Lync without reverse proxy - SSL issues

Printer-friendly versionPDF version

 

The way I setup my Lync environment was using one standard edition Lync 2010 server with one Edge server. How I bypassed the reverse proxy was using PAT (Port Address Translation) to take all incoming port 80 & 443 request on a different external IP to the Lync External Web Services virtual directory (which listens on port 8080 and 4443).

[To learn how to setup Lync without a reverse proxy check out this article]

So here was the problem.

My domain names I was using was sip.domain.com, lync.host.local, lync.domain.com, and web.domain.com. I had no problem assigning the sip.domain.com to the external edge interface using the deployment wizard. Where I ran into a problem was assigning a SAN I created to the Lync 2010 server. I kept getting errors like these:

Lost connection to the with Lync Web App

 

Server Machine FQDN: lync.host.local

Server Type: External-WebApp-Edge

Cause: Service may be unavailable or Network connectivity may have been compromised.

and

Authentication of incoming MTLS connection from Web Conferencing Server failed.

 

Serial number of cert provided by Web Conferencing Server:.

Cause: Authentication for incoming MTLS connection failed.

Resolution:

Ensure that the certificate used by Web Conferencing Server is valid.

Normally you would apply your public certificate (the SAN) to your reverse proxy and use a internal certificate for Lync. In the design I had setup I couldn’t.

So what I ended up doing was assigning my self-signed certificate to Lync 2010 using the deployment wizard:

lyncblog2

I then went to IIS7 and changed the bindings on the External Web Site to use my public certificate from GoDaddy (port 4443). If you need to import your SSL certificate from your public CA you can still use the deployment wizard to import it.

After I did that all of the web conferencing components work without a problem! So far I haven’t had any issues with doing it this way but if you encounter a problem let me know! Keep in mind that the best way is to use a reverse proxy.

 

Hey! I realize this is kind of off-topic but I needed to ask.
Does running a well-established blog like yours require
a massive amount work? I am brand new to operating a blog however I do
write in my journal on a daily basis. I'd like to start a blog so I can share my own experience and views online. Please let me know if you have any kind of suggestions or tips for new aspiring bloggers. Thankyou!

Since this this is off-topic, please post in our forums and I will discuss this with you further.

Spot on with this write-up, I seriously believe this site needs a lot
more attention. I'll probably be back again to read through more, thanks for the information!

Thanks!

I need to to thank you for this fantastic
read!! I definitely loved every bit of it. I've got you book marked to look at new stuff you post…

Post new comment