How to implement the sign-in Lync 2013 mobile client in internal and external
Have a look at an existing thread: http://social.technet.microsoft.com/Forums/lync/en-US/1ba289de-699a-422a-bbd6-e74dfa370cbb/lync-server-2013-mobile-setup
This should help
The best guide is http://technet.microsoft.com/en-us/library/hh690055.aspx - have a look at it. Any questions, let us know. :)
Hi,
agreed with Murali, it's better to go through the official documents firstly, and then reference other step-by-step guides.
if you want other language support (e.g. Chinese), i can help.
thanks,
better to user the Official technet documentation as the Lync 2013 mobility deployment is less confusing than Lync 2010.
but look for a better guide when you try to make it work for both internal and external because it's a bit tricky configuration involve in TMG.
In my environment, SIP domain and AD domain is different, Now I can sign-in Lync 2013 in External.
My FE server name is CNFELYNC.ddhk.ddeng.com, but External Web Service is lync13web.ddeng.com.hk, so these two DNS records exist two two different DNS zones in our DNS server, and they both point to interanl IP address; for this situation, how we will implement Lync 2013 logon in both internal and External. below is my topology capture? which DNS records need to be created?
i not use TMG to publish Lync 2013, using NAT.
Another question is whether the external FQDN Lync13web.ddeng.com.cn need to be used in internal?
What is your SIP domain?
You need to create CNAME or A record for lyncdiscoverinternal.<sipdomain>. Please also add the DNS A record pointing to public IP address of Reverse
you need to publish the mobility URL (lyncdiscover.ddeng.com.hk) in TMG and get it to reverse proxy in to internal server address. in mobility policy, you need to set it "expose Web URL". this is default set to external so that it will ignore the lyncdiscoverinternal.ddhk.ddeng.com record.
to get around this, to have lyncdiscover.ddeng.com.hk resolve internally in to the TMG external interface force it to come through the TMG.
From your reply, i summary them, i must let lyncdiscover or lyncdiscoverinternal point to a Public IP in Internal DNS server, is it?
Whether there is a way that a DNS record in Internal DNS server points to a internal IP to realize lync 2013 mobile logon when work in internal, Lync Mobile will use public IP in external?
Thanks!
Lyncdiscoverinternal should resolve in to FE server FQDN and lyncdiscover should be in Public DNS resolving to External Web Services FQDN. those 2 URLs take care of the server finding based on it's internal or Public
I took above actions, but Lync 2013 mobile clients still not work in Internal.
can you go to Lync management shell and try get-csmcxconfiguration and see to where the URL is exposed in to. if it's external, then it will not going to work internally.
set it to internal, restart the FE service and check whether it works
The URL is exposed in to External. My requirement is Lync 2013 mobile client can sign-in in Internal and External. Now mobile client can normally sign-in in External.
it either internal or external. and usually it's ser to external.
what you need to do is that have A record as lyncdiscover.domain.com and resolve it to TMG's external interface to force it to come through the reverse proxy (you need to have a TMG)
given that you don't have a TMG and using a NAT, try creating the CNAME DNS record lyncdiscove.domain.com to resolve in to FE server FQDN. i have not tried this and not sure if it works.
the recommended way to do this is that rout the internal traffic to TMG and then reverse proxy in to FE server as simulated external connection
"lyncdiscove.domain.com to resolve in to FE server FQDN"
I tried it, but it not works.
that's what i thought. you need to have a TMG to reverse proxy it in to the FE server
"that's what i thought. you need to have a TMG to reverse proxy it in to the FE server"
If I take action as you said, whether there are some issue on voice routing etc.? Whether you tried it?
there won't be any problem with Voice routing as Voice doesn't flow through the TMG. voice will flow through the Edge. only the connectivity and auth handled by the TMG.
Yes. even though it's internal, it get treated like an external connectivity. Remember above i told you to set the URL expose to External?
Yes, we has set the URL exposed to External.
Whether I may have the scene?
1. UR; exposed to Internal
2. In External DNS, i will publish LyncdiscoverInternal as a host record, and NAT policy transfer port 443 to 443
Thanks!
that's simply throwing MS best practice out of the window. it might work but no guarantee.
yah.. exactly. it might not going to work as it's not the recommended procedure and it's highly unlikely that some one else tested this before. Thant's what i meant :)