Solved

Lync Server 2010 DNS records

Posted on 2011-03-03
11
1,936 Views
Last Modified: 2012-05-11
I am struggling with getting a Lync client to talk to a new server.  I've turned on logging at the client...it shows that it has to do with the SRV record, which appears to bite a lot of people.

Here's my scenario:

Lync server is intended solely for internal use and internal video conferencing.  Perhaps this will change in the future but for now that's the focus.

My real Active Directory domain is named in this format:  local.abc.net
I set my Lync SIP domain to : abc.net
I have DNS A records for dialin.abc.net, meet.abc.net and admin URL lync.abc.net
I created an SRV record for meet.abc.net

Here's the sticky part:

Our email domain is:  xyz.com

I'm sure this is where the problem lies...just not sure how to go about dealing with it on the DNS side.  Is there some kind of DNS trick that will resolve this problem?  We do not have a zone for xyz.com in our DNS.  Can this be added such that it would have NO bearing on any other network actions?  Is this the way to go?

Or...should I reinstall Lync using a SIP domain of xyz.com?  Would that not just introduce DNS problems from the "other" side?

I know I can pursue the GPO setting angle...but I want to fully know that GPO would be the *only* way to do it before I go that route.
0
Comment
Question by:RickCurtis
  • 6
  • 5
11 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 35028103

So clients are getting SIP addresses like sip:someone@abc.net ? And that's what's automatically filled in for each of your users?

If so, Lync should try to find a Service record within abc.net, which should point to the host record for the Lync server.

If you enable event logging in the client you should find it complains about all of this (if something isn't right).

Chris
0
 

Author Comment

by:RickCurtis
ID: 35028319
Perhaps there is where my knowledge of all this breaks down... client is trying to log in with user@xyz.com.  Logging *is* turned on...see first line in my original post.  Log says it's trying to find sipinternal.xyz.com, which does not exist in our DNS.

Perhaps I've overwritten something in all my experimenting...but the client *remembers* the last setting that I tried to log in as...I don't recall if there was something automatically filled in at the beginning.  Anyway, that's the way I have myself entered as a user...to log in with email address of user@xyz.com.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 35028374

lol so you did, sorry, bit sleepy today :)

> client is trying to log in with user@xyz.com

If that is their SIP address it explains why it tries to find records in the xyz.com domain. It's how auto-discovery works for Lync (and Communicator before it). I believe it picks the Email Address by default as the SIP Address when you enable the account, is this desirable?

Personally I enabled using the mail domain name (which, like yours, differs from the AD domain name), and created associated records in DNS to allow the client to connect using that domain.

Other options include pushing the Lync server name out in policy instead of relying on auto-discovery.

Chris
0
 

Author Comment

by:RickCurtis
ID: 35029629
Since this is a new install and no users deployed yet, should I just uninstall and start over using the email domain?  Won't I still have an issue in DNS with the SRV records since that domain zone does not exist?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 35029911
Which SIP domains did you select when you defined the topology?

To be honest I wouldn't really recommend stripping it out and rebuilding, seems unnecessary.

Besides, we can always create the few records you need in a way that doesn't interfere with the rest of your domain if you wish to maintain xyz.com. It's up to you really. I didn't even consider doing anything but e-mail addresses, people get confused easily enough as it is :)

You you like to try forging ahead with xyz.com? And if so, how did you generate the certificate for the server and which names did you include?

Chris
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:RickCurtis
ID: 35031299
Update...

Success...(sort of).  I created a new zone file in our internal DNS for xyz.com.  After fumbling a bit with the correct SRV and A records...the client finally connected and was happy.  

HOWEVER...

As I suspected, this screwed up our access to the externally available xyz.com which is a public website.  (It didn't affect anything outside our domain...just for internal users.)  I kinda suspected that this was what was going to happen.  So I created an internal A record for www.xyz.com on the internal zone file, fully expecting this to handle *that* little glitch...but I got:

DNS Lookup for xyz.com failed. The requested name is valid, but no data of the requested type was found

I had to delete the new zone file for now...but can easily get it back now that I know what I did.  Any ideas on this new twist?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 35031317

Yeah, the other A record needs you to leave the name field blank. Just fill in the IP. It'll create a "same as parent folder" entry and allow you to get to http://xyz.com.

If you're happy with that it's a good way to go. Alternatively we can create small zones for each of the records you need for Lync. That way you don't have to worry about your website and anything else, only Lync.

Which do you prefer?

Chris
0
 

Author Comment

by:RickCurtis
ID: 35031403
Not sure I follow you on this...

The xyz.com zone file only had the SRV and A records for Lync...until I added the www A record.  I put the external IP into the A record.  What exactly are you saying to "leave blank"?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 35031452

New Host (A) record, then leave the name field blank, and enter the external IP.

Then you can use http://xyz.com as well as http://www.xyz.com.

The lookup for xyz.com will work with that. Is that where it fell apart before?

Chris
0
 

Author Comment

by:RickCurtis
ID: 35031537
Welll not sure.  Before I put the www A record in, browsers just failed as if you did not have Internet connectivity.  As soon as I put the A record in (not blank) it gave the error I showed you.  So it seems as if it really was seeing the site at the IP level...but wasn't doing something right at the data level...if that makes sense.

I can tell you this...the external website is handled by an external marketing/hosting firm.  They do something kinda strange that I was not aware of in regards to DNS.   They have more than one website hosted at the associated IP address.  Somehow they "inspect" the request, see that the destination is for "xyz.com" and they divert it appropriately.  So...doing my *own* redirect directly to the IP address appears to be the issue here.  Does this ring any bells for you?

I realize this severely diverges from the original posted question...
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 35031708
Ah no, it's not DNS, it's a web server level operation and it's quite common.

The HTTP request (from your browser) is sent with a site name in the request header, that name is taken by the web server then used to filter the request to a specific site. I've run a few web servers on the scale in the past, you don't have to worry about what answers DNS requests.

If you wait until I'm in the office tomorrow morning I'll post explicit instructions on the other way of configuring DNS for this. Where you only answer for the SRV record and the servers Host record (sip.xyz.com, right?). Then you don't have to worry about the external host at all :)

Chris
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now