Lync without reverse proxy - SSL issues
The way I setup my Lync environment was using one standard edition Lync 2010 server with one Edge server. How I bypassed the reverse proxy was using PAT (Port Address Translation) to take all incoming port 80 & 443 request on a different external IP to the Lync External Web Services virtual directory (which listens on port 8080 and 4443).
So here was the problem.
My domain names I was using was sip.domain.com, lync.host.local, lync.domain.com, and web.domain.com. I had no problem assigning the sip.domain.com to the external edge interface using the deployment wizard. Where I ran into a problem was assigning a SAN I created to the Lync 2010 server. I kept getting errors like these:
Lost connection to the with Lync Web App
Server Machine FQDN: lync.host.local
Server Type: External-WebApp-Edge
Cause: Service may be unavailable or Network connectivity may have been compromised.
Authentication of incoming MTLS connection from Web Conferencing Server failed.
Serial number of cert provided by Web Conferencing Server:.
Cause: Authentication for incoming MTLS connection failed.
Ensure that the certificate used by Web Conferencing Server is valid.
Normally you would apply your public certificate (the SAN) to your reverse proxy and use a internal certificate for Lync. In the design I had setup I couldn’t.
So what I ended up doing was assigning my self-signed certificate to Lync 2010 using the deployment wizard:
I then went to IIS7 and changed the bindings on the External Web Site to use my public certificate from GoDaddy (port 4443). If you need to import your SSL certificate from your public CA you can still use the deployment wizard to import it.
After I did that all of the web conferencing components work without a problem! So far I haven’t had any issues with doing it this way but if you encounter a problem let me know! Keep in mind that the best way is to use a reverse proxy.