I’ve been busy building a lab recently to test a number of different scenarios in Skype for Business on premises, including external sign in.
This means that I need to deploy a reverse proxy to publish my SfB external URLS:
- SfbWeb01 (external address of my SfB front end server).
I’ve chosen to go a little oldschool, and install IIS ARR 2.5 on Windows Server 2008r2 (because, why not).
Installing the required components was a little tricky as some of them are now hard to find.
Here’s a list if you get stuck:
- Microsoft External Cache
- IIS URL Rewrite Module 2
- Web Platform Installer 5.1
- Visual Studio C++ Redistributable 2015 64bit (This partially fixes the 503 error)
After installing these components, and then installing IIS ARR 2.5 using the Web Platform Installer, I launched IIS and configured my server farms like normal:
Also ensure too that you’ve added static (and persistent) routes to your internal servers if you’re using two NICS on your reverse proxy, and that your external facing NIC is the only one configured with DNS pointing externally (normally to google dns 18.104.22.168) and a default gateway.
Lastly, ensure you’ve installed your internal root CA certificate on your reverse proxy server so that your non-domain joined proxy can verify the certificate it receives from the SfB front end server. You can easily do this by browsing to the URL of your certificate services:
Log in with your domain credentials, then click Download A CA
Then click Download CA Certificate
Be sure to install this on your reverse proxy machine under Computer Certificates > Trusted Root Certificates
Not placing your internal root CA in Trusted Root Certificates (Local computer, NOT user) is often the cause of the 503 error in ISS.
Once configured, open Powershell and run iisreset /restart
then try to browse to your meet URL from external (after ensuring you’ve port forwarded port 443 to the external IP of your reverse proxy server on your router/firewall).