For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

GregT_124222's avatar
GregT_124222
Icon for Nimbostratus rankNimbostratus
Jan 02, 2013

Configuring Lync to work with an F5 HLB

I'm using Lync 2010 and F5's BigIP v 10.24.

 

I've followed the guide for setting up the configuration and am seeing the following in the main pool listing;

 

My setup is a Director, 2 front-end servers and an HLB.

 

Note: I created a pool for each port.

 

Ports 135, 442, 444, 80 and 8080 are all green.

 

Port 5061 is blue

 

Port 448, 5067, 5068, 5070 - 5076, 5080 are all red.

 

If I remove the SIP monitor from Port 5061 I notice that the pool goes to being green.

 

Is there anyway to diagnose whether this is a certificate issue on the HLB or some other issue?

 

Also, for the ports that are red, what are these used for? They don't look like typical Lync ports.

 

Thank you - Greg.

 

 

 

microsoft
partner

4 Replies

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Jan 02, 2013
    Hi Greg, the ports you listed that are failing health check are for Lync mediation and call admission control services; if you don't have those configured then you don't need to worry about creating those objects. The list of Lync internal ports and what they're used for is here: http://technet.microsoft.com/en-us/library/gg398833(v=ocs.14).aspx

     

     

    Did you create a SIP monitor for both the Front End and Directory servers, and are they both behaving the same way? Which acceptable response codes are you using for those monitors?

     

    thanks

     

    Mike
  • GregT_124222's avatar
    GregT_124222
    Icon for Nimbostratus rankNimbostratus
    Jan 02, 2013
    Hi Mike,

     

     

    Thanks for the port information, we're not using a Mediation server so that make sense why these are red, I'm going to get rid of them. That still leaves my SIP monitor of 5061 in this state (which for basic IM and Web Conferencing I still need).

     

     

    I have 1 SIP monitor created that is used by my front-ends, I only have 1 Director so I am not using the F5 here. For my SIP monitor I have the alias port of 5060 setup (along with this being done in Lync) and the 488 SIP status code setup.

     

     

    Thanks - Greg.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Jan 02, 2013
    We've noticed that in some cases the 488 code never gets returned, only authentication prompts. The v11 Lync guide recommends adding a 401 code to this list. See if adding that brings the monitor up (I know it's less than ideal).

     

     

    The v10 deployment guide will be updated with this info shortly.
  • GregT_124222's avatar
    GregT_124222
    Icon for Nimbostratus rankNimbostratus
    Jan 04, 2013

    Hi Mike,

     

    Thank you for all your help, here is what I did;

     

    1. Added in the 401 error code, my 5061 monitor came alive and started reporting as green.
    2. I changed my Lync Pool's DNS entry to point ot the HLB (right now it is pointed to the 1 front-end server) and with the HLB traffic will be served across 2 front-end servers.
    3. Started doing IMs and this started working.

    I modifed my pool and SIP dns to point to the F5 and then started shutting down servers on one to ensure it reconnected to the other and this worked.

     

    I did have to do a flush DNS on some boxes to clear out what they had in cache (not sure if I will have to do this in our Production environemnt).

     

    Any thoughts?

     

    Greg