Topic Last Modified: 2011-04-04

For internal communications, ensure that the following options are set up on the organization’s DHCP servers, see Configuring DHCP Options to Enable Sign-in for IP Phones in the Deployment documentation.

The DHCP protocol (see RFC 2131 for details) exchanges information using several options. The following options are used in Microsoft Lync Server 2010 connectivity:

There are two options for DHCP servers when using:

Enterprise DHCP Servers

These are DHCP servers which are already being used in the enterprise and providing IP discovery and other services. They can be either Windows DHCP servers (part of Windows Server) or manufactured by other vendors like Cisco. In this document, only configuration of Windows DHCP servers is provided.

When configuring a central site, we recommend that enterprise DHCP servers are used because:

  • These do not require re-configuration of all the Bootp relay agents to relay packets to a new server.

  • Using the DHCP server that is included with the Lync Server 2010 Registrar results in unneeded packets being sent to an additional DHCP server. DHCP does not participate in the address acquisition process and these type of packets will be ignored.

  • Enabling DHCP server by using the Registrar adds one more responsibility to the Front End Server or Director roles. This could potentially affect performance and impact core functionality.

Registrars and DHCP Servers

Registrars have a built in DHCP component, which can listen for DHCP broadcasts and respond to appropriate DHCP INFORM packets. The use case for this component is very small branches which have no DHCP servers and minimal server administration. The DHCP component does not participate in or affect the IP acquisition process in the enterprise, and you can use it side-by-side with existing DHCP servers. This component only responds to DHCP INFORM messages which:

  • Have vendor class identifier = MS-UC-Client

  • Ask for Option 120 or 43 (using option 55 – parameter request list)

In the case of a branch office, when there is no enterprise DHCP server in the branch, the Registrar running the DHCP server is needed because:

  • Without an enterprise DHCP server the branch is relying on DHCP functionality provided by routers. It is likely not possible to configure DHCP options on these.

  • Depending on the branch size, all unified communications (UC) devices can be in the same subnet. In this case relay reconfiguration is not required. If there are multiple subnets it is likely that there are not many and reconfiguration is manageable.

  • It is much easier to enable DHCP on the Registrar than to configure and deploy an enterprise DHCP server for the vender-specific Lync Server DHCP options.

Using the Registrar DHCP Server and Static DNS

The DHCP server on the Registrar does not grant IP leases. Instead, it provides only the Web Services URL and Registrar fully qualified domain name (FQDN).

It is highly recommended that you deploy DHCP servers on the Registrar in subnets where computers running Lync Server are located. This is because they do not provide IP addresses but do provide the preceding DHCP options. Computers running Lync Server need these options available, so if using static DNS for Lync Server host machines, you must also deploy Lync DHCP and enterprise DHCP servers.

Using DHCP on the Registrar and Enterprise DHCP servers

DHCP server on the Registrar provides the Web Services URL and Registrar FQDN to clients. This is turned off by default, and can be enabled by running the following cmdlet in the Lync Server Management Shell:

set-CsRegistrarConfiguration –EnableDHCPServer $true

In addition, ensure that broadcast packets from the client can reach the DHCP server(s) on the Registrar. This may mean configuring DHCP relay agents to forward DHCP packets to DHCP servers on the Registrar.

Enterprise DHCP servers can also be configured to give out appropriate values to Lync devices. DHCPUtil.exe, a Lync Server tool, can assist in this.

Using DHCPUtil to Configure DHCP options

There are two types of DHCP servers that DHCPUtil.exe works with, Windows DHCP server, available in Windows Server, and the DHCP server on the Registrar.

Alternately, you can use any other DHCP server to configure the options needed in Lync Server, however DHCPUtil.exe does not work with these. You will need to use the management tools provided with the other DHCP server to configure these options.

DHCPUtil does the following:

  1. Generates the values for option 120 and 43.

  2. In addition to the DHCPConfigScript batch file, configures Windows DHCP server with options 120 and 43.

  3. Tests DHCP server configuration.

  4. Cleans up configuration on Windows DHCP server that is related to Lync Server.

Only the 64-bit version of DHCPUtil is included with Lync Server.

Tip:
To use DHCPUtil with a 32-bit version of DHCP Server, do the following:
  1. On a client computer running the 64-bit version of DHCPUtil, run the following command, replacing the example FQDN (pool.contoso.com) with the FQDN of your Lync Server:

    Copy Code
    DHCPUtil.exe -SipServer pool.contoso.com
    
    The following is an example of the output this command generates:

    Copy Code
    SIP Server FQDN: pool.contoso.com
    Certificate Provisioning Service URL: https://pool.contoso.com:443/CertProv/CertProvisioningService.svc
    
    Option 120:
    0004706F6F6C07636F6E746F736F03636F6D00
    
    Vendor Class Identifier: MS-UC-Client
    Option 43 (for vendor=MS-UC-Client):
    		sub-option 1 <UC Identifier>: 4D532D55432D436C69656E74
    		sub-option 2 <URL Scheme>: 6874747073
    		sub-option 3 <Web Server FQDN>: 706F6F6C2E636F6E746F736F2E636F6D
    		sub-option 4 <Port>: 343433
    		sub-option 5 <Relative Path for Cert Prov>: 2F4365727450726F762F43657274
    50726F766973696F6E696E67536572766963652E737663
    To configure DHCP Server with appropriate values, you can do one of the following things:
    				1. Run DHCPUtil on the DHCP Server: use '-RunConfigScript' switch
    				2. Run the following command on the DHCP Server (modify the path of DHCPConfigScript.bat appropriately):
    "DHCPConfigScript.bat" Configure MS-UC-Client 0004706F6F6C07636F6E746F736F03636F6D00 4D532D55432D436C69656E74 6874747073 706F6F6C2E636F6E746F736F2E636F6D 343433 2F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663
    
  2. Copy DHCPConfigScript.bat to a location that you can access from the 32-bit DHCP Server.

  3. On the 32-bit DHCP server, at the command line, run DHCPConfigScript.bat as described in option 2 of the preceding output.

    For example, if you saved DHCPConfigScript.bat to C:\Users\tbinder\Desktop, you would run the following:

    Copy Code
    "C:\Users\tbinder\Desktop\DHCPConfigScript.bat" Configure MS-UC-Client 0004706F6
    F6C07636F6E746F736F03636F6D00 4D532D55432D436C69656E74 6874747073 706F6F6C2E636F
    6E746F736F2E636F6D 343433 2F4365727450726F762F4365727450726F766973696F6E696E6753
    6572766963652E737663
    

To generate the values for Options 120 and 43, use the following syntax:

DHCPUtil –SipServer <FQDN of the Front End Server> [-WebServer <FQDN of the web server> | -CertProvUrl <URL of the certificate provisioning service>]

The following table explains the parameters and how they are used:

Parameter Value Usage

SipServer

The FQDN of the main Director or main Front End pool in a particular site

This is used to generate the value of DHCP Option 120. If an enterprise has two sites, the United States and Singapore, then Option 120 for the United States needs to be the FQDN of the Director or Front End pool in the United States site; Option 120 for Singapore site will be set to the FQDN of the Director or Front End pool in Singapore.

WebServer

The FQDN of the Web Server

This is used to calculate URL of the web server in DHCP Option 43 as follows: https://<fqdn>:443/CertProv/CertProvisioningService.svc

This is needed when the Lync Server web server is not collocated with either the main Director or within the Front End pool in a site.This might be due to a load balancer configuration where web traffic is load balanced differently to SIP traffic resulting in different FQDNs for the SIP and web servers. If this is not provided, the value for option 43 is calculated using the FQDN provided with –SipServer.

This parameter is optional, and is used only when SipServer is provided

CertProvUrl

The URL of the Lync Server Certificate Server

This parameter can be used instead of the WebServer parameter in order to specify the full URL of the Certificate Provisioning Web service. This can be useful when the calculation used in WebServer will not yield the correct URL.

This parameter is optional, and is used only when SipServer is provided.

EmulateClient

Run as a client: sending a packet to the DHCP server and receiving the response

When this parameter is provided, DHCPUtil acts as a client, sending a packet to the DHCP server requesting the Lync Server options. This command cannot be run on the same machine as a DHCP server.

RunConfigScript

Run DHCPUtil with a script

When this option is specified DHCPUtil generates the values for option 120 and 43, and then passes the values to the configuration script.If “-RunConfigScript” is specified without any path, then DHCPConfigScript.bat is run from the same folder that DHCPUtil.exe is run from.If a valid file path is specified, then that file is run. This file can be anything – a script, or an executable.

CleanDHCPConfig

Removes Lync Server options

This option removes options 43 and 120 on the local DHCP server. DHCPConfigScript.bat must be located in the same folder as DHCPUtil.exe.

For example, to set the SIP server and web server values, run the following command:

Copy Code
DHCPUtil.exe -SipServer sip.contoso.com -WebServer web. contoso.com

This produces the following output:

Copy Code
Sip Server FQDN: sip.contoso.com

Certificate Provisioning Service URL: https://web.contoso.com:443/CertProv/CertProvisioningService.svc
Option 120: 0003736970076578616D706C6503636F6D00
Vendor Class Identifier: MS-UC-Client
Option 43 (for vendor=MS-UC-Client):
sub-option 1 <UC Identifier>: 4D532D55432D436C69656E74
sub-option 2 <URL Scheme>: 6874747073
sub-option 3 <Web Server FQDN>: 7765622E6578616D706C652E636F6D
sub-option 4 <Port>: 343433
sub-option 5 <Relative Path for Cert Prov>: 2F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663

To configure a DHCP server with appropriate values, do the following:

  1. Run DHCPUtil on the DHCP server using the '-RunConfigScript' switch.

  2. Run the DHCPConfigScript batch file using the following command:"DHCPConfigScript.bat" Configure MS-UC-Client 0003736970076578616D706C6503636F6D00 4D532D55432D436C69656E74 6874747073 7765622E6578616D706C652E636F6D 343433 2F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663

The values input and set on the DHCP server are printed out, followed by the value for Option 120. Vendor Class Identifier refers to what is included in the request to the DHCP server. This is how a DHCP server knows to provide these options in a response and will always be MS-UC-Client.

Next, the sub options for Option 43 corresponding to the Lync Server vendor class ID are printed. These are in the format of a hex-encoded binary string which is what is expected by the DHCP server. They are:

  • Identifier value which must be MS-UC-Client.

  • URL scheme identifies which of HTTP or HTTPS is used.

  • Web server FQDN is the value set for the web server.

  • Web Server FQDN is the value set for the web server.

  • Relative Path for Cert Prov is the relative path of the Certificate Provisioning Web service.

Together, this are combined to give the full Certificate Provisioning Server URL: <url scheme>://<web server FQDN>:<port><relative path>