5. Access Edge Certificate Names
The required names for an Access Edge Server certificate are as described here:
• Subject Name—Ensure that the subject name matches the Access Edge FQDN entered in the Topology Builder.
• Subject Alternative Names—The SAN field must contain all supported SIP domains in the sip.<SIP Domain> format.
6. Web Conferencing Edge Certificate Names
The required name for a Web Conferencing Edge Server certificate is as detailed here:
• Subject Name—Ensure that the subject name matches the Web Conferencing Edge FQDN entered in the Topology Builder.
7. A/V Authentication Certificate Names
The media relay certificate does not have any specific name requirements.
8. Wildcard Certificates
Some organizations attempt to use
wildcard certificates or a single certificate with subject alternative
names that attempt to cover all possible names. There are certainly
some cases in which this configuration might work, but in the end the
simplicity of following the actual name requirements tends to outweigh
any small cost savings achieved by using fewer certificates. If you are
attempting one of these configurations and experiencing issues, use the
correct names to see whether that resolves the issue.
9. DNS Records
Successful sign-in to an Edge Server is heavily dependent on correctly configuring the DNS.
• The NSLookup tool can be used to verify that the necessary DNS records .
Tip
When troubleshooting any Edge Server issue,
it is important to check that all necessary DNS records exist and are
resolving to the correct IP addresses.
The following sample NSLookup sequence within a command prompt checks the host record of the pool:
nslookup
set type=a
lyncedgepool1.companyabc.com
A successful query returns a name and an IP
address. Verify that the IP returned matches the IP addresses assigned
to the Edge Servers or load balancer and that no extra, or surprise, IP
addresses are returned.
To verify the SRV record required for
automatic client sign-in externally, the syntax is slightly different.
The following is another sample NSLookup sequence:
nslookup
set type=srv
_sip._tls.companyabc.com
A successful query returns a priority,
weight, port, and server hostname. Verify that the server name matches
the Edge pool Access Edge FQDN and that the correct port is returned.
Use the same steps to verify that the following services resolve correctly in public DNS:
• Access Edge FQDN
• Web Conferencing Edge FQDN
• A/V Edge FQDN
For internal DNS, verify that clients can resolve the following:
• Internal Edge pool FQDN
Tip
Ensure that the Edge Server can resolve
internal DNS names of all Lync Servers. It must be able to properly
resolve these DNS entries to communicate with internal servers and
users.
