Lync 2013 certificate requirements for multiple SIP domains

Hi All,
I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
Friendly URL option 3 from this page:
http://technet.microsoft.com/en-us/library/gg398287.aspx
Client auto-configuration:
i.     
Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
ii.     
Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
iii.     
Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
HTTPS.
If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
Many thanks,

Many thanks for the response.
I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
http://technet.microsoft.com/en-us/library/gg398287.aspx
What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
http://technet.microsoft.com/en-gb/library/hh690030.aspx
Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
to an address of director.contoso.net is not supported over HTTPS.
In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
rule for port 80 (HTTP).
For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
domain.”
I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
As per the below article:
http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
“The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field.  This is no longer a requirement (it was in OCS) as it is possible to
create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net). 
This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
the same domain namespace.  Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
===================
1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
fall under the XXX umbrella but are very much run as individual entities.
Question:
Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
Thanks.

Similar Messages

  • Lync 2013 federation failing for a specific domain

    Hello,
    We have recently migrated to Lync 2013 and noticed that one of the domains we federate with is unable to federate with us.
    we are getting the following error:
    Log Name:      Lync Server Source:        LS Protocol Stack  Event ID:      14428 Task Category: (1001)
    Level:         Error Keywords:      Classic User:          N/A Computer:      server.fqdn.com Description: TLS outgoing connection
    failures.
    Over the past 28 minutes, Lync Server has experienced TLS outgoing connection failures 4 time(s). The error code of the last failure is 0x80090325(SEC_E_UNTRUSTED_ROOT) while trying
    to connect to the server "sip.example.com" at address [10.10.10.10:5061], and the display name in the peer certificate is "Unavailable". Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to
    reach the peer server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is
    not trusted by the local machine. Resolution: Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check
    that all addresses returned by DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local
    machine.
    Thanks

    Thanks Michael.
    That worked for one of two issues I'm seeing, I did use the same steps for the second issue but it didn't seem to work, I have imported the CA of the domain we would like to federate with to the trusted root certification authorities and the intermediate
    certification authorities per the certificate issuer's website guidelines. I did learn that the federated partner is also using OCS 2007 R2, not sure if this may have to do with this.
    Over the past 30 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80072746 while trying to connect to
    the server "ocs.example.com" at address [10.10.10.10:5061], and the display name in the peer certificate is "ocs.example.com". Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer server. Target
    principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is not trusted by the local machine.
    Resolution: Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses returned by
    DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.

  • Certificate Requirement for Lync 2013 Standard Edition

    I have successfully run the setup of lync 2013 standard edition now I am stuck due to certificates required for lync 2013. when I generate a csr. it show the subjected urls for that.
    hostname.domain.com
    sip.domain.com
    diali.domain.com
    meet.domain.com
    admin.domain.com
    lyncdiscover.domain.com
    lyncdiscoverinternal.domain.com
    im.domain.com (External URL)
    so if I go for 3 party CA then I need 8 certicate only for internal lync. As I also need to connected federated partner and external user so I need Edge for again I need 3 more certificates
    web.domain.com
    a/v.domain.com
    sip.domain.com
    now when I go for these certificate it quit costly and I didn't understand why such certifcates required. can anyone help me to fix such requirement.
    Or, what are the necessary url to which I buy 3 party CA rest leave as it is.
    I also want to deploy Edge with single adopter as we have only one network so can anyone assist me to proceed it further.
    Talha Faraz Malik

    To save on the cost of your third party certificates, I would deploy an internal certificate authority to sign certificates for your internal front end.   For your third party certificate, you would only need the SANs for the edge and for your
    reverse proxy and as Edwin said, this can be a single cert with multiple SANs.
    For example, for your edge you would need:
    sip.domain.com
    web.domain.com
    You would not need A/V as this role does not require a SAN on your certificate.  On the same certificate, which you could also use on your reverse proxy, you'd likely want the following FQDNs.
    lyncdiscover.domain.com
    im.domain.com (your external web services FQDN)
    meet.domain.com
    dialin.domain.com
    You may also want to consider your internal web services FQDN and include the following so third party mobile devices can connect without needing a certificate installed:
    im_internal.domain.com (your internal web services FQDN)
    lyncdiscoverinternal.domain.com
    I'm sure that's not entirely clear yet, so feel free to ask more questions or what the purpose of each is. 
    When you say Edge with a single adapter, you mean a single adapter in a DMZ or internal?  You definably want two NICS, both in separate DMZs, but I've managed to get the edge working with a single adapter in a DMZ before.  What you don't want is
    the edge in your internal network.
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications
    This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • How would I request skype for two sip domains and one edge

