I came across an issue today with a customer that has Microsoft Lync 2013 and Direct Access deployed into their organization. The fault that was experienced was as follows ”An employee on an external network such as home was able to do a 1 to 1 video call but as soon as the call was upgraded to a multi-party conference they were placed on hold or at times kicked out of the conference completely”
So, I went through a few things… trying it on another laptop, different user, same user etc. and I was unable to replicate the fault, so it appeared to be down to this particular persons laptop
but then we had faults logged saying others had noticed they could not do this (it appears that most people have just caught onto the multi-party conference band wagon and thought they would give it a go).
Obviously at this point I needed to start doing some investigations. I noticed that Direct Access was on the client computer that was having this problem, so ticking the “Use Preferred Local DNS” as an option appeared to resolve the issue which straight away pointed out that the reason for the failures was because the traffic for the multi-party conference was attempting to do this over the Direct Access connection which wouldn’t be able to handle it I wouldn’t of thought (it at least wouldn’t be a great experience) and if I remember correctly from looking at Direct Access I don’t think it is supported at the moment
So, we found the temporary fix and that was to tick that box which would force the traffic to query external DNS and hit the Edge / Reverse Proxy and successfully work! Happy Days! But of course even though this may have fixed it, it would have also stopped the user from accessing applications/files on their local network using the local name.
Which lead to the following resolution:
You need to add the Lync Simple URLs that you have configured into the Exceptions List within Direct Access, so that if such URL is queried it uses the external devices local DNS as oppose to querying the internal DNS servers and in-turn sending such over the DA connection” As Direct Access gives the remote client access to both the internet directly, and internal services through the DA tunnel, it’s perfectly possible to access external and internal resources.
To configure this you can specify whether a given DNS name is resolved via the DNS server allocated from the ISP or via the DNS servers on the internal network. This is achieved using the Name Resolution Policy Table (NRPT) which is used to define which namespaces (domains) or DNS records should be resolved where.
This customer in particular had UAG and so the configuration was done in the following way:
1) Launch Microsoft Forefront Unified Access Gateway Management Console
2) Select Direct Access node on the left hand side
3) Under ‘Infrastructure Services’ select Edit
4) Click Next & Add the Lync Server Simple URLs into the DNS Suffix Exclude List (as per below image)
– Lync 2013 SIP Address
– Lync 2013 Web Services URL
– Lync 2013 Simple URLs
– Office Web Applications Server
Once you have done this then click on finish, and then click on ‘Apply Policy’ once that has completed then click on ‘Activate’
The new policy will then be pushed out to your clients and you should then be able to do Multi-Party Conferences Externally, and all Lync Traffic will utilize Edge Server & Reverse Proxy as you would if you never had Direct Access Client on your computer. Further Information can be found here:
I hope this helps, the procedure is very similar if you do not use UAG and you have manage Direct Access directly.