Replace your Reverse Proxy with IIS Application Request Routing



Just continuing providing possible options to use to publish your Lync web services now that Microsoft discontinued TMG.

I had already written some articles about using other possible solutions to publish Lync web services that you can find them here:

1. Using JetNexus for Lync Web services

2. Publishing Microsoft Lync 2013 Web Services using KEMP

3. Publishing Lync 2013 using UAG

4. Publish Lync URL using Apache Server

Another possible solution to publish your Lync web services & Mobility is using IIS-Application Request Routing (ARR), which is available since windows server 2008 R2.

In this article I will putting detailed step by step guide on how to configure and publish your Lync web services using IIS-ARR installed on windows server 2012 R2, so let’s get cracking

Quick overview about my lab:

· Lync Enterprise Edition Pool consist of 3 frontends

· Lync Edge Enterprise Pool consist of 2 nodes

· One Windows Server 2012 R2 with 2-NIC one connected to iDMZ and one to the eDMZ running IIS-ARR

IIS-ARR Prerequisites & Installation

Install IIS

You need to install IIS on your windows server 2012 R2 while making sure you selected “Tracing” and “.NET 3.5” too

Install Application Request Routing

Now that you have IIS installed, you need to download and install the Application Request Routing “ARR” on your IIS server, this can be down in couple of ways but I will be installing it using

The web installer download from here

Once downloaded, double click on it to start the web installer, and search for “ARR” which will give you list of results, click to add “Application Request Routing 3.0”

Click install and wait for it to finish

Once is done…. Well you know the drill 🙂 click finish

To make sure it is installed open your IIS management console, select your server from the left menu and you should see the “web platform..” icon in the middle

Now all is installed and ready, let’s get your hand dirty in some configurations 😉

Install SSL Certificate on IIS server

First thing first, I will assume you have basic skills working your way around an IIS server, now you must install the internal root certificate of your organization on your local computer store under the “trusted root certification authorities store”.

Second you need to import your Public SSL certificate and bind it to your IIS default website, to do so follow these steps:

· Open IIS management Console

· Select your IIS server and from the “right menu”, double click on “Server Certificates”

· From the right menu and click “Import”

· Browse to where the certificate file is located, put the password for the private key, and then click OK

· You should see your Public SSL certificate

· Expand “Sites” from the left menu, then click on bindings

· Click on Add

· Change the “Type” to https

· Under SSL certificate drop down menu, select the public certificate you just imported and click “OK”

· Click “close”

Configure ARR

Now the fun stuff, creating a server farm in ARR is the way of telling your IIS-ARR where the traffic will hit, it is better than TMG in a way that it is also a load balancer.

You will need to create a server farm for each simple URL you planning to publish, so one for meet one for dialin one for lyncweb and one for lyncdiscover.

Creating Server Farm

· In IIS Management Console, right click “Server Farms” and choose “Create Server Farm”

· Write the name of the server farm (Simple URL you are publishing) in my case I started with Lync External web services “”

· Click Next

· In the “Server Address” box, enter the IP-address of your Lync Frontend server and Click “Add”

Note: if you have an Enterprise Edition Pool, you can enter the IP-addresses of all your Frontend nodes and then ARR will load balance the traffic on it, if you have a HLB then just put the IP-address of it.

· Click on “Advance Settings” and change the HTTP port to 8080, and the HTTPS port to 4443

· On the message that appear, Click yes (this message is to confirm you want to re-route the traffic on the specific ports)

· Do the previous steps to create server farms for meet, dialin and lyncdiscover so in the end you should have something like this

Configure Server Farms

Now that you have server farms created, need to start configuring them, for each server farm you created you need to do the following three changes

Disable Disk Cache

· Click on the server farm you created

· Double click on Cache

· Uncheck the box says “Enable disk Cache”

Increase Time-out of your Proxy

· Click on the server farm you created

· Double click on “Proxy”

· Change the Time-out value to 180 sec

Disable SSL Offloading

· Click on the server farm you created

· Double click on “Routing Rules”

· Uncheck the box says “Enable SSL Offloading”

Edit the URL Rewrite roles

· In the IIS management console, click on the “Server” nor on the Website

· Double click on the “URL Rewrite” icon

There you should find two default rules created for each server farm you created, one with suffix _SSL and one without, as we do not need the HTTP you can either select it and then click on “Disable” on the right menu, or delete it, for me I will delete it 🙂

· So it should look something like this

Now edit each role by doing the following for each one

· Choose the rewrite role

· On the left menu, click on “Add”

· Add the pattern like following with consideration to what role you are changing, so for lyncweb, I used lyncweb.* for meet I used meet.* …etc.

· In “Condition input” box type {HTTP_ and then select “HTTP_HOST”

· Pattern, enter Lyncweb.* (use what you have for the url)

· Click “OK”

Do that for each role and you are done and ready to go.

That’s it

Till next time 🙂

Author: Lyncdude

A Senior Service Engineer with more than 9 years of experience in Microsoft Exchange and Microsoft Lync Server / Skype for Business. Egyptian guy lives and works in Frankfurt - Germany. what is written in this blog is my own opinion and thoughts, not my employer and does not reflect their opinion

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: