[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Lync Server 2010 DNS records

Posted on 2011-03-03
11
Medium Priority
?
1,959 Views
Last Modified: 2012-05-11
I am struggling with getting a Lync client to talk to a new server.  I've turned on logging at the client...it shows that it has to do with the SRV record, which appears to bite a lot of people.

Here's my scenario:

Lync server is intended solely for internal use and internal video conferencing.  Perhaps this will change in the future but for now that's the focus.

My real Active Directory domain is named in this format:  local.abc.net
I set my Lync SIP domain to : abc.net
I have DNS A records for dialin.abc.net, meet.abc.net and admin URL lync.abc.net
I created an SRV record for meet.abc.net

Here's the sticky part:

Our email domain is:  xyz.com

I'm sure this is where the problem lies...just not sure how to go about dealing with it on the DNS side.  Is there some kind of DNS trick that will resolve this problem?  We do not have a zone for xyz.com in our DNS.  Can this be added such that it would have NO bearing on any other network actions?  Is this the way to go?

Or...should I reinstall Lync using a SIP domain of xyz.com?  Would that not just introduce DNS problems from the "other" side?

I know I can pursue the GPO setting angle...but I want to fully know that GPO would be the *only* way to do it before I go that route.
0
Comment
Question by:RickCurtis
  • 6
  • 5
11 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35028103

So clients are getting SIP addresses like sip:someone@abc.net ? And that's what's automatically filled in for each of your users?

If so, Lync should try to find a Service record within abc.net, which should point to the host record for the Lync server.

If you enable event logging in the client you should find it complains about all of this (if something isn't right).

Chris
0
 

Author Comment

by:RickCurtis
ID: 35028319
Perhaps there is where my knowledge of all this breaks down... client is trying to log in with user@xyz.com.  Logging *is* turned on...see first line in my original post.  Log says it's trying to find sipinternal.xyz.com, which does not exist in our DNS.

Perhaps I've overwritten something in all my experimenting...but the client *remembers* the last setting that I tried to log in as...I don't recall if there was something automatically filled in at the beginning.  Anyway, that's the way I have myself entered as a user...to log in with email address of user@xyz.com.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 35028374

lol so you did, sorry, bit sleepy today :)

> client is trying to log in with user@xyz.com

If that is their SIP address it explains why it tries to find records in the xyz.com domain. It's how auto-discovery works for Lync (and Communicator before it). I believe it picks the Email Address by default as the SIP Address when you enable the account, is this desirable?

Personally I enabled using the mail domain name (which, like yours, differs from the AD domain name), and created associated records in DNS to allow the client to connect using that domain.

Other options include pushing the Lync server name out in policy instead of relying on auto-discovery.

Chris
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:RickCurtis
ID: 35029629
Since this is a new install and no users deployed yet, should I just uninstall and start over using the email domain?  Won't I still have an issue in DNS with the SRV records since that domain zone does not exist?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35029911
Which SIP domains did you select when you defined the topology?

To be honest I wouldn't really recommend stripping it out and rebuilding, seems unnecessary.

Besides, we can always create the few records you need in a way that doesn't interfere with the rest of your domain if you wish to maintain xyz.com. It's up to you really. I didn't even consider doing anything but e-mail addresses, people get confused easily enough as it is :)

You you like to try forging ahead with xyz.com? And if so, how did you generate the certificate for the server and which names did you include?

Chris
0
 

Author Comment

by:RickCurtis
ID: 35031299
Update...

Success...(sort of).  I created a new zone file in our internal DNS for xyz.com.  After fumbling a bit with the correct SRV and A records...the client finally connected and was happy.  

HOWEVER...

As I suspected, this screwed up our access to the externally available xyz.com which is a public website.  (It didn't affect anything outside our domain...just for internal users.)  I kinda suspected that this was what was going to happen.  So I created an internal A record for www.xyz.com on the internal zone file, fully expecting this to handle *that* little glitch...but I got:

DNS Lookup for xyz.com failed. The requested name is valid, but no data of the requested type was found

I had to delete the new zone file for now...but can easily get it back now that I know what I did.  Any ideas on this new twist?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35031317

Yeah, the other A record needs you to leave the name field blank. Just fill in the IP. It'll create a "same as parent folder" entry and allow you to get to http://xyz.com.

If you're happy with that it's a good way to go. Alternatively we can create small zones for each of the records you need for Lync. That way you don't have to worry about your website and anything else, only Lync.

Which do you prefer?

Chris
0
 

Author Comment

by:RickCurtis
ID: 35031403
Not sure I follow you on this...

The xyz.com zone file only had the SRV and A records for Lync...until I added the www A record.  I put the external IP into the A record.  What exactly are you saying to "leave blank"?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35031452

New Host (A) record, then leave the name field blank, and enter the external IP.

Then you can use http://xyz.com as well as http://www.xyz.com.

The lookup for xyz.com will work with that. Is that where it fell apart before?

Chris
0
 

Author Comment

by:RickCurtis
ID: 35031537
Welll not sure.  Before I put the www A record in, browsers just failed as if you did not have Internet connectivity.  As soon as I put the A record in (not blank) it gave the error I showed you.  So it seems as if it really was seeing the site at the IP level...but wasn't doing something right at the data level...if that makes sense.

I can tell you this...the external website is handled by an external marketing/hosting firm.  They do something kinda strange that I was not aware of in regards to DNS.   They have more than one website hosted at the associated IP address.  Somehow they "inspect" the request, see that the destination is for "xyz.com" and they divert it appropriately.  So...doing my *own* redirect directly to the IP address appears to be the issue here.  Does this ring any bells for you?

I realize this severely diverges from the original posted question...
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35031708
Ah no, it's not DNS, it's a web server level operation and it's quite common.

The HTTP request (from your browser) is sent with a site name in the request header, that name is taken by the web server then used to filter the request to a specific site. I've run a few web servers on the scale in the past, you don't have to worry about what answers DNS requests.

If you wait until I'm in the office tomorrow morning I'll post explicit instructions on the other way of configuring DNS for this. Where you only answer for the SRV record and the servers Host record (sip.xyz.com, right?). Then you don't have to worry about the external host at all :)

Chris
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Resolve DNS query failed errors for Exchange
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses
Course of the Month19 days, 13 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question