NetScaler Lync 2013 Frontend (Reverse proxy) balancing

I will not go into much detail about Lync 2013 infrastructures its just a basic setup to use the NetScaler as reverse proxy for external access to the Lync Frontend server. I am still working on the virtual server configuration for the Lync Edge and internal Lync Frontend server but will follow soon. Especially the Lync Edge is a bit tricky because you can’t use SNAT (not recommended) for your load balancing configuration, so the NetScaler needs to own the gateway and all traffic must path though the NetScaler.

Very useful is the Lync 2013 Protocol Map to understand the communication flow.

Add Custom Availability Monitors

add lb monitor monitor-LYNC-TCP4443 TCP -LRTM ENABLED -destPort 4443 -secure YES 
add lb monitor monitor-LYNC-TCP8080 TCP -LRTM ENABLED -destPort 8080

Add Lync Servers

add server LYFE01
add server LYFE02

Create Service Groups and bind Monitors

add serviceGroup service-LYNC-FE_8080 HTTP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED 
add serviceGroup service-LYNC-FE_4443 SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED

bind serviceGroup service-LYNC-FE_8080 LYFE01 8080 -CustomServerID "\"None\"" 
bind serviceGroup service-LYNC-FE_8080 LYFE02 8080 -CustomServerID "\"None\"" 
bind serviceGroup service-LYNC-FE_8080 -monitorName monitor-LYNC-TCP8080 
bind serviceGroup service-LYNC-FE_4443 LYFE01 4443 -CustomServerID "\"None\"" 
bind serviceGroup service-LYNC-FE_4443 LYFE02 4443 -CustomServerID "\"None\"" 
bind serviceGroup service-LYNC-FE_4443 -monitorName monitor-LYNC-TCP4443

Create Virtual Servers for Lync

add lb vserver vserver-LYNC-FE_80 HTTP 80 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 180 
add lb vserver vserver-LYNC-FE_443 SSL 443 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 180

Bind Virtual Servers to Service Groups and configure SSL

bind lb vserver vserver-LYNC-FE_80 service-LYNC-FE_8080 
bind lb vserver vserver-LYNC-FE_443 service-LYNC-FE_4443 

set ssl vserver vserver-LYNC-FE_443 -tls11 DISABLED -tls12 DISABLED 
bind ssl vserver vserver-LYNC-FE_443 -certkeyName

If you want more details please have a look into the Deplyment Guide – Citrix NetScaler for Microsoft Lync

More information about from Microsoft you find here: Network Planning, Monitoring, and Troubleshooting with Lync Server


5 Replies to “NetScaler Lync 2013 Frontend (Reverse proxy) balancing”

  1. Hi,

    Thanks for the detailed article, we are struggling to setup Lync 2013 mobility setup on NetScaler, as you mentioned in the article if enter command

    add lb vserver vserver-LYNC-FE_80 HTTP 80 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 180

    This command doesn’t seems to work, if I remove the cookiename name option then it worked. But I wonder where we can set the cookie name on the vserver config?

    1. Hi Charlie,

      I double checked it in my config, I have this exactly configured like this:
      add lb vserver vserver-LYNC-FE_80 HTTP 80 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 189

      The cookie name comes from a Microsoft best practice guide, if you dont specify the name then it will be an random cookie name, should be fine if this works.


    1. Lync Edge Servers are a bit tricky to do because you have to balance UDP packets and this doesnt work well with SNAT, it is supported but…. the NetScaler needs to own the default gateway in the network where your Edge Server is located then you can do the config and load balance.
      I thought about if your NetScaler doesnt own the default gateway to use GSLB but I had not time to test this until now.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.