    I have a could logistic questions.
    scenario:
    1 edge server : lync-edge-access.domain1.com (fqdn of access server)
    2 sip domains: domain1.com and domain2.com
    public certificate with SN: lync-edge-access.domain1.com as well as all of the SAN's including sip.domain1.com and sip.domain2.com
    3 A records with the same IP: sip.domain1.com, sip.domain2.com, lync-edge-access.domain1.com.
    2 srv records pointing to sip.domain1.com and sip.domain2.com on port 5061. (since they have the same IP as lync-edge-access.domain1.com and that servers certificate has names for all of them I figure this is a correct method to set them up.
    My first question was when I requested my federation with Skype via Microsoft with my license agreement number it asked me for the fqdn of my access edge server. I figured this would be lync-edge-access.domain1.com. It then asked me for my sip domains and
    I added two, domain1.com and domain2.com. Did I do this correctly or should I have put in two requests, one for fqdn of sip.domain1.com and sip domain of domain1.com and one for sip.domain2.com and domain domain2.com. Or should I change my srv records to both
    point to lync-edge-access.domain1.com?
    Currently when I am looking for contacts in Skype I cant find my accounts and vice versa if I add an account in lync for Skype it just reports offline. so I figure I did something wrong with my logic above. I can easily request an update but I want to make
    sure I get it right this time.
    Thanks
    Loren
    Loren Hudson

    Hi Loren
    As far as I know, you could add one or more SIP domain names at the same time.
    To initiate the provisioning process for Lync-Skype connectivity:
    1.Sign in to the website, https://pic.lync.com, using your Microsoft Windows Live ID.
    2.Select the Microsoft licensing agreement type.
    3.Select the check box, verifying that you have read and accept the Product Use Rights for Lync Server.
    4.On the Initiate a Provisioning Request page, click the appropriate link to initiate a provisioning request:
    5.On the Specify Provisioning Information page, enter the Access Edge service FQDN. For example, accessedge.contoso.com.
    6.Enter at least one or more SIP domain names, and then click Add.
    7.In the list of
    Public IM Service providers, select
    Skype, and click
    Next to add contact information, and submit the provisioning request.
    Click the link below for more information.
    Accessing the Lync Server public IM connectivity provisioning site from Lync Server 2013
    http://technet.microsoft.com/en-us/library/dn440174.aspx
    Hope it can be helpful.
    Best regards,
    Eric

  • CUPS 8.6 - Supporting Multiple SIP Domains on a per-user basis

    Working on a CUPS 8.6 PoC with a customer who currently is running a deployed OCS environment. 
    Users all sign into a single domain internally but have multiple SMTP domains for email as this customer has many different companies they have aquired.
    OCS  is able to support and route multiple SIP domains by specifing the SIP address under AD User settings such that two users both signed into the same OCS server can send IM's to each other even though they have different SIP addresses.  sip:[email protected] , sip:[email protected]
    CUPS on the other hand does not seem to allow this on a per-user basis.  It places every user in the sip domain that the server is a member of.
    The Jabber client allows you to specify a domain but I am not how this is used as the actual user account in CUPS is only ever the one domain and if you try and specify a different domain in the Jabber Connection Settings, it will not allow you to login.
    It is not a big deal for internal communications if everyone is on the same domain, but where it is important is for future B2B IM.  Users need to be able to give out THEIR IM address with THEIR respective domain.
    Does anyone else know for a fact that I will only be able to have one domain per CUP cluster?
    Any thoughts on this design?

    Not sure on the design perspective but as for CUPS Domain, we can only have single domain per cluster. As you have already found out that for any user licensed for CUPS, their IM address would be userid@CUPSDomain
    CUPS does have funtionality of federating with foreign domains such as AOL/GoogleTalk/WebEx Connect.

