Topic Last Modified: 2013-02-14

The Lync Server 2013 Autodiscover Service runs on the Director and Front End pool servers, and when published in DNS, can be used by Lync clients to locate server and user services. If you are upgrading from Lync Server 2010 and did not deploy Mobility, before clients can use automatic discovery, you must modify certificate subject alternative name lists on any Director and Front End Server running the Autodiscover Service. In addition, it may be necessary to modify the subject alternative name lists on certificates used for external web service publishing rules on reverse proxies.

The decision about whether to use subject alternative name lists on reverse proxies is based on whether you publish the Autodiscover Service on port 80 or on port 443:

Reissuing certificates by using an internal certificate authority is typically a simple process. But for public certificates used on the web service publishing rule, adding multiple subject alternative name entries can become expensive. To work around this issue, we support the initial automatic discovery connection over port 80, which is then redirected to port 8080 on the Director or Front End Server.

Note:
If your Lync Server 2013 infrastructure uses internal certificates that are issued from an internal certification authority (CA) and you plan to support mobile devices connecting wirelessly, either the root certificate chain from the internal CA must be installed on the mobile devices or you must change to a public certificate on your Lync Server 2013 infrastructure.

This topic describes the added subject alternative names required for the Director, Front End Server and reverse proxy. Only the added subject alternative names (SAN) are referenced. Refer to the planning sections for guidance on the other entries on certificates. For details, see Scenarios for the Director, Scenarios for External User Access, and Scenarios for Reverse Proxy.

The following tables define the Autodiscover SAN entries for the Director pool, the Front End pool, and the reverse proxy:

Director Pool Certificate Requirements

Description Subject alternative name entry

Internal Autodiscover Service URL

SAN=lyncdiscoverinternal.<internal domain name>

External Autodiscover Service URL

SAN=lyncdiscover.<sipdomain>

Note:
You assign the newly updated certificate with the new SAN entry to the Default certificate. Alternatively, you can use SAN=*.<sipdomain>.

Front End Pool Certificate Requirements

Description Subject alternative name entry

Internal Autodiscover Service URL

SAN=lyncdiscoverinternal.<internal domain name>

External Autodiscover Service URL

SAN=lyncdiscover.<sipdomain>

Note:
You assign the newly updated certificate with the new SAN entry to the Default certificate. Alternatively, you can use SAN=*.<sipdomain>

Reverse Proxy (Public CA) Certificate Requirements

Description Subject alternative name entry

External Autodiscover Service URL

SAN=lyncdiscover.<sipdomain>

Note:
You assign the newly updated certificate with the new SAN entry to the SSL Listener on the reverse proxy.