question

MiladHooshyari avatar image
0 Votes"
MiladHooshyari asked JimmyYang-MSFT commented

Skype for Business - Edge Pool & Reverse Proxy Implementation

Hi Everyone
I Tried to implement Skype for Business Server 2015 with Persistent Chat Server and one OOS (Office Online Server)
I tried to configure Skype Edge to connect with remote users and Reverse Proxy to communicate with Mobile Devices. The problem is It isn’t working. and I have no idea what the problem is. I implement 4 different Reverse Proxy Servers: 1-Windows IIS Application Request Routing, 2-Ubuntu Nginx, 3-CentOS Nginx, 4-CentOS HAProxy and still no success.
I tried to use Jeff Schertz's Guidance for Skype Edge Implementation:
http://blog.schertz.name/2016/03/skype-for-business-2015-edge-pool-deployment/
I'm working on such a project for the first time and When I use Microsoft Remote Connectivity Analyzer I get this error message:
"Testing TCP port 443 on host lyncdiscover.test.org to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response."
When I telnet my reverse proxy’s valid IP from outside it’s working fine, but I can’t see the published test web page on Reverse Proxy Server from outside.
We possess 2 different sip domains: Internal and External: test.local & test.org
I have considered one Valid IP for each service: one for Skype Edge and one for Reverse Proxy Server.
My Edge Firewal Device is a UTM which provide the needed connectivity for all internal components with Internet, port-mapping on 80 and 443 port #s for reverse proxy server is done, and the appropriate port connectivity for all servers is defined.
One problem that its cause is unknown for me is that in contrary of pinging the Reverse Proxy Server is open and possible, the UTM Itself cannot ping External hand of Reverse Proxy Server.
To have a better understanding of what I’ve done I would put not only all the defined DNS records (External and Internal) here, but also all the configuration of Skype Topology below:

Skype Edge’s Valid IP: X
Reverse Proxy’s Valid IP: Y



Registered Records in Public DNS:
Type FQDN IP Address Host Service
A sip.test.org X
A webconf.test.org X
A av.test.org X
SRV _sip._tls.test.org sip.test.org 443
SRV _sipfederationtls._tcp.test.org sip.test.org 5061
SRV _xmpp-server._tcp.test.org sip.test.org 5269
A lyncdiscover.test.org Y
A dialin.test.org Y
A meet.test.org Y
A external.test.org Y
A srv-18.test.org Y


Internal hand of Skype Edge: 192.168.12.5 Server Name: SRV-27 with DNS Suffix of: TEST.LOCAL
External Hand of Skype Edge: 192.168.13.2
Internal hand of Reverse Proxy: 192.168.12.6
External Hand of Reverse Proxy: 192.168.13.3
Skype Front End IP: 192.168.3.27 Server Name: SRV-13.TEST.LOCAL
OOS: 192.168.3.37 Server Name: SRV-18.TEST.LOCAL


Local DNS Records:
Type FQDN IP Address Host Service
A sip.test.org 192.168.13.2
A webconf.test.org 192.168.13.2
A av.test.org 192.168.13.2
A lyncdiscover.test.org 192.168.13.3
A dialin.test.org 192.168.13.3
A meet.test.org 192.168.13.3
A external.test.org 192.168.13.3
A skype.TEST.ORG 192.168.3.27
A srv-18.test.org 192.168.3.37
CNAME lyncdiscoverinternal.TEST.ORG lyncpool01.TEST.ORG.
A lyncpool01.TEST.ORG 192.168.3.27
A srv-13.TEST.ORG 192.168.3.27
A edgepool.TEST.ORG 192.168.12.5
SRV _sip._tls.test.org sip.test.org. 443
SRV _sip._tcp.test.org lyncpool01.test.org. 443
SRV _sipfederationtls._tcp.test.org sip.test.org 5061
SRV _sipinternaltls._tcp.test.org lyncpool01.test.org. 5061
SRV _xmpp-server._tcp.test.org sip.test.org. 5269
A sip.test.local 192.168.13.2
A webconf.test.local 192.168.13.2
A av.test.local 192.168.13.2
A lyncdiscover.test.local 192.168.13.3
A dialin.test.local 192.168.3.27
A meet.test.local 192.168.3.27
A external.test.local 192.168.13.3
A Skype.test.local 192.168.3.27
A SRV-18.test.local 192.168.3.37
CNAME lyncdiscoverinternal.test.local lyncpool01.test.local.
A lyncpool01.test.local 192.168.3.27
A SRV-13.test.local 192.168.3.27
A edgepool.test.local 192.168.12.5
SRV _sip._tls.test.local sip.test.local. 443
SRV _sipfederationtls._tcp.test.local sip.test.local 5061
SRV _sipinternaltls._tcp.test.local lyncpool01.test.local. 5061
SRV _xmpp-server._tcp.test.local sip.test.local. 5269


Skype Topology’s Configuration:
SIP domain: Default SIP domain: TEST.LOCAL
Additional supported SIP domains: TEST.ORG
Simple URLs: Phone access URLs: https://dialin.TEST.LOCAL
https://dialin.test.org
Meeting URLs: https://meet.test.org
http://meet.test.local
Central Management Server: lyncpool01.test.local
Front End Pool: FQDN: lyncpool01.test.local
Office Web Apps Server: SRV-18.TEST.LOCAL
Edge Pool: SRV-27.TEST.LOCAL
Internal web services: Skype.test.local
External web services: External.test.org
Edge Pool: Internal Server FQDN: SRV-27.TEST.LOCAL
Internal IPv4 address: 192.168.12.5
Federation (port 5061): Enabled
Access Edge service: sip.test.org 192.168.13.2 5061 TLS
Web Conferencing Edge service: webconf.test.org 192.168.13.2 444 TLS
A/V Edge service: av.test.org 192.168.13.2 443 TCP
NAT-enabled public IPv4 address: X



Do you have any idea what's the problem?
Please let me know if you need further information.
Any help would be appreciated.








office-skype-business-server-deployment
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MiladHooshyari

It recommends you check if you have configured these port settings in your topology:

For Lync Server Internal Web Site, please configured on ports 80 and 443, responsible for providing services to internal customers.

For Lync Server External Web, please configured on ports 8080 and 4443, a site that should be published by the Reverse Proxy

For more details about how to configure reverse proxy, you could refer to this article.

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.



0 Votes 0 ·

@MiladHooshyari

It has been a while, how is everything going?
If you have any update about this issue, please feel free to post back.

0 Votes 0 ·

0 Answers