Hello Readers
So in this mini series I am going to be looking publishing Lync 2013 URLs via Web Application Proxy. So first of all the key servers we will be referring to in my lab are;
| Server Name | Role | IP Address | Roles Installed | Version |
| DC01 | Domain Controller | 10.10.10.1 | Active Directory Domain Services, Certificate Authority, DNS, Web Server (IIS) | Windows 2008 R2 |
| DC02 | Domain Controller | 10.10.10.2 | Active Directory Domain Services | Windows 2012 R2 |
| AD01 | ADFS Server | 10.10.10.6 | Active Directory Federation Services | Windows 2012 R2 |
| FE01 | Lync | 10.10.10.11 | Lync Standard Edition | Windows 2012 R2 |
So what’s next we because I have already installed ADFS on AD01 we can see it require a few perquisites before we can continue.
So we will require
- An Active Directory domain administrator account –> I will be using Service Account called lyncme\svc.adfs
- A publicly trusted certificate for SSL server authentication –> Oh ……
As I am building ADFS within my lab I dont have a public certificate to use but not to fear this is a solution to create a IIS Certificate which can be used.
http://technet.microsoft.com/en-us/library/dn280939.aspx
All the information can be found on the above URL but I will now run through the process using screenshots.
We now need to get a Certificate Template that be used to obtain the IIS Certificate so on DC01 I have open Certificate Authority, right clicked “Certificate Templates” —> Manage
Now we need to Duplicate the Web Server Certificate and create the IIS Certificate Template
Select “Windows Server 2003 Enterprise” and Press OK
You will now need to give the certificate a name that is easily identifiable.
I will be using the template display name of “ADFSv1”
We now need to configure the Security for the Certificate, you need to ensure the computer account has the ability to enroll. Press “Security” Tab
Press Add
Press Object Types
Tick Computers
Press OK
I will be allowing the following to Enroll the Cert
- AD01
- SVC.ADFS
Press OK, You will now need to ensure that the accounts you have selected have Allow Enroll ticked this will be a manual process to tick Enroll.
You will now need to click to the Subject Name tab configure as per below
On Cryptography tab and ensure that the template is set to use a Minimum key size of 1024 bits or higher; 2048 bits or higher is preferred. I have also ticked Allow private key exported, Click OK.
Press “Apply” and Press “OK”
Close Certificate Template Console
Right Click Certificate Templates –> New –> Certificate Template to Issue
In the Enable Certificate Templates dialog box click the new certificate template that you just configured and then click OK.
Now we have configured a Certificate that can be used for ADFS but how do we get certificate? Well this can be done by logging on to the AD01.lyncme.local Server and requesting the certificate.
Open an MMC console. To do so, you can open a command prompt, the run dialog box, or Windows PowerShell, type mmc and then press ENTER.
In the new MMC console (Console1) click File, and then click Add/Remove Snap-in.
From the list of Available snap-ins, select Certificates and then click Add.
Select Computer account and then click Next.
In Select Computer the Local computer is selected by default. Click Finish and then click OK.
Expand Certificates (Local Computer) and then right-click Personal. Click All Tasks, and then click Request New Certificate.
On the Certificate Enrollment wizard, click Next.
On the Select Certificate Enrollment Policy page, ensure that Active Directory Enrollment Policy is selected and then click Next.
On Certificate Enrollment, click Enroll.
Click Finish.
You will need to export the certificate and store in a location on the ADFS Server.
This now completes Part 1 in this series
Regards
Andrew Price