Lync 2013 Multi-tenant

We have one single Win 2012 native AD environment with Exchange 2013, and Lync 2013. The exchange we use 4 domains and it works perfectly. We want to use multiple SIP domains in single standard frontend server with Edge and Reverse proxy.

Steps i did to add multiple sip domains:
1. Add the new SIP domain to the Topology.
2. Create DNS records for simple URLs both internal and external
3. SAN UCC certificates to support Auto configuration and simple URLs (both internal and external)
4. Run Enable-CSComputer on each Pool.
5. Export the configuration and import it to Edge server
6, configure IIS ARR Reverse proxy for multiple sip domains

Did i missed anything?

What are the SAN requirement for each sip domains

namespace hosts AD and Exchange and Lync sip primary domain.

I want to add following sip domain in lync 2013.

What is the requirement for additional SAN names? Can i use wild card certificate is that supported?

Please help
LVL 13
Ganesh Kumar ASr Infrastructure SpecialistAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
A complete list of the resources for setting up Lync Multi-tenant is available @

you need to be using the enterprise edition and download the pack from MVLSC
Ganesh Kumar ASr Infrastructure SpecialistAuthor Commented:
I read all these articles before, i am looking for specific certificate consideration using SAN names. We have budget to use the lync standard edition. Hence i want to know if i should use wild card certificate instead of buying plenty of san names in certificate. Is there any way we can reduce the SAN names in certificate for the group company. We can use common name to authenticate with shared default AD netbios names with sip address for logging on the client.

I read the : and 

It appears that wildcard certificate is supported. But i want to know if this is recommended.

can i use only,, and

and,,, and,, and and meet urls like above. Does this way works?
ChrisSenior Technical ArchitectCommented:
i have been told to avoid the wildcard certs, lync preferes the named SAN route.

How separate do you need the multi tenant to be as you could consolidate your simple urls but i would guess completely separate.
If you put it on a HLB then you could use that to present and re encrypt the traffic making it easy have one lot of certificates on there and only 1 cert on the internal servers
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Ganesh Kumar ASr Infrastructure SpecialistAuthor Commented:
so will this works?

If i buy normal UCC san certificates with SAN names as follows.,,,,,,,
Ganesh Kumar ASr Infrastructure SpecialistAuthor Commented:
The issue is resolved by adding multiple san names for each domain especially meet and dialin and lyncdiscover URLs in public certificate. It is only one single certificate.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ganesh Kumar ASr Infrastructure SpecialistAuthor Commented:
Practically adding multiple SAN names worked, i was having doubts on dialin and meet urls and will it work. But it worked perfectly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Chat / IM

From novice to tech pro — start learning today.