Remove From My Forums

sip address doesnt match primary SMTP address

Question
0

Sign in to vote

Hello all

I am running Lync 2013 enterprise. I have one front end box and one EDGE box. When I originally built lync I configured it to support one sip domain. My manager now wants to support multiple sip domains. We are also running Exchange 2010 sp3, and we support around 10 smtp domains. I have read the below blog posts, and it sounds like internally I can use DNS SRV records to support users who's primary SMTP address doesn't match the users sip address, however can I use the same method to support clients who are external? All Lync features work for remote clients when there primary smtp address matches the sip address, but I am wondering if it will still work if the users primary smtp address doesn't match the users sip address and even after using the method outlined in the bellow blog posts? Again I'm pretty this will all work if the client is internal but I am unsure if the same is true if the client is remote?

http://blogs.technet.com/b/jenstr/archive/2011/02/10/lync-cannot-verify-that-the-server-is-trusted-for-your-sign-in-address.aspx

http://sparesomeexchange.com/exchange-2010-and-lync-2010-integration-when-sip-address-does-not-match-primary-smtp-address/

Bulls on Parade

Wednesday, October 30, 2013 11:25 PM

Answers

0

Sign in to vote
Lync features yes but the users will be prompted to trust the existing certificate since their domain isn't included in the certificate. For Exchange EWS to work you need to set up autodiscover.

You only need to add to the edge certificate the sip domains not all the smtp domains.

David
- Proposed as answer by Lisa.zheng Thursday, October 31, 2013 9:50 AM
- Marked as answer by Lisa.zheng Wednesday, November 6, 2013 1:27 AM
Thursday, October 31, 2013 12:25 AM

All replies

0

Sign in to vote

Hi,

In the "old OCS days" you need to have the same, now you can have smtp different from sip domain. You will need to configure all autodiscover URLs for all smtp domains.

In Lync you can point _sip._tls.<sip domain> to sip.<sip domain> and install the certificate including sip.<new sip domain>, this will prevent popup in Lync Client asking to trust the certificate. Check the following URL is for OCS 2007 R2 but the dns record concept also applies to Lync:

Step 3 – Creating DNS Records
http://uclobby.wordpress.com/2013/10/20/adding-new-sip-domain-to-ocs-2007-r2/

David

Wednesday, October 30, 2013 11:56 PM
0

Sign in to vote

The dns Srv record method will work without having to purchase new certificates. What I want to know is will all the lync feature work for the remote clients using dns Srv record method?
Bulls on Parade

Thursday, October 31, 2013 12:09 AM
0

Sign in to vote
Lync features yes but the users will be prompted to trust the existing certificate since their domain isn't included in the certificate. For Exchange EWS to work you need to set up autodiscover.

You only need to add to the edge certificate the sip domains not all the smtp domains.

David
- Proposed as answer by Lisa.zheng Thursday, October 31, 2013 9:50 AM
- Marked as answer by Lisa.zheng Wednesday, November 6, 2013 1:27 AM
Thursday, October 31, 2013 12:25 AM
0

Sign in to vote

That's just it, I won't to avoid changing my current certificate. I was under the assumption that I wouldn't have to when using the DNS Srv method?
Bulls on Parade

Thursday, October 31, 2013 12:30 AM
0

Sign in to vote

That isn't related to the difference between SIP and SMTP domains. Is related to the additional sip domains, all your users in those domains will be prompted to trust Front End/Edge certificate. Is highly recommended to add the sip.<new sip domain> to the cert in the EDGE external interface.

David

Thursday, October 31, 2013 12:40 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

sip address doesnt match primary SMTP address

Question

Answers

All replies