I am dedicating this post to the saying “measure twice, cut
once”, as this saying is most apt when describing what you should do before
deploying your Edge server. In addition to this, I will be bringing you, not
one, but two new Powershell tools to help with your Lync Edge server deployments! In this
post we are going to cover two areas of Lync Edge Server
deployment. The first is Domain Name records and the second is IP Networking.
For Part 1 of the Lync Edge Suite series go here.
In summary, there are many different records that have been added for various clients and features for Lync to function. So you should always check that all of your DNS records are configured in production. I've made a Powershell tool that may be useful in checking these records are configured.
Lync DNS Tester Tool
Download Version 1.00(Lync DNS Tester Tool):
Edge Server Networking
Edge server networking is also an important part of an Edge server deployment. An Edge server is a multi-network interface machine, which means that it needs to make decisions on which interface it will route packets out of when making connections to other machines. In nearly all cases (unless you only have limited external subnets connecting to your Edge) you will make your external Edge interface the owner of the default gateway address (0.0.0.0) and you’ll individually specify your internal subnets using static routes.
Example:
IP Route Editor Tool
Update (5/9/2014)
1.01 Update:
Download Version 1.02 (IP Route Editor Tool):
The Wrap Up
Read more →
For Part 1 of the Lync Edge Suite series go here.
Lync DNS Naming
Domain Name records in Lync can be rather confusing, as over the
various incarnations of Lync there have been many different clients and server functions that have required a variety of special DNS records to
function. Here are two very useful Technet links for a detailed explanation of how internal and external DNS records work with Lync 2013:
Lync DNS Tester Tool
Features
- Make DNS requests to the server of your choice. The DNS server setting will specify the DNS server to make the request to. This means you can test your internal records on your internal DNS server, and your external records on a public DNS server.
- Auto-fill common Lync DNS record names with the “Fill All” button. Tick the “Internal” or “External” checkboxes to select the records you would like to fill. You can even edit the variables at the start of the script to match your standard naming convention.
- IPv6 support for Fill All. Tick the IPv6 box to fill with Quad-A records.
- Can add your own A, AAAA, CNAME and SRV records.
- Save yourself from getting RSI from typing all these nslookup commands manually!
Download Version 1.00(Lync DNS Tester Tool):
External Records
Lync's external DNS records all resolve to either the Edge server(s)
or the External Reverse Proxy server for web service connections. The table below shows the
records that the Lync DNS Tester Tool will auto fill when the “Fill All” button is pressed and
the "External" check box is ticked:
Record Purpose
|
DNS Name
|
Host
|
Fixed / Variable
|
External Access name
|
sip.<domain name>
|
Access Edge IP
|
Variable
(Topology Builder)
|
External Audio/Video name
|
av.<domain name>
|
AV Edge IP
|
Variable
(Topology Builder)
|
External Web Conferencing name
|
webconf.<domain name>
|
Web Conf Edge IP
|
Variable
(Topology Builder)
|
External Web Services name / Reverse Proxy
|
lyncwebext.<domain name>
|
Reverse Proxy
|
Variable
(Topology Builder)
|
Dial-in simple name / Reverse Proxy
|
dialin.<domain name>
|
Reverse Proxy
|
Variable
(Topology Builder)
|
Meet simple name / Reverse Proxy
|
meet.<domain name>
|
Reverse Proxy
|
Variable
(Topology Builder)
|
External Web Apps Server / Reverse Proxy
|
waswebext.<domain name>
|
Reverse Proxy
|
Variable
(Web Apps Server)
|
Lync discover record for Mobile and Windows 8 App Store client. Technet
|
lyncdiscover.<domain name>
|
Reverse Proxy
|
Fixed
|
External SIP record. (not a mandatory record, however, it’s in the
client lookup list)
|
sipexternal.<domain name>
|
Access Edge IP
|
Fixed
|
External SRV record for SIP connection
|
_sip._tls.<domain name>
|
Access Edge
Port 443 |
Fixed
|
External Federation SRV record for Open Federation
|
_sipfederationtls._tcp.<domain name>
|
Access Edge
Port 5061 |
Fixed
|
External XMPP Federation SRV record
|
_xmpp-server._tcp.<domain name>
|
Access Edge
Port 5269
|
Fixed
|
For the DNS names in the table that are marked as Variable,
there are variables at the start of the script that can be edited to match the configuration of your environment, for example:
# External DNS
Name Variables - Edit these to whatever you are using for your Lync environment
$sip = "sip" # External
Access Edge
$av = "av" # External AV
Edge
$webconf = "webconf" # External Web Conf
$lyncwebext = "lyncwebext" # Lync External Web Services / Reverse
Proxy
$dialin = "dialin" # dialin conferencing name
$meet = "meet" # meet conferencing name
$waswebext
= "waswebext" # Web Apps server
external name
Internal Records
If you tick the “Internal” check box and click the “Fill
All” button, the following records will be added to the list box:
Record Purpose
|
DNS Name
|
Host
|
Fixed / Variable
|
Dial-in simple record internal
|
dialin.<domain name>
|
Lync Front End Server or Web Load Balancer
|
Variable
(Topology Builder)
|
Meeting simple record internal
|
meet.<domain name>
|
Lync Front End Server or Web Load Balancer
|
Variable
(Topology Builder)
|
Lync web services external record. Required for internal Mobile clients. Technet
|
lyncwebext.<domain name>
|
External Reverse Proxy
|
Variable
(Topology Builder)
|
Office Web Apps farm internal name
|
wasweb.<domain name>
|
Office Web Apps Server
|
Variable (Web Apps Server)
|
Admin console simple name
|
admin.<domain name>
|
Front End Server or Web Load Balancer
|
Variable (Topology Builder)
|
SIP record. Required for Lync Phone Edition, or automatic logon of clients
without DNS SRV records, and for strict domain matching. Not required in all
cases.
|
sip.<domain name>
|
Lync Front End Server(s)
|
Fixed
|
Internal SIP record. (not a mandatory record, however, it’s in the
client lookup list)
|
sipinternal.<domain name>
|
Lync Front End Server(s)
|
Fixed
|
Lync Discover Internal - Mobile and Windows 8 App Store client. Technet
|
lyncdiscoverinternal.<domain name>
|
Front End Server or Web Load Balancer
|
Fixed
|
SIP internal SRV record
|
_sipinternaltls._tcp.<domain name>
|
Front End Server(s)
Port 5061
|
Fixed
|
For the DNS names in the Internal table that are marked as
Variable, there are variables at the start of the script that can be edited to
match the configuration of your environment, for example:
# Internal DNS
Name Variables - Edit these to whatever you are using for your Lync environment
$wasweb = "wasweb" # Internal Web Apps Server
$admin
= "admin" # Lync
administrator web access
Note: The dialin, meet,
and waswebext records will be the same for both Internal and External records. The settings for these names are made in the External settings. For a non-split
brain DNS scenario you will either need to deploy Pin Point records, or an
internal zone for the external domain name.
In addition to the tables above, you must also remember to check that your Lync Edge
server(s) hostname/pool name has been added manually to the internal DNS
server. These records are not automatically populated in DNS because Edge servers are not a domain
joined machines, and will not automatically get added through Active Directory
DNS integration. This is also the case with Lync Front End Pool names, so if you have added a new Front End pool to your topology you should always check that the DNS records have been added to the Internal DNS server manually.
Edge Server Networking
Edge server networking is also an important part of an Edge server deployment. An Edge server is a multi-network interface machine, which means that it needs to make decisions on which interface it will route packets out of when making connections to other machines. In nearly all cases (unless you only have limited external subnets connecting to your Edge) you will make your external Edge interface the owner of the default gateway address (0.0.0.0) and you’ll individually specify your internal subnets using static routes.
Example:
Network
|
Net Mask
|
Next Hop
|
Interface
|
0.0.0.0 (Default Route)
|
0.0.0.0
|
210.10.10.17
|
210.10.10.18
|
192.168.5.0
|
255.255.255.0
|
192.168.1.1
|
192.168.1.2
|
192.168.6.0
|
255.255.255.0
|
192.168.1.1
|
192.168.1.2
|
192.168.7.0
|
255.255.255.0
|
192.168.1.1
|
192.168.1.2
|
For the Default route, you simply edit the Default Gateway within the External Interface within the Adapter settings in the Windows Control Panel, for example:
To set the other static routes within the server you usually use Command Line tools. However, rather than having to remember the syntax in the rare occasions that you have to do this, I decided to make a GUI tool to make this process a little easier.
To set the other static routes within the server you usually use Command Line tools. However, rather than having to remember the syntax in the rare occasions that you have to do this, I decided to make a GUI tool to make this process a little easier.
IP Route Editor Tool
Features
- List all routes on server.
- Add persistent routes.
- Delete persistent routes.
- Routes are colour coded in order of importance. (Grey = Localhost, Black = Broadcast, Green = Static Routes)
- Routes can be added with or without specifying Interface value. If the Interface value is not set then the server will automatically associate the route to the interface that is on the same subnet as the Next Hop IP Address.
Simply enter the Network, Net Mask, Next Hop, and Interface
(note that it's not necessary to enter the Interface if you'd prefer not to, as the machine can figure this out
based on the Next Hop address), and press the Add button. Hopefully this one
will be pretty straight forward for you to use!
Update (5/9/2014)
1.01 Update:
- Updated to now run on Powershell 2.0
- Script is now signed
- Updated the Regex check on the IP Address fields to better police against people accidentally putting bitmasks (ie. /23) after IP Addresses. This previously would result an incorrect route table entry because the route command would do strange things with this input.
- In previous versions the network IP Address was not policed to check that it was the actual network address based on the mask supplied (ie. not a host address). The result was the (non-network) host IP being input into the Route command and it not showing up in the Current Route Table. The network mask setting is now ANDed with the subnet mask to ensure that a real network address is being input.
- In previous versions the Next Hop address was not policed to check that it was on a locally connected network. The result was that the Route command would accept the input even though it was incorrect and add it to the route list. This bad route once entered was also not displayed in the Current Route Table. In this version the Next Hop IP address supplied by the user is first checked to see that it is on a directly connected network before the command Route ADD command is run. An error will also be displayed if the Next Hop is not on a locally connected network.
- Made the form resizeable.
Download Version 1.02 (IP Route Editor Tool):
The Wrap Up
Well, there you go, two more tools for your Lync Edge
deployment kit bag. I hope you enjoy them, and get some use out of them. Like
always, if you find any bugs or issues with the tools, please report them back
to me and if I can reproduce them I will fix them.