  • Lync 2013 standard server for 3000

    Planning to deploy Lync 2013 standard server for 3000 users, IM/presence, Audio/video, persistence chat, monitoring/archive. external access required so 1 edge server in DC and 1 in DR. No enterprise voice. DC and DR are corrected with dark fiber
    one lync 2013 standard server in DC and 1 in DR. 1 edge server in DC and  1 Edge server in D R.have couple of queries. 
    1. can i get HA while doing server pairing in DC and DR?
    2. how much time will it take for frontend failover if my frontend server is down in DC.
    3. how much time will take for external access failover in DC and DR?
    4. are there any potential risks if using standard version instead of enterprise? 
    Basically client  need cost effective solution  as lync is not critical for him, does not want to use 3 FE servers in DC and 3 FE in DR to achive HA.  want to achieve the solution with standard servers.

    1) HA typically refers to automatic failover, so not with Standard edition, but you can get manual failover with this with nearly full functionality.
    2) Again, this is manual, but once invoked less than 20 minutes I'd think, possibly faster, only testing invoke-failover will tell you for sure but it won't be too bad.
    3) This involves a topology change to change the federation route, possibly next hop for the edge, and possibly media path for a front end pool.  That can be completed and replicated in under a minute.  You may want to point your external simple
    URLs and such (lyncdiscover) at the remaining server, this may be a DNS change to point to a separate reverse proxy.  Your _sipfederationtls._tcp SRV record can have a lower matching partner as well, but I typically prefer to keep low TTLs on the external
    DNS records so they can be changed quickly.
    4) Sure, no automatic failover, your scalability is limited without building out new pools later, no SQL backend that can be mirrored for a bit more resiliency.  But again, you can manually failover without issue, you just have to be able to tolerate
    a short outage.
    Technically, you'd only need 1 FE in the DR site.  You have to match Ent/Ent or Std/Std in a pool pair, but the number of servers don't need to match.  Still, the HLB and SQL requirements can be costly so I understand this.
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Certificate Requirement for Microsoft RDS 2012

    Hi All,
    I planning to deploy RDS VDI and remote app service, Please help me to understand the certificate
    requirement for server authentication, publication, SSO , etc.
    Internet URL is
    https://RDSVDI.domain.net
    My servers are in .local 
    RD Licensing Server--------RDSLICSVR.Domain.LOCAL
    RD Connection Broker-----RDSCB.Domain.LOCAL
    RD Web Access------------RDSWEBSVR.Domain.LOCAL
    RD Session Host-----------RDSSHSVR.Domain.LOCAL
    RD Visualization Host-------RDSVHSVR.Domain.LOCAL
    RD Gateway Server -------RDGWSVR.Domain.LOCAL
    What kind of Certificate do i required to launch Desktop and RemoteApp without any error.

    Hi,
    1. I would recommend a wildcard certificate (*.domain.net) purchased from a trusted public authority such as GoDaddy, VeriSign, Thawte, etc.  This wildcard certificate would be used for all RDS purposes.
    2. On the internal network you will need to create a DNS zone for domain.net with A records pointing to the private ip addresses, similar to the following:
    rdsvdi.domain.net --> private ip address of your RD Web server
    rdscb.domain.net --> private ip address of your RD Connection Broker
    rdsgwsvr.domain.net --> private ip address of your RD Gateway server (this is only needed if you want to use RDG for internal users)
    3. On the Internet you will need DNS records similar to the following:
    rdsvdi.domain.net --> public ip address for your RD Web server
    rdgwsvr.domain.net --> public ip address for your RD Gateway server
    4. You will need to change the published FQDN for your RDS deployment to rdscb.domain.net using the cmdlet below:
    Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
    http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
    5. You may need to modify your RD RAP in RD Gateway Manager. For example, you could edit the properties of the RD RAP, Network Resource tab, and select Allow users to connect to any network resource.
    6. You should make sure that all client PCs have RDP 8.1 Client (6.3.9600) installed for best results connecting to Server 2012 R2.
    7. For domain-joined PCs you may choose to set the SHA thumbprint of your certificate via group policy setting so that they will not be prompted when launching RemoteApps.
    8. It is preferred for users to use IE to connect to RD Web Access and select the Private option if possible (as long as the PC is not public).  When prompted they should Allow the Activex control to run.
    -TP

