Forum Discussion
NimbostratusLync Edge Servers Default Gateway - HELP
Ok, so we used the guide here to configure our edge servers behind our F5. We initially had some issues connecting audio to confeerences for external users, it would connect for a bout 5 seconds then disconnect every time. We missed setting our default gateway to the selp IP of the F5. Once we set the default gateway of the external interface of our edge servers to the F5 self IP, all was well. We can connect audio externally desktop sharing everything works for external users using the full lync client. Our issue is with the Lync attendee. When we try to use the Lync attendee it will not connect audio or let us share desktop. Only IM works. Doing packet traces, we see it initally connects to the F5 VIP over port 443 which is fine. Then it tries to connect directly to the AV service IP (public IP) of one of the edge servers. The problem is though it cannot make the connection because the default gateway on the edge server is set to the self IP of the F5. The edge servers have no internet connectivity since we set that. Has anyone ran across this? Is there something else I need to set on the F5 or the edge servers? Any help is greatly appreciated. I'm going crazy trying to figure out why the lync attendee isnt working. This is my last issue before we can start the rollout. Thanks!!
10 Replies
- hi Rich, it's very strange that this would work for the regular Lync client and not for the attendee, since the client connects to the Edge servers directly as well. Do you have a route on your external BIG-IP to allow the Edge servers to have internet connectivity? Are ephemeral ports 50000-59999 open on the firewall between the clients and Edge servers?
Mike 
rich1977_120837Thanks for your quick response Mike. No I do not have a route set up so they can access the internet. What would be the best way to accomplish this? The ports 50000-59999 are opened per our network group.- You should be able to do it by clicking on Network>Routes in the GUI. However, in our testing, we actually use a separate BIG-IP that functions as a router and we use that BIG-IPs self-IP addresses as the default routes on the Edge servers and clients (basically, we don't use the Lync BIG-IP self-IP as the gateway).
So if you had your Edge servers' default GW pointed at your internet router before, and the internet clients were able to route to the Edge the same way, you shouldn't have had an issue. Have you used the Lync Logging Tool? It might be helpful to set that up on your Edge servers and run it while the disconnects are happening. You can also contact F5 support and they can take packet captures on the external LTM to see if there's any unexpected behavior going on there. - rich1977_120837So I should have a route set up on our F5 so that allows our edge servers internet access? I just havent seen any documentation on lync set up behind BipIP where it mentions this and believe me I have scoured the internet. Right now there is just one default gateway route listed under routes on the BigIP. It is just very odd that remotely the full lync client connects fine no issues at all with our current setup. Doing traces I see it connects to F5 VIPs and never tries to directly talk to the av service on the edge servers like the attendee does. everything goes through the VIPs. Then I can uninstall the full lync client install the attendee and the audio/sharing will not connect. Then doing traces I can see it is trying to talk directly to the edge servers like I mentioned, instead of just the VIPs like the full client does. Very frustrating.
- The BIG-IP can proxy all the connections between the client and the Edge, but that's not the ideal configuration. You want the Edge servers to be able to set up direct connections with the external clients, and connections between the clients themselves. This blog post explains it better than I can: https://devcentral.f5.com/blogs/us/the-hopefully-definitive-guide-to-load-balancing-lync-edge-servers-with-a-hardware-load-balancer
Sounds like you are already correctly using public IPs for your external Edge interfaces. Do you have SNAT enabled on the A/V VIPs? If you do, the Edge servers won't see the real IPs of the clients when the first connect, and BIG-IP will have to proxy all the connections. It shouldn't really matter where you route through as long as the Edge servers can talk with the clients at their real IP addresses. - rich1977_120837Yeah we used that guide to setup our config. No SNAT enabled on AV VIPs. EVerything set per the template (v11). We initially had a call in to MS because of our disconnect issue when we had the lync edge default GW set to the internet router. The call got escalated and before we got a call back, we tried pointing the default gateway to the self IP of BigIP and boom no more disconnects, everything was working great. We actually told them the issue was resolved. But you are telling me that old config should have worked right (default GW pointing to internet router)? Everything worked fine under that config except meeting audio, it would disconnect after about 5 seconds every time, and it was connecting directly to AV service on one of the edge servers. I mean right now if I point the default gateway back to internet router, then try the lync attendee, its same issue I had with full lync client before, meeting audio connects for about 5 seconds and then disconnects.
- I think either pointing the Edge servers at the router address OR pointing at the BIG-IP self-IP address (if the BIG-IP has a default route pointing to the router) should work. In either case, the Edge servers will be able to talk directly to the clients without being proxied by BIG-IP. In your successful test with the Lync client, they were not, which tells me something is not ideal. It allowed the Lync client to work inefficiently, but attendee didn't like it. If you want to post a diagram of your topology, or PM me with it, I can have a look.
- rich1977_120837Is there a tool that will map out my topology or do I'm I going to just need to use visio or something to draw it out? But yes I would much appreciate it if you could take a look.
- I don't know of a tool that will do it. If you can include the Lync topology .xml file, that'll help too.
- rich1977_120837Ok, sent you the lync topology via pm, I'll send you the topology as soon as I get some time to create it. Thank you for your assistance.
