Tag Archives: iis

[Tutorial] Deploying a reverse proxy for Lync Server 2013

In this tutorial we will go over deploying a reverse proxy for Lync Server 2013.  The original method for deploying a reverse proxy was to use Microsoft's product ForeFront TMG (Threat Management Gateway), however shortly after the release of Lync Server 2013, TMG was discontinued.  In turn, a few tutorials have popped up on how to achieve this using Apache and IIS, but there wasn't an official recommendation on what to use until Server 2012 was released.

Per Microsoft's documentation, we can use IIS with an additional extension called Application Request Routing to achieve this task: http://technet.microsoft.com/en-us/library/gg398069.aspx

Details on the IIS Application and Request Routing extension can be found here: http://www.iis.net/downloads/microsoft/application-request-routing

Side note, much of this guide is largely based on an older technet article published here, which has some additional fine details on how exactly IIS is working to proxy the requests: http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx

This tutorial will go over installation instructions from start to finish for Server 2012 and Server 2012 R2.  I have attached the links on how to get Server 2008 and Server 2008 R2 prepped, so you can continue the tutorial once the IIS Application Request Routing extension has been installed.

Download Prerequisite Software

  1. Windows Server 2012 R2
    1. Download IIS Application Request Routing (ARR): http://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0
  2. Windows Server 2012
    1. Download (don't install yet) Hotfix for Microsoft Application Request Routing Version 2.5 for IIS7 (KB 2732764) (x64)
    2. Download IIS Application Request Routing (ARR): http://www.microsoft.com/web/gallery/install.aspx?appid=ARRv2_5
  3. Windows Server 2008 and 2008 R2
    1. Ensure you have IIS v7.X installed; instructions on how to do this can be found here: http://www.iis.net/learn/install/installing-iis-7/installing-iis-7-and-above-on-windows-server-2008-or-windows-server-2008-r2
    2. Install Application Request Routing version 2
      1. Instructions can be found here: http://www.iis.net/learn/extensions/installing-application-request-routing-(arr)/install-application-request-routing-version-2

Install IIS for Server 2012 and Server 2012 R2

  1. Please follow my tutorial here: http://jackstromberg.com/2014/11/tutorial-how-to-install-iis-on-server-2012-and-server-2012-r2/

Installing IIS Application Request Routing (ARR) 3

  1. Run the ARRv3_0.exe application as an administrator
    ARRv3_0 - Run as administrator
  2. Click Install
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Cart

    1. Note:  The cart for the v3.0 installer is shown above.  If you are running version 2.5, you will see 2 items needed for install.  Version 3, only needs one.  This is okay.
      Web Platform Installer 5.0 - Aplication Request Routing 2.5 - Cart
  3. Click I Accept
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - I Accept
  4. Click Finish
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Finish
  5. Click Exit
    Web Platform Installer 5.0 - Aplication Request Routing 3.0 - Exit

Configuring IIS for SSL

  1. Open up Internet Information Services (IIS) Manager
    Server Manager - Tools - Internet Information Services IIS Manager
  2. Select your server and double click on Server Certificates
    LyncRP - Internet Information Services IIS Manager - Home - Server Certificates
  3. Generate or Import your SSL Certificate trusted by a public CA (VeriSign, GoDaddy, etc.)
    1. Note: Generation of this certificate is outside the scope of this tutorial.  This SSL certificate should be the UCC certificate that allows for SAN addresses such aslync, meet, dialin, lyncdiscover, etc.
      LyncRP - Internet Information Services IIS Manager - Server Certificates
  4. Expand your server, expand Sites, select Default Web Site, select Bindings...
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings
  5. Click on Add...
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add
  6. Select https, and choose your SSL certificate you imported in the previous step, click OK
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add - https
  7. Click Close
    LyncRP - Internet Information Services IIS Manager - Sites - Default Web Site - Bindings - Add - Close

Create Server Farms

  1. Select Server Farms and then click on Create Server Farm...
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm
  2. Enter in the Server farm name and click Next
    1. Note: We will end up creating farm names for each externally published URL.  This can be lync, dialin, meet, etc, order will not matter. For the sake of this tutorial, I am going to use lync first.
      LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Server Farm Name
  3. Enter the Server address (same as farm name before), click Advanced Settings..., expand applicationRequestRouting
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server
  4. Change the httpPort to 8080 and httpsPort to 4443 and click Add
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports
  5. Click Finish
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports - Finish
  6. Click Yes on the Rewrite Rules dialog
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - applicationRequestRouting Ports - Finish - Rewrite Rules Dialog
  7. Repeat steps 1-6 for dialin, meet, and lyncdiscover
    LyncRP - Internet Information Services IIS Manager - Server Farms - meet-dialin-lyncdiscver
  8. For your Lync Web Apps server (lyncwac), continue repeat steps 1-6, however ensure you use ports 80 and 443 instead of 8080 and 4443.  This is needed to communicate properly with the WAC server.
    LyncRP - Internet Information Services IIS Manager - Server Farms - Create Server Farm - Add Server - lyncwacLyncRP - Internet Information Services IIS Manager - Server Farms - meet-dialin-lyncdiscver-lyncwac

