Hi all.

I have been very interested in testing Lync 2010 at our company ,so this weekend I went through many videos and installed a test lab consisting of a domain controller and a Lync server installed on 2008R2.

This is just a test and only contains a front end server. I know that in a proper environment an Edge server should be delpoyed and I will do that in time.

I am new to Lync and now that everything is working great on the internal network I wanted to get the client to be able to connect from the outside.

I would like to understand the External DNS records that I need to create for the clients to connect when they are at home for example.

I have opened ports 5061 443 and 444 on the firewall pointing to my front end server.

Are these the correct ports that I have open ?

If I take the laptop which worked fine in my internal environment and connect via a 3G card it doesnt connect unless I fill in the external DNS name manually on the link client.

Also instant messaging is working and the initiation of calls, but no audio can be heard from the client to the other Lync client when connecting externally.

Do I need to deploy an edge server or can a front end Lync server also accept external requests ?

I would really appreciate some advice in helping to solve this.

Much appreciated.

Shaun

• Edited by DJ Shaun V Sunday, March 09, 2014 2:33 PM

For your environment to function correctly (and securely) you need to deploy an Edge server. Those ports you mention are correct for an Edge server with a single public IP address.

The DNS requirements that you will need can be found here: http://technet.microsoft.com/en-us/library/gg412787(v=ocs.14).aspx

In addition to your Edge, Lync web services on the front-end should be published using a Reverse proxy solution (records are also available on that page link above)

The reason you can sign-in externally when you specify your DNS name manually on the client is because you are logging directly into the FE from the outside as if it were on the LAN, which is very bad practice.

Thanks for the reply.

So simply put I need to install an Edge server with 2 LAN Cards.

One IP that will work on the interna LAN and another that would work on the DMZ lan of my firewall.

Apply certificates to both LAN interfaces.

I then create these records at my ISP....

host A record ....... sip.mydomain.com             External internet  IP address of my firewall

SRV record..........._sip._tls.mydomain.com      External internet  IP address of my firewall

I then forward these ports in my firewall to the DMZ zone and to the IP of the edge server ?

Thanks again

Another thing I wanted to enquire is for the Domains - Internal and external.

Is it better to have your internal DNS name the same as your external DNS name.

My test lab has for example:  domain.local  so the users email address is obviously john@domain.local.

I went and changed the email address to john@domain.com as this is for example my external domain name.

Obviously everything is not working now so I'm trying to determine how Lync determines your internal domain and external domain names. Or as I asked before should they be the same.

I hope you understad what I'm trying to ask. I know with exchange you could specify an internal URL and an external URL. I dont know if Lync works the same.

Thanks.

Shaun

These are the Simple URLS. meet. is used for the Lync Web App page. For example if you send a Lync Meeting invite through Outlook a user who doesn't have Lync can connect through that link. dialin. is the dial-in conferencing page, where users can get numbers and set their PINs, etc. Both of these would be published through reverse proxy.

See here for more: http://technet.microsoft.com/en-us/library/gg398287.aspx

Yes, that is correct (re Edge server).

With regards to domain names  - setup the same internal/external domain for Lync (split-DNS) so that the external DNS name is resolvable with internal addresses, basically the "Default SIP domain" and "Additional supported SIP domains" in Topology builder determines which domains are available to use. Your sign-in name is set against the user in Lync control panel, which is then tied to the AD account. 

You need adequate DNS records for each domain name that is listed in your SIP Domains in topology builder as this is how Lync will lookup the server. So for example if you sign-in with john@domain.com, Lync will look for  yncdiscoverinternal.domain.com, lyncdiscover.domain.com, _sipinternaltls._tcp.domain.com, _sipinternal._tcp.domain.com, etc to sign-in.

Great.

Thanks very much for the feedback. I will deploy the Edge server tonight and the External DNS records and see what I come up with.

Another thing that is bugging me is the DNS entries for Dialin, meet etc.

I purposly didnt create them just to see what the funtion of them was. I only created the SRV record in my internal DNS so that all client could discover the server.

Both Lync clients still functioned 100% so I'm not sure what the Host A records for meet and dialin are used for.

If you could shed some light on that, this would be appreciated.

Many Thanks.

Shaun.

Great.

Thanks very much for the help...

Regards,

Shaun