Вы находитесь на странице: 1из 12

http://blogs.technet.

com/b/saleesh_nv/

ARR Reverse proxy deployment for Lync 2013

My sip domain called contoso.com. Lync deployment consist of single standard edition server
(std.contoso.com), edge server and ARR reverse proxy.
Prerequisites for ARR reverse proxy deployment
1. ARR reverse proxy required two NICs on the machine.
2. ARR reverse proxy need not to be part of your domain.
3. Make sure that DNS resolution is working on the machine by using internal DNS or host
records.
4. You should request a public UC certificate for reverse proxy server. It should have
extweb.contoso.com, meet.contoso.com, dilain.contoso.com, and
lyncdiscover.contoso.com and wac.contoso.com part of SAN.
5. Import the certificate on the personal certificate store and make sure that private key is
available for the certificate. Following screenshot has the summary of UC certificate request
for ARR RP.


http://blogs.technet.com/b/saleesh_nv/

Installation Steps
6. Open IIS manager. Right click on the default website and select edit binding. Add an https
binding and select the UC certificate which you import earlier.

7. Install IIS components by running following PowerShell cmdlet.
Import-Module ServerManager
Add-WindowsFeature Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-
Errors,Web-Net-Ext,Web-Http-Logging,Web-Request-Monitor,Web-Http-Tracing,Web-
Filtering,Web-Stat-Compression,Web-Mgmt-Console,NET-Framework-Core,NET-Win-CFAC,NET-
Non-HTTP-Activ,NET-HTTP-Activation,RSAT-Web-Server

8. Open following link and install IIS ARR 2.5 Download and install
ttp://www.microsoft.com/web/gallery/install.aspx?appid=ARRv2_5
9. Web platform installer will prompt you for installation, click install now as below;


http://blogs.technet.com/b/saleesh_nv/



10. Web plat form will download and install ARR 2.5.





http://blogs.technet.com/b/saleesh_nv/

11. Once installation is completed. You will get a confirmation window as below.



Configuration
12. Open IIS manager and right click on server farm and click on create server farm.


http://blogs.technet.com/b/saleesh_nv/

13. Provide the server farm name as extweb.contoso.com and click next. (Open your topology
builder and verify the external web service URL, you need to mention the same URL here)


14. Add server wizard , mention the standard edition server FQDN or Lync Pool VIP/DNS name.
Click ADD.


15. Click on advanced settings and expand applicationrequestroute. Change http port to 8080
and https port to 4443. Below screenshot may help you.

http://blogs.technet.com/b/saleesh_nv/

-
15. Click finish , it will prompt for URL rewrite rule creation request. Select YES.


16. We need to create web farm for simple URLs and mobility URLs. Repeat the steps 13 to 15
for meet.contoso.com; dialin.contoso.com; Lyncdiscover.contoso.com and
wac.contoso.com .


http://blogs.technet.com/b/saleesh_nv/

17. Once completed , You should be able to see all server farms for Lync 2013 as below.


18. Now we need to change some of the settings in each server farm. First select
dialin.contoso.com farm. Click on caching.

19. Disable disk caching for dialin.contoso.com website. Apply changes.

http://blogs.technet.com/b/saleesh_nv/

20. Go back to dialin.contoso.com and select proxy from the middle pane. Change the timout
value to 200 ms and apply the changes.

21. Go back to dialin.contoso.com and select routing rules. Disable SSL offloading as below.

22. We have successfully completed configuration changes for dialin.contoso.com. Now we
have to perform same changes for extweb/meet/lyncdiscover and wac server farm one by
one.



http://blogs.technet.com/b/saleesh_nv/

23. Click on IIS Server home and select URL Rewrite option.

24. You can see both SSL and HTTP rules listed under the URL rewrite page. Delete all rules
related to HTTP. If a rule has SSL at the end of the name then you shouldnt delete it.


http://blogs.technet.com/b/saleesh_nv/

25. Edit the SSL rule one by one . I have selected dialin SSL rule below. Under conditions , click
on add and define {HTTP_Host} and add dial.* as pattern as below.
Note : Based on the rule selected , pattern will change to meet.* or extweb.* or Lyncdiscover.*
etc

26. If you wanted to test the pattern , click on test pattern and type the respective FQDN and
test. You will get a success message as below.

http://blogs.technet.com/b/saleesh_nv/

27. Under action type , you should select route to server farm option. Action properties should
list the respective Lync URL (must be https). Also select stop processing of subsequent rules
tick mark.

28. For Office web server should add following pattern as seen below.
((?:^en-us/|^hosting/|^m/|^o/|^oh/|^op/|^p/|^we/|^wv/|^x/).*)
http://blogs.technet.com/b/saleesh_nv/


29. Repeat the steps 25-27 for meet /lyncdiscover/extweb webfarm. You should select the
respective pattern for each web famr.
30. Now you can test the external access and verify the configuration.