This section explains the DNS records required for automatic client sign-in. When you deploy your Standard Edition servers or Enterprise pools, you can configure your clients to use automatic discovery to sign in to the appropriate Standard Edition server or Enterprise pool. If you plan to require your clients to connect manually to Office Communications Server, you can skip this topic.
To support automatic client sign-in, you must:
- Designate a single server or pool to distribute and
authenticate client sign-in requests. This can be one of the
existing server or pool in your organization that host users, or
you can designate a dedicated server or pool for this purpose that
hosts no users. For high availability, we recommend that you
designate an Enterprise pool for this function.
- Create an internal DNS SRV record to support automatic client
sign-in for this server or pool.
Note: In the following record requirements, SIP domain refers to the host portion of the SIP URIs assigned to users. For example, if SIP URIs are of the form *@contoso.com, contoso.com is the SIP domain. The SIP domain is often different from the internal Active Directory domain. An organization can also support multiple SIP domains. For details about configuring SIP domains, see in the Operations documentation.
To enable automatic configuration for your clients, you must create an internal DNS SRV record that maps one of the following records to the fully qualified domain name (FQDN) of the Enterprise pool or Standard Edition server that distributes sign-in requests from Microsoft Office Communicator clients:
- _sipinternaltls._tcp.<domain> - for internal TLS
- _sipinternal._tcp. <domain> - for internal TCP
connections (performed only if TCP is allowed)
You only need to create a single SRV record for the Enterprise pool or Standard Edition server or that will distribute sign-in requests.
|Only a single Enterprise pool or Standard Edition server can be designated to distribute sign-in requests. Create only one SRV record for the designated server or pool. Do notcreate this SRV record for additional internal servers or pools.|
The following table shows some example records required for the fictitious company Contoso, which supports SIP domains of contoso.com and retail.contoso.com.
Table 1. Example of DNS Records Required for Automatic Client Sign-in with Multiple SIP Domains
|FQDN of Enterprise pool used to distribute sign-in requests||SIP domain||DNS SRV record|
An SRV record for _sipinternaltls._tcp.contoso.com domain over port 5061 that maps to pool1.contoso.com
An SRV record for _sipinternaltls._tcp.retail.contoso.com domain over port 5061 that maps to pool1.contoso.com
|By default, queries for DNS records adhere to strict domain name matching between the domain in the user name and the SRV record. If you prefer that client DNS queries use suffix matching instead, you can configure the DisableStrictDNSNaming Group Policy. For details, see the Planning for Communicator and Deploying Communicator documentation.|
Example of the Certificates and DNS Records Required for Automatic Client Sign-In
This example uses the examples in the preceding table. The Contoso organization supports the SIP domains of contoso.com and retail.contoso.com, and all its users have a SIP URI in one of the following forms:
Example of Required DNS Records
If the administrator at Contoso configures pool1.contoso.com as the pool that will distribute its sign-in requests, the following DNS records are required:
- SRV record for _sipinternaltls._tcp.contoso.com domain over
port 5061 that maps to pool1.contoso.com
- SRV record for _sipinternaltls._tcp. retail.contoso.com domain
over port 5061 that maps to pool1.contoso.com
Example of Required Certificates
In addition, the certificate that is assigned to the Front End Servers in the pool1.contoso.com Enterprise pool must include the following in its Subject Alternate Name (SAN):