SOLVED
Home

Hybird SIP domain

%3CLINGO-SUB%20id%3D%22lingo-sub-118804%22%20slang%3D%22en-US%22%3EHybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118804%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20we%20plan%20to%20hybrid%26nbsp%3Ba%20sip%20domain%20on%20the%20tenant%2C%26nbsp%3B%20but%20they%20have%20five%20sip%20domains.%3C%2FP%3E%3CP%3EI%20know%20if%20we%20plan%20to%20hybrid%20one%20sip%20domain%20and%20we%20need%20to%20hybrid%20four%20domains%20on%20a%20same%20tenant.%3C%2FP%3E%3CP%3EFor%20the%20DNS%2C%20can%20we%20still%20point%20four%20hybrid%20domains%20to%20lyncdiscover%20to%20lynconline%3F%3C%2FP%3E%3CP%3EAll%20sip%20domains%20Sip%20federation%20SRV%20records%20will%20point%20to%20on-premise%20edge%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-118804%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EFederation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInstallation%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-267939%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-267939%22%20slang%3D%22en-US%22%3EMoje%20neulozene%20prihlasovacieudajecloudpetonagy%20na%20internetov%C3%BDch%20strankach%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-119397%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-119397%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20but%20that%20only%20is%20the%20case%20for%20Hybrid%20domains.%20Why%20would%20I%20point%20cloud%20only%20lyncdiscover%20records%20at%20my%20on-premises%20Reverse%20Proxy%3F%20What%20would%20be%20the%20next%20hop%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-119120%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-119120%22%20slang%3D%22en-US%22%3EThis%20is%20getting%20interesting%20%E2%80%94%20proposed%20understanding%20of%20the%20issue%20by%20the%20community%20contributors%20against%20what%E2%80%99s%20best%20work%20for%20the%20situation.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-119065%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-119065%22%20slang%3D%22en-US%22%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDemystifying%20multiple%20SIP%20domains%20in%20Skype%20for%20Business%20Hybrid%20Deployments%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fchannel9.msdn.com%2FEvents%2FIgnite%2FNew-Zealand-2016%2FM385%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fchannel9.msdn.com%2FEvents%2FIgnite%2FNew-Zealand-2016%2FM385%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERefer%20to%20this%20channel9%2C%20it%20did%20mention%20lyncdiscover%20online%20should%20point%20to%20on-prem%20Reverse%20proxy.%3C%2FP%3E%3CP%3EBut%20I%20think%20in%20general%20it%20can%20point%20to%20lync%20online%20since%20it%20still%20relay%20on%20sip%20federation%20SRV%20records%20to%20do%20federation%20and%20sip%20federation%26nbsp%3B%3CSTRONG%3Eall%20online%20and%20on-prem%20sip%20domains%20will%26nbsp%3Bpoint%20to%20on-prem%20edge%20server%3C%2FSTRONG%3E%20%2C%20so%20online%20to%20on-perm%20federation%20should%20have%20no%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118995%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118995%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20John%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20would%20be%20incorrect%20to%20point%20online%20only%20domains%20to%20on-premises%20Reverse%20Proxy.%20These%20should%20point%20directly%20to%20Skype%20for%20Business%20Online.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDamien%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118936%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118936%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3BDamien%2C%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20detail%20explain.%3C%2FP%3E%3CP%3EWe%20didn't%20plan%20to%20reduce%20SANs%20for%20RP%20lyncdiscover%20for%20all%20sip%20domains.%3C%2FP%3E%3CