Forum Discussion
NimbostratusLync Reverse Proxy Question
Hi Devcentral Team,
We have a client who have deployed MS LYNC 2013, we have used BIG IP 1600 as the reverse proxy, we have used the latest iApp Template, we have answered the first question "Which version of Lync Server are you using? 2013" and the last question "Should this system include a reverse proxy virtual server for external Lync web services? Yes" then asnwer the question as seen from the image below. IP and FQDN's are mask for protection
But after creating the service thru iApp, the service was mark down by the monitor that it created "AGPLyncReverseProxy_edge_external_reverse_proxy_front_end_https_monitor"
So it wasn't working, but if I manually create the https monitor and set the alias service port to 4443 the service would went up.
But still we can't connect to the links as suggested from the site http://www.jaapwesselius.com/2014/03/23/using-an-f5-ltm-load-balancer-for-reverse-proxy-with-lync-2013/ by replacing the X.X.X.X by the public IP, but when connected internally and replace the X.X.X.X by the IP of the Front End Server it is working.
https://x.x.x.x/Reach/Client/WebPages/ReachClient.aspx (you need Silverlight on your client to do this) https://x.x.x.x/dialin/conference.aspx https://x.x.x.x/Scheduler/Default.aspx
using internal IP
using external IP
6 Replies
Hi Joe, a few questions for you:
1) I assume that this is a 2 BIG-IP setup, that is, you are forwarding reverse proxy traffic from this external BIG-IP to a virtual server on an internal BIG-IP. Correct?
2) If 1 is true, then 172.21.x.x is the internal Front End virtual server listening on port 4443?
3) The iApp creates an iRule that only passes traffic for the host names that you enter in the Front End FQDN, Lync Mobility FQDN, and simple URLs fields. I see that you are using lyncdiscover.x.x for your Front End server pool FQDN, but usually that name is reserved for Lync mobile use. Is that the correct pool FQDN? You are trying to access the external VIP using an IP address, but that will not work because the iRule will not pass the traffic.
Have you checked out the deployment guide for the iApp: https://www.f5.com/pdf/deployment-guides/microsoft-lync-iapp-dg.pdf? It has more detailed information about the iApp and also some post-config steps that may be required, depending on your topology.
thanks
Mike
Joe_8700Hi Mike, Thanks for the inputs, 1) We have only 1 BIGIP which we use for port forwarding. From the public IP 203.177.x.x traffic is forwarded to the REAL IP 172.21.x.x of the front end server with port 4443 3) I have remove the iRule which seems to be the reason why I cant connect, now full traffic is being forwarded and when I simulate browsing using internal and external IP result is now the same. Thanks for the inputs again, I just dont know if Lync mobile is now working, I just hope the problem is no longer on my side but theirs. Joe- Page 21 of the guide covers how to deploy a single BIG-IP for reverse proxy, FYI.
brad_11480well we have two F5's one on the edge/external and the second for the front end servers. the iApp doesn't appear to be creating a virtual server for port 4443 ... and yet the reverse proxy wants to connect to it.
- If you select "Receive reverse proxy traffic from another BIG-IP system" in the reverse proxy section of the iApp on the internal LTM, it should create the 4443 virtual servers.
- brad_11480bingo, that is exactly right, I didn't perform that last step to add the reverse proxy 'receiver' on the Big IP handling the front end servers. many, many thanks....
