locked
Proper CsOauthConfiguration RRS feed

  • Question

  • Hello,

    I am wondering about how to properly set up CsOauthConfiguration for my topology. From what I was able to google out, the configuration should look like this:

    (I borrowed this from Jeff Schertz blog just to display how it should look like).

    But, what if I have multiple SMTP domains, and in result, multiple ExchangeAutodiscover urls?

    Exchange web services are reachable for various subsidiaries via various links, like:

    Office1: https://autodiscover.office1.com/autodiscover/autodiscover.svc

    Office2: https://autodiscover.office2.com/autodiscover/autodiscover.svc

    Office3 etc etc 

    Which is the correct ExchangeAutodiscoverURL parameter that should be used? Because I have only "global" CsOauthConfiguration that I can modify. Should I use just one url and specify all the other domains in ExchangeAutodiscoverAllowedDomains?

    Thank you,

    Tomas

    Tuesday, February 5, 2019 2:59 PM

All replies

  • Hi Tomas,

    Yes, you could only set one value for the ExchangeAutodiscoverUrl. You could set the SMTP domain which is same as SIP domain as the value of ExchangeAutodiscoverUrl, then you could follow the steps below to configure the other SMTP domains:

    • Disable email comparison for Lync users on the Lync server
      • In the Lync server Management shell, run “Set-CsClientPolicy -DisableEmailComparisonCheck $true”
    • On the internal DNS server, create a Forward Lookup Zone for each SMTP domain in your organization.
      • For example:  diffcontoso.com
    • Add a DNS A record, autodiscover.<SMTP Domain> to each Forward Lookup Zone for each SMTP domain in your organization
      • For example: autodiscover.diffcontoso.com
    • Add autodiscover.<SMTP Domain> to the Subject Alternative Name on the Exchange cert
      • autodiscover.diffcontoso.com
    • Use Group Policy to modify the TrustModelData registry value

    Detail about this you could refer to the similar case


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by woshixiaobai Wednesday, February 6, 2019 2:30 AM
    Wednesday, February 6, 2019 2:30 AM
  • Hello,

    thank you for your reply. The thing is, we have multiple sip domains and for those, corresponding smtp domains. So, which one would you suggest to select as the proper one to put into OAuth configuration? The one that is set as "IsDefault" when you run Get-CsSipDomain?

    And, what effect will it have on users with different sip/smtp domains? Isnt it going to "turn off" exchange - lync integration features for them?

    Thank you,

    Tomas

    Wednesday, February 6, 2019 11:02 AM
  • Hi Tomas,

    Bases on my experience, if you have configured another SIP Domains as addition sip domain in the SFB topology, you could do integration between Exchange and SFB with multiple SMTP domains and SIP domains. You could use the default SIP domain to do the integration. 

    For this, you must have DNS records and certificates configure correctly. Details about how to configure addition SIP domain you could refer to the document: Adding Additional Sip Domains to Already Deployed Lync Environment.   

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by woshixiaobai Tuesday, February 12, 2019 6:14 AM
    Monday, February 11, 2019 7:19 AM
  • Hi Tomas,

    Is there any update for this issue? If the reply is helpful to you, please try to mark it as an answer, it will help others who have the similar issue.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, February 13, 2019 7:05 AM