Microsoft Skype for Business Server 2015
Problem this snippet solves:
New release candidate iApp template and deployment guide for Microsoft Skype for Business Server 2015 (formerly Lync Server 2010/2013). For more information and complete guidance on configuring the iApp template, see the associated deployment guide: http://www.f5.com/pdf/deployment-guides/microsoft-skype-for-business-dg.pdf
f5.microsoft_skype_server_2015.v1.0.0rc9: posted to downloads.f5.com in 11/2017
RC-9 was posted to downloads.f5.com (as will most new versions of this template). It contained the following changes: new BIG-IP AFM IP Intelligence threat categories to support BIG-IP v13.1 and support for route domain 0 from non-Common partitions.
f5.microsoft_skype_server_2015.v1.0.0rc7: posted 09/21/2016
RC-7 provides additional SIP domain support within reverse proxy, a monitor schema change for reverse proxy to make use of the 200 OK response when querying lyncdiscover/lyncdiscoverinternal, support for the director service standalone use case(separate LTM from Front End service), added support to ask for the IP phone update url to allow connections through reverse proxy and added a port 80 Virtual Server in addition to the existing 443 Virtual Server for reverse proxy.
RC 5 and 6 were never released to the public, this includes changes as a part of those RC's
f5.microsoft_skype_server_2015.v1.0.0rc4: posted 02/16/2016
RC-4 Fixes a security log profile error when deploying on versions of BIG-IP earlier than 11.4, where AFM is not available.
f5.microsoft_skype_server_2015.v1.0.0rc3: posted 01/22/2016
RC-3 attaches a supplemental ICMP monitor to the Edge internal UDP virtual server. See https://support.f5.com/kb/en-us/solutions/public/6000/100/sol6143.html for more information.
f5.microsoft_skype_server_2015.v1.0.0rc2: posted 01/11/2016
RC-2 contains only a small correction to the iRule produced by the iApp template. The iApp will now always force the FQDN written to lowercase in the iRule, even if the user enters CAPITAL letters.
f5.microsoft_skype_server_2015.v1.0.0rc1: posted 07/06/2015
New iApp template for Skype for Business.
Code :
70782
Published Jul 06, 2015
Version 1.0
B_EarpAltocumulus
When you say "Type the IP address the BIG-IP system will use for the Edge Servers - External Interface Access service virtual server. This must be a unique, publicly routable IP address.. Can this be a private IP address that is NATed to a unique, publicly routable IP address?- Antoine, as a Release Candidate, the Microsoft Skype for Business Server 2015 iApp was developed by F5 and is waiting on final testing to become a gold release. As a release candidate, and an iApp developed by the F5 iApp team, it is supported. We expect to incorporate any additional features and complete to "gold" status in the last summer of 2016.
Antoine_80417Nimbostratus
Hi folks, do you know when (or if) this iApp will become officially supported by F5 ?- Hi ChristianH, this is by design. We don't decrypt this traffic, so the virtual server only uses a TCP profile and no SSL profiles. What issues were you seeing?
- ChristianH_1903Hi, we encountered a missing SSL client profile when trying to use this template for the Microsoft Skype Server Edge Virtual Servers: External Interface. The virtual servers are all created correctly but the one listening on port 443 does not use HTTPS. When creating and assigning an additional SSL client profile to this server it worked as expected.
- Jon, that is expected behavior. We need to mark every FE service down if 5061 is unreachable, so because of that you will need the firewall open for 5061 between the self-IPs and FE.
JonHarro_182076Hi Folks. I am playing around with trying to make this work at the moment. (rc4 template) It seems even if you answer NO to the question "Should the system monitor the internal SIP virtual servers?" it still creates the monitors and adds them to the _reverse_proxy_front_end_4443_pool... Disabling strict updates and removing the monitor from the pool sorts that out but I figured I'd share what I've found.We only have firewall rules from the edge server to the front end servers on 5061, not from the self IP's to the front end servers on 5061. Had us scratching our heads for a while but we worked it out. I'll have a look at the template more closely and see if I can work out what's amiss. If I have the wrong end of the stick here and we really do need the firewalls opened on 5061 to the front end pools from the self-ip's please let me know. Anyway I'm off to see if it all wants to play nicely now. :-)- Mgullia, please check the updated RC4 version, it should correct the problem.
Mgullia_176222Hi to all. I've just tryed to deploy this iAPP in a guest running 11.2.1 (LTM module only)...so no AFM. and i'm facing this error script did not successfully complete: ("security-log-profiles" unknown property while executing "tmsh::create [string range $args 7 end] " ("create" arm line 1) invoked from within "switch -exact -- [string range $args 0 5] { create { tmsh::create [string range $args 7 end] } modify { tmsh::modify [string r..." (procedure "iapp_conf" line 14) invoked from within "iapp_conf create "/ ltm virtual" "$vs_name destination $destination $snat_action pool none profiles none profiles replace-all-with \{ $http_profile_na..." (procedure "configure_microsoft_skype_server_reverse_proxy_deployment" line 145) invoked from within "configure_microsoft_skype_server_reverse_proxy_deployment" invoked from within "if { $provisioned } { if { $::front_end_ip__deploying_front_end_ip == $::YES_ANSWER } { configu..." line:1424) I think the problem is the lack of AFM. How can i fix that? I'm not intrested to use AFM,- Steve A- I am able to load and run the template on 11.3 without issue. The error message that you posted seems to indicate that the iapp is having trouble listing your ssl certificate names. Do any of your cert files have a name with quotes or spaces or special characters in it? Are any of them in a partition other then /Common?
