Lync Reverse Proxy Alternatives

Similar Messages

• Using IIS AAR as a reverse proxy for Exchange 2010 & Lync 2013

  hi
  i am planning to use IIS AAR as reverse proxy solution for both Exchange 2010 & Lync 2013 . need clarifications on the below.
  Is it production ready proof solution of using IIS AAR as a reverse proxy solution , if yes what is the sizing considerations for the same.
  Can we have exchange reverse proxy and lync reverse proxy on the same IIS ARR server.
  Is there any special consideration(license/certificates/cal licenses) needs to be taken care while using this solution
    4.  Deployment Guide available?

  hi steve.. thanks for reply..
  1 have gone through that.. however having both exchange & lync reverse proxy on single server is unanswered and the reason for having this in exchange forum is to have consideration from exchange prospective as well ... 
  I am also wondering this.  Can both exist on the same set of proxy servers?  I also plan to have a load balanced solution.  Has anyone had any luck with doing that?

• What is the alternative to TMG/ISA For SSL-Bridging-Capable Reverse Proxy For System Center 2012 R2 IBCM?

  When I look up alternatives to TMG many other answers say something like "Don't worry about it. TMG 2010 is under support until 2020."
  Well, we don't have TMG and can't buy it since it is off the market.  Can it still be legitimately purchased through any resellers?
  We need a reverse proxy that specifically supports SSL-Bridging so that device certificate authentication is not broken when the connection passes through the proxy.
  Which reverse proxies that are currently on the market are known to work successfully with System Center Config Manager Internet-Based Client Management and also with other Microsoft products such as Lync 2010 and RD Gateway 2012 R2?
  Do any Cisco ASA or ACE models support the required functionality for machine certificate authentication?
  We have ISA 2006 licenses available, but I would hate to roll that out and then have to replace it in only 2 years rather than using something that can stay in place long term.  Maybe we could use ISA 2006 temporarily as a stopgap if the next version
  released of Windows Server Web Application Proxy would meet the requirements and can be deployed in production before ISA 2006 is completely EOL.
  I hate that Microsoft keeps discontinuing all the related products to this before they have their replacements ready.

  Hi,
  You are correct, all TMG product sales officially ended in December 2012.
  In addition, an ISA Server and a TS Gateway server can be used together to enhance security for remote connections to internal network resources. However, it
  seems that ISA 2006 cannot support that on Windows Server 2012 R2. For more detailed information:
  Configuring the TS Gateway ISA Server Scenario
  Personally, Web application proxy would be an alternate. In addition, for the question related to Cisco product, you can contact Cisco for assistance.
  Best regards,
  Susie

• Lync 2013 edge-no reverse proxy question

  I deployed lync 2013 edge server and no reverse proxy yet.I am trying to connect from my windows 7 machine with no luck and I can see a top reset on the firewall,my question is is reverse proxy required for the normal client to connect and do basic IM?
  Plz confirm.thx

  *****Update**********
  now when i am trying to test connevity using microsoft connecvitry analyer i am getting error realted to the external certifictare stating that " certificate couldn't be validated because SSL negotiation
  wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation." with UC troubleshotter i am getting the same.any idea?
  PS certificate is from Digi
  cert and i have checked the installation with thier tool and all was green
  regards
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with
  the certificate installation.

• Issues using IIS 8.5 with ARR 3.0 as Reverse Proxy for Lync 2013

  Dear reader, after searching for a day without finding a solution to my problem I end up here ;-)
  Working Lync 2013 environment (gradually adding functionality) consisting of 2 FE servers, Persistent Chat Server, Web Apps server, Edge Server, Reverse Proxy Server (IIS 8.5/ARR 3.0), SQL Server.
  Set up a fresh Windows 2012 R2 with IIS 8.5, installed ARR 3.0 and followed along this
  TechNet article.
  So far so good, external clients (incl. mobile phone apps) can all connect.
  Now trying to add Web Apps to the reverse proxy, which is slightly different from the others by not forwarding 80/8080 and 443/4443, but just 80 and 443 to internal Web Apps server.
  After creating the server farm/URL rewrite, browsing to the webapps.FQDN/hosting/discovery ends up with a 404 error (instead of XML, which is shown when try from the LAN).
  After moving this rewrite rule to the top, it started working, but now my lyncdiscover.FQDN stops working.
  Ofcourse moving the webapps rule down restores the lyncdiscover.
  Any ideas? (everything setup as described in above mentioned TechNet article, so using wildcards. Tried fiddling around with webext.* and lyncdiscover.* and so, but no luck. (I'm completely new to ARR)
  Thanks,
  Barry

  Can you confirm that for each URL Rewrite Rule, you have an {http_host} record that matches something like webext.* as you referenced above and as seen in step 15 here:
  http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
  It might help if you posted a screenshot of your URL rewrite rules.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Lync mobility and HTTP authentication test failed. Is reverse proxy required?

  I currently have the following setup.
  1 x 2013 edge server lync1.local.com
  has 3 dmz ips for external names 
  has 1 internal ip
  2 x 2013 std front end servers lync2 & lync3.local.com
  Ive read that in 2013 the mobility service is installed automatically on the front end servers and i do see it running on both.
  All my clients can connect from the windows and mac clients(internally and externally) but not from phone or windows app store client (internally or externally)
  running the exchangeconnectivity test on the website i get the following error
  Testing HTTP authentication methods for URL https://lyncdiscover.external.com/Autodiscover/AutodiscoverService.svc/root/user.
    HTTP authentication test failed.
  Additional Details
  A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
  HTTP Response Headers:
  X-MS-Server-Fqdn: lync1.local.com
  Connection: close
  Content-Length: 64
  Content-Type: text/plain
  Server: RTC/5.0
  Elapsed Time: 427 ms.
  After some reading I notice that many people refer to a reverse proxy when dealing with mobility.
  I do not have a reverse proxy server installed. Is this required for the mobility to work correctly? I cant just use the edge server?
  Thanks in advance for any help.

  Take a look at Georg Thomas' blog: http://www.lynced.com.au/2014/04/configure-citrix-netscaler-vpx-as.html also the Citrix official documentation: http://www.citrix.com/global-partners/microsoft/netscaler.html 
  Please mark posts as answers/helpful if it answers your question.
  Blog
  Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

• Sophos Firewall\Reverse Proxy With Lync 2013

  We currently have Lync 2013 deployed internally and working like a champ for about 5 months now. We are in the process of trying to get this rolled out externally and running into issues.
  It seems we have the ports opened up properly but the MS remote connectivity analyzer comes back with certificate error "The certificate couldn't be validated because SSL negotiation wasn't successful.
  I'm pretty certain our certificates are correct for the external edge server and the external firewall\Reverse proxy. From the Lync planning tool we have been following it and so far successful until the certificates. The certificates tool shows we should
  have the following certs assigned: (keep in mind we have 2 separate certificates assigned)
  Edge Server External
  Subject name: lyncaccess.domain.com
  SAN:webcon.domain.com and sip.domain.com
  Reverse Proxy:
  rp0100.domain.com (reverse proxy FQDN does resolve)
  SAN: dialin.domain.com, meet.domain.com, and temwac.domain.com (office web apps server)
  We requested the certificates from Go daddy and have them installed and the SANs are in there correct. The connectivity analyzer is able to get to our server using autodiscover over port 443, we see the traffic come in through the firewall and nothing is
  blocked just the certificate could not be validated.
  Has anyone deployed Lync using the Sophos UTM as a reverse Proxy any other ideas as to what we are missing with these certificates?
  The certificate couldn't be validated because SSL negotiation wasn't successful.
  The certificate couldn't be validated because SSL negotiation wasn't successful.

