Lync Edge and Proxy server public DNS records port forwarding rules

Similar Messages

• Exchange 2013 CAS DNS Round robin Public DNS Record

  Dear All,
    If I am going to use DNS round robin as CAS redundancy. How should I map the public DNS record? Do I need to map 2 public IP for 2 CAS server to the mail domain? THanks
  Best Regards,
  Elroy

  Dear Elroy
  I am not sure about the success rate of your implementations but yes if it is round robin what you require you need add 2 ip addresses.
  Suggestion:
  Why don't you implement a CAS with a load balancer and then you can map the Public IP to the one IP on the Load Balancer.
  Good Luck.

• Publish the port forwarding rules and req. for customers to use the FiOS TV features they pay for!

  Please read this thread and vote.
  http://forums.verizon.com/t5/Share-Your-Ideas-with​-Verizon/Publish-the-port-forwarding-rules-and-req​...

  Here they are, but - yes it would be great if Verizon published these, or at the very least linked to Actiontec's Website, where they publish the rules as well.   or at least sticky some of these instructions here in the forums.   
  Instructional Video's and step by step detailed instructions for port forwarding
  How to enable BASIC Port Forwarding on the MI424WR Verizon FiOS Router (actiontec.com)
  How to Configure Advanced Port Forwarding on the MI424WR Verizon FiOS Router  (actiontec.com)
  PCWintech's guide to portforwarding for the actiontec MI424WR (Verizon Firmware)
  PCWintech's guide to portforwarding for the Westell 327w DSL Modem
  PortForward.com
  I put my vote in. 
  EDIT:  I Didn't realize you were asking for the port forwarding rules to the features, I should have read better.     But yes I agree with that too.   

• Lync edge and two NICs, DMZ and NAT

  I am in the process of setting up my lync 2013 edge server and i seem to be stuck.  We run a external firewall and an internal firewall and have a  DMZ where all of my public facing servers sit that resides between these two   I have things
  like my webservers and edge transport for my exchange servers in here.,   I am in the process of creating my new edge pool topology and have a question.  I am going to NAT my Edge servers from the external firewall so the public IP address is something
  like 12.xx.xxx.xxx and then the DMZ subnet is 192.168.3.x.  For my internal IP address I put the internal IP of my edge server which is 192.168.3.17 and for external setting i put the 12.xx.xxx.xxx IP address even though there is not a NIC in the edge
  server that has that IP since it is NAT'd from my firewall.  Will that work?  The reason i ask is everyone seems to say that this edge server has to have two NICs that has one connected to my DMZ subnet and the other to my LAN subnet but doesn't
  that mean you have a huge hole with a Windows server with one foot in the DMZ and the other in the LAN?  Is htere a way to utilize only one NIC in an Edge server?  I guess i am trying to see if it will work like the edge transport role in exchange.
   thanks.  

  No, you shouldn't ever have an edge server with one foot in the DMZ and one foot in the LAN.  That somewhat defeats the purpose of a DMZ since you've just created a path around your firewall.  What you need is in effect two DMZs, one that communicates
  only with the Internet, and one that communicates only with the internal network.  This is where the two NICs come into play.
  The external facing NIC would get private IPs typically (though they can be public) which are in turn NAT'd to public IPs.  The topology builder knows about the private IPs, but for the A/V edge, there's also a section where you let it know that the
  edge will be NAT'd and what the public IP for the A/V edge is.
  You can get away with just one NIC, on just one subnet.  People have had issues, and it's not supported, but I personally have gotten this to work without issue on several occasions.
  So, if you simply can't have two DMZs, you could give the box one NIC and four IPs.  192.168.3.17, 18, 19, and 20.  Assign 17 as the internal NIC, and 18, 19, and 20 as the access edge, web edge, and av edge.  In the topology builder, specify
  the 192.168.3.X addresses, but also put the 12.xx.xxx.xxx address in the public section.  Put persistent routes on the box so that it knows to use the Internal firewall to get to internal addresses, and the default route should be the external firewall
  (I suspect this is in place for other boxes in the DMZ unless they only talk to the Internet).  Open your ports, add your DNS, install Lync and you should be good.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Some help with migrating exchange 2010 to exchange 2013 + installing another exchange 2010 to be edge-forefront-proxy server

  Hi guys (and girls)!
  Hear me up. The idea is like this:
  A friend of mine has currently Exchange 2010 SP3 in his environment with Forefront Protection installed on it. As we all know Forefront Protection is discontinued in Exchange 2013 environment because Exchange 2013 on-premisses is using integrated tool for
  doing that, but a friend of mine would really like to stick with Forefront Protection because it is "much better tool" then integrated stuff in 2013.
  Ok, so here's the idea. Exchange 2010 SP3 with Forefront is installed on Phisical machine (so, not virtualized) on 2008 r2 std OS. We decided to move to Exchange 2013 because we wanted to achieve DAG on Exchange 2010 but we realized that is not possible
  because 2008 R2 STD OS does not support failover-clustering functionality, but you are able to achieve that on newer OS for example 2012? Ok, so we bought another server, where we are planing to install Vmware Esxi and put two virtual machines on it.
  One Will be 2012 r2 STD OS with Exchange 2013 on it, the other Will be 2008 r2 STD with Exchange 2010 Edge role + Forefront on it. We are planing to move Exchange 2010 production server to virtual machine Exchange 2013, and newly virtual machine
  with Exchange 2010 edge server will only be "a kind of Proxy server with Forefront functionality". What concers me?
  Should we install Exchange 2010 edge transport 1st, or Exchange 2013? I think I have read somewhere after you put Exchange 2013 in production you are "unable" to install any previous Exchange versions is that true?
  One more question about what happens after you install another Exchange 2010 with Edge role in production enviroment? Does installation effects a production enviroment, let's say we do just a clean installation of Exchange + ran updates?
  Which roles do you need to install on Exchange 2010 to achive Edge role? Do you need to have all the roles install for having Edge server (mailbox, hub,cas?).
  bostjanc

  Should we install Exchange 2010 edge transport 1st, or Exchange 2013? I think I have read somewhere after you put Exchange 2013 in production you are "unable" to install any previous Exchange versions is that true?
  already answered by PS CL above
  One more question about what happens after you install another Exchange 2010 with Edge role in production enviroment? Does installation effects a production enviroment, let's say we do just a clean installation of Exchange + ran updates?
  No it does not as long you don't make any changes on send/receive connector and do the EdgeSubscription. As soon as you do the Edge subscription there will be send/receive connector created, so pay attention how to setup the Edge Server.
  Which roles do you need to install on Exchange 2010 to achive Edge role? Do you need to have all the roles install for having Edge server (mailbox, hub,cas?).
  Just install the Edge Transport Server and make sure you install ADLDS services.
  as you have mentioned you are doing to install both Mailbox and Edge server on the same VMware - it is a single point of failure.
  Where Technology Meets Talent

• Redirect public DNS record to url

  I am looking for advise as to what to do. I want to take my mail.xxxx.com record and point it to a url such as http://something.some.thing/mail
  Is this possible to do? It seems like I should be able to do this somehow.
  cheers

  Sounds like you're getting a little confused. There is no correlation between a DNS host entry and a URL - you can't have a DNS record that points to 'http://something.somewhere.net/mail'.
  What you can do is point your DNS entry to an IP address of a server that's running a web server. Now when users enter your hostname in a web browser they'll connect to this server.
  You then configure the web server to automatically redirect to /mail if that's where you want the user to end up. The process would be something like:
  DNS: mail.somewhere.net -> x.x.x.x
  Server x.x.x.x runs a web server.
  Web server redirect / requests to /mail
  Now a user can enter http://mail.somewhere.net/ and end up talking to http://mail.somewhere.net/mail/ thanks to the web server, not the DNS server.
  To do this you'd add a line like:
  Redirect / /mail/
  to your web site configuration.

• Same server 2 DNS records

  Hello.
  I have a Windows Server 2012 R2 Core that have 2 NICs.
  Its has a NIC in the Local servernet (192.168.2.15) , and a NIC in the DMZ net (192.168.3.10).
  My issue is, that the server is registrering 2 addresses in the DNS record on the Domain Controller.
  I only want the Servernet NIC (192.168.2.15) in the DNS record.
  I know that you under the local NIC can disable, that a interface should register in the DNS.
  My only issue is, that im running the Core version - so i dont have access to this...
  I have tried several netsh commands, but niether of them seems to Work.
  How should i "fix" this issue?
  Any help would be appreciated :)
  Datatechnician

  easy way would be netsh:
  netsh interface ipv4 set dnsserver source=static address=192.168.1.10 register=none
  http://technet.microsoft.com/en-us/library/cc738592(v=ws.10).aspx#BKMK_5
  or  you could even configure it through registry
  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\<YOURGUID><interface>\RegistrationEnabled to 0</interface>
  MCP/MCSA/MCTS/MCITP

• Directory Proxy Server Public API

  Where to find Directory Proxy Server (6 or 7) public API?
  Thank you

  Well, DPS is mainly a LDAP proxy, so upon reception of a bind, it will forward it to a LDAP directory server that would compare the credentials with the standard userPassword attribute.
  DPS can be also used OOTB as a Virtual Directory to provide a LDAP view of non-LDAP data, e.g a SQL database: In that case, DPS implements natively the bind operation, that is, it retrieve the user password from the SQL db, then compare
  it with the credentials provided by the client. In that case, the user password can be retrieved from any SQL column.
  So to achieve this with a LDAP backend, a DPS bind plugin would have to get the user password from the target LDAP entry and do the comparison. A secured channel between DPS and the backend would be required to exchange such sensitive pieces of information. Technically, this would work only if you plan to use LDAP for authentication only (bind only), because the backend LDAP directory server would not consider user entries w/o userPassword attribute as regular accounts (with associated access rights).
  Could you explain where you requirement comes from?
  Thanks
  -Sylvain

• ITunes 10.6 and proxy server connection

  Hello,
  I was using iTunes, in a network enviroment with a proxy server, since yesterday when I updated it to 10.6 version.
  Troubles began...
  My IE settings about proxy server are correct, and my network admin did not change anything in out proxy configuration. Thus, I checked IE proxy settings, and they are ok (http://support.apple.com/kb/TS1470). Restared my PC, but iTunes after the login to my proxy server (NOT with appleid of course but with my network account - and it's works, I'm sure about it) cannot go on, with a 12002 error.
  So, IMHO iTunes 10.6 proxy support is broken...

  Ok...here's a workaround for Windows based computers.  Not an ideal solution but it works. For those of you on a corporate network, I highly suggest you get this approved before you implement it.
  You will need to download and install Cntlm Authentication Proxy. The link is...
  http://sourceforge.net/projects/cntlm/files/
  Once installed...find the cntlm.ini file located in the c:\Program Files or c:\Program Files(x86) folder and open it with notepad. Modify the following lines to match your network/proxy configuration...
  Username    
  Domain        
  Password
  Proxy
  Once you save the cntlm.ini file go to Services and start the Cntlm Authentication Proxy service...or you could simply restart the computer.
  The last step is to configure your browser to use the following address as a proxy server...
  127.0.0.1 port 3128 (3128 is the default listening port used by cntlm and can be changed in the cntlm.ini file)
  As I said, this is not an ideal solution as your network username and password are stored in the cntlm.ini file as clear text and if you ever change your network password you will need to change the cntlm.ini file as well. This is also why I suggest that those of you on corporate networks get approval for this before you install since this is a potential security risk. But this does resolve the proxy authentication pop up issue with iTunes and for anyone attempting to use Dropbox and having similar proxy issues this solution works for Dropbox as well.

• Communication between mobile browser and proxy server

  hi
  I am trying to connect to internet in mobile through my proxy server.I wrote codings for that.Using my code i am able to get the request from the mobile browser but the problem is i am unable to connect to the proxy server
  The following is my code for sending the request to the proxyserver and getting back the response:
  s = (SocketConnection)Connector.open("socket://"+hostname+":"+port);
  /*OutStream to write the request to the proxy server*/
  OutputStream out = s.openOutputStream(); PrintStream outw = new PrintStream(out); outw.print(requestHeader +"\r\n"); /*Inputstream to read the response from the proxy server*/ InputStream in = s.openInputStream();
  /*writing the response in the browser */
  byte[] buffer = new byte[1024];
  int len;
  while((len = in.read(buffer)) > 0) {
  os.write(buffer, 0, len);
  is my coding correct?or i need to change anything in my codings?
  This coding is working fine in emulator and displaying the correct output in the desktop browser.but in mobile it is not working?
  Thanks a lot

  hi
  yes nothing is returned from the browser
  request from the browser means
  whenever u type say,www.google.co.in in your browser
  the following type of request will go to the proxy server,after getting the request the proxy server will check for the host address and then it connects to the webserver and get the response and send it back to the browser.
  for google page the request is
  GET http://www.google.co.in/ HTTP/1.1
  Host: www.google.co.in
  Accept: text/html, application/vnd.wap.xhtml+xml, application/xhtml+xml, text/css, multipart/mixed, text/vnd.wap.wml, application/vnd.wap.wmlc, application/vnd.wap.wmlscriptc, application/java-archive, application/java, application/x-java-archive, text/vnd.sun.j2me.app-descriptor, application/vnd.met.ticket, application/x-wallet-appl.user-data-provision, application/vnd.oma.drm.message, application/vnd.oma.drm.content, application/vnd.wap.mms-message, application/vnd.wap.sic, text/x-co-desc, application/vnd.oma.dd+xml, */*
  Accept-Charset: iso-8859-1, utf-8, iso-10646-ucs-2; q=0.6
  Accept-Encoding: gzip,deflate,identity;q=0.9
  Accept-Language: en
  Cookie: PREF=ID=dc8dc6e63dab6e09:TM=1156324791:LM=1156324791:S=FgovcdMV93Mm4Li7
  Cookie2: $Version="1"
  User-Agent: Nokia6630/4.06.0 Series60/2.6 Profile/MIDP-2.0 Configuration/CLDC-1.1
  x-wap-profile: "http://nds1.nds.nokia.com/uaprof/N6630r100.xml"
  in the code u have given the value of the host is http: only

• Direct Access and Proxy server...

  I've followed the step-by-step instructions for demonstrating UAG DA in a test lab. It all works fine.
  Now I've configured TMG on the UAG server to act as a web access proxy and created a group policy to apply the proxy settings. It seems that the DA Client applies this policy and tries to use the proxy server for internet access when outside of the Intranet. How do I configure group policy to force the client to use the web proxy when connected to the Intranet, but not when outside the Intranet and connected using DA?
  Thanks all,
  Neil

  Hi Neil,
  I don't think you'll be able to bounce back through the UAG server that the DA client is connected to, since the TMG configuration required isn't with support boundaries.
  However, you can configure the DA clients to use another TMG firewall on your network to connect to the Internet through the Web proxy. You will need to take advantage of the DNS64/NAT64 on the UAG server to connect to the FQDN of the outbound web proxy listener on the TMG firewall. That will translate the IPv6 request to a IPv4 request, and since the TMG firewall's web proxy will perform name resolution on behalf of the client, then client doesn't need to worry about that.
  That's how it's supposed to work. I'll try to stand this up in the lab and see what it works in practice.
  Thanks!
  Tom
  MS ISDUA/UAG DA
  Anywhere Access Team

• I have the new Air Port Extreeme model A1521 and I need to set up port forwarding for HTTP. HTTP is not on the list in the set up. Does anyone know if any of those choices work for HTTP?

  I am on a Windows 7 Ultimate PC and right now there is no Airport utility for setting up the new Apple Extreme so you have to do it on your iPad or iPhone. Does anyone know how to set up port forwarding for HTTP to get to DVR security cameras? There is nothing in the list that indicates HTTP port forwarding.

