Pro-Exchange,Lync & Office 365
Belgian Microsoft Unified Communications Professionals
Microsoft Exchange Server, Microsoft Lync Server & Office 365
Publish Reverse Proxy URLs for Lync Mobility Discover Service with ISA/TMG

You only need to create a new rule for the the Lync auto discover service.  The full functionality uses just the regular External Webservices URLs.

For more info on the previous steps go to this article:
http://www.pro-lync.be/blogs/lync2010/archive/2011/12/09/first-lync-mobility-installation-overview.aspx

Create a new Web Publishing Rule

clip_image001

This is obviously an allow rule

clip_image002

Depending how you load balance or whether you have standard/enterprise edition this might be different on your end.
ISA/TMG supports coockie based load balancing (requirement for external web services URLs) if required in your deployment

clip_image003

You have to select SSL to the server/loadbalancer

clip_image004

Enter the name of the webservices loadbalancer or pool

clip_image005

You have to select to forward the original host header

clip_image006

The public name is lyncdiscover.<domain.com>

clip_image007

Select the correct listener (preferably both port 80 & 443)

clip_image008

Select authentication settings (Depends on your security requirements)
This setting is different from Microsoft recommendations "No Delegation, and Cannot Authenticate Direclty"

clip_image009

Remove All Authenticated Users and replace this with All Users (No Authentication)

clip_image011

Finish

clip_image012

Now you have to change the following tab on the rule

clip_image013

You have to include both HTTP and HTTPS and forward to the correct ports

HTTP    => 8080

HTTPS => 4443

clip_image014

Change the authentication option for HTTP on the Listener.
(you might need a new listener for security reasons so that the listerner never sends authentication)

Publish your rules and test…


Posted 12-13-2011 3:09 by Johan Delimon
Filed under: ,

Comments

Kofl wrote re: Publish Reverse Proxy URLs for Lync Mobility Discover Service with ISA/TMG
on 01-23-2012 3:16

Shouldnt the publish rule bridge to the Mobility Service Ports McxSipExternalListeningPort 5087?

Thanks for info.