28 Maret 2012 2:36
In my environment, there is an existing Lync Infrastructure. with Front End Pool (2x servers), Edge Pool (2x servers), Director pool (2x server)
We decided to create a new site, a new front end pool, a new edge pool assigned to the new front end pool
As a typical configuration, the Edge is not domain joined and I configured the DNS suffix and Primary DNS Suffix of the Edge server so that the FQDN is
servername.internaldomain.com for both servers
and also as a typical security concern, there are no DNS services available for the Edge servers, so I need to edit the HOST file of them.
In this article http://technet.microsoft.com/en-us/library/gg412847.aspx
It is said that the HOST file is needed include IP addresses and FQDNs of FE pool and FE Servers
Is that true?
I read another link http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
stating that resolving internal CA is needed too in the HOST file
Thank you very much
28 Maret 2012 6:35
- Yes , FE pool FQDN or FE IP address should be resolvable on edge box. Next hope configured on edge will be FE pool FQDN , if DNS server isn't available in DMZ , you should add it on host entry.
- As per my underestanding , CA was added to download the root certificate authority.
Hope this helps.
If answer is helpful, please hit the green arrow on the left, or mark as answer.
28 Maret 2012 8:34Moderator
Resolution of the internal CA via the local hosts file on the Lync Edge is not essential if the root CA certificate is imported as a Trusted Root CA.
TechNet/MSDN Forum Moderator (Unified Communications) - http://www.leedesmond.com
28 Maret 2012 12:35ModeratorThe Edge Server is still going to require basic DNS lookup services, a HOST file is not the proper way to provide that. Either point to an external public DNS service or use an internal DNS server (preferred) which typically requires allowing DNS request traffic from the Edge server (only) into the network. A HOSTS file would still be used on the Edge Server to define any records which might require different resolutions then what already exists on the internal lookup zones.
Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP
30 Maret 2012 3:04Moderator
If you've configured the Edge server to use the host file to resolve internal server names, make sure you add an entry for your CA.
And you can also refer to this post. Hope helps.
TechNet Community Support
02 April 2012 16:49
Thank you very much for your reply
Would you please specify which records are needed?
Since it is not possible for the edge servers to lookup internal DNS servers
03 April 2012 2:15
as Jeff wrote, basic DNS is required.
since Edge needs to resolve internal server mainly.
But if you are using federation, you must have a proper DNS resolution for external system too. This is also more than required, because for TLS, Edge server alwas make a check for CRL in certificates. This require http access to load the CRL and also pre resolution of the CRL location server!
Thomas Poett - Senior Principal Consultant Microsoft Services at infoWAN
05 April 2012 11:17
check this link
07 April 2012 16:10
Just to add some of my few expériences with Edge Host File.
although you have a high available infrastructure with the two DIR and FE pools - Load balancing with DNS load balancing WILL NOT WORK PROPERLY - with external users.
You will need to HLB to have the functionalities work as advertised in the documentation.. (I have escalated this to MSFT -but still no acknowledgement about this)
Reason : HOSTS file does not support DNS load balancing - and will read sequentially .. once the first host is found it will stop.
FIX : Install a DNS Server with Zone Cache security in you DMZ
12 April 2012 17:54
I had the same questionning as you about DNS "load balancing" with local Hosts file....
And I found this :
Microsoft DNS : http://en.wikipedia.org/wiki/Microsoft_DNS
The effect of multiple answers in the "hosts" file:
The DNS Client service does not use the "hosts" file directly when performing lookups. Instead, it (initially) populates its cache from it, and then performs lookups using the data in its cache.
When the lookup functions fall back to doing the work themselves, however, they scan the "hosts" file directly and sequentially, stopping when the first answer is found.
With the DNS Client service running: If the "hosts" file contains multiple lines denoting multiple answers for a given lookup, all of the answers in the cache will be returned.
Without the DNS Client service running: If the "hosts" file contains multiple lines denoting multiple answers for a given lookup, only the first answer found will be returned
Hope this helps... This should mean it is OK to go with local Hosts file with "HA" architecture Internally...
05 Nopember 2012 20:23
Here is another article regarding Hosts file entries on Lync Edge servers as it relates to HA. When using hosts files, it does matter how the entries are listed as well as whether the DNS Client service is running.