  Thanks for your reply Tesserax as I did figure this out on my own. It took a bit because all of the options are not clear what they are for like the previous Airport Extreme and Apple does not support or guarantee that port forwarding will work for you application nor did any of the Apple support persons I spoke too have any knowledge for this feature. You also have to fill in the public if you are viewing through someone else's Wi-Fi or on your cell phone carrier network. This new Airport Extreme is a bit different since you cannot use the Airport utility on a PC like the older model and if anyone else is reading this they should be aware that if you do not have an Apple computer, iPhone or iPad and I'm not sure if some of the other network enabled devices like iPod Touch that you must use that can do it, there is no Airport utility for the PC and you would be wasting your money or have to take it back and get another brand wireless router to use if you do not own any of the above mentioned Apple products.

• FiOS and World of Warcraft...Port Forwarding Issue

  So for some reason ever since I got FiOS I havent been' able to connect to WoW. Last night I tried to tackle the problem. I following the directions on portforward.com to forward the port in my router. I set it up but when I try to check for the open port via a port check website is says the port ISNT open.
  I am using an iMac G5 with a Westel router. anyone else experience this problem? If so how did you fix it. I called Verizon support and was informed that 'port forwarding is unsupported and we won't help you'
  About ready to cancel FiOS and go back to cable.

  #1 Are you trying to connect to other users OR are you trying to allow other users from the net to connect to you?
  #2 Which port checker site did you use?
  #3 I know that it did not say open OR Success. What did it say?
  #4 What is security level of the router set to? In the guides for that router, they show typical (medium).
  ^^^
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• DNS records to be created for Lync deployment (Internal and External)

  Hi There,
  If I want the Lync server environment to work Internal as well from External in all the aspects. (auto-discover, meetings, AV conferencing,web conferencing, voice integration, mobility etc), please answer to the below questions and also their purpose please.
  I'm not sure whether the answer varies for 2010 and 2013 version.
  1. What are the Internal and External(public) DNS records to be created for the reverse proxy(assume i'm using TMG servers), and their purpose?
  2. What are the Internal and External(public) DNS records to be created for Lync Edge server, and their purpose?

  I'll try to answer as well.
  1) For the reverse proxy, you'll need to publish the following:
  External:
  lyncdiscover.sipdomain.com (You'll need this record for every sip domain you have).  This is for client autodiscover.
  external web services FQDN (You'll need one of these per pool, you get to choose the name).  This is for address book downloads, web conferencing, etc.
  Meet.sipdomain.com (You can choose the name here, and have one per sip domain or one for the whole org).  This is for web conferencing.
  Dialin.sipdomain.com (You'll just need one here, it doesn't have to be dialin).  This is for changing your conferencing/phone pin, resetting conference info, and general conferencing info.
  For Lync 2013 only, you may want the Office Web Application server pool name as well for PowerPoint sharing.  Lync 2010 doesn't use this.  
  Internal:
  The external web services FQDN.  You'll need this available internally through the reverse proxy so you can redirect requests on port 443 to port 4443.  This will be used for mobile devices on WiFi.
  2) For the Edge server:
  Externally:
  sip.sipdomain.com (you'll need one per sip domain) this is an autodiscover/multi use FQDN and should point to your access edge IP.
  webedge.sipdomain.com (edge web conferencing, you can pick any name you like).
  avedge.sipdomain.com (av edge, you can pick any name you like).
  accessedge.sipdomain.com (you'll need a name for the access edge role, however you can just use sip.sipdomain.com and save a name in your certificate request).
  Internally:
  edgepool.sipdomain.com (you can pick any name you want, it's just the name assigned to the internal edge interface.
  If you choose to have a single ip for the external edge, you can get away with just an access edge name and/or sip.sipdomain.com
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Internal and Public DNS conflict breaks mail

