Publishing Exchange 2013 Web Services (EWS) to clients on the external network is essential for Lync 2013 Unified Contact Store (UCS) and Lync 2013 Mobile clients to work properly. Without EWS available to clients on external networks, Lync 2013 Mobile clients will be unable to get Lync contacts when UCS has been enabled for users, since these contacts are now stored in Exchange. Lync 2013 Mobile clients will also not be able to retrieve calendaring information to join Lync online meetings. In order to enable these functions for the full Lync mobile experience, EWS must be published. This article provides configuration details for publishing Exchange 2013 EWS using Forefront TMG2010. Note that TMG2010 is no longer available for purchase but Forefront Unified Access Gateway (UAG) with Service Pack 3 (SP3) is still available and can be used for publishing Exchange 2013.
To begin use the "Publish Exchange Web Client Access" in the TMG 2010 Task pane to start the wizard. Give the rule a name and in the Select Services screen choose "Exchange Server 2010" and click on "Outlook Anywhere".
Next we can either choose to publish a single Exchange CAS server, which is the case in this lab, or if an array of CAS servers are deployed then the publishing type should be set to a server farm. Then we select to use SSL for the connection from TMG to CAS:
A good place to start understanding how the Mobility Service works is here: http://technet.microsoft.com/en-us/library/hh690030.aspx. Most of the steps are already provided in Technet but I find that many of the key essential must-do's are scattered in various pages rather than being consolidated in a single location. Hence, this article serves as a companion to the Technet documentation and is intended for anyone who is encountering difficulty in successfully getting the Mobility service to work. It will also be useful in case I ever need to deploy the Mobility Service again in a different environment and do not wish to spend time to troubleshoot the commonly encountered issues. The diagram below reproduced from Technet is very helpful to understand the how the mobility service works:
Tip#1: Lync Internal and External AutoDiscover DNS records
During Automatic Discovery, mobile devices will first use DNS lookup to the internal DNS record lyncdiscoverinternal.<internal domain>. If not found, it means that the client is on an external network and will then lookup the external DNS record lyncdiscover.<sipdomain>. A mobile device that is internal to the network connects to the internal Autodiscover Service URL, and a mobile device that is external to the network connects to the external Autodiscover Service URL. For split-brain DNS environment, the internal autodiscover DNS record should exist in the internal DNS and not in the external public DNS. Vice versa, the external autodiscover DNS record should exist in the external public DNS and not in the internal DNS.