arr reverse proxy guide for lync2013

5/24/2018 ARR Reverse Proxy Guide for Lync2013

1/12

http://blogs.technet.com/b/saleesh_nv/

ARR Reverse proxy deployment for Lync 2013

My sip domain called contoso.com. Lync deployment consist of single standard edition server(std.contoso.com),edge server and ARR reverse proxy.

Prerequisites for ARR reverse proxy deployment

1. ARR reverse proxy required two NICs on the machine.2. ARR reverse proxy need not to be part of your domain.3. Make sure that DNS resolution is working on the machine by using internal DNS or host

records.

4.

You should request a public UC certificate for reverse proxy server. It should haveextweb.contoso.com, meet.contoso.com, dilain.contoso.com, and

lyncdiscover.contoso.com and wac.contoso.com part of SAN.

5. Import the certificate on the personal certificate store and make sure that private key isavailable for the certificate. Following screenshot has the summary of UC certificate request

for ARR RP.


2/12


Installation Steps

6. Open IIS manager. Right click on the default website and select edit binding. Add an httpsbinding and select the UC certificate which you import earlier.

7. Install IIS components by running following PowerShell cmdlet.Import-Module ServerManager

Add-WindowsFeature Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-

Errors,Web-Net-Ext,Web-Http-Logging,Web-Request-Monitor,Web-Http-Tracing,Web-

Filtering,Web-Stat-Compression,Web-Mgmt-Console,NET-Framework-Core,NET-Win-CFAC,NET-

Non-HTTP-Activ,NET-HTTP-Activation,RSAT-Web-Server

8. Open following link and install IIS ARR 2.5Download and installttp://www.microsoft.com/web/gallery/install.aspx?appid=ARRv2_5

9. Web platform installer will prompt you for installation, click install now as below;
http://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspxhttp://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspxhttp://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspxhttp://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspxhttp://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspxhttp://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspx


3/12


10.Web plat form will download and install ARR 2.5.


4/12


11.Once installation is completed. You will get a confirmation window as below.

Configuration

12.Open IIS manager and right click on server farm and click on create server farm.


5/12


13.Provide the server farm name as extweb.contoso.com and click next. (Open your topologybuilder and verify the external web service URL, you need to mention the same URL here)

14.Add server wizard , mention the standard edition server FQDN or Lync Pool VIP/DNS name.Click ADD.

15.Click on advanced settings and expand applicationrequestroute. Change http port to 8080and https port to 4443. Below screenshot may help you.


6/12


-

15. Click finish , it will prompt for URL rewrite rule creation request. Select YES.

16.We need to create web farm for simple URLs and mobility URLs. Repeat the steps 13 to 15for meet.contoso.com; dialin.contoso.com; Lyncdiscover.contoso.com and

wac.contoso.com.


7/12


17.Once completed , You should be able to see all server farms for Lync 2013 as below.

18.Now we need to change some of the settings in each server farm. First selectdialin.contoso.com farm. Click on caching.

19.Disable disk caching for dialin.contoso.com website. Apply changes.


8/12


20.Go back to dialin.contoso.com and select proxy from the middle pane. Change the timoutvalue to 200 ms and apply the changes.

21.Go back to dialin.contoso.com and select routing rules. Disable SSL offloading as below.

22.We have successfully completed configuration changes for dialin.contoso.com. Now wehave to perform same changes for extweb/meet/lyncdiscover and wac server farm one by

one.


9/12


23.Click on IIS Server home and select URL Rewrite option.

24.You can see both SSL and HTTP rules listed under the URL rewrite page. Delete all rulesrelated to HTTP. If a rule has SSL at the end of the name then you shouldnt delete it.


10/12


25.Edit the SSL rule one by one . I have selected dialin SSL rule below. Under conditions , clickon add and define {HTTP_Host} and add dial.* as pattern as below.

Note : Based on the rule selected , pattern will change to meet.* or extweb.* or Lyncdiscover.*

etc

26.If you wanted to test the pattern , click on test pattern and type the respective FQDN andtest. You will get a success message as below.


11/12


27. Under action type , you should select route to server farm option. Action properties shouldlist the respective Lync URL (must be https). Also select stop processing of subsequent rules

tick mark.

28.For Office web server should add following pattern as seen below.((?:ên-us/|^hosting/|^m/|ô/|ôh/|ôp/|^p/|^we/|^wv/|^x/).*)


12/12


29.Repeat the steps 25-27 for meet /lyncdiscover/extweb webfarm. You should select therespective pattern for each web famr.

30.Now you can test the external access and verify the configuration.

arr reverse proxy guide for lync2013

Documents