy traffic from this external BIG-IP to a virtual server on an internal BIG-IP. Correct?

     

    2) If 1 is true, then 172.21.x.x is the internal Front End virtual server listening on port 4443?

     

    3) The iApp creates an iRule that only passes traffic for the host names that you enter in the Front End FQDN, Lync Mobility FQDN, and simple URLs fields. I see that you are using lyncdiscover.x.x for your Front End server pool FQDN, but usually that name is reserved for Lync mobile use. Is that the correct pool FQDN? You are trying to access the external VIP using an IP address, but that will not work because the iRule will not pass the traffic.

     

    Have you checked out the deployment guide for the iApp: https://www.f5.com/pdf/deployment-guides/microsoft-lync-iapp-dg.pdf? It has more detailed information about the iApp and also some post-config steps that may be required, depending on your topology.

     

    thanks

     

    Mike

     

    • Joe_8700's avatar
      Joe_8700
      Icon for Nimbostratus rankNimbostratus
      Jun 11, 2014
      Hi Mike, Thanks for the inputs, 1) We have only 1 BIGIP which we use for port forwarding. From the public IP 203.177.x.x traffic is forwarded to the REAL IP 172.21.x.x of the front end server with port 4443 3) I have remove the iRule which seems to be the reason why I cant connect, now full traffic is being forwarded and when I simulate browsing using internal and external IP result is now the same. Thanks for the inputs again, I just dont know if Lync mobile is now working, I just hope the problem is no longer on my side but theirs. Joe
    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      Jun 11, 2014
      Page 21 of the guide covers how to deploy a single BIG-IP for reverse proxy, FYI.
  • brad_11480's avatar
    brad_11480
    Icon for Nimbostratus rankNimbostratus
    Apr 10, 2015

    well we have two F5's one on the edge/external and the second for the front end servers. the iApp doesn't appear to be creating a virtual server for port 4443 ... and yet the reverse proxy wants to connect to it.

     

    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      Apr 10, 2015
      If you select "Receive reverse proxy traffic from another BIG-IP system" in the reverse proxy section of the iApp on the internal LTM, it should create the 4443 virtual servers.
    • brad_11480's avatar
      brad_11480
      Icon for Nimbostratus rankNimbostratus
      Apr 10, 2015
      bingo, that is exactly right, I didn't perform that last step to add the reverse proxy 'receiver' on the Big IP handling the front end servers. many, many thanks....