Friday, May 28, 2010

IIS 7 as a reverse proxy for OCS 2007 R2 Edge Services

I've been working on getting Edge Services setup in our OCS 2007 R2 environment.  I am using the single consolidated edge setup.

Initially the reverse proxy requirement was kind of a head-scratcher.  Most of Microsoft's documentation talks about using ISA (now rebranded to Threat Managment Gateway (TMG)) as the reverse proxy solution.  Since we don't currently have a ISA server, and I didn't really have any money to spend, I decided to try and get IIS 7 to work as a reverse proxy.

I first noticed that IIS 7 can act as a reverse proxy when I was working on some URL Rewriting.  I came accross this blog and number 7 caugh my attention.

Here's what I did to get IIS 7 to act as a reverse proxy for OCS 2007 R2 Edge Services:
  • Provisioned a Windows 2008 R2 server in DMZ (same as network as the consolidated edge server)
  • Added the IIS role
  • Installed the Application Request Routing module for IIS 7
  • Created a site in IIS for ocsrp.domain.com
  • Created a certificate for the site ocsrp.domain.com
  • Applied the certificate to the IIS site that I created for ocsrp.domain.com
  • Checked Enable Proxy under the Application Request Routing settings at the server level
    • Left all other settings on application request routing default
  • Added the URL Rewrite rule to the web.config of the site

 
 
    
        
            
                
                    
                     https://ocs2007r2pool.internal.dom/{R:1}" />
                

            

        

    

 


IIS will then proxy http requests coming from ocsrp.domain.com to ocs2007r2pool.internal.dom which is the FQDN of our internal enterprise pool.

I hope others will find this useful.

4 comments:

Sjaak said...

is it possible to do this on the edge server ?

Because we don't have another server available ?

Sjaak said...

When i preform this i can't start the site.

The following error appeared.

The Process cannot acces the file because it is being used by another process. (Exception from HRESULT: 0x80070020)

please help me if you can.

i need OCS to work outside our network.

(i'am a student)

Drew Henning said...

Sjaak,

While I do think it is possible to to run an IIS 7 reverse proxy on the OCS edge server itself, it is probably not recommended.

I have not tried it on the edge server itself, but here are a few things I would try.
1. Ensure you have a dedicated IP for IIS to listen on. Do NOT use one of the IP's that the OCS edge is using
2. Make sure your Edge server is working first. The reverse proxy piece is only used for address book download, group expansion, etc. You should be able to do basic IM and presense without a reverse proxy.
3. If your edge server is working fine, start by doing the basics with IIS. Like ensure you can get to a basic hello world page on the IP you've given to IIS. Then start working with the URL rewrite module.

Hope this helps.

andrew said...

Hi

did this solution work with the live meeting and being able to share presentations both internally and externally ?

also do you have a setup guide in how to configure the servers to work with this as it seems an ideal solution and i am struggling to get my head around how to get the internal working with this in terms of what URL's to use and dns records

many thanks