Home >Documents >ARR Reverse Proxy Deployment Guide for Lync 2013

ARR Reverse Proxy Deployment Guide for Lync 2013

Date post:19-Jan-2016
View:28 times
Download:0 times
Share this document with a friend
IIS ARR install reverse proxy
  • http://blogs.technet.com/b/saleesh_nv/

    ARR Reverse proxy deployment for Lync 2013

    My sip domain called contoso.com. Lync deployment consist of single standard edition server

    (std.contoso.com), edge server and ARR reverse proxy.

    Prerequisites for ARR reverse proxy deployment

    1. ARR reverse proxy required two NICs on the machine.

    2. ARR reverse proxy need not to be part of your domain.

    3. Make sure that DNS resolution is working on the machine by using internal DNS or host


    4. You should request a public UC certificate for reverse proxy server. It should have

    extweb.contoso.com, meet.contoso.com, dilain.contoso.com, and

    lyncdiscover.contoso.com and wac.contoso.com part of SAN.

    5. Import the certificate on the personal certificate store and make sure that private key is

    available for the certificate. Following screenshot has the summary of UC certificate request

    for ARR RP.

  • http://blogs.technet.com/b/saleesh_nv/

    Installation Steps

    6. Open IIS manager. Right click on the default website and select edit binding. Add an https

    binding and select the UC certificate which you import earlier.

    7. Install IIS components by running following PowerShell cmdlet.

    Import-Module ServerManager

    Add-WindowsFeature Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-




    8. Open following link and install IIS ARR 2.5 Download and install


    9. Web platform installer will prompt you for installation, click install now as below;

  • http://blogs.technet.com/b/saleesh_nv/

    10. Web plat form will download and install ARR 2.5.

  • http://blogs.technet.com/b/saleesh_nv/

    11. Once installation is completed. You will get a confirmation window as below.


    12. Open IIS manager and right click on server farm and click on create server farm.

  • http://blogs.technet.com/b/saleesh_nv/

    13. Provide the server farm name as extweb.contoso.com and click next. (Open your topology

    builder and verify the external web service URL, you need to mention the same URL here)

    14. Add server wizard , mention the standard edition server FQDN or Lync Pool VIP/DNS name.

    Click ADD.

    15. Click on advanced settings and expand applicationrequestroute. Change http port to 8080

    and https port to 4443. Below screenshot may help you.

  • http://blogs.technet.com/b/saleesh_nv/


    15. Click finish , it will prompt for URL rewrite rule creation request. Select YES.

    16. We need to create web farm for simple URLs and mobility URLs. Repeat the steps 13 to 15

    for meet.contoso.com; dialin.contoso.com; Lyncdiscover.contoso.com and

    wac.contoso.com .

  • http://blogs.technet.com/b/saleesh_nv/

    17. Once completed , You should be able to see all server farms for Lync 2013 as below.

    18. Now we need to change some of the settings in each server farm. First select

    dialin.contoso.com farm. Click on caching.

    19. Disable disk caching for dialin.contoso.com website. Apply changes.

  • http://blogs.technet.com/b/saleesh_nv/

    20. Go back to dialin.contoso.com and select proxy from the middle pane. Change the timout

    value to 200 ms and apply the changes.

    21. Go back to dialin.contoso.com and select routing rules. Disable SSL offloading as below.

    22. We have successfully completed configuration changes for dialin.contoso.com. Now we

    have to perform same changes for extweb/meet/lyncdiscover and wac server farm one by


  • http://blogs.technet.com/b/saleesh_nv/

    23. Click on IIS Server home and select URL Rewrite option.

    24. You can see both SSL and HTTP rules listed under the URL rewrite page. Delete all rules

    related to HTTP. If a rule has SSL at the end of the name then you shouldnt delete it.

  • http://blogs.technet.com/b/saleesh_nv/

    25. Edit the SSL rule one by one . I have selected dialin SSL rule below. Under conditions , click

    on add and define {HTTP_Host} and add dial.* as pattern as below.

    Note : Based on the rule selected , pattern will change to meet.* or extweb.* or Lyncdiscover.*


    26. If you wanted to test the pattern , click on test pattern and type the respective FQDN and

    test. You will get a success message as below.

  • http://blogs.technet.com/b/saleesh_nv/

    27. Under action type , you should select route to server farm option. Action properties should

    list the respective Lync URL (must be https). Also select stop processing of subsequent rules

    tick mark.

    28. For Office web server should add following pattern as seen below.


  • http://blogs.technet.com/b/saleesh_nv/

    29. Repeat the steps 25-27 for meet /lyncdiscover/extweb webfarm. You should select the

    respective pattern for each web famr.

    30. Now you can test the external access and verify the configuration.

Click here to load reader

Reader Image
Embed Size (px)