Lync without reverse proxy - SSL issues


The way I setup my Lync environment was using one standard edition Lync 2010 server with one Edge server. How I bypassed the reverse proxy was using PAT (Port Address Translation) to take all incoming port 80 & 443 request on a different external IP to the Lync External Web Services virtual directory (which listens on port 8080 and 4443).

[To learn how to setup Lync without a reverse proxy check out this article]

So here was the problem.

My domain names I was using was,,, and I had no problem assigning the to the external edge interface using the deployment wizard. Where I ran into a problem was assigning a SAN I created to the Lync 2010 server. I kept getting errors like these:

Lost connection to the with Lync Web App


Server Machine FQDN:

Server Type: External-WebApp-Edge

Cause: Service may be unavailable or Network connectivity may have been compromised.


Authentication of incoming MTLS connection from Web Conferencing Server failed.


Using Lync Server without a reverse proxy…

Well I have decided to dive into the world of Lync. I have previously used Office Communications Server 2007 R2 in the past and remember the pain it was to set up. I will say that it paid off in the end because the users absolutely loved it. They used it all the time to talk to each other even though they were only five feet away lol.

Anyways I wanted to setup a small environment but didn’t want to go through the mess of setting up a reverse proxy.

In case you didn’t know the following features require a reverse proxy for external users:

  • Enabling external users to download meeting content for your meetings.
  • Enabling external users to expand distribution groups.
  • Enabling remote users to download files from the Address Book service.
  • Accessing the Microsoft Lync Web App client.
  • Accessing the Dial-in Conferencing Settings webpage.
  • Accessing the Location Information service.
  • Enabling external devices to connect to Device Update web service and obtain updates.

Now whenever you deploy a front-end server it will create two virtual directories in IIS. One is for internal users and the other is for external users. The difference is the external virtual directory listens on port 8080 and port 4443 (SSL) instead of the normal ports.

Add a Lync/Office Communicator account to Pidgin/Ubuntu

Thanks to the SIPE Project (, setting up a Lync/Office Communicator account has never been easier on Linux. The SIPE Project are the creators of a SIPE (SIP Exchange) plug-in for Pidgin, the IM client previously known as Gaim. I will be using Ubuntu 10.10 64 bit for my example. If you are using a different version of Linux, I recommend installing the SIPE plugin from source. Instructions for compiling from source can be found here:

To begin, we will need to install Pidgin and the SIPE plugin for Pidgin:

sudo apt-get install pidgin pidgin-sipe

Congratulations! You now have an IM client setup in Linux that can Connect to a Lync/Office Communicator server! That was easy, wasn't it?
To configure your account, open Pidgin:
Applications > Internet > Pidgin Internet Messenger

Choose Add and select Office Communicator from the protocol list. Fill out the fields as necessary:

(You may have to change the username format to DOMAIN\user)

From the main menu, choose Buddies > Add Buddy.

Subscribe to Lync