Hello Lync Fans !
I'm having some trouble with my Lync lab 2013 Hosting Pack deployment. I use Director pool to authenticate users but i'm not sure about DNS requirements for this pool.
I don't find a lot of documentation on this role...
For information all my users are external.
I work with HLB and this one act as reverse proxy too. I have followed the very good documentation found on aloha website so i presume my HLB is correctly configured.
I have two problems :
1) Lync client (external) sign-in works ONLY when port 5061 is open on my HLB external Front-End vIP (and not redirected to port 4443), so i don't understand because this port must be open on internal "side" not external one...
2) Lync autodiscover test on OCS connectivity with user@domainA.com give me SSL error on the name lyncdiscover.domainA.com. This DNS record is a CNAME point to lyncdiscover.hoster.com, and this one is in my SAN certificate.
Ocs test is able to deals with CNAME record ?
Any king of help will be highly appreciated :)
Topology :
Servers : Front End pool
DNS external name : FEpool.hoster.com -> point to vIP on HLB
Ports open : 443
External IP : 1.1.1.1
Redirect to : FE private IP address on port 4443
-
DNS internal : FEpool.hoster.com -> point to my HLB
Ports open : 80,135,443,444,448,4443,5060,5061,5065,5069,5070,5071,5072,5073,5074,5075,5076,5080,8080
Internal IP : 10.x.x.200
Redirect to : FE private IP address
---
Servers : Edge pool
DNS external names : Edgepool.hoster.com & sip.edgepool.hoster.com & conf.edgepool.hoster.com & av.edgepool.hoster.com -> point to vIP on HLB
Note : One single public IP address is used (AV port = 5062, Conf port = 5063, Sip port = 443)
Ports open : 443, 5061, 5062, 5063
External IP : 2.2.2.2
Redirect to : Edge server public IP address
-
DNS internal name : Edgepool.hoster.com
Ports open : 443, 5061, 5062, 8057
Redirect to : Edge private IP address
Internal IP : 10.x.x.201
---
Servers : Director pool
DNS exernal name : Dirpool.hoster.com -> point to vIP on HLB
Ports open : 443
External IP : 3.3.3.3
Redirect to : Director private IP address on port 4443
-
DNS internal name : Dirpool.hoster.com
Ports open : 80,443,444,44443,5061,8080
Internal IP : 10.x.x.202
Redirect to : Director private IP address
---
DNS requirement for hoster :
A : lyncdiscover.hoster.com -> External name Director pool (does this DNS entry need to point to my Director ?)
A : sip.hoster.com -> External name Edge pool (does this DNS entry need to point to my Director ?)
A : meet.hoster.com -> External name Director pool
A : dialin.hoster.com -> External name Director pool
+ all DNS external/internal names above
DNS requirement for domainA :
SRV : _sip_tls.domainA.com port 443 to SIP Edge address (does this DNS entry need to point to my Director ?)
CNAME : sip.domainA.com to SIP Edge address (does this DNS entry need to point to my Director ?)
CNAME : lyncdiscover.domainA.com to lyncdiscover.hoster.com
---
Certificate on Front-End :
FEpool.hoster.com, meet.hoster.com, dialin.hoster.com
Certificate on Edge :
Edgepool.hoster.com, sip.edgepool.hoster.com, conf.edgepool.hoster.com, av.edgepool.hoster.com, lyncdiscover.hoster.com
Certificate on Director :
Dirpool.hoster.com, meet.hoster.com, dialin.hoster.com, lyncdiscover.hoster.com
I'm having some trouble with my Lync lab 2013 Hosting Pack deployment. I use Director pool to authenticate users but i'm not sure about DNS requirements for this pool.
I don't find a lot of documentation on this role...
For information all my users are external.
I work with HLB and this one act as reverse proxy too. I have followed the very good documentation found on aloha website so i presume my HLB is correctly configured.
I have two problems :
1) Lync client (external) sign-in works ONLY when port 5061 is open on my HLB external Front-End vIP (and not redirected to port 4443), so i don't understand because this port must be open on internal "side" not external one...
2) Lync autodiscover test on OCS connectivity with user@domainA.com give me SSL error on the name lyncdiscover.domainA.com. This DNS record is a CNAME point to lyncdiscover.hoster.com, and this one is in my SAN certificate.
Ocs test is able to deals with CNAME record ?
Any king of help will be highly appreciated :)
Topology :
Servers : Front End pool
DNS external name : FEpool.hoster.com -> point to vIP on HLB
Ports open : 443
External IP : 1.1.1.1
Redirect to : FE private IP address on port 4443
-
DNS internal : FEpool.hoster.com -> point to my HLB
Ports open : 80,135,443,444,448,4443,5060,5061,5065,5069,5070,5071,5072,5073,5074,5075,5076,5080,8080
Internal IP : 10.x.x.200
Redirect to : FE private IP address
---
Servers : Edge pool
DNS external names : Edgepool.hoster.com & sip.edgepool.hoster.com & conf.edgepool.hoster.com & av.edgepool.hoster.com -> point to vIP on HLB
Note : One single public IP address is used (AV port = 5062, Conf port = 5063, Sip port = 443)
Ports open : 443, 5061, 5062, 5063
External IP : 2.2.2.2
Redirect to : Edge server public IP address
-
DNS internal name : Edgepool.hoster.com
Ports open : 443, 5061, 5062, 8057
Redirect to : Edge private IP address
Internal IP : 10.x.x.201
---
Servers : Director pool
DNS exernal name : Dirpool.hoster.com -> point to vIP on HLB
Ports open : 443
External IP : 3.3.3.3
Redirect to : Director private IP address on port 4443
-
DNS internal name : Dirpool.hoster.com
Ports open : 80,443,444,44443,5061,8080
Internal IP : 10.x.x.202
Redirect to : Director private IP address
---
DNS requirement for hoster :
A : lyncdiscover.hoster.com -> External name Director pool (does this DNS entry need to point to my Director ?)
A : sip.hoster.com -> External name Edge pool (does this DNS entry need to point to my Director ?)
A : meet.hoster.com -> External name Director pool
A : dialin.hoster.com -> External name Director pool
+ all DNS external/internal names above
DNS requirement for domainA :
SRV : _sip_tls.domainA.com port 443 to SIP Edge address (does this DNS entry need to point to my Director ?)
CNAME : sip.domainA.com to SIP Edge address (does this DNS entry need to point to my Director ?)
CNAME : lyncdiscover.domainA.com to lyncdiscover.hoster.com
---
Certificate on Front-End :
FEpool.hoster.com, meet.hoster.com, dialin.hoster.com
Certificate on Edge :
Edgepool.hoster.com, sip.edgepool.hoster.com, conf.edgepool.hoster.com, av.edgepool.hoster.com, lyncdiscover.hoster.com
Certificate on Director :
Dirpool.hoster.com, meet.hoster.com, dialin.hoster.com, lyncdiscover.hoster.com
Cordialement,
Jordan
Ingénieur systèmes - OPENHOST
Si vous trouvez ma réponse utile, merci de voter ;)