  lyncdiscover.domain.com does not resolve. Discovery is working fine through the connectivity analyzer. We actually figured that part out about the SSL. It seems we had the firewall and Reverse proxy rules in place on the Sophos appliance but the firewall
  rules leaving the edge server were being blocked. It took us about 1.5 days to figure that part out.
  The connectivity analyzer now is able to authenticate the certificates successfully. Of course it wouldn't be a Lync roll out without the next issue coming up.
  The next issue we have is the connectivity analyzer reaching the AV service. Which we are going to assume is a routing issue as well and are currently troubleshooting it:
  Couldn't sign in. Error: Error Message: The endpoint was unable to register. See the ErrorCode for specific reason..
  Error Type: RegisterException.
  Deregister Reason: None.
  Response Code: 504.
  Response Text: Server time-out.
  http://social.technet.microsoft.com/Forums/lync/en-US/f95c47cc-f8eb-4646-bdac-6c7244b26ff1/couldnt-sign-in-error-error-message-the-endpoint-was-unable-to-register-new-deployment?forum=ocsplanningdeployment
  Wish me luck.

• Combining Lync Edge certificate of Reverse Proxy

  I wonder if the creation of a certificate from the combined Lync Edge server names and Reverse Proxy will work?
  Wants to create a certificate for Lync Edge with CN = sip.domain.com and add names required for the Edge and Reverse Proxy as an additional DNS:
  sip.domain.com 
  webconf.domain.com
  webext.domain.com
  meet.domain.com
  dialin.domain.com
  lyncdiscover.domain.com

  Hi,
  Yes, you can use the same certificate for both Edge Server (external interface) and Reverse Proxy, which SAN including all Edge Server and Reverse Proxy needed (such as: webcon.contoso.com, sip.contoso.com, webext.contoso.com, meet.contoso.com, dialin.contoso.com,
  lyncdiscover.contoso.com, and so on).
  More details:
  https://technet.microsoft.com/en-us/library/gg398519.aspx?f=255&MSPPError=-2147217396
  https://technet.microsoft.com/en-us/library/gg429704.aspx
  There is no special SAN for federate with Skype. However, the certificate must be the public SAN certificate.
  Best Regards,
  Eason Huang
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Eason Huang
  TechNet Community Support

• Publish Lync Externally without Reverse Proxy

  Hello All,
       Well let me start out by saying I'm well aware that publishing lync externally without a reverse proxy is not suggested due to security measures. To get to the point I have the following questions regarding setting this up. As of right now
  I have lync fully working internally only. 
  Here is my current setup
  1 standard front end server with one nic card that has two ip addresses assigned to it and is signed with our internal CA,
  I also have an edge server that has two interfaces. One interface is facing external with three public IP addresses with the AV one set as the primary, This interface has a public UC cert applied to it. The other interface is using a private ip address that
  has a cert from our internal CA.
  My questions are as follow
  1. I currently have a GoDaddy UCC cert that allows me to have 5 San's. I'm trying to maximize this cert but am unsure of how to configure the SAN's. Which sans should be on the certificate so that I can use it for the edge server (av.domain.com/webconf.domain.com/access.domain.com)
  and lync front end external cert (lync.domain.com and meet.domain.com). I also have a wildcard cert from GoDaddy for *.domain.com however I can not attach SAN's to it I was wondering if this could be used for meet.domain.com or autodiscover.domain.com?
  2. Regarding external DNS entries so far I have the following:
  webconf.domain.com -> to the ip for webconf on edge server public interface
  av.domain.com -> to the ip for av on edge server public interface
  access.domain.com -> to the IP for the access on edge server public interface
  lync.domain.com -> to the IP configured for external access on the lync front end server ( I have configured IIS on this site to listen to port 80 and 443 as stated in Ken Lasko's blog post)
  meet.domain.com -> to the IP configured for external access on the lync front end server
       Now my question is do i need to add the autodiscover.domain.com and if so where do I point this entry to? Also can how can I configure this setup to work with lync mobile device. 

