Category Archives: IIS

How to Configure IIS ARR for Skype for Business

16 Monday Nov 2015

Posted by in IIS, Reverse Proxy

5 Comments

This is a subject often blogged about, that said I have found that most posts add a server farm for each simple name that is published. My strategy is generally –  keep it simple.

So, as per usual, if it isn’t documented – its forgotten.

Installing IIS ARR is fairly straight forward. I like to use the post by Y0AV found here to do the base install. I do deviate from YoAV’s configuration when it gets to the number of server farms created and also as far as the URL Rewrite rules go.

Configuring IIS ARR

Open IIS Manager

IIS Manager

Expand the local server, navigate to the Server Farm list

IIS Server

Right click to create a new server farm (I create just a single Server farm for Skype URL’s), NOTE Web Apps will need a separate Server Farm.

Create Server Farm

Name the Server Farm and click next

Server Farm Name

Type the FQDN of the Skype Front End Pool in the Server Address box and Click Add to add the server address

server address

click on Advanced Settings

Expand applicationRequestRouting and edit the httpPort to 8080 and the httpsPort to 4443

advanced settings

Click Finish. You will notice a popup box stating that a Rewrite Rule can be created automatically if you click on Yes, I am all for automation – click yes.

Rewrite Rules

We will now modify the default parameters of the server farm we just created. Expanding the server farm reveals the properties icons.

Server Farm Properties

We will modify the following 3 areas:

Caching – Disable this by unchecking the Enable disk cache box

caching

Proxy – Increase the default timeout seconds to something more realistic

proxy

Routing Rules – Disable SSL offloading by unchecking the Enable SSL offloading box

routing rules

This next bit is where I typically keep things simple with a single URL Rewrite rule.

Navigate to server URL Rewrite

URL Rewrite Page

You should see 2 Inbound URL Rewrite rules (they were auto created by the acknowledgment pop up box we saw earlier)

As we will be using 443 you can safely delete the rule WITHOUT _SSL on the end of its name.

edit url rewrite

Select the remaining rule and edit it as follows:-

In the match URL window, change the Using: dropdown box to Regular Expressions

In the Pattern window type (.*)

Edit inbound ruleIn the Condition window we will add a new condition by clicking Add

In the New Condition Window, in the Condition input box type {HTTP_HOST}

Ensure that the Check if input string box has Matches the Pattern selected

In the Pattern box you can now add all the FQDN’s required for Simple URL’s. Separate the URL’s with  |

e.g.    lyncdiscover.ucsorted.com|dialin.ucsorted.com|meet.ucsorted.com|sfbweb.ucsorted.com

Condition Window

Scroll down to the Action window and ensure that the Scheme is set to https://, Server farm set to the Server farm name and Path is set to /{R:0}

Action Window

Testing the URL’s

Simply navigate to any of the dialin url from external to see how ISS ARR is handling the requests. If its all working correctly you should see the Skype for Business Dialin Page.

Dialin Page

All to often you will see an error page such as:

Server Error - Gateway or Proxy Server

I have found that the primary reasons for getting this error is as follows:

  1. Unable able to resolve the Skype Front End Pool FQDN
  2. Unable to connect to port 4443 on the Front End Pool
  3. IIS Server does not trust the issuing CA for the certificates applied to the Front End Pool

and that’s it, sorted.

Re-installing MCX

23 Tuesday Oct 2012

Posted by in IIS, MCX, mobility, Re-installing MCX, Web Components

Leave a comment

While attempting to repair a problem with a clients self installed Lync FE IIS services I came to the conclusion that the Web Components Services was broken. No problem, right?
Simply uninstall the Web Components and then re-run the Deployment Wizard. I did that and returned to IIS to see MCX now missing. Suppose I should have expected that. No problem (again), I’ll just run the MCXStandalone.msi…
So the .msi says that the MCX is still installed, did a remove and ran it again to re-install. Done.

Checked IIS and MCX has returned, only problem is it still doesn’t work when I run the www.testocsconnectivity.com test.

So what’s the issue?
For one thing, the Environment had been installed and updated to CU6 but the MCXStandalone was still on the relative CU4. The MCX Update was found here

Secodly I assumed that the MCX listening ports were still defined as you usually cant install the MCX if they aren,t. Better safe than sorry, so I re-ran them too

Set-CsWebServer -Identity -McxSipPrimaryListeningPort 5086
Set-CsWebServer –Identity  -McxSipExternalListeningPort 5087

I restarted all the services for good measure, probably wasn’t necessary.

And voila!

Lync URL’s Explained

23 Friday Dec 2011

Posted by in IIS, Lync URL, URL

Leave a comment

Simple URL’s and WEB Services Explained

These URL’s are used by Lync for the following services:-
  • Web Meeting URL (Dialin and Meet)
  • Access to Distribution Groups (DG)
  • Access to Address Book Service (ABS)

All these services are delivered as URL’s, they are available internally (by connecting directly to IIS on Lync Front End) and externally via the reverse proxy (and thus then the Front End).

 Web Services (DG,ABS and Mobility)
DG URL External (port 8080 & 4443)
DG URL Internal (port 80 & 443)
ABS URL External from Server ( port 443)
ABS URL Internal from Server ( port 443)

MCX URL External from Server ( port 443)
 

 Simple URL (WEB Conference)

These are used for Web Meetings and conferences. they are usually https://meet. but as I prefer using the same A record I have selected a single URL for both meet and dialin as follows:-
                        https://weblync./DialIn
                        https://weblync./Meet

URL use as seen in Lync Communicator

Both the URL’s for WEB Services and for WEB Conferencing need to be in the Public Certificate as do their aliases eg. lyncmobility