Configure IIS Caching, Proxy Timeouts, and Routing Rules

For each of the server farms we created, repeat the following steps:

  1. Select a Server Farm and double click on Caching
    LyncRP - Internet Information Services IIS Manager - Server Farms - Caching
  2. Uncheck Enable disk cache and click Apply
    LyncRP - Internet Information Services IIS Manager - Server Farms - Caching - Uncheck Enable disk cache
  3. Select the same Server Farm object and double click on Proxy
    LyncRP - Internet Information Services IIS Manager - Server Farms - Proxy
  4. Change the Time-out (seconds) from 30 seconds to 600 and click Apply
    1. Note: This is needed to prevent the Lync Web Apps server from timing out unexpectedly.  Microsoft recommends this setting to be 200, but this isn't long enough for iOS clients.  Increasing this to 600 will fix the issue where iOS clients prompt with the following error message "Your server configuration has changed. Please restart Lync.".LyncRP - Internet Information Services IIS Manager - Server Farms - Proxy - Time-out 200
  5. Select the same Server Farm object and double click on Routing Rules
    LyncRP - Internet Information Services IIS Manager - Server Farms - Routing Rules
  6. Uncheck Enable SSL offloading and click Apply
    LyncRP - Internet Information Services IIS Manager - Server Farms - Routing Rules - Uncheck Enable SSL offloading

Configure IIS URL Rewrites

  1.  Select your IIS Server and double click on URL Rewrite
    LyncRP - Internet Information Services IIS Manager - URL Rewrite
  2. Go through and Remove all of the non _SSL Inbound Rules
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Remove - Non-SSL
    The result should look like this:
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Remove - Non-SSL - Removed
  3. Select a rule and click on Add... underneath the Conditions actions pane
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Add
  4. Enter {HTTP_HOST} for the Condition input and enter role.* for your Pattern
    1. Where role is meet, dialin, lyncdiscover, etc.
      LyncRP - Internet Information Services IIS Manager - URL Rewrite - Add - HTTP_HOST
  5. Repeat steps 3-4 for each SSL rule for a result like this
    LyncRP - Internet Information Services IIS Manager - URL Rewrite - Rules

That should be it! 🙂

[Tutorial] How to install IIS on Server 2012 and Server 2012 R2

Here is a tutorial on how to install IIS on Server 2012 and Server 2012 R2.  The installation process for this is very straight forward and does not differ much from Server 2008 R2.  This guide will only go over the basic install, additional configuration of IIS is outside the scope of this tutorial.  Before beginning, you can choose to install IIS via PowerShell or the GUI.  Either option will result with the exact same configuration.

PowerShell

  1. Open an elevated PowerShell console
    Server 2012 - PowerShell - Run as Administrator
  2. Execute the following command
    1. Install-WindowsFeature -Name Web-Server, Web-Mgmt-Tools
      PowerShell - Install-WindowsFeature -Name Web-Server Web-Mgmt-Tools

      1. Note: Web-Mgmt-Tools is optional, but in most instances added to get the Internet Information Services (IIS) Manager GUI snap-in to manage IIS

GUI

  1. Open Server Manager
    Server Manager
  2. Click on Manage - Add Roles and Features
    Server 2012 - Manage - Add Roles and Features
  3. Click Next > on the Before You Begin screen
    Add Roles and Features Wizard - Before you begin
  4. Click Next > on the Installation Type screen
    Add Roles and Features Wizard - Select installation type
  5. Click Next > on the Server Selection screen
    Add Roles and Features Wizard - Confirm installation selections - Restart the destination server automatically if required
  6. Select Web Server (IIS) from the list on Server Roles and click on the Add Features button once prompted.  Click Next >
    Add Roles and Features Wizard - Add features that are required for web server iis
    Add Roles and Features Wizard - Server Roles - Web Server IIS
  7. Click Next > on the Features screen
    Add Roles and Features Wizard - Features - Default
  8. Click Next > on the Web Server Role (IIS) screen
    Add Roles and Features Wizard - Web Server Role IIS
  9. Click Next > on the Role Services screen
    Add Roles and Features Wizard - Web Server Role IIS - Role Services
  10. Click Install on the Confirmation screen
    Add Roles and Features Wizard - Web Sever Role - Confirmation