Microsoft Skype for Business Server 2015

Problem this snippet solves:

New release candidate iApp template and deployment guide for Microsoft Skype for Business Server 2015 (formerly Lync Server 2010/2013). For more information and complete guidance on configuring the iApp template, see the associated deployment guide: http://www.f5.com/pdf/deployment-guides/microsoft-skype-for-business-dg.pdf

f5.microsoft_skype_server_2015.v1.0.0rc9: posted to downloads.f5.com in 11/2017

RC-9 was posted to downloads.f5.com (as will most new versions of this template). It contained the following changes: new BIG-IP AFM IP Intelligence threat categories to support BIG-IP v13.1 and support for route domain 0 from non-Common partitions.

f5.microsoft_skype_server_2015.v1.0.0rc7: posted 09/21/2016

RC-7 provides additional SIP domain support within reverse proxy, a monitor schema change for reverse proxy to make use of the 200 OK response when querying lyncdiscover/lyncdiscoverinternal, support for the director service standalone use case(separate LTM from Front End service), added support to ask for the IP phone update url to allow connections through reverse proxy and added a port 80 Virtual Server in addition to the existing 443 Virtual Server for reverse proxy.

RC 5 and 6 were never released to the public, this includes changes as a part of those RC's

f5.microsoft_skype_server_2015.v1.0.0rc4: posted 02/16/2016

RC-4 Fixes a security log profile error when deploying on versions of BIG-IP earlier than 11.4, where AFM is not available.

f5.microsoft_skype_server_2015.v1.0.0rc3: posted 01/22/2016

RC-3 attaches a supplemental ICMP monitor to the Edge internal UDP virtual server. See https://support.f5.com/kb/en-us/solutions/public/6000/100/sol6143.html for more information.

f5.microsoft_skype_server_2015.v1.0.0rc2: posted 01/11/2016

RC-2 contains only a small correction to the iRule produced by the iApp template. The iApp will now always force the FQDN written to lowercase in the iRule, even if the user enters CAPITAL letters.

f5.microsoft_skype_server_2015.v1.0.0rc1: posted 07/06/2015

New iApp template for Skype for Business.

Code :

70782
Published Jul 06, 2015
Version 1.0
application delivery
devops
iApps
LTM
lync
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    May 19, 2017

    The monitor should use the pool member IP and forward the hostname as part of the host header. So no name resolution should be happening. You should open a case so we can get a look at your configuration, logs, etc.

     

    You can also enable monitor logging on the node to see what BIG-IP is getting as a response: https://support.f5.com/csp/article/K12531

     

  • The-messenger's avatar
    The-messenger
    Icon for Cirrostratus rankCirrostratus
    May 19, 2017

    No, I configured normally using the iApp, pool members are all ip addresses.

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    May 19, 2017

    The monitor should send that request to the IP address of the pool members, not try to resolve it. Are you using FQDN nodes as your pool members?

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    May 15, 2017

    I haven't seen that before. Recommend you open a case with F5 support and reply back here with the case number so we can track it.

     

    Thanks

     

  • The-messenger's avatar
    The-messenger
    Icon for Cirrostratus rankCirrostratus
    May 15, 2017

    Yes, full monitor, removing actual hostname....

     

    GET / HTTP/1.1\r\nHost: host.name\r\nConnection: Close\r\n\r\n

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    May 15, 2017

    This is the monitor created by the iApp, correct? The one with a send string of "GET /\r\n"?

     

  • The-messenger's avatar
    The-messenger
    Icon for Cirrostratus rankCirrostratus
    May 13, 2017

    Just started with the iApp, the only issue I've run into so far is the reverse proxy monitor, both HTTP and HTTPS will not work. The monitor reports access denied but running the monitor from the command line I get a directory listing ending with 400 URL must be absolute. Will continue to look at this.

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Mar 20, 2017

    You can use F5 to load balance A/V traffic. I would disable SNAT on the A/V connections, since enabling that will hide the real IPs of the clients from the Edge servers (which they need to set up P2P for external clients).

     

  • ChristianH_1903's avatar
    ChristianH_1903
    Icon for Nimbostratus rankNimbostratus
    Mar 20, 2017

    Hi Mike,

     

    I think we have a problem with STUN/TURN. When doing some debugs we see that the clients will be addressed with the private ip of their 4G network. Obviously this will not work. In the template the option "Yes, translate the source address of A/V connections" has been set.

     

    If found this article https://devcentral.f5.com/s/feed/0D51T00006i7eHMSAY. But it seems to advise not to use F5 for the A/V part?