none
Lync Edge Server HOST file entries requirement

    Pertanyaan

  • Hello

    In my environment, there is an existing Lync Infrastructure. with Front End Pool (2x servers), Edge Pool (2x servers), Director pool (2x server)

    We decided to create a new site, a new front end pool, a new edge pool assigned to the new front end pool

    As a typical configuration, the Edge is not domain joined and I configured the DNS suffix and Primary DNS Suffix of the Edge server so that the FQDN is 

    servername.internaldomain.com for both servers

    and also as a typical security concern, there are no DNS services available for the Edge servers, so I need to edit the HOST file of them.

    In this article http://technet.microsoft.com/en-us/library/gg412847.aspx

    It is said that the HOST file is needed include IP addresses and FQDNs of FE pool and FE Servers

    Is that true?

    I read another link http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/ 

    stating that resolving internal CA is needed too in the HOST file

    Please clarify

    Thank you very much

    28 Maret 2012 2:36

Jawaban

  • The Edge Server is still going to require basic DNS lookup services, a HOST file is not the proper way to provide that.  Either point to an external public DNS service or use an internal DNS server (preferred) which typically requires allowing DNS request traffic from the Edge server (only) into the network.  A HOSTS file would still be used on the Edge Server to define any records which might require different resolutions then what already exists on the internal lookup zones.

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    28 Maret 2012 12:35

Semua Balasan

  • Hi,

    1. Yes ,  FE pool FQDN or FE IP address should be resolvable on edge box. Next hope configured on edge will be FE pool FQDN , if DNS server isn't available in DMZ , you should add it on host entry.
    2. As per my underestanding , CA was added to download the root certificate authority.

    Hope this helps.

    Thanks

    Saleesh


    If answer is helpful, please hit the green arrow on the left, or mark as answer.

    28 Maret 2012 6:35

  • Resolution of the internal CA via the local hosts file on the Lync Edge is not essential if the root CA certificate is imported as a Trusted Root CA.


    TechNet/MSDN Forum Moderator (Unified Communications) - http://www.leedesmond.com

    28 Maret 2012 8:34
  • The Edge Server is still going to require basic DNS lookup services, a HOST file is not the proper way to provide that.  Either point to an external public DNS service or use an internal DNS server (preferred) which typically requires allowing DNS request traffic from the Edge server (only) into the network.  A HOSTS file would still be used on the Edge Server to define any records which might require different resolutions then what already exists on the internal lookup zones.

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    28 Maret 2012 12:35
  • Hi there,

    If you've configured the Edge server to use the host file to resolve internal server names, make sure you add an entry for your CA.

    And you can also refer to this post. Hope helps.


    Noya Lau

    TechNet Community Support

    30 Maret 2012 3:04
  • Thank you very much for your reply

    Would you please specify which records are needed?

    Since it is not possible for the edge servers to lookup internal DNS servers

    02 April 2012 16:49
  • Hi,

    as Jeff wrote, basic DNS is required.

    since Edge needs to resolve internal server mainly.

    But if you are using federation, you must have a proper DNS resolution for external system too. This is also more than required, because for TLS, Edge server alwas make a check for CRL in certificates. This require http access to load the CRL and also pre resolution of the CRL location server!


    Thomas Poett - Senior Principal Consultant Microsoft Services at infoWAN

    03 April 2012 2:15
  • Just to add some of my few expériences with Edge Host File.

    although you have a high available infrastructure with the two DIR and FE pools - Load balancing with DNS load balancing WILL NOT WORK PROPERLY - with external users.

    You will need to HLB to have the functionalities work as advertised in the documentation.. (I have escalated this to MSFT -but still no acknowledgement about this)

    Reason : HOSTS file does not support DNS load balancing - and will read sequentially .. once the first host is found it will stop.

    FIX : Install a DNS Server with Zone Cache security in you DMZ

    07 April 2012 16:10
  • Hello,

    I had the same questionning as you about DNS "load balancing" with local Hosts file....

    And I found this :

    Microsoft DNS  :  http://en.wikipedia.org/wiki/Microsoft_DNS  

    The effect of multiple answers in the "hosts" file:

    The DNS Client service does not use the "hosts" file directly when performing lookups. Instead, it (initially) populates its cache from it, and then performs lookups using the data in its cache.

    When the lookup functions fall back to doing the work themselves, however, they scan the "hosts" file directly and sequentially, stopping when the first answer is found.

    Thus:

    With the DNS Client service running: If the "hosts" file contains multiple lines denoting multiple answers for a given lookup, all of the answers in the cache will be returned.

    Without the DNS Client service running: If the "hosts" file contains multiple lines denoting multiple answers for a given lookup, only the first answer found will be returned

    Hope this helps... This should mean it is OK to go with local Hosts file with "HA" architecture Internally...

    12 April 2012 17:54
  • Here is another article  regarding Hosts file entries on Lync Edge servers as it relates to HA.  When using hosts files, it does matter how the entries are listed as well as whether the DNS Client service is running.

    http://silbers.net/blog/2012/05/15/lync-edge-dns-lb-ee-pool-using-hosts-file/

    05 Nopember 2012 20:23