Lync Pool with HLB
Hi,We have a lync pool and configured with HLB.So the HLB virtual IP only opened towards our restrcited network.The problem is when the user from restricted network trying to login to lync they are getting server temporarily unavailable.As per the log analysis we found that the initial request is going throgh HLB IP and HLB forwarding the request to one of the front end server.That fron end server verify the details and telling the client that am not the prefered server and XXXXX is your prefere server.As it is a restricted network the port will not be opened for each font end server.Obviously connection will fail.So is there any alternate way to isolate this issue??bcz we have 100s of such restricted netwok and it is difficult to open the ports towards each FE servers.
October 25th, 2011 2:39pm

Hi Jayakumar ,

Are you saying , your FE boxes are hosted in multiple VLANs ?  If you host all FE servers in same VLAN it wouldn't require to travel across restricted networks and it should solve your issue .

Free Windows Admin Tool Kit Click here and download it now
October 25th, 2011 2:51pm
Hi Saleesh.Thanks for your reply.Here servers are hosted in same VLAN.Client from wher users are login is restricted network.Only HLB virtual IP with 5061 port is opened towards restricted network.So the clients login request will come to HLB virtual IP with 5061 port and HLB will forward the request to one of the front end server.That front end will respond with apropriate prefered server details to client.But the  client doesn't have direct access to that prefered server connection is failed.
October 25th, 2011 3:01pm

You shouldn't be using an HLB for 5061 SIP traffic between Lync clients and servers but should instead be using DNS Load Balancing.  The HLB is used for handling 80/443 traffic to the web services.  The HLB does not proxy the traffic between the clients and servers but serves as a redirector as once the client is authenticated it is routed directly to it's primary Front End server.

Check this article for a deeper explanation as to why you'll need to allow more connectivity than just the single IP/port you current have:
http://blogs.technet.com/b/nexthop/archive/2011/05/25/dns-load-balancing-in-lync-server-2010.aspx

Free Windows Admin Tool Kit Click here and download it now
October 25th, 2011 3:06pm
Bi jeff,Thnaks for the understanding.Recently we moved to Lync 2010.These setup was running with OCS 2007 r2.And OCS 2007 r2 usng the same HLB IP.To reduce the impact we swaped the OCS pool ip with Lync pool.As this port opening procedure is a huge process in our Org.That is the reason i am searching for this solution.
October 25th, 2011 3:12pm
Bi jeff,Thnaks for the understanding.Recently we moved to Lync 2010.These setup was running with OCS 2007 r2.And OCS 2007 r2 usng the same HLB IP.To reduce the impact we swaped the OCS pool ip with Lync pool.As this port opening procedure is a huge process in our Org.That is the reason i am searching for this
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2011 3:21pm
n OCS single virtual IP access is eogh to work.But in lync it is not supporting.We have already opened the VIP towadrs our network.But the  pool concept is totally different in lync.Here in lync perefered servr comes in picture.So without any load balancer pool itself is doing the load balancing functionality by distributing the load to multiple servers.But the problem here is you have to open ports towards all the front end server.VIP concept is not working here.So i am asking any idea how we can utilize single IP concept rather than opening all front end server ports?
October 27th, 2011 10:21am
No ,you can't force Lync client connections only via HLB VIP .  It will failback to preferred server during the registration . Hence you should allow FE IPs also in the firewall for this fucntion to work .
Free Windows Admin Tool Kit Click here and download it now
October 27th, 2011 3:26pm

Hi Jayakumar,

 

I agree with Saleesh. Solution, he suggested is the only practical way. Moreover this is basic requirement of Lync architecture.

The architecture you mentioned was working fine with OCS but is broken when Lync is introduced. Lync has concept of home server as load balancing (SIP Traffic) is the responsibility of Front End. This was not the case with OCS.

So if a user tries to connext to HLB VIP, HLB will route the request to one of FE server whiah may or may not be home server for that user. If it is not the home server for that user than the request will be redirected to correct home server. Now the SIP connection would be a direct connection between FE server and client.   

So to make sure that the setup works correctly, you need to have IP addresses of front end servers accessible to clients for port 5061. The VIP of HLB only wont suffice.

There are no practical work arounds for this. You need to follow the supported and recommended architecture.

Please let me know if you have any questions on this.

 

November 1st, 2011 12:02pm

Hi Siddhart,

Is there any official documentation about this behavior, because we have the same situation.

Thanks in advance.

Saul

Free Windows Admin Tool Kit Click here and download it now
August 9th, 2013 12:51pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics