none
SIP domains, internal/external URL's RRS feed

  • Question

  • This is my first Skype server deployment so I am new to the setup process and have never used one before.

    Server 2016, Skype for business server 2015

    I have an internal domain contoso.local and external domain contosopublic.com

    I made a topology originally with the primary SIP domain as contoso.local with an external URL of tba.contosopublic.com

    The topology was full of URL's using the contoso.local

    When choosing the SIP domain for the certificate creation, it lists contoso.local.

    I want it so that external users and the certificate only see/show contosopublic.com

    I tried republishing the topology with contosopublic.com as the primary SIP domain with contoso.local as an additional SIP domain. There are 2 URL's for the meet and dialin links. I can only have 1 active dialin link.

    When going back into the certificate creation, it still only showed contoso.local as the SIP domain.

    What configuration can I use to get my desired configuration?

    Tuesday, November 19, 2019 11:20 PM

All replies

  • Hi Susan773!

    According to your description, I did a test in my environment. I changed my sip primary domain and add additional sip then republished topology.

    When going back to the certificate creation in Skype for Business Deployment Wizard, it shows two different sip domain and you can choose them as SAN.

    For more details about change SIP domain, you can refer to the following article:

    https://ucsorted.com/2014/06/24/changing-sip-domains/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best Regards,
    Jimmy Yang

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
    Wednesday, November 20, 2019 9:33 AM
  • Thanks for the reply.

    I tried the steps up to the certificate creation and got the same result - only the internal domain.

    I was able to delete the topography and create a new one though. It has the external domain as the primary and the internal domain as an additional domain.

    I did get warnings about not having permissions for the deleted items when making the new topology. Is this something I can ignore or should I look into it?

    Are there any other steps I have to do to ensure only the external domain URL's appear to outside users and on the certificate?

    On the certificate creation, do I only select the outside domain or should I select both?



    • Edited by Susan_773 Wednesday, November 20, 2019 4:10 PM
    Wednesday, November 20, 2019 3:48 PM
  • I'm trying to generate a certificate on a  Skype for business server 2015.

    I have the primary SIP domain as contosopublic.com and additional SIP domain as contosointernal.local

    The subject name line is locked on the local name of the server sbs2015.contosointernal.local.

    How do I change that or how should I change the topology deployment so the subject name line is tba.contosopublic.com?

    I want it so no contosointernal.local shows up on the certificate and everything still works.

    I do have the admin URL as a contosointernal.local as I don't want that accessible to the ouside.

    Thanks

    Thursday, November 21, 2019 4:48 PM
  • Hi Susan_773!

    Do you add AD CS Role in your AD server before you deploy Skype for Business Server 2015?

    If you just want to deploy Skype for Business Server in internal domain, you can only select the internal domain as sip primary domain. You can also select both on the certificate creation if you have internal and external domain.

    Best Regards,
    Jimmy Yang

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
    Friday, November 22, 2019 10:45 AM
  • Thanks for the reply.

    I have a AD CS server as a separate Hyper-V VM on another box. The VM was installed after Skype setup was started on another Hyper-V VM.

    I want to deploy Skype so separate buildings can do video conferencing so it needs to go outside of the building.

    I want to avoid flashing my internal domain and server name on the certificate if I can avoid it if it is visible to the public. As it stands, the subject name line of the certificate creation shows servername.contosointernal.local.

    My current topology has the primary SIP domain as contosopublic.com with contosointernal.local as an additional domain.

    The pool FQDN is servername.contosointernal.local so I think that the certificate creator is using that but the topology won't publish if it's anything else.

    Saturday, November 23, 2019 3:53 AM
  • Hi Susan_773!

    If you want to deploy video conference in your topology, you can refer to the following official document:

    https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy-conferencing/deploy-conferencing#BKMK_ChecklistWebConferencing

    The default certificate’s subject name for standard Edition servers is FQDN of the Pool. If you have multiple SIP domains and have enabled automatic client configuration, the certificate wizard detects and adds each supported SIP domain FQDNs.

    For more details about certificate for your internal servers, you can refer to:

    https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/requirements-for-your-environment/environmental-requirements

    Best Regards,
    Jimmy Yang

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
    Wednesday, November 27, 2019 10:00 AM
  • Hello,

    why do you use separate sip domaine ?

    the easiest way (and practical and common too) is to use same SIP for internal and external.

    Olivier

    Wednesday, November 27, 2019 10:24 AM
  • Hi Susan_773,
    Is there any update on this case?
    Please feel free to drop us a note if there is any update.
    Have a nice day!


    Best Regards,
    Jimmy Yang

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
    Monday, December 2, 2019 10:06 AM