  History:
  We set up a new Mac Mini Server to replace our existing Server. The Mac Mini Server is setup behind a Time Capsule, which acts as our router and DHCP server. It also acts as our firewall on the public IP address and forwards mail to our internal server. Our situation is almost identical to the example situation on page 18 to 19 in the 'Getting Started' guide.
  Our ISP acts as our DNS server and they host our public website. They also used to host our mail, but we have now moved the mail to our new in-house server. We asked our ISP to update their MX records to point to our static public IP address. Public DNS records for server.mydomain.com also resolve to this IP address.
  When we originally set up the new mac mini server, the ISP had not yet updated the MX records. I am wondering if this affects how the Server sets up DNS on the local server machine?
  Issue:
  The local server machine on the local LAN is called server.mydomain.com, which resolves via local DNS (hosted by our server) to the server's internal IP address. (The local DNS server was setup automatically by the Server during initial installation / setup.) This conflicts with with public DNS records which identify server.mydomain.com with our public IP address at 205.200.19.225. This somehow causes confusion for the server which consequently seemingly randomly resets our domain (mydomain.com) and host name (server.mydomain.com) settings under Mail settings - which breaks our mail service. (We then edit these to the correct settings and all works again.)
  I spoke to an Apple tech and they advised that we reinstall the Server operating system, using a local server name that differs from the public name. e.g. server.mydomain.lan (local) vs. server.mydomain.com (public).
  *This may seem like a dumb question*: Would it be easier to keep our local host and DNS set up to server.mydomain.com and then rather have our ISP change the records for our public address / IP to mail.mydomain.com or public.mydomain.com? If we could make the change via the ISP's records versus our own, then it would save us a lot of work.
  *A second potentially dumb question:* Since we rely on our ISP for DNS name servers, could we delete / stop the local DNS server for the local network and just use straight IP addresses instead?
  *Plan of Action:*
  Assuming that there is not an easy fix via the ISP's DNS records, then I'll reinstall the operating system and use server.mydomain.lan as the local machine and domain name. If I do this, then what should I be using as the domain and host name settings in mail? .com or .lan?
  Should there be any need to manually configure DNS settings to make Mail work?

  Mr Hoffman and Corbywan - thanks for the interesting and educational discussion. I must admit that I am still a bit confused and would appreciate any further help in understanding this issue!
  *My situation:*
  - Server on a LAN, which sits behind a Time Capsule router.
  - The Time Capsule router serves DHCP and Internet to the LAN and sits on our public static IP Address.
  - Our ISP has set up MX and domain records to forward public requests for our domain to our static IP address.
  - Time Capsule acts as our firewall and forwards Mail and other incoming services to our internal server via port forwarding.
  - Local DNS service is provided by the local server so that it can provide services to the local network. Non local requests are forwarded to the ISP DNS service.
  *The problem*
  We seem to have established that Snow Leopard Server breaks when the internal domain name matches the public domain name, because of conflict between the internal and public DNS which resolve to different IP addresses for the same domain.
  *The solution*
  I am looking for the easiest and most basic way to fix this problem. My understanding is that the simplest would be to reinstall our Snow Leopard Server to a new and different local domain name.
  I am thinking of using server.example.lan for our local LAN domain name - which would be resolved to our private IP address via local DNS on the local server. I would be keeping server.example.com for our public domain name - which would be resolved to our public IP address, which would be forwarded from the Time Capsule to the internal server.
  Now where I start getting confused is this: If Snow Leopard Server requires a Fully Qualified Domain Name to do things like send mail, then do I need to register my internal domain name? And how would this resolve from a public DNS server to the internal private IP address? Or is it more an issue where as long as the internal (albeit 'fake') domain name does not conflict with an existing public domain name?
  *Other items:*
  After setup, I will verify that Snow Leopard Server has setup our local DNS correctly for local DNS service.
  If I understand correctly, I would set up Mail Settings - 'Domain Name' as the local domain name: i.e. example.lan and I would set up the Host Name as server.example.lan - is this correct? Would this work if these are not FQDN?
  How does the mail server reconcile these local domain names with the public domain names? I assume that I need to check the box at Mail - Settings - Advanced - Hosting: "Include server's domain as local host alias" ? Or would I manually add an alias to the Local Host Aliases under the same tab?
  Thanks!