  • Which of the following is required for multiple Company Codes assigned to s

    Which of the following is required for multiple Company Codes assigned to same Company ?                                   
    Same Chart of Accounts                                   
    Same Currency                                   
    Same Fiscal Year

    hi,
    if multiple companies are dependent on each other then you have to follow the below as same for all companies.
    Same CoA
    Same ItemMaster Data
    Same WareHouses
    Same BP Master Data
    Same Currency
    same fiscal year
    and few more master datas which ever necessary.
    if they are independant on each other then no need to maintain the same codes.
    regards,
    varma

  • Lab setup multiple SIP domains for federation

    I have been setting up multiple Lync 2013 lab environments and have a question about my external DNS environment. I have installed server 2012R2 on the host running the lab with its own domain (contoso.local). I have this server which hosts a separate domain,
    Hyper-V and a CA, this is what I am using for my external environment. The network IP is 10.0.0.0/16.
    I set up a server called vRouter that has 3 NICs. In Hyper-v I have 3 virtual switches configured. One for the External environment - 10.0.0.0/16 (not necessary for lab, setup to transfer needed files from internet to VMs), one for 192.168.1.0/24, and one
    with 192.168.2.0/24. The virtual router has RRAS installed and can route traffic between 192.168.1.0/24 and 192.168.2.0/24.
    My VMs for the lab are as follows.
    1test.local
    AD1.1test.local -192.168.1.100
    FE1.1test.local - 192.168.1.200
    Edge1 - 192.168.1.210int, 10.0.5.10ext
    2test.local
    AD2.1test.local -192.168.1.100
    FE2.1test.local - 192.168.1.200
    Edge2.1test.local - 192.168.1.210int, 10.0.6.10ext
    Both environments have users that can log into lync and message each other.
    When installing the Edge servers I used the same FQDN and IP for the external interface since all ports are open and firewalls have been disabled internally. I installed the internal certificate from the AD server which has CA role in each environment. On
    the external device I used the Host's CA to get certificates for both Edge servers. The Edge servers have 2 NICs one on their expected internal environment with no Gateway. And one on the external environment. These servers are not part of any domain. however
    I did add the contoso.local to the primary DNS suffix when domain membership changes under system properties. I then created the two following A records on the host computer (10.0.0.0\16 network, contoso.local) to be able to see router their external traffic.
    Edge1.contoso.local 10.0.5.10
    Edge2.contoso.local 10.0.6.10
    Both of these FQDNs are what is in my topology for the Access Edge service, Web Conferencing Edge Service, and A/v Edge Service with the same IP using different ports in both environments.
    Both environments are set up to support the other SIP domain. However when I try to add a user from the other domain I cannot communicate with that user nor see their presence.
    I looked over my external DNS settings and realized that I had not set a SRV record on the 10.0.0.0\16 network(external).
    I then realized that if I try to add the traditional _sipfederationtls._tcp.contoso.local I will have 2 conflicting entries.
    One for:
    _sipfederationtls._tcp.contoso.local - 10.0.5.10 (1test.local edge)
    and one for:
    _sipfederationtls._tcp.contoso.local - 10.0.6.10 (2test.local edge)
    Should I spin up another VM and make that a DC with a CA and trust it to the host computer, set up conditional forwarders. Something like Trust.local and correct the DNS, topology builder FQDN, and certificates on the second edge server?
    Edge2.trust.local
    Or can I add a new zone to my host computer then correct the DNS, topology builder FQDN, Certificates?
    Or am I missing another external DNS record on my contoso.local environment?
    Can I set up a CNAME entry that will mask the second edge server?
    Any input would be appreciated.
    Thanks

    If contoso.com is not a sip domain, then you won't need that DNS record at all.  Those records are autodiscover records that Lync uses based upon the sip domain. 
    So you'd need
    _sipfederationtls._tcp.1test.local
    and
    _sipfederationtls._tcp.2test.local
    What effectively happens, is when someone on the outside tries to IM
    [email protected], their Lync edge server will see the 1test.local and query the appropriate above record for it so it knows where to communicate.
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Lync 2013 Certificates for DR Pool

    Hello, I'm kind of new to Lync 2013 so I could use a little guidance.....  
    My question is regarding edge server certificates for my DR site. We have 2 geographic locations, one for Prod, and one for DR in an active/passive arrangement. The pools are paired for resiliency.
    The prod site is up and running, everything is functioning as it should. We recently decided to deploy Lync in DR. The prod site is using sip.x.com in DNS and SRV records for access edge. Knowing that we cannot use the same DNS
    name for the DR pool, I have used sip_DR.x.com. It is recommended to use the same cert for all edge servers. Does that mean I should use the same cert for both pools? If so, should I then add the SAN sip_dr.x.com to my existing UC cert from digicert, and
    import it to all my edge servers in both pools, or should I have a separate cert for DR? Or, would I request a duplicate cert from digicert and generate the request from one of my edge servers in the DR pool?
    Any help you can provide will be greatly appreciated.
    Thank you. 

    The same cert requirement is for all Edge servers in an Edge pool. You can use a new certificate for the DR Edge pool.
    Take a look at Jeff Schertz' blog: http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
    "The exact same certificate must be used on all common interfaces across the pool, regardless of whether DNS load balancing or hardware load balancing is utilized.  This means that the original certificate request must provide the ability to export
    the private key as the exact same certificate and private key pair must be able to be exported from one Edge server into all other Edge servers.  This is required so that in the event of a failover any existing sessions can be moved to another server
    in the pool and the data can still be decrypted by the same certificate that was used to encrypt the session just prior to the failover."
    Please mark posts as answers/helpful if it answers your question.
    Blog
    Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

  • Lync 2013 DNS requirements in a multi tenant deployment

    Hi All,
    We are planning to deploy lync 2013 enterprise in a two site (pool) deployment. Both the sites are separated by a WAN link.
    Our primary SIP domain is xyz.com
    For site A, we have
    1) A pool name siteApool.xyz.com
    2) 2 FEs name siteAfe001.xyz.net and siteAfe002.xyz.net
    3) A edge for external access siteAedge
    For site B, we have
    1) A pool name siteBpool.xyz.com
    2) A FE name siteBfe001.xyz.net
    Site B users will use the edge at site A for external access.
    As per the r&d we know that following records are required for external access 
    Access/webcon/av.xyz.com
    _sip_tls.xyz.com
    Apart from that we also need following service URL records as well
    dialin.xyz.com
    meet.xyz.com
    admin.xyz.com
    sip.xyz.com
    Our problem starts here and because we only manage xyz.net dns not the xyz.com dns (its is our public dns), which rises two questions -
    1) As both the internal and external users are going to use same service url records (dailin/meet/admin/sip.xyz.com), how can we make sure that when a user uses lync on office LAN the service urls will be resolved by xyz.net dns and will not get routed to
    xyz.com (public dns) for dns resolution.
    2) As i told we have a two site deployment and we need common service url records (dailin/meet/admin/sip.xyz.com) to be used by user at both site , how can i make sure that when a user at site A ask for dailin/meet/admin/sip.xyz.com it gets routed to
    siteApool.xyz.com and when a user at site B ask for dailin/meet.xyz.com it gets routed to siteBpool.xyz.com. We need such functionality to save unnecessary WAN traffic.
    Please help me to figure out the most suitable design.
    Thanks,
    Mohit Taneja

    Hi Mohit Taneja,
    Some additional information.
    About the DNS requirements, you could refer to the following article.
    http://technet.microsoft.com/en-us/library/gg398082.aspx
    About the network traffic, it depends on where exactly the user is hosted. Central site does not decide the media traffic . If user is hosted in site-B and organize the meeting , media has
    to travel via WAN if you don’t have edge server in site-B.
    Best regards,
    Eric

  • Lync 2013 Deployment Requirements - One Server?

    I have an organization that has an offsite Exchange Server 2010, and Windows Server 2008 R2 Domain Controller (for the Exchange Server).
    I am trying to figure out what we need for hardware and Windows Server software to implement Lync 2013.  I understand that Lync 2013 cannot be put on the same server as the Exchange Server.  Can Lync 2013 be put on one Windows server?
    Michael

    Depends. Without knowing a lot about your environment (i.e users, HA requirements) ideally you'd have two. One as a Lync Standard Edition server (which can support up to 5000 users for Front End Services and Back-End database - but won't have HA) and one
    as an Lync Edge server (for outside connectivity - also won't have HA)
    Standard Edition will use SQL express as its database and automatically install it on the single server.
    As for operating system Windows 2008 R2 or above.
    As for hardware you can use this as a guide: http://technet.microsoft.com/en-us/library/gg398835.aspx and use the Lync Capacity planning tool http://www.microsoft.com/en-us/download/details.aspx?id=36828
    How many users do you have? (for example the first link has 32GB as recommended memory for a Front End, but if you don't have many users you can use less than that - and the Cap Planner will reflect that)
    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
    www.lynced.com.au | Twitter
    @imlynced