  As for the Reverse proxy if going that route:
  External DNS
  lyncdiscover.domain.edu -
  Point to Reverse Proxy Public IP
  lync.domain.edu (this is used as our external webservices url) -
  Point to Reverse Proxy Public IP 
  meeting.domain.edu (/meet and /dialin for the simple url's) - Point to Reverse Proxy Public IP
  sip.domain.edu (this is currently pointing to our external edge server access ip) - Correct
  av.domain.edu (this is currently pointing to our external edge server av ip) - Correct 
  webcon.domain.edu (this is currently pointing to our external edge server webconf ip)  - Correct
  Internal DNS
  You should setup Split DNS or pinpoint zones as meet/Lyncdiscover/sip/dialin records should be created for the domain.edu: http://technet.microsoft.com/en-us/library/gg398758.aspx
  Lyncdiscover.domain.edu - Not required Internally but should point to the private IP (external interface) of the Reverse
  proxy to direct 443 to 4443.
  lync.domain.edu -Point
  to the private IP (external interface) of the Reverse proxy to direct 443 to 4443
  Lyncdiscoverinternal.edu - pointed to front end server ip
  meeting.domain.edu - pointed to front end server ip
  lgcclync2013.domain.cc (this is our FE server) - pointed to our front ender server ip  - correct
  Cisco ASAs don't allow hair-pining of the firewall this is why the internal dns needs to have the lync.domain.edu pointing to an internal IP that can redirect 443 to 4443
  (reverse proxy) instead of pointing to the Public IP of the reverse proxy: http://technet.microsoft.com/en-us/library/hh690030.aspx
  Hi Michael,
       Thank you for all your help. I've set up and configured both the external dns and the IIS ARR, but now I'm running into an error when I try to connect any of the following sites https://lyncdiscover.domain.edu, https://meeting.domain.com,
  https://lync.domain.edu I get an Internal 500 error. When I check the Microsoft Remote Connectivity Analyzer under
  Lync Autodiscover Web Service Remote Connectivity Test I get the following error
  Testing HTTP authentication methods for URL https://lyncdiscover.domain.edu/Autodiscover/AutodiscoverService.svc/root/user.
  HTTP authentication test failed.
  Additional Details
  An HTTP 500 response was returned from IIS7.
  Headers received:
  Content-Length: 1208
  Content-Type: text/html
  Date: Wed, 01 Jan 2014 14:56:12 GMT
  Server: Microsoft-IIS/8.0
  Elapsed Time: 286 ms.
  I created 3 server farms on the IIS ARR sever
  Lync.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443 LyncDiscover.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443                      
                                meeting.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443 When I ping lgcclync2013.domain.cc from the IIS Server it resolved
  correctly to the right IP address.

• Lync 2013 Edge and Reverse proxy on same server with SNI

  Hello
  I cannot find information if it is possible to create a single Lync 2013 Edge server with a Reverse proxy on the same server?
  Would it not be possible to share port 443 with SNI support? That way we could use only one public IP?
  Thanks!

  Sorry, it doesn't work.  Remember that 443 isn't HTTPS for the Edge.  If you went with the single IP model for the edge, 443 would be used for the A/V role which would be STUN/TURN. 
  The edge will always want to listen on 443, it just doesn't work to collocate a reverse proxy.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Wildcard as CN on Reverse Proxy?

  Hello,
  Is there support for a wildcard entry as the subject name CN for Lync 2013 Reverse Proxy to replace the following urls?
  webext.contoso.com
  dialin.contoso.com
  meet.contoso.com
  officewebapps.contoso.com
  lyncdiscover.contoso.com
  Thank you.

  Right.
  At the bottom of this site https://technet.microsoft.com/en-us/library/gg398920.aspx you'll
  find also an answer:
  "Wildcard entries are supported in the subject alternative name field of the certificate assigned to the reverse proxy. For details about how to configure the certificate request for the reverse proxy, see Request
  and configure a certificate for your reverse HTTP proxy in Lync Server 2013."
  So you can have a wildcard certificate with a subject name / cn reverseproxy.mydomain.com and a * as a SAN.

