How to Configure IIS ARR for Skype for Business

This is a subject often blogged about, that said I have found that most posts add a server farm for each simple name that is published. My strategy is generally –  keep it simple.

So, as per usual, if it isn’t documented – its forgotten.

Installing IIS ARR is fairly straight forward. I like to use the post by Y0AV found here to do the base install. I do deviate from YoAV’s configuration when it gets to the number of server farms created and also as far as the URL Rewrite rules go.

Configuring IIS ARR

Open IIS Manager

IIS Manager

Expand the local server, navigate to the Server Farm list

IIS Server

Right click to create a new server farm (I create just a single Server farm for Skype URL’s), NOTE Web Apps will need a separate Server Farm.

Create Server Farm

Name the Server Farm and click next

Server Farm Name

Type the FQDN of the Skype Front End Pool in the Server Address box and Click Add to add the server address

server address

click on Advanced Settings

Expand applicationRequestRouting and edit the httpPort to 8080 and the httpsPort to 4443

advanced settings

Click Finish. You will notice a popup box stating that a Rewrite Rule can be created automatically if you click on Yes, I am all for automation – click yes.

Rewrite Rules

We will now modify the default parameters of the server farm we just created. Expanding the server farm reveals the properties icons.

Server Farm Properties

We will modify the following 3 areas:

Caching – Disable this by unchecking the Enable disk cache box


Proxy – Increase the default timeout seconds to something more realistic


Routing Rules – Disable SSL offloading by unchecking the Enable SSL offloading box

routing rules

This next bit is where I typically keep things simple with a single URL Rewrite rule.

Navigate to server URL Rewrite

URL Rewrite Page

You should see 2 Inbound URL Rewrite rules (they were auto created by the acknowledgment pop up box we saw earlier)

As we will be using 443 you can safely delete the rule WITHOUT _SSL on the end of its name.

edit url rewrite

Select the remaining rule and edit it as follows:-

In the match URL window, change the Using: dropdown box to Regular Expressions

In the Pattern window type (.*)

Edit inbound ruleIn the Condition window we will add a new condition by clicking Add

In the New Condition Window, in the Condition input box type {HTTP_HOST}

Ensure that the Check if input string box has Matches the Pattern selected

In the Pattern box you can now add all the FQDN’s required for Simple URL’s. Separate the URL’s with  |


Condition Window

Scroll down to the Action window and ensure that the Scheme is set to https://, Server farm set to the Server farm name and Path is set to /{R:0}

Action Window

Testing the URL’s

Simply navigate to any of the dialin url from external to see how ISS ARR is handling the requests. If its all working correctly you should see the Skype for Business Dialin Page.

Dialin Page

All to often you will see an error page such as:

Server Error - Gateway or Proxy Server

I have found that the primary reasons for getting this error is as follows:

  1. Unable able to resolve the Skype Front End Pool FQDN
  2. Unable to connect to port 4443 on the Front End Pool
  3. IIS Server does not trust the issuing CA for the certificates applied to the Front End Pool

and that’s it, sorted.


About Paul B

My name is Paul Bloem and I am employed at Lexel Systems in New Zealand as a Principal Consultant for Unified Communications. I have been working on enterprise voice solutions for over 20 years. My first 10 years were spent working for a Telco in South Africa (Telcom SA). This is where all the groundwork happened as I was exposed to just about every aspect of telecommunication you could imagine. I develop an interest in PBX technologies and eventually became the go-to guy. Next, I had a 10 year run at Siemens South Africa, most of my time there was as a Technical Trainer. During this time VoIP hit the world stage, I had the privilege of introducing VoIP both as H.323 and later SIP across the Siemens HiPath 4000 solution stack. In 2008 I immigrated to New Zealand with my newly attained MCSE, I was ready to go where no PBX Techie had gone before. I was employed to explore OCS 2007 and that was pretty much the beginning of the end for me. I have been working on OCS and Lync ever since. My current role focuses exclusively on Lync and associated technologies.. That includes pre-sales, consulting, architecture and design, training and support. I even get to play in the development space from time to time - focus on play ;-) I was nominated as a Microsoft VTSP for Lync early in 2013 and also awarded Microsoft's MVP award for Lync in 2014.
This entry was posted in IIS, Reverse Proxy. Bookmark the permalink.

3 Responses to How to Configure IIS ARR for Skype for Business

  1. Pingback: Weekly IT Newsletter – November 16-20, 2015 | Just a Lync Guy

  2. Pingback: NeWay Technologies – Weekly Newsletter #174 – November 19, 2015 | NeWay

  3. Pingback: How To Configure Sip Account In Skype | Information

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s