  • Exchange 2013 IOPS Requirements for ActiveSync and anti-virus

    I am currently planning to replace my Exchange 2003 server with Exchange 2013. I have used the Exchange Server 2013 Role Requirements Calculator but I'm stuck on how much additional IOPS to add for ActiveSync and my anti-virus solution (Symantec Mail Security
    for Microsoft Exchange). The only info I've found for ActiveSync in regards to additional IOPS is to add .5 but nothing for SMSMSE. Symantec's web site has nothing on this (the question has been asked but not answered). I've also seen the ActiveSync question
    asked but not answered.
    Any advice or guidance would be appreciated.
    Thank you.

    Only Symantec can answer that for the A/V, but for ActiveSync, assuming you are using mostly Android/iOS, I would recommend using 1.3 for both IOPS Multiplication Factor and Megacycles Multiplication Factor.
    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

  • Is it possible Lync 2013 to be installed on a Domain Controller?

    I run a small infrastructure with two servers only,
    Both Domain Controllers with Windows 2008 R2 and the one is a file server too. I would like to know if I can install Lync 2013 Standard Server to any of them? I have not found a clear answer anywhere as I found for 2010.
    Thank You in advance
    Alexios

    Hi,
    Agree with Michael,
    You can't install Lync server on DC. You should use another server.
    Here is a similar may help you, it is for Lync server 2010 but similar for Lync server 2013:
    http://social.technet.microsoft.com/Forums/lync/en-US/0fa9f538-c076-4fdf-9c84-bd00499136ec/why-cant-lync-server-2010-be-installed-on-a-dc?forum=ocsplanningdeployment
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Lync 2013 on a single lable root domain

    Hello All
    my enviroemnt is in a child root let say its "contoso.local" the root is .local and the child is contoso.local , with this configuration can I install lync 2013? if not is there any workaround other than rename my domain? your help is much
    appreciated.
    THX

    Hi Mado,
    Unfortunately, installing Lync in a Forest with a single label root domain is not supported;
    "Lync Server does not support single-labeled domains. For example, a forest with a root domain named
    contoso.local is supported, but a root domain named
    local is not supported. For details, see Microsoft Knowledge Base article 300684, “Information about configuring Windows for domains with single-label DNS names,” at
    http://go.microsoft.com/fwlink/p/?linkId=143752."
    This is not to say it would not work, but I would never put this into a production environment based on Microsofts stance on this.
    Kind regards
    Ben

Maybe you are looking for

  • ALV in modal dialog box

    Hi, I have an ALV on suppose screen 3000, I have created a button in the tool bar to call another ALV, but my question is, can we display ALV in modal dialog box screen(because the requirement is to display ALV as a popup) So when i changed the scree

  • HOW DO I GET MY USERNAME???

    I CREATED MY ACCOUNT WITH FACEBOOKAND I WAN'T TO STOP CONNECTING WITH IT AND START USING MY USERNAME INSTEAD, BUT I DON'T KNOW NEITHER MY NAME OR PASSWORD, WHERE CAN I FIND BOTH BEFORE DISCONNECTING MY ACCOUNT WITH FACEBOOK? (sorry for using uppercas

  • Clearing date in rebate agreement

    Hi, In the drill down report of the rebate agreement, i can see the list of the invoices subjected to rebates acrruals. There is also information on the clearing date and cleared indicator. May I know what are these two fields mean? We have the probl

  • An Attempt was made to reference a token that does not exist - SAPB1 8.8

    Dear All, System throws an error message as "An Attempt was made to reference a token that does not exist" while connecting Add-on in Client system in SAP Business 8.8 version Please do the needful Thanks & Regards Venkatesh N

  • No audio from avi file-PE4 & Vista 64

    I looked at the post for this topic from Adobe. Did all the steps regarding the audio driver for not hearing audio from ALL clips. I can hear any sound from the headphones jack for ANY audio device. And the AVI file plays back with sound in WMPlayer