Use MS Web Application Proxy as reverse proxy (and ADFS) with Skype for business

Abstract: If you wish to setup a fully supported Skype for business (=SfB) environment you could use a hardware loadbalancer (for example Kemp or F5) or use the Microsoft Web Application Proxy [=WAP] (which is part from Windows Server 2012 R2).

Note: We will use the Web Application Proxy for SfB, however you might use it later one also for MS Exchange or Office Web Apps / Office Online Server. But this config isnĀ“t covered in this howto.

– Setup a ADFS as mentioned (Install ADFS Server on Windows 2012 R2). Note: For SfB we do not need any authentication configurations.

* block the .net 4.6.1 Framework installation as mentioned here for Exchange until MS fully support that with SfB

* A public trusted certificate (e.g. from Comodo, Verisign, …) [If you wish to replace a old hardware loadbalancer you can export it from there and reuse it here]

– For the LAB configuration here, you need to be a domain administrator

Firewall:

– the Web Application Proxy should have access to the internal DNS server

Implementation steps:

2.) On the Microsoft Web Application Proxy [=WAP] Server import the public SSL certificate at first via MMC (into the Personal certificate store)

Install-WindowsFeature Web-Application-Proxy,RSAT-RemoteAccess-Mgmt, RSAT-RemoteAccess-PowerShell, GPMC, CMAK

11.) Now open the Remote Access Management Console and click Publish

12.) Press next in the following screen

13.) As PreAuthentication we need to use “Pass-Trough”

14.) Inside the Publishing settings, enter a useful name (A), choose the external URL which you entered in the topology (B), choose the certificate you imported (C), and define the backed URL (D) this is normally your internal Frontend pool which is listening here on 4443. So make sure you use the correct hostname and port.

17a.) At first we need the Application ID, so run the following comand and make a note from the ID.

17b.) Once done and once you have the ID check the configuration via:

this should show something like (DisableTranslateUrlInRequestHeaders is currently on false):

17c.) To fix that we need now to set the DisableTranslateUrlInRequestHeaders to true via:

18.) If you wish to use the web application proxy for other services, then you need to repeat the steps. You can refer to the Official Microsoft howto here. Or check the “Configuring Office Online Server with Skype for Business” article here.

Useful links:https://blog.kloud.com.au/2013/07/15/publish-lync-2013-with-2012-r2-preview-web-application-proxy/http://exchangepro.dk/2013/11/15/use-web-application-proxy-to-publish-lync-server-2013/https://technet.microsoft.com/en-us/office/dn947483

Leave a Reply

Your email address will not be published. Required fields are marked *