none
Differnet AD Domain and SIP Domain

    Frage

  • Hi 

    I am planning to install Lync Server Standard edition as a pilot project in my organization. It will be just one Standard Server installation without any external access. My AD Domain is of the form "abc.local" and my Primary SMTP Domain (configured on Exchange) is company.com. I will be using "company.com" as my primary SIP domain. I have a few queries regarding DNS entires required for this Setup. 

    AD Domain - abc.local

    SIP Domain - company.com

    Lync Server FQDN- lyncserver.abc.local

    1) Since I wont be using  my AD domain "abc.local" as my SIP domain do i need to add any SRV records in internal AD DNS Zone ?

    2) I have read in various posts that the SRV Record for _sipinternaltls should point to A Record matching the SIP Domain otherwise it will give me certificate mismatch error. Where should i point my SRV record in company.com DNS ? to lyncserver.company.com   or   sip.company.com ( both these A records I have to create in company.com Zone and they will point to IP of lyncserver) I need to know this as the DNS of company.com is not in my control and I have to send a request to modify the zone.

    3) What should be the SN and SAN name in the certificates for the above scenario ?

    Thanks

    Mittwoch, 27. Juni 2012 07:28

Antworten

Alle Antworten

  • so if your sip domain will be company.com

    you need srv record in company.com zone

    _sipinternaltls._tcp.company.com value lyncserver.abc.local(fqdn of lync server),

    certificate will automaticaly generated if you have internal ca,

    about ceritficate (not error) you can use gpo more you can see in http://lync.community.ge/post/2012/05/25/lync-cannot-verify-that-the-server-is-trusted-for-sign-in-address-Connect-anywhere-Trusted-Domain-List-in-lync.aspx

    Mittwoch, 27. Juni 2012 19:09
  • I dont have internal CA, so I have to go for external CA, also as I said I have read on technet articles that SRV record for every sip domain should point to the A record in the Same Domain...or it will give error as mentioned in the article above

    so what is the best option 

    _sipinternaltls._tcp.company.com value lyncserver.abc.local 

    or 

    _sipinternaltls._tcp.company.com value lyncserver.company.com  or

    or

    _sipinternaltls._tcp.company.com value sip.company.com 

    All above A Records will point to IP of Lync Server

    Thanks

    Donnerstag, 28. Juni 2012 06:53
  • in technet documentation _sipinternaltls._tcp.company.com must be fqdn, and fqdn for you will be lyncserver.abc.local.

    so i think that best option is _sipinternaltls._tcp.company.com value lyncserver.abc.local

    Donnerstag, 28. Juni 2012 09:33
  • Hi, in scenarios where the internal domain is different than the fqdn use of split dns comes in very handy. In your case it will simplify record creation in the appropriate DNS zone so you can minimize the confusion. Simply create an additional DNS zone with domain.com and create your records there, this will allow the same domain controller can handle name resolution for both domains internally. If you plan on allowing external user access down the road, then it will simply be a matter of updating records at your public dns (besides of course the edge and reverse proxy servers). Hope this helps

    Regards,

    Shah!

    Donnerstag, 28. Juni 2012 18:06
  • Quite simply the SRV records only apply to Lync client auto-configuration.  Best practice is to use the internal domain.local namespace for all server and pool names.  An additional sip.domain.com would be defined in the certificate and paired with an SRV record for client sign-in.

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    Donnerstag, 28. Juni 2012 18:18