Hi everyone,

I'm installing a Lync 2013 test environment.

This is just for testing and I can't spend too much money on it.

Because of that I want to try to get external access without installing a reverse proxy and with only one public IP address on the edge server.

I know this is not recommended, but I would still like to know if that's possible, and how I can do this.

I'm following this tutorial for configuring the edge: http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/

Thanks

Hi,

If the PC/Notebook is domain joined you can connect externally. You will loose the ability to have Lync Meeting, Mobility, Address Book download/Query or any service provided by Reverse Proxy.

David

U can install edge server using single public IP, make sure you have correct Public DNS records,

A -->sip.contoso.com-->map to public IP

SRV-->_sip._tls.contoso.com-->map to sip.contoso.com on port 443

and if u want federation then below SRV

SRV-->_sipfederationtls._tcp.contoso.com-->map to sip.contoso.com on port 5061

For installtion and deployment of edge follow the same article which u mentioned in the question.

Praveen,

Thanks for your help.

I have one question: Those two records, do I have to create them at my internal DNS or at my external? I'm a little bit lost when it comes to DNS.

I don't use federation. That's not relevant for my test environment for now.

Hi Dragonis,

Yes, it is possible to access to logon external if you have an Edge server in DMZ.

The link you provided using three public IPs, so it is not apply for you.

You can use one public IP with NAT to the private IPs of Lync Edge three services (Access Edge service, Web conferencing service and A/V service).

You can refer to the following link about deploy Edge server with One Public IP:

http://terenceluk.blogspot.in/2013/01/deploying-lync-server-2013-edge-server.html

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

The Reverse Proxy server is an optional, external component that is not a Lync Server role and is not defined in the Lync Topology.  The reason this component is considered optional is because without it deployed an external Lync client can still connect to Lync and most features will function (IM, Presence, Calls, Desktop Sharing, etc.) as will federated communications.  Only the feature listed on the link below will not be available to external clients, which although are important in a fully functional deployment they are not critical.  Yet best practice is always to provide for these features by publishing the internal web services. A Reverse Proxy is also required to support any external Mobility client connectivity.

http://technet.microsoft.com/en-us/library/gg398069

Best Regards,

Eason Huang

• Marked as answer by Kent-Huang Tuesday, October 22, 2013 2:29 AM

Hi Dragonis,

Yes, it is possible to access to logon external if you have an Edge server in DMZ.

The link you provided using three public IPs, so it is not apply for you.

You can use one public IP with NAT to the private IPs of Lync Edge three services (Access Edge service, Web conferencing service and A/V service).

You can refer to the following link about deploy Edge server with One Public IP:

http://terenceluk.blogspot.in/2013/01/deploying-lync-server-2013-edge-server.html

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

The Reverse Proxy server is an optional, external component that is not a Lync Server role and is not defined in the Lync Topology.  The reason this component is considered optional is because without it deployed an external Lync client can still connect to Lync and most features will function (IM, Presence, Calls, Desktop Sharing, etc.) as will federated communications.  Only the feature listed on the link below will not be available to external clients, which although are important in a fully functional deployment they are not critical.  Yet best practice is always to provide for these features by publishing the internal web services. A Reverse Proxy is also required to support any external Mobility client connectivity.

http://technet.microsoft.com/en-us/library/gg398069

Best Regards,

Eason Huang

• Marked as answer by Kent-Huang Tuesday, October 22, 2013 2:29 AM

the one which i mentioned before are all external records.

This is so wrong.

When using single public IP on edge server, SRV record for _sip._tls.contoso.com should map to sip.contoso.com on port 5061. Not 443 which is the default when you're using three IP addresses. Lync setup actually sets sip to 5061, webconf to 444 and av to 443.  The SRV will therefore map to av according to your suggestion and not sip.

http://techdom.nl/microsoft/configuring-lync-2010-single-public-ip-address-external-access-port-summary/

This guy wins the Internet.  Why is it that Microsoft's own documentation gets this wrong?  Either way, I'm glad I found this because I surely didn't want to waste 3 IP addresses on my Edge server.  I incorrectly had my _sip._tls.domain.com record on port 443 and wasn't suspecting anything amiss until I noticed my Lync qualified handset trying to make a TLS connection on my sip.domain.com server at port 443.

MICROSOFT: please make this VERY clear in your Lync documentation!