I found tons of links for Lync and proxy/ISA, but none for the client.

We have Lync server running fine from inside and outside the network.

We had this issue when invited to another company's meeting via Lync.

We block outbound http at out firewall and use a (not inline) ISA 2006 proxy server for internet access.

Here are the symptoms:

Could not connect to vendor's server.
I opend a hole for one PC to access all http/s. (not acceptable)
After the meeting, I went on to test other options.
Reset firewall back to block and added vendor.com domain to ISA allowed without auth list.
Lync client connected fine.
removed the previous and added vendor.com domain to ISA allowed with NTLM auth list.
Lync client could not connect. (No NTLM?)

I do not want to add every external company that might invite us to a meeting to our ISA allowed without auth list. (this would only be requested after a meeting started and failed, not acceptable)

I tried logging the previous attempts, thinking that I could make a rule to the Lync "user agent", but that shows up blank in the ISA logs.

How are other getting their Lync clients to fconnect to other companies meetings when using a proxy server?

 

 

 

 

• Edited by StevenBerkHolz Friday, September 16, 2011 11:33 AM

Sounds like you don't have a Lync EDGE Server which is required for traffic comming from the internet that is SIP, Conferencing and Audio/Video.  You also require a reverse proxy for web traffic.

Publishing the Front-End to the internet without an EDGE Server is not supported or even impossible

No, you misread.

My issue is that for My lync clients to connect to meetings at other companies lync servers, requires me to open port 443 to the whole Internet.

How do I get my Lync Clients to use my ISA Proxy server (for outbound) to any companies that may host a meeting? (without opening web browser access to the whole Internet)

Or are my Lync Clients supposed to be accessing external servers via the Edge server in reverse? Do I have something configured wrong?

Temporarily put in proxy rule to allow these with no auth.

http://meet.*
http://webconf.*
http://sip.*
http://av.*
http://dialin.*
https://meet.*
https://webconf.*
https://sip.*
https://av.*
https://dialin.*

 

What I need is a way to force my Lync Clients to use My server when connecting to other server's meetings.  Is there a setting for that.

 

 

How are other getting their Lync clients to fconnect to other companies meetings when using a proxy server?

What I need is a way to force my Lync Clients to use My server when connecting to other server's meetings.  Is there a setting for that.

 

Hey Steven,

I know this is an older thread, but I ran across it on my search for an answer to the same question - did you ever come up with a good solution for this at the time? 

Thanks,

Mark