Sign in
 
HomeOnline20132010Interop ProgramsLibraryForumsGalleryLync Blogs
TechCenter >
DNS Question for Automatic Client Sign-In

תשובה DNS Question for Automatic Client Sign-In

  • Friday, June 15, 2012 12:32 PM
     
     
    Sign In to Vote
    1

    I have 4 SIP domains to add to a new Lync installation. When looking at all of the DNS requirements for this, especially for internal Automatic Client Sign-In, is it proper to add the Front End Pool Name (EEPool01.DomainA.com) to the Host Offering this service section of the SRV Record of a different DNS Zone? For example,

    _sipinternaltls.tcp.DomainB.com ---> EEPool01.DomainA.com

    Or does the host need to be in the same zone?

    _sipinternaltls.tcp.DomainB.com --> sip.DomainB.com

    MCITP Exchange 2010 | MCTS Exchange 2007 | MCITP Lync Server 2010 | MCTS Windows 2008 | MCSE 2003

     

All Replies

  • Friday, June 15, 2012 12:49 PM
     
     
    Sign In to Vote
    0
    Yes the host has to be in the same doamin. If not the user will get a certificate warning with lync

    regards Holger Technical Specialist UC

     
  • Friday, June 15, 2012 1:02 PM
     
     
    Sign In to Vote
    0
    Excellent. So the A record can be something like sip.DomainB.com or sip.DomainC.com which would essentially have the same IP as the Front End Pool (in DomanA.com) or the Director? Would having multiple SIP Domains be a good case to deploy a Director?

    MCITP Exchange 2010 | MCTS Exchange 2007 | MCITP Lync Server 2010 | MCTS Windows 2008 | MCSE 2003

     
  • Friday, June 15, 2012 2:58 PM
     
     
    Sign In to Vote
    0

    No, if the srv is  _sipinternaltls.tcp.DomainB.com the pool Name has to be pool.DoaminB.com.

    You Need only a director for security reasons and if you have multiple pools.

    regards Holger Technical Specialist UC

     
  • Sunday, June 17, 2012 11:57 AM
     
     Answered
    Sign In to Vote
    0
    you can use _sipinternaltls.tcp.DomainB.com ---> EEPool01.DomainA.com but as

    Holger Bunkradt wrote you may have certificate question not error:

    lync cannot verify that the server is trusted for sign-in address. Connect anywhere?

    and you can control it with trustmodeldata. so it does not need new sip address with new certificate with new san.

     
  • Tuesday, June 19, 2012 2:29 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    _sipinternaltls.tcp.DomainA.com ---> EEPool01.DomainA.com

    _sipinternaltls.tcp.DomainB.com ---> EEPool01.DomainB.com

    _sipinternaltls.tcp.DomainC.com ---> EEPool01.DomainC.com

    _sipinternaltls.tcp.DomainD.com ---> EEPool01.DomainD.com

               

    EEPool01.DomainA.com, B,C and D point to IP address of your FE or Director.

    In addition, add four SANs (EEPool01.DomainA.com, B,C and D) into FE certificate SANs list.

    If _sipinternaltls.tcp.DomainB.com ---> EEPool01.DomainA.com, it may cause the domain trust issue as the description in Jens blog:

    http://blogs.technet.com/b/jenstr/archive/2011/02/10/lync-cannot-verify-that-the-server-is-trusted-for-your-sign-in-address.aspx

    Regards,

    Kent Huang

    TechNet Community Support ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.