locked
Lync Edge server Installation - Can we use SIP domain name for Edge pool RRS feed

  • Question

  • HI All,


    I just migrated our Lync version from 2010 to 2013 , Now am planning for Lync 2013 External access in our company.

    Am planning the Lync External access by Lync Edge server , i prepared the full deployment document for Edge server installation ,  i have some questions before start the Lync Edge pool creation.

    I have a Lync frond end pool with   Lyncserver.test.local name , and my Lync server and our users are in domain  test.local .  But  test.local  will not resolve from external , we have a external certificates with name *.test.com  , we are using this certificate for our external web sites .

    we have a SIP address for our lync server , its test.com.  we have a option to enable lync user access with test.com.


    Now my question is

    1) What domain address should i enter in my Edge server DNS suffix ?

    2) And how shoud i create my Edge server FQDN fool name ? with test.local or test.com ?

    I think other three External services (Access Edge , web conference and A/V) should be in .test.com right?  



    Please let me know the possibilities for My Edge environment.

    Thanks,
    Mani L

    Mani L

    Thursday, January 7, 2016 7:32 AM

Answers

  • 1) For the DNS suffix, if you're talking about network settings, it won't matter too much as has already been said.  If you're talking about the computer's DNS suffix for the name, this will be the name used internally so it can be test.local or test.com, whichever you prefer. 

    2) For your pool name, either .com or .local works as it's only used internally, but you can use an internal certificate authority for this interface if you'd like.

    For your external services Access, web and A/V should be test.com.  Basically, if your sip address is test.com, you'll want test.com for your external edge. If this is a small environment and you want to save a bit of money, you can name your external access edge sip.test.com and remove the need for a SAN.   However, you can't use a wildcard certificate (the common name can't be *.test.com) for the external edge, you will need to purchase a UC or SAN certificate to get the names on there. 


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, January 7, 2016 7:37 PM

All replies

  • Hello Mani!

    1.) You need no DNS-Suffix for you edge-server. The server have one connection to public and the other one to DMZ.

    2.) Your external FQDN should be with test.com, for example: access.test.com/webcon.test.com/av.test.com

    for internal communication you need also a FQDN: internaledge.test.local

    BR Norbert

    Thursday, January 7, 2016 9:03 AM
  • 1) For the DNS suffix, if you're talking about network settings, it won't matter too much as has already been said.  If you're talking about the computer's DNS suffix for the name, this will be the name used internally so it can be test.local or test.com, whichever you prefer. 

    2) For your pool name, either .com or .local works as it's only used internally, but you can use an internal certificate authority for this interface if you'd like.

    For your external services Access, web and A/V should be test.com.  Basically, if your sip address is test.com, you'll want test.com for your external edge. If this is a small environment and you want to save a bit of money, you can name your external access edge sip.test.com and remove the need for a SAN.   However, you can't use a wildcard certificate (the common name can't be *.test.com) for the external edge, you will need to purchase a UC or SAN certificate to get the names on there. 


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, January 7, 2016 7:37 PM
  • Thanks for all your answers.

    I have completed the Edge configuration setup , am using the access edge service as sip.test.com , so I need to change my login type in Lync control panel as myname@test.com for external access , am I rit?   

    so if I connect my company lync from External network or external mobile client should I enter myname@test.com  in Sign in address?  it will connect automatically ?   or should I need to specify internal or external discovery address?  

    Please advise.

    FYI - My external SRV records are with port 443 and 5061

    _sip for Tls 443 and _sipfederationtls for Tcp 5061

    Thanks,

    Mani L


    Mani L

    Friday, January 8, 2016 6:28 AM
  • Hi,

    For your Lync account, yes, you need to change it from .local to .test.com in your case if these Lync accounts want to login external the domain.

    If you have added the correctly public DNS records, then Lync client will login automatically:

    https://technet.microsoft.com/en-us/library/gg425884(v=ocs.15).aspx

    For Lync mobile client login, you have to deploy the Reverse Proxy in MZ zone.

    More details:

    https://technet.microsoft.com/en-us/library/gg398069%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Friday, January 8, 2016 7:15 AM
  • Hi All,

    i have completed my Lync Edge server setup upto Certification part with out any issue , when i try to assign a certificate for my internal edge service i cannot see my imported internal certofocate.

    i cannot login to the Lync Edge server with my local domain admin previlage since the edge server not joined to the domain , i refered many URL's for fix but nothing is working .

    i assigned external certificate with out any issue .


    When i check my imported internal certificate details in MMC am seeing below error message.

    "This certificate cannot be verified up to a trusted certification authority"


    so please anyone advise to complete the Internal edge certificate issue.

    Thanks,
    Mani L

    Mani L

    Friday, January 8, 2016 2:24 PM