vADC Forum

Reply
Occasional Contributor
Posts: 8
Registered: ‎01-03-2013

how to reach Lync 2010 External ressources with Steelapp

Dear Sirs,

 

I'm struggling to replace an old TMG with a SteelApp (Stingray Traffic Manager Virtual Appliance 2000 M 9.6r1).

 

The brocade always replies like if the client belongs to the inside network whereas all my clients are reaching the brocade (and so the Lync director Pool) from the external (Internet) network.

i.e.: the content of "/WebTicket" or "owa/hosting/directory" always is with internal DNS rather than external ones (**filtered**.group instead of **filtered**.com)

 

I followed the guide so I create a VIP (aka VIP_Lync) connected to a VS (aka VS-lync.services) that forward traffic to 3 differents Pool (POOL-lync.frcogdialin.**filtered**.com; POOL-lync.frcogmeet.**filtered**.com; POOL-lync.frprgcogdirp01.**filtered**.com)

 

The VS has a rule definition (see below), the SSL decryption and an extended timeout to 1200s. No other specific settings (all defaults).

The rule is basic redirection to the Pool like below:

"

$hostname       = http.getHostHeader();
$url            = http.getRawURL();

and the pools SSL encryption.

pool.use( "POOL-lync.".$hostname);

"

 

The director Pool (aka POOL-lync.frprgcogdirp01.**filtered**.com = 10.1.1.227:4443) has:

  • Least Connections for load balancing
  • IPbased session persistence
  • TCP monitor for health monitor
  • Encrypt SSL Setting
  • Transparency disable

So when i try to connect to "https://frprgcogdirp01.**filtered**.com/WebTicket/WebTicketService.svc" from the Internet, I always receive the following answer:

 

"WebTicketService Service

You have created a service.

To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:


svcutil.exe https://frprgcogwld01.**filtered**.group:4443/WebTicket/WebTicketService.svc/mex?wsdl

"

 

where frprgcogwld01.**filtered**.group is the internal name for the director. It has no meaning for my computer that use the ISP DNS...

 

I'm probably missing something that makes the brocade requesting the Lync director from the internal rather than the external.

 

The DNS configuration on the brocade point to internal DNS servers

 

Below the IP I receive If I try to ping from the brocade the following entry:

  • frprgcogdirp01.**filtered**.com = 81.xx.xx.1 (Public DNS entry for our Lync director)
  • frprgcogwld01.**filtered**.group = 10.1.1.227 (Internal DNS entry for the Lync director, IP of the pool)

Any comment, suggestion is more than welcome!

 

Best,

Greg

Brocadian
Posts: 1
Registered: ‎10-25-2016

Re: how to reach Lync 2010 External ressources with Steelapp

Hello Greg,


From your description above, it seems that you want to access Lync Web Service external however you are getting internal Lync web service IP.
Possible reason is /Autodiscover/AutodiscoverService.svc/root misconfig.

You must not get internal Lync web service IP when you access from external.
I assume that you have following config, if not then match the same.
1. In the Lync topology you defined internal and external web services FQDNs.
2. external Lync web service pointed to vADC external VIP (reverse proxy) and forwarding to director pool / FE Pool.
3. Internal Lync Web service pointed to internal vADC VIP (reverse proxy) which is forwarding taffic to Director Pool.
4. Your simple URL and Lyncdiscover both resolve your external VIP.
5. make sure your port bridging rule forwarding (on VIP) 443 -> 4443 and 80 -> 8080.

 

Can you share VIP config and Lync client log to better understanding of issue.

 

Regards
Balu Ilag

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.