Lync 2013 Mobile can sign-in in Internal and External

How to implement the sign-in Lync 2013 mobile client in internal and external

July 8th, 2013 6:47am

Have a look at an existing thread: http://social.technet.microsoft.com/Forums/lync/en-US/1ba289de-699a-422a-bbd6-e74dfa370cbb/lync-server-2013-mobile-setup

This should help

--Pranav

Free Windows Admin Tool Kit Click here and download it now
July 8th, 2013 6:49am

The best guide is http://technet.microsoft.com/en-us/library/hh690055.aspx - have a look at it. Any questions, let us know. :)

July 8th, 2013 7:11am

Hi,

agreed with Murali, it's better to go through the official documents firstly, and then reference other step-by-step guides.

if you want other language support (e.g. Chinese), i can help.

 

thanks,

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 1:17am

better to user the Official technet documentation as the Lync 2013 mobility deployment is less confusing than Lync 2010. 

but look for a better guide when you try to make it work for both internal and external because it's a bit tricky configuration involve in TMG.

July 9th, 2013 1:23am

In my environment, SIP domain and AD domain is different, Now I can sign-in Lync 2013 in External.

My FE server name is CNFELYNC.ddhk.ddeng.com, but External Web Service is lync13web.ddeng.com.hk, so these two DNS records exist two two different DNS zones in our DNS server, and they both point to interanl IP address; for this situation, how we will implement Lync 2013 logon in both internal and External. below is my topology capture? which DNS records need to be created?

i not use TMG to publish Lync 2013, using NAT.

Another question is whether the external FQDN Lync13web.ddeng.com.cn need to be used in internal?

 

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 4:30am

What is your SIP domain?

You need to create CNAME or A record for lyncdiscoverinternal.<sipdomain>. Please also add the DNS A record pointing to public IP address of Reverse

July 9th, 2013 5:30am

you need to publish the mobility URL (lyncdiscover.ddeng.com.hk) in TMG and get it to reverse proxy in to internal server address. in mobility policy, you need to set it "expose Web URL". this is default set to external so that it will ignore the lyncdiscoverinternal.ddhk.ddeng.com record. 

to get around this, to have lyncdiscover.ddeng.com.hk resolve internally in to the TMG external interface force it to come through the TMG.

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 5:35am

From your reply, i summary them, i must let lyncdiscover or lyncdiscoverinternal point to a Public IP in Internal DNS server, is it?

Whether there is a way that a DNS record in Internal DNS server points to a internal IP to realize lync 2013 mobile logon when work in internal, Lync Mobile will use public IP in external?

Thanks!

July 9th, 2013 7:05am

Lyncdiscoverinternal should resolve in to FE server FQDN and lyncdiscover should be in Public DNS resolving to External Web Services FQDN. those 2 URLs take care of the server finding based on it's internal or Public

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 7:20am

I took above actions, but Lync 2013 mobile clients still not work in Internal.

July 9th, 2013 8:04am

can you go to Lync management shell and try get-csmcxconfiguration and see to where the URL is exposed in to. if it's external, then it will not going to work internally. 

set it to internal, restart the FE service and check whether it works

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 10:24am

The URL is exposed in to External. My requirement is Lync 2013 mobile client can sign-in in Internal and External. Now mobile client can normally sign-in in External.

July 9th, 2013 10:56am

it either internal or external. and usually it's ser to external. 

what you need to do is that have A record as lyncdiscover.domain.com and resolve it to TMG's external interface to force it to come through the reverse proxy (you need to have a TMG)

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 11:08am

May no ways realize logon in Internal, as well as External?
July 9th, 2013 11:15am

given that you don't have a TMG and using a NAT, try creating the CNAME DNS record lyncdiscove.domain.com to resolve in to FE server FQDN. i have not tried this and not sure if it works.

the recommended way to do this is that rout the internal traffic to TMG and then reverse proxy in to FE server as simulated external connection

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 6:46pm

"lyncdiscove.domain.com to resolve in to FE server FQDN"

I tried it, but it not works.

July 9th, 2013 8:10pm

that's what i thought. you need to have a TMG to reverse proxy it in to the FE server

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 8:36pm

"that's what i thought. you need to have a TMG to reverse proxy it in to the FE server"

If I take action as you said, whether there are some issue on voice routing etc.? Whether you tried it?

July 9th, 2013 8:56pm

there won't be any problem with Voice routing as Voice doesn't flow through the TMG. voice will flow through the Edge. only the connectivity and auth handled by the TMG. 

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 9:13pm

if the lyncdiscover record points to public IP in internal DNS zone,  and mobile clients sign-in successfully by Internal, the Voice flow still go to Edge? 
July 9th, 2013 9:54pm

Yes. even though it's internal, it get treated like an external connectivity. Remember above i told you to set the URL expose to External?

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2013 10:00pm

Yes, we has set the URL exposed to External.

Whether I may have the scene?

1. UR; exposed to Internal

2. In External DNS, i will publish LyncdiscoverInternal as a host record, and NAT policy transfer port 443 to 443

Thanks!

July 9th, 2013 10:41pm

that's simply throwing MS best practice out of the window. it might work but no guarantee.

Free Windows Admin Tool Kit Click here and download it now
July 11th, 2013 8:23am

Could you help to explain the words "No guarantee", your meaning is that it is not sure whether it can be successful for this scene, or other?
July 11th, 2013 8:35pm

yah.. exactly. it might not going to work as it's not the recommended procedure and it's highly unlikely that some one else tested this before. Thant's what i meant :)

Free Windows Admin Tool Kit Click here and download it now
July 12th, 2013 12:28am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics