Forum Discussion
Jim_Couch_16225
Nimbostratus
NimbostratusLync 2013/2010 External Mobility Issues
I've read through a number of others issues but havent found anything that fits my case.
We deployed Lync through the latest iApp for Lync on two F5s. One is in a DMZ and the other internal. The basic topology is:
External user uses lyncdiscover.company.com > NAT external address to a DMZ Reverse Proxy VIP on port 443 > Irule translates the URL and sends directly to one of the Internal FE servers on 4443. User gets back the .JSON file with the additional URLs. User sends request to onprem-webext.company.com (which is the same external address) > NATS to the same DMZ VIP > iRule translates that URL to the same pool on the DMZ F5 > Pool sends the traffic directly to one of the internal front end servers > get a few response code 200s and a response code 401.
We have a cert on the DMZ F5 VIP that appears to work using external tools. I am using an iRule applied to the DMZ VIP to give me the traffic path and status codes. Internally, Lync works fine. After reading quite a bit about Lync, I am wondering if it doesnt like the server side cert and if I should just use the default server SSL profile, since internally the servers would be using internal PKI certs from our own CA.
Thanks in advance. Jim
Hi Jim, the serverssl profile created by the iApp is simply a copy of the default serverssl profile; it doesn't modify any of the default settings. So there should be no difference switching between _reverse_proxy_server_ssl and serverssl.
Which requests get the 200 response, and which ones get 401? Are all the hostnames of the additional URLS (e.g., onprem-webext.company.com) included in the reverse proxy iRule?
Jim_Couch_16225It turns out that it was an authentication setting on the Lync Front End server itself, and an incorrect DNS entry. My F5 SE found the blog that explained it to my server guy quite nicely.
http://blog.schertz.name/2012/03/lync-mobile-ios-client-authentication-issues/
Set to "negotiate" was the trick.
Jim