• WebServer 6.1 SP3 SSL reverse proxy to Sun One Application Server 7

  I have an application in the appserver7 that requires SSL authentication. I have already installed a self cert in the appserver7, and the authentication works fine when I browse directly to the appserver.
  The appserver7 has both listener for port 80 and 443 enabled.
  I'm currently setting up a webserver (WebServer 6.1 SP3) to act as a reverse proxy to the appserver7. The reverse proxy for the basic jsp pages found in the appserver worked fine.
  When I try to access the login page, in the appserver, in ssl mode, I am unable to do so. I then try changing the obj.conf to the following, from http to https:
  <Object name="passthrough">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service fn="service-passthrough" method="(GET|HEAD|POST)" servers="https://172.2
  8.48.53"
  However, it still doesn't work.
  Do I need to install a self cert in the webserver and enable the ssl listener as well?
  Do I need to install any reverse proxy addon for the appserver? Any
  setup for the obj.conf in the appserver?
  Any ideas how to get this done?
  Thanks.
  Mac.

  The Web Server 6.1 SP3 Reverse Proxy Plugin is supported, but it sounds like you're trying to do something that simply isn't possible.
  If you want the Reverse Proxy Plugin to perform SSL mutual authentication with the Application Server using the client's certificate, that's impossible due to the nature of SSL mutual authentication. If the plugin could impersonate the client, then SSL would be vulnerable to MITM (Man In The Middle Attacks). Fortunately, SSL isn't vulnerable to such attacks because the plugin doesn't know the client's private key.
  If you simply want the Reverse Proxy Plugin to pass information about the client's certificate along to the Application Server, that hapens automatically. There's nothing special to configure. Note that the plugin will not authenticate to the Application Server in this case. Rather, it will simply copy the X.509 certificate into the proprietary Proxy-auth-cert: HTTP request header.
  The application running on the Application Server can inspect the Proxy-auth-cert: header using standard Servlet APIs. Alternatively, you can use Application Server 7's auth-passthrough AuthTrans SAF to cause the contents of the Proxy-auth-cert: header to be copied to the javax.servlet.request.X509Certificate Servlet attribute.

• Cannot connect to Reverse Proxy

  Hi- I have what I think is a basic Lync setup, but it's basica-ally driving me crazy! What I have is:
  1 Standard Edition Server
  1 Edge Server
  1 Reverse Proxy (IIS with ARR)
  1 Office Web Apps Server
  I've followed some of the numerous how-tos to set up these boxes. My internal setup works great with no issues.
  I've worked with my security admin to get the firewall rules set up.. We have SSL certs  (with SANs) installed and assigned on RP and Edge. I've set up persistent routes on RP and Edge to FE server.  I can telnet from Reverse Proxy to Edge and
  back. I've ran netstat to ensure both are listening on 443. But when I run the Microsoft Connectivity Analyzer (online) results show that connection to port 443 on the server failed and says that the port is either blocked or not listening.
  Using the Lync Connectivity Analyzer (in house) shows that a connection to "Lyncdiscover.domain.com" failed.
  Any insight is greatly appreciated.
  Thanx

  Public DNS records verified. (Although I do see some posts that say to create CNAME records instead of A records (we created A records) and other posts that say it doesn't matter.
  Rewrite rules in IIS ARR verified.
  I've triple-checked the certificate (issued by Digicert) and the simple URLs are all listed in the SAN:
  sip.domain.com, meet.domain.com, dialin.domain.com, lyncdiscover.domain.com, and officewebapps.domain.com
  Here's the error generated by the LCA:
  An error occurred while sending the request.
  Unable to connect to the remote server
  A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond [xx.xxx.xxx.xxx]:443
  If I try to open the Default Web Site from the server, I'm first presented with "There is a problem with this website's security certificate. The security certificate presented by this website was issued for a different website's address" message.
  Clicking on "continue to this website" I get a "403-Forbidden" error. I read in another post that this message was as expected.
  Trying to connect to lyncdiscover.domain.com from a browser on the RP returns a "Server not found". [This leads me to believe that the request is not getting through the firewall]. Attempts to access the simple URLs returns a "This page cannot
  be displayed"
  All services work internally...
  More telnet testing: As previously posted, I CAN telnet between RP and Edge (external IPs) but CANNOT telnet to public IP of RP on 443
  A similar issue with the Edge Server: netstat shows 0.0.0.0:443 listening but cannot connect via telnet to public IP on 443
  RELATED QUESTION: Do I need the SANs included on my internal cert, too?
  Thanx
  SteveSmo
  "Never, ever doubt what nobody is sure about." -Willy Wonka

• My environment is 99% of the way there, but my ARR reverse proxy doesnt seem to be forwarding lyncdiscover properly. Can someone help?

  I recently cut over from lync 2010 with an apache reverse proxy to a lync2013 deployment using microsoft ARR as the reverse proxy.
  Last night i cut over to the new ARR reverse proxy but our lync 2013 mobility tests didnt go well. I also cant get the DIALIN.CONTOSO.COM page to show up externally. Only the https://MEET.CONTOSTO.COM site shows up properly from an external browser. I have
  a feeling that the lync ARR server is only handling meet.contoso.com for some reason, although i followed the LYNC setup guides exactly. Please see the screenshots of my setup. Does anyone have an idea of why everything might be taken over by the MEET.CONTOSO.COM
  Server Farm in ARR?
  As you can see, the lyncdiscover.contoso.com server farm has no hits.
  When I fire up the lync mobility app, the MEET.CONTOSO.COM server farm in ARR receives the hits. (and failures)
  I followed the configuration exactly, here are my rewrite rules:
  Any Ideas?

  Hello All,
  I had a professional service with Microsoft to fix the many issues with my Lync environment. It turns out that there were 2 major causes of the problem i was having. For one, I DID have the wrong cert set on the lync2013 FE server's external web interface.
  I didn't realize this because there seems to be some sort of bug in the LYNC SERVER 2013 DEPLOYMENT WIZARD. 
  First, it is badly designed. There is actually a drop down that i didnt realize was a dropdown when deploying my environment that expands and shows the external web services certificate.
  After I found that, i tried updating it to my godaddy cert but it left a BLANK in the deployment wizard. So i had to go into the IIS management console to update the bindings.
  Once the FE server's external website certificate was installed properly, we moved on the the reverse proxy. We scrapped ALL of the ARR servers and rewrite rules and started from scratch. Instead of creating 4 server farms and using lync.contoso.com, meet.contoso.com
  etc... we created one server farm that points at the IP ADDRESS of the lync front end server. We changed the PATTERN to (.*) using regular expressions and the HTTP_HOST rule to (lync.contoso.com|lyncdiscover.contoso.com|meet.contoso.com|dialin.contoso.com)
  After this, we still had a problem with lync mobility for android 2013.
  Our public DNS has a record *.contoso.com to capture all traffic and route it to our website. This was capturing lyncdiscoverinternal.contoso.com and the android devices were getting a certificate error. We now have lyncdiscoverinternal.contoso.com pointed
  to the reverse proxy's external IP address to resolve that issue. The android lync mobility client also checks for an exchange record which isn't documented http://contoso.com/ews because of an autodiscover record, so our android clients still get a certificate
  error once during the initial setup of the application. Our IOS devices don't show this error so we called the issue resolved.
  Good luck all!

• Reverse proxying EM

  hi,
  Among of couples of web sites, oracle EM is recently behind Apache reverse proxy, i'm using mod_proxy and mod_proxy_http, the problem is that the images don't appear due to URL resolution. I know about apache_proxy_html but i'm asking if there is another alternative of this one.
  thanks.

  8081 is the application server port.
  even this fails
  NameTrans fn="map" from="/uwc" to="http://192.168.1.34/uwc"
  NameTrans fn="reverse-map" from="http://192.168.1.34/uwc" to="http://192.168.1.34:8082/uwc" rewrite-location="true" rewrite-content-location="true"
  it directs me to
  http://192.168.1.34/uwc/webmail/en/mail.html?lang=en&laurel=on&cal=0 after login which means the source webserver
  but if i specify the port within the above url it works
  http://192.168.1.34:8082/uwc/webmail/en/mail.html?lang=en&laurel=on&cal=0
  which means that the proxy is getting the contents but it redirects to the source url and doesn't rewrite it with the proxy url
  how can i solve it?