Forum Discussion

Billy_14103's avatar
Icon for Nimbostratus rankNimbostratus
Jun 12, 2012

Need help with Lync Edge Servers

Can anyone give me some guidance on setting up our lync edge servers behind our F5? I've got two edge servers set up per MS documentation. Each have 3 public IPs, one assign to each service. And also an internal nic setup and routing has been established to the other lync servers. From external, if I go directly to one of the edge servers bypassing the VIP I can log in to the lync client externally. But if I go through the VIP it does not make the connection. Doing traces I see that it is indeed making it to the edge server through the VIP but it cannot complete the transaction and eventually times out. I've followed the documentation and setup a VIP for the access service (that connects the IM). But I am a little confused when going through the documentation as it has a setup for the external interface, which I have done but it also has a setup for the internal interface. How would I get both the internal and external interfaces behind the F5? I'll be happy to post screenshots of my config if it would help.

5 Replies

  • mikeshimkus_111's avatar
    Historic F5 Account
    Hi Billy, which documentation did you follow? Are you using the iApp template, or configuring manually? We highly recommend the template if you are running BIG-IP v11.0 or higher.



    Generally, the VIPs for the Edge interfaces would live on the external BIG-IP, while the internal Edge VIPs live on the internal BIG-IP and receive outbound connections from clients and the Front End servers. Do you have two pair of BIG-IPs isolating your Edge servers in a DMZ, or are you doing this all on one BIG-IP (or pair)?



    Feel free to upload the screenshots and we'll have a look.




  • mikeshimkus_111's avatar
    Historic F5 Account
    First off, I would definitely recommend upgrading to v10.2.2 HF1, or later. There is an SSL handshake issue that was addressed with that hot fix: I don't believe the Lync solution has been tested with any version earlier than 10.0. I would also have a look at the manual configuration tables in this guide, as they are the most recent:



    You should be able to get it working with just one BIG-IP. You'll need to create 3 VLANs on the BIG-IP-one each for the public, dmz, and internal networks. Add static routes to the Lync Edge servers to direct outbound traffic to the self-IP of the public VLAN and inbound traffic to the self-IP of the DMZ VLAN. Front-End servers should use the BIG-IP internal self-IP as the route for traffic to the internal Edge interface virtual server addresses. You''ll also need routes on the BIG-IP to direct traffic out the correct VLANs, and you should only enable the external Edge virtual servers to listen on the public VLAN, the internal Edge virtual servers on the DMZ VLAN, and the internal Front End servers on the internal VLAN.



    Remember that the Edge and Front-End servers must be able to route to each other directly, as well.



    Here's a post that may be helpful in understanding how the Edge services need to be configured:



    Routing is one of the bigger pitfalls with Lync configuration. If you need more info, send me a PM on DevCentral. I can put together a diagram of this setup for you.




  • Which version of the doc did you use. I remember one of the early ones I used it didnt work. I figured out by removing the SSl profiles it worked. The new version of the doc has fixed it. It looks like you have a SSL client profile so you may have just used an older version of doc. Set it to none and it should work. BTW, you are using Source Address Affinity for persistence method, correct?
  • THAT DID IT!!!!!!!!! EEEEEYYYYYYYYY!! TY!!!! Cant thank you enough. Maybe I finally get some good sleep tonight. Just made my week
  • Good to hear! Good luck, let me know if you hit any other issues. I set mine up a while back and the documentation had a lot of errors that I found out the "hard way". Luckily they all seem to have been fixed in the latest revision.