Category Archives: DNS

Lync DNS Records overview

21 Thursday Mar 2013

Posted by in DNS, Lync DNS Records overview, Quick Reference Guide

Leave a comment

DNS Records in a Lync world (and their usage)
Automatic Sign-in Records (used by the Lync or Communicator client to locate a Lync or OCS server to sign-in)
  1.  _sipinternaltls._tcp.
  2.  _sipinternal._tcp.
  3.  _sip._tls.
  4.  _sip._tcp.
  5. sipinternal.
  6. sip.
  7. sipexternal.
Office 365 Sign-In Records (used by the Lync or Communicator client to locate the Lync Online server to sign-in)
  
  1. sip.
  2. _sip._tls.
  Lync Devices Records (used by Lync devices to locate a home registrar)
  1.   sipinternaltls._tcp.
  2.  _sipexternal._tls.
  3.  _sipexternaltls.
  4.  ucupdates-r2.
  5.  _ntp._udp.
 Lync Simple URL Records (used by Lync if DNS is the chosen simple URL configuration)
  1.  meet.example.com
  2.  dialin.example.com
  3.  admin.example.com
Federation (used by partners to automatically discover your Edge)
_sipfederationtls._tcp.
  Lync Mobility Auto-discovery Records (used by Lync mobile clients to auto-discover the Lync mobility service)
  1. Lyncdiscover.
  2. Lyncdiscoverinternal.
XMPP Auto-discovery Records
_xmpp-server._tcp..
Advertisement

Lync Mobility – lyncdiscoverinternal vs lyncdiscover

30 Monday Apr 2012

Posted by in DNS, Lync Mobility, Lyncdiscover

Leave a comment

Lync Server 2010 Mobility supports an internal and an external automatic discovery record. The mobile client signs-in as follows:-

  1. DNS query for lyncdiscoverinternal.
  2. DNS query for lyncdiscover.

Got this great flow diagram from Brendan Carius…cheers 😉

Usually the Lync Web Services certificate assigned to the Front-end Pool is issued by an internal CA. Of course this Root CA isn’t present on Mobile devices and so not trusted. The Lync mobile client would not be able to sign-in, unless the internal root certificate was pre-installed on the device.

Its a little more tricky to deploy the Root CA to all your mobile devices so it makes more sense to NOT have a Lyncdiscoverinternal DNS record. Instead have a lyncdiscover A record (internally) pointing to the public IP of your RP.
You will need a RP rule to allow this traffic from internal – effectively hairpinning the traffic.

Even after configuring this I still got “Can’t verify certificate from the server. Please contact your support team”.

It would appear that the devices dont trust the internal certificate which makes sense. So how to fix this?

2 Options here
1. either install the Root CA on the device (defeats the point as it works as the internal anyway)
2. the only way I could get around the cert issue was to create a new listner and assign it only 80. This did require an additional IP on the TMG internal.

Another Error I got was “The server is either busy or did not respond, please try again later”

Running traces on my iPhone showed that the lync discover URL was translated to the External web services URL which wasn’t valid in the DNS of my internal connection. Once I added a CNAME to match we were sorted

Lync SRV Records

21 Saturday Jan 2012

Posted by in DNS, Lync Edge, SRV, SRV Record

Leave a comment

I was configuring a new Edge environment today and thought I’d done it enough times not to have to refer to my notes. It was at this time that I realized that I hadn’t clearly documented the different SRV record options…only noticed as I had to take a peek 🙂

Internal DNS SRV
_sipinternaltls._tcp.  #for each sip domain (multiplied by each Front End Server)
If not using split brain DNS it is wise to add a sip. A record (I usually add it either way)

External DNS SRV
_sip._tls.    #for each sip domain
_sipfederationtls._tcp.  #for each sip domain

HOWEVER…
I did come across an environment that didn’t have the ability to add SRV records externally and were  not using split brain DNS.

External DNS add the following:-
       sipexternal. point it the the Edge Server Public FQDN (the consolidated name also works as long as its in the certificate as a SAN)

Internal DNS add the following:-
     sip. pointing to the Front End Server

More details on SRV records…

Lync Auto login SRV Record
Service: _sipinternaltls
Protocol: _tcp
Priority = 0
Weight = 0
Port Number: 5061
Host:

OCS Auto login SRV Record
Service: _autodiscover
Protocol: _tls
Priority = 0
Weight = 0
Port Number: 443
Host: sip.

Federation (Autodiscover)SRV Record
Service: _sipfederationtls
Protocol: _tcp
Priority = 0
Weight = 0
Port Number: 5061
Host:

PB