Celebrating 10 Years as a Microsoft MVP!

on
Back from my vacation, I am thrilled to share that I have been awarded the Microsoft Most Valuable Professional (MVP) award for the 10th consecutive year. In addition to being recognized as an expert within Teams, I am have also been recognized as an expert with Microsoft Copilot. This means a lot to me.  Being an MVP has been an incredibly rewarding journey, both personally and professionally. It has provided me with countless opportunities to grow, learn, and connect with like-minded professionals who share a passion for technology and innovation.  The award is not just a title; it's a testament to the hard work, dedication, and contributions to the tech community. It's a privilege to be part of such an esteemed group of individuals who share the same love for technology, and sharing their knowledge about it.  As I reflect on the past decade, I am thankful for the experiences and knowledge I've gained. This recognition motivates me to continue sharing my expertise, mentor

502_3 bad gateway IIS AAR RP for Lync

on
I encountered a "new" error message this week, as I was finalizing a Lync 2013 deployment for a customer. When I say new, it was new to me, as I had not seen this before. Everything was set up for remote access and federations, but certain features, such as mobility did not work right away. I decided to test the URL's from the outside, and was surprised to find the following error message:


This deployment was set up with a IIS ARR for reverse proxy. I searched for the 502 (502.3 to be exact) on forums and internet in general, but could not find any answer to my exact issue.

I verified firewall ports and connectivity was ok. I also checked the web sites on port 4443 and 8080 from a client inside, and saw no apparent errors.

I went through the deployment guide one more time (step by step), and discovered I had forgotten to import the internal CA ROOT to the Reverse Proxy machine. Once this was installed, it all worked just fine.

The reason I decided to write this post, is because the root cause was not very obvious to me (only after reading tracing logs and checking the step by step guide again, was I able to figure out the problem). And I wanted to write a reminder to myself, and maybe help somebody else if they happened to forget to import the ROOT CA.

The 502 "invalid response" can be a lot of things. Certificate error being one of them. Now I know.

For those looking for a guide to set this up, I have two links for you:
This is the one I used: http://uclobby.wordpress.com/2013/08/02/configuring-arr-for-lync-server/

And here is one from nexthop: http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx

I preferred the first one, as it was a more "general" rule to catch all. But it might not suit all scenarios. The one from nexthop is much more detailed, and will have you set up a rule for each URL.