IIS ARR as RP for Skype for Business

IIS ARR Reverse Proxy Skype for Business

Although IIS ARR is not officially supported anymore, it is still doing it’s job and some may want to use it.

Pre-requisites

The main pre-requisites is IIS to be installed and that can be achieved by running below commands:

Windows Server 2016

PS C:\> Install-WindowsFeature -name Web-Server -IncludeManagementTools

Windows 2012R2

PS C:\> Import-Module ServerManager`
    
PS C:\> Add-WindowsFeature Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Net-Ext,Web-Http-Logging,Web-Request-Monitor,Web-Http-Tracing,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,NET-Framework-Core,AS-Web-Support,NET-Non-HTTP-Activ,NET-HTTP-Activation,Web-Server

Installation of ARR

Next step is to install IIS ARR and all dependences. I think the easiest way to do it is to install the Web Platform Installer from  here. Next step is to do search for Application Routing and click add next to ARR 3.0. Then click install.

Image

At that stage the IIS ARR should be installed. And the installed components should be

 

Certificate

As this is public facing service the public certificate will be required. It can be wildcard cert or it can be with specific names. In this case as it is for SfB On-prem the certificate will need to include the lyncdiscover, simple urls and external web services. It is not a problem it RP certificate will be shared with EDGE (so edge names will be included on the cert). The certificate will need to be imported to the server and bind with port 443. Click on the default website and under Edit Site select bindings.

 

Pre-configuration

There are some requirements for IIS ARR

 

Disable application pool idle time-out

Using appcmd, enter

C:\> appcmd.exe set apppool "DefaultAppPool" -processModel.idleTimeout:"00:00:00" /commit:apphost

Change application pool recycling settings for Application Request Routing.

C:\> appcmd.exe set config -section:system.applicationHost/applicationPools /[name='DefaultAppPool'].recycling.periodicRestart.time:"00:00:00" /commit:apphost

Configuration

 

Edit rewrite rules

 

RP rules for Skype

It is possible to leave the rules to use wild card but in some cases it is preferred to narrow it down to a specific rule and host names. Here is a list of the web services and config to be used

<p>
  simple urls &#8211; not much to be configured in the same rule as lyncdiscover as not much config can be applied in pattern section. So the simple url address should be added after the pipe &#8220;|&#8221;
</p>

<p>
  External Web Services &#8211; here we can narrow it down to a specific services
</p>

<ul class="break-word">
  <li>
    Configure all exactly the same as for above url&nbsp;
  </li>
  <li>
    in the patter enter this for Skype 2016:&nbsp;((?:^Abs|^Autodiscover|^CertProv|^ColabContent|^DataCollabWeb|^dialin|^Fonts|^GroupExpansion|^HybridConfig|^lwa|^mcx|^meet|^PassiveAuth|^PresistentChat|^Reach|^RequestHandlerExt|^RgsClients|^Scheduler|^Storage|^UCWA|^WebTicket).*)
  </li>
</ul>

<p class="break-word">
  For Skype 2019:&nbsp;((?:^Abs|^Autodiscover|^CertProv|^ColabContent|^DataCollabWeb|^dialin|^GroupExpansion|^HybridConfig|^lwa|^mcx|^meet|^PassiveAuth|^Reach|^RequestHandlerExt|^RgsClients|^Scheduler|^Storage|^UCWA|^WebTicket).*)
</p>

<h4>
  Office Online server
</h4>

<ul>
  <li>
    Create farm with ports 80 and 443
  </li>
  <li>
    Match URL change to regular expression.
  </li>
  <li>
    Pattern should be <em>((?:^en-us/|^hosting/|^m/|^o/|^oh/|^op/|^p/|^we/|^wv/|^x/).*)</em>&nbsp;
  </li>
  <li>
    Conditions should be configured with input {HTTPS} set to &#8220;on&#8221; and<br />another condition should be added {HTTP_HOST} this should list hostnames that was configured on the Office Online Server for external access.
  </li>
  <li>
    Action set to &#8220;Route to Server Farm&#8221;&nbsp;<br />Scheme set to https<br />Correct farm selected from the list&nbsp;<br />and stop processing ticked
  </li>
</ul>

<p>
</p>

<p>
</p>