This is a subject often blogged about, that said I have found that most posts add a server farm for each simple name that is published. My strategy is generally – keep it simple.
So, as per usual, if it isn’t documented – its forgotten.
Installing IIS ARR is fairly straight forward. I like to use the post by Y0AV found here to do the base install. I do deviate from YoAV’s configuration when it gets to the number of server farms created and also as far as the URL Rewrite rules go.
Configuring IIS ARR
Open IIS Manager
Expand the local server, navigate to the Server Farm list
Right click to create a new server farm (I create just a single Server farm for Skype URL’s), NOTE Web Apps will need a separate Server Farm.
Name the Server Farm and click next
Type the FQDN of the Skype Front End Pool in the Server Address box and Click Add to add the server address
click on Advanced Settings
Expand applicationRequestRouting and edit the httpPort to 8080 and the httpsPort to 4443
Click Finish. You will notice a popup box stating that a Rewrite Rule can be created automatically if you click on Yes, I am all for automation – click yes.
We will now modify the default parameters of the server farm we just created. Expanding the server farm reveals the properties icons.
We will modify the following 3 areas:
Caching – Disable this by unchecking the Enable disk cache box
Proxy – Increase the default timeout seconds to something more realistic
Routing Rules – Disable SSL offloading by unchecking the Enable SSL offloading box
This next bit is where I typically keep things simple with a single URL Rewrite rule.
Navigate to server URL Rewrite
You should see 2 Inbound URL Rewrite rules (they were auto created by the acknowledgment pop up box we saw earlier)
As we will be using 443 you can safely delete the rule WITHOUT _SSL on the end of its name.
Select the remaining rule and edit it as follows:-
In the match URL window, change the Using: dropdown box to Regular Expressions
In the Pattern window type (.*)
In the Condition window we will add a new condition by clicking Add
In the New Condition Window, in the Condition input box type {HTTP_HOST}
Ensure that the Check if input string box has Matches the Pattern selected
In the Pattern box you can now add all the FQDN’s required for Simple URL’s. Separate the URL’s with |
e.g. lyncdiscover.ucsorted.com|dialin.ucsorted.com|meet.ucsorted.com|sfbweb.ucsorted.com
Scroll down to the Action window and ensure that the Scheme is set to https://, Server farm set to the Server farm name and Path is set to /{R:0}
Testing the URL’s
Simply navigate to any of the dialin url from external to see how ISS ARR is handling the requests. If its all working correctly you should see the Skype for Business Dialin Page.
All to often you will see an error page such as:
I have found that the primary reasons for getting this error is as follows:
- Unable able to resolve the Skype Front End Pool FQDN
- Unable to connect to port 4443 on the Front End Pool
- IIS Server does not trust the issuing CA for the certificates applied to the Front End Pool
and that’s it, sorted.
Modern Workplace and Collaboration 