Publishing Lync using UAG 2010


Today I will be writing a guide on how to configure UAG 2010 to publish Lync 2013 URLs. I’m not going to write about how to install UAG, but there is a lot of blog articles that you can use to help you installing UAG which is a straight forward setup.

Before you start with configuring your UAG you need to know a thing or two about UAG and Lync, it look like that officially publishing Lync using UAG is not supported.

According to Ben Ari from the Microsoft UAG CSS Team:

“UAG does not support accessing Lync using Lync Mobility on any platform, nor the use of the Lync software client. The only thing that IS supported is using the Web-based version of the Lync client. For customers who need to publish Lync for Mobility and the software client, Microsoft recommends publishing the Lync Edge server using TMG, or a comparable transparent-publishing firewall solution (note, though, that using the TMG server that’s on your UAG server is not supported for this purpose)”

So just keep that in mind 🙂

Certificate Requirements:

UAG same like TMG require a public certificate when publishing Lync URLs. In nut shell consider the following:

1. Lync 2013 has some limitation when it comes to use wildcard certificates.

2. You need SAN Certificate (Single Certificate which has multiple hostnames embedded into it)

3. Your certificate need to have the following URLs in it with this order:

a. Lync Primary Publishing URL “”

b.UAG trunk URL

c. Lync meet URL

d.Lync dial in URL

e.Any other URL you need

4. Make sure that the SN of the Certificate is the same as your first SAN entry (so the SN of the certificate to be your Primary Publishing URL as well as the first entry of your SAN)

Create Trunk

· start UAG and in left side menu right Click HTTPS, Then” New trunk”

· In the “create trunk wizard” click “Next”

· in Select Trunk Type, select portal trunk

· click next

· In setting The trunk, type the name of the trunk, public host name and external IP-address you will be using

· click next

· specify the Server that will authenticate users, this is not important, as we will Configure the trunk later not to authenticate users

· Click next

· select the Correct Certificate you issued to use for publishing your Lync, the public certificate you ordered.

· Click next

Add Lync Application

now you need to add the Lync applications (URL) you want to publish

· under “Application” click “Add”

· In welcome Screen, click next

· in Select Application, under “web” Select Microsoft Lync web App 2010

· Click next

· In Configure Application, write “lyncweb”

· click next

· In select Endpoint Policies page, select the policies and click next.

· In Deploying an application page, select configure an application server and click next.

· In web servers page, write the IP-address or host name of your front-end server, pool or Director.

· Click next

· Uncheck “use SSO”

· Click Next

· In Portal Link page, make sure to delete “dialin” from the end of the application URL.

· Click Next

In Authorization Page, click next.

· Click finish

· Do the same and add the Lync discover, you might get duplicated entries for meet and dialin, delete them.

· Click on LyncWebdialin and then edit

· Go to “Web Services” tab, and edit the Address and Public Name of it to point to the correct ones.

· Do the same with LyncWebMeet.

· Your Trunk in the end should look something like this

Configure the Trunk

In the trunk you created you find a “configure…” button Click it

· Go to the authentication tab

· Uncheck the box says “require users to authenticate at session logon”

· Check the options “Disable computer installation and activation”

· Check the option “disable scripting for portal application”

· Click ok.

· Now you have published your Lync URLs

Final tweaks

· To allow Lync Mobile client to authenticate and to update the presence, you need to enable “Allow POST requests without a content-type header” , under “Web settings” tab.

· Edit the trunk to allow Lync Web App to upload and use PowerPoint Presentations.

· Click on the “Configuration button for the trunk”

· Go to the “URL Set” tab

· Click on “Add Primary”

· Enter the following in the “Name” field = Lync2010_UCWA

· In “Action” Field = Accept

· In “URL” Field = /UCWA/.*

· In “Parameters” Field = Ignore

· In “Methods” Field = PUT, POST, GET

· Click Ok

By this you finished publishing your Lync URLs and Mobility, you can test it.

Author: Lyncdude

A Senior Service Engineer with more than 9 years of experience in Microsoft Exchange and Microsoft Lync Server / Skype for Business. Egyptian guy lives and works in Frankfurt - Germany. what is written in this blog is my own opinion and thoughts, not my employer and does not reflect their opinion

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: