Forum Discussion
NimbostratusLync 2010 iApp Problems
Old Environment:
2 x LTM 6400 Series
New Environment:
2 x LTM 4000 Series
Migration:
We are currently starting to configure our new environment in preparation of migrating over in the next few months.
Issue:
I am trying to deploy Lync 2010 using the current iApp. I have run through the template and everything comes back healthy, VIP, Pools, Nodes are all green and look good. When I have my messaging administrator try to connect to the VIP it just hangs and tells him that he cannot logon. If he points his lync client back to the VIP on the old environment it works as expected. Now in the old environment we did have to create some SNAT pools in order to get this working. Using the iApp template it sounds like that is only needed if your going to have over 64,000 connections or something along those lines. We will not have that many users. However, I went ahead and created SNAT pools manually anyway and added them (trying to duplicate the current setup) but he still could not connect. Before I start mucking around with changes, I though it best to reach out to the community for some guidance. I am hoping something can steer me in the right directions with this. Thank you in advance.
19 Replies
- hi Soap, are we talking about internal or external clients? Lync is highly sensitive to routing issues. Are you using the same set of Lync servers and if so, are the routes configured correctly on those servers? Are the new BIG-IPs showing requests in the VIPs statistics page when the message admin tries to log in?
The Lync Logging Tool can be helpful in figuring out what's going wrong: http://technet.microsoft.com/en-us/library/gg558599(v=ocs.14).aspx
thanks
Mike 
What_Lies_Bene1Cirrostratus
Can you describe the error you see when testing (if any) in more detail please?
Considering you have both old and new environments in place I'm pretty sure this is a routing issue where the servers are configured to route traffic back to clients via the old F5 pair. Check the servers and confirm if there are static routes configured for the SNAT range (of course it could rely on a default)? Use a new/unique SNAT range on the new F5 pair and configure statics routes on the servers for that range pointing to the new pair. You get the idea...
Soap_111722Posted By mikeshimkus on 02/11/2013 12:35 PM
hi Soap, are we talking about internal or external clients? Lync is highly sensitive to routing issues. Are you using the same set of Lync servers and if so, are the routes configured correctly on those servers? Are the new BIG-IPs showing requests in the VIPs statistics page when the message admin tries to log in?
The Lync Logging Tool can be helpful in figuring out what's going wrong: http://technet.microsoft.com/en-us/library/gg558599(v=ocs.14).aspx
thanks
Mike
We were only testing internal connectivity, but yes, the FE's do handle traffic for external clients also once they are handed off from the edge servers. I am told that there are no configured routes on the FE servers. I also do see accepted connections on port 5061 for the FE and Director VIP's when we have tried to test.- I would run the logging tool on the FE servers. Once the initial connection has been made from client to VIP, the FE servers return a list of servers to connect to and all further communication happens between the clients and FE servers directly. I would make sure that they can route to each other, and that the FE servers are sending back the right list of servers. I believe you can see this by enabling verbose logging on the Lync client itself.
- Soap_111722
Okay, just to post an update, last night I went ahead and re-configured the template to remove any manual settings we had put in place regarding SNAT pools, etc. To my surprise this morning when I came in connectivity through the director and FE's were working as they should. Scratching my head on this because initially when we tested yesterday before making any changes to the template this was not working. Going to do some more testing of features today and tomorrow and will report back.
EDIT:
I am noticing that the
lync_consolidated_edge_external_ip_http_monitor monitor that was created from the template has all of my nodes marked offline. From what I am reading on other forums this monitor may never work and I might need to just use a TCP monitor. I wanted to run this past the forum as if this was the case I would assume someone would have reported it by now. I am trying to search through the forums but I seem to always return ZERO results. Must be doing something wrong.... - Are you using the version of the iApp avaialble on DevCentral: https://devcentral.f5.com/wiki/iApp.Microsoft-Lync-Server-2010-Updated-iApp.ashx
This newer version uses TCP monitors for the Access service pools and also has quite a few bug fixes; for example, the VIP for this service uses an HTTP profile in the old template, which will not work. - Soap_111722
I was using the template that was already on these brand new 4000's. I assumed it was the latest. Let me download this other one and make sure. I assume this is a newer one.
- That's correct. Also, there are still a few post-configuration steps that you must take (which are detailed in the deployment guide). We are working on an updated version that will include those fixes, and more, to be posted to DevCentral.
- Soap_111722
Looks like that did the trick, imported new template, made a few tweaks after the fact and everything is look good. Can't believe I missed the whole template version thing. Thanks!
- J_LE_42749
Hello All,
(my first post so apologizes if I'm not putting @ the right place!)
I'm trying to publish Lync 2010 web services on BigIP 11.3.
Right now I'm using the latest iApp version for Lync 2010/2013 from DevCentral.
I do have a blocking point with certificate and key.
I did import the certificate+key for Lync on BigIP and can use it on a manually configured VS.
Through iApp, however, I receive the following error message:
error:0906A068:PEM routines:PEM_do_header:bad password read
Using default.crt and default.key the wizard is happy and creates the App but of course it's not the certificate that should be used...
Any guess/idea will be welcome since I could not find anything so far!
Thank you & Best Regards
Jérôme
