Microsoft Skype for Business Server 2015

Problem this snippet solves:

New release candidate iApp template and deployment guide for Microsoft Skype for Business Server 2015 (formerly Lync Server 2010/2013). For more information and complete guidance on configuring the iApp template, see the associated deployment guide: http://www.f5.com/pdf/deployment-guides/microsoft-skype-for-business-dg.pdf

f5.microsoft_skype_server_2015.v1.0.0rc9: posted to downloads.f5.com in 11/2017

RC-9 was posted to downloads.f5.com (as will most new versions of this template). It contained the following changes: new BIG-IP AFM IP Intelligence threat categories to support BIG-IP v13.1 and support for route domain 0 from non-Common partitions.

f5.microsoft_skype_server_2015.v1.0.0rc7: posted 09/21/2016

RC-7 provides additional SIP domain support within reverse proxy, a monitor schema change for reverse proxy to make use of the 200 OK response when querying lyncdiscover/lyncdiscoverinternal, support for the director service standalone use case(separate LTM from Front End service), added support to ask for the IP phone update url to allow connections through reverse proxy and added a port 80 Virtual Server in addition to the existing 443 Virtual Server for reverse proxy.

RC 5 and 6 were never released to the public, this includes changes as a part of those RC's

f5.microsoft_skype_server_2015.v1.0.0rc4: posted 02/16/2016

RC-4 Fixes a security log profile error when deploying on versions of BIG-IP earlier than 11.4, where AFM is not available.

f5.microsoft_skype_server_2015.v1.0.0rc3: posted 01/22/2016

RC-3 attaches a supplemental ICMP monitor to the Edge internal UDP virtual server. See https://support.f5.com/kb/en-us/solutions/public/6000/100/sol6143.html for more information.

f5.microsoft_skype_server_2015.v1.0.0rc2: posted 01/11/2016

RC-2 contains only a small correction to the iRule produced by the iApp template. The iApp will now always force the FQDN written to lowercase in the iRule, even if the user enters CAPITAL letters.

f5.microsoft_skype_server_2015.v1.0.0rc1: posted 07/06/2015

New iApp template for Skype for Business.

Code :

70782
Published Jul 06, 2015
Version 1.0
application delivery
devops
iApps
LTM
lync
  • Joe_Jordan's avatar
    Joe_Jordan
    Ret. Employee
    Jan 13, 2016
    Hello Rox, in the current iteration of the iApp, the way to include a certificate/key that requires a password is to create a Client SSL profile outside of the iApp template (Local Traffic > Profiles > SSL > Client) There you can include the passphrase. When you are in the iApp, simply select the profile you created from the question "Do you want to create a new client SSL profile for Front End services, or use an existing one?"
  • Steve_A_130918's avatar
    Steve_A_130918
    Icon for Nimbostratus rankNimbostratus
    Jan 13, 2016
    Loaded the template onto a v11.3 LTM and got the following error : Error parsing template:can't eval proc: "script::run" iapp_get_items -norecursive -filter NAME !~ ca-bundle.crt|f5-irule.crt sys file ssl-cert: extra characters after close-quote while executing "error "$error_msg $err"" invoked from within "subst $rval($do_binary,$tmsh_rval,$nocomplain)" (procedure "iapp_get_items" line 76) invoked from within "iapp_get_items -norecursive -filter NAME !~ ca-bundle.crt|f5-irule.crt sys file ssl-cert" invoked from within "tmsh::run_proc f5.iapp.1.4.0.cli:iapp_get_items -norecursive -filter NAME !~ ca-bundle.crt|f5-irule.crt sys file ssl-cert" (procedure "script::run" line 3) invoked from within "script::run" line:1 Any thoughts?
  • Rox_Cornette_22's avatar
    Rox_Cornette_22
    Icon for Nimbostratus rankNimbostratus
    Jan 13, 2016
    can we add the capability to add a password for the certificate to this iapp? without it the wizard doesn't finish. and even when i use the default cert and key and attempt to add the cert after i use the default to finish, it still fails because there is no place to put the password.
  • James_Dastrup's avatar
    James_Dastrup
    Icon for Nimbostratus rankNimbostratus
    Dec 23, 2015
    Mike, looks like we were hit with the bug described in SOL14104 during a previous upgrade. Thanks for pointing us in the right direction.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Dec 22, 2015
    If you go to System ›› Users : Partition List ›› Common, what traffic group is the partition set to use under "Redundant Device Configuration"? All iApps work the same way when creating things like SNAT pools and virtual servers. I can't repro this and I've never seen a case about it in 4 years, so it leads me to believe that you have something wrong with your particular BIG-IP.
  • James_Dastrup's avatar
    James_Dastrup
    Icon for Nimbostratus rankNimbostratus
    Dec 22, 2015
    Mike, correct, I had to modify the traffic group on the SNAT translations. Yes, we are applying the appropriate traffic group from the Template Selection section. I can reproduce the problem anytime. If I reconfigure the application, remove the SNAT Translations and SNAT Pool, and then add them back in, they are created without the correct traffic group, they are inheriting the default "None". Other objects, such as the Virtual Addresses, are created in the correct traffic group, as specified in the Template Selection. If iApp's are not capable of setting the traffic group on SNAT Translations, seems like a frustrating limitation, effectively breaks the application until some manual work is done.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Dec 22, 2015
    Hi James, thanks for the feedback. I reviewed the case and there's a bit of a larger issue than the iApp template. It looks like you had to modify the traffic group settings on the SNAT translation, correct? The iApp doesn't create SNAT translations. It only creates the SNAT pool, which then automatically creates the SNAT translations. There's nowhere to define a traffic group during SNAT pool creation. Question: when you deployed the iApp, did you select the appropriate traffic group from the "Template Selection" section at the beginning of the template?
  • James_Dastrup's avatar
    James_Dastrup
    Icon for Nimbostratus rankNimbostratus
    Dec 22, 2015
    I have discovered that this template does not properly set the traffic group on the SNAT Translations if you are using source NAT Pools. If that happens, you may end up with source NAT's on your standby load balancer, while your inbound traffic comes in on your primary, which obviously breaks things. The workaround is to manually assign the same traffic group to your SNAT Translations after configuring or reconfiguring the application. See SR C1982985
  • marvn_58503's avatar
    marvn_58503
    Icon for Nimbostratus rankNimbostratus
    Nov 06, 2015
    Usually Lync/SFB Scheduler is available on the Web services URL with a /scheduler, however today I had my first request for Scheduler to have it's own sub domain. I'm not sure how common this is and I worked around it by treating it as a Multiple SIP Domain for Web services but it may be necessary to add a drop down or this as well.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Nov 02, 2015
    We'll get that corrected before this is officially released to downloads.f5.com. Thanks for the feedback.