When publishing the services for Lync mobility there are two ways of doing it, HTTP or HTTPS.
If you decide to use HTTPS for the Lync Server 2010 Autodiscover Service it requires you to update the subject alternative names lists on the reverse proxy certificates, i.e. buy a new certificate with a SAN name for every sip domain on your Lync Server.
But if you don’t want to do this, you could enable this service over port 80 (its only the autodiscover information that are being sent here so no authentication information are being sent or anything else. but this is still not the recommended way of doing this.)
This post will guide you through the settings for HTTP and a later post will guide you through the settings for HTTPS.
This information is originally from http://technet.microsoft.com/en-us/library/hh690011.aspx but edited and with screen dumps for LyncLab.org
To create a web publishing rule for port 80
- Create a New Web Publishing Rule page, type a display name for the new publishing rule (LyncDiscoveryURL (HTTP)).
- Select Allow, on the Select Rule Action page.
- Select Publish a single Web site or load balancer, on the Publishing Type page.
- Use non-secured connections to connect to the published Web server or server farm.
- Type the pool FQDN for your Front End or Director pool (for example, pool01.lynclab.org) on the Internal Publishing Details page. (This should point to the External virtual directory on the IIS and will be redirected to port 8080 later in step 15)
- In Path, on the Internal Publishing Details page type /* as the path of the folder to be published, and then select Forward the original host header instead of the one specified in the Internal site name field.
- On the Public Name Details page, do the following:
- Under Accept Requests for, select This domain name.
- In Public Name, type something like lyncdiscover.lynclab.org (the external Autodiscover Service URL)
- In Path, type /
- On Select Web Listener page, in Web Listener, select the same Web Listener that you used to publish Lync external webservices or create a new one.
(To find your reverse proxy FQDN use this PowerShell one-liner on your Front End server Get-CsService -WebServer | ft ABHandlerExternalUri )
- If you reused your old rule, select it and then click Edit and make sure that Enable HTTP connections on port 80 are checked and that No authentication are selected.
- Click Ok on the listener. And then Next on the Select Web Listener page
- On the Authentication Delegation page, select No delegation, and client cannot authenticate directly.
- Select All Users, on the User Set page
- And then click Finish.
- Now double-click the new rule you just added and open Properties for it.
- On the Bridging tab, configure the following:
- Select Redirect requests to HTTP port, and type 8080 for the port number.
- Verify that Redirect requests to SSL port is not selected.
- Click OK. and Apply the new rules