Archive: May, 2012

Publish Lync with UAG

11 comments May 24th, 2012

Do you use Microsoft Forefront UAG 2010 to publish Lync and having problems to get it to work?

My co-worker Robert had struggeled with this for some time, but finally he managed to get Lync and mobility to work over UAG.

First we tried using the TMG part of the UAG and it worked, but I could not restart the server after the configuration. If I restarted the server the HTTP and HTTPS traffic was blocked by the default rule of the TMG. Other weirdo’s did also happened if we changed the UAG config.

We started a SR with Microsoft and they told us that using the TMG part of the UAG was not supported. It can work in some cases but if you do some configuration changes in UAG it can be broken. MS says that you should never touch the TMG settings on a UAG server.

So here is what we did on the UAG:

We added one more public IP address to the External leg of the UAG, so we have two IP addresses for Lync. One IP for lyncweb, meet and dialin. The second IP was dedicated for lyncdiscover.

We created a new HTTPS trunk for lyncweb, meet and dialin and changed the Session settings like this:

Important: The “Disable scripting for portal application” have to be ticked on the Lync trunk. This cannot be ticked on a trunk for i.e. Exchange or SharePoint. Therefor you have to create a new dedicated trunk for Lync.

We created a new http trunk for lyncdiscover and changed the Session settings like this:

Our uag console now looks like this:

The https Lync looks like this:

The http lyncdiscover looks like this:

Update:

Mobile clients will get logon servers unencrypted if you configuring the lyncdiscover on a HTTP trunk. You can skip the extra IP and configure the lyncdiscover on the Lync HTTPS trunk by doing:

Credit to Robert for getting this to work. Hope it will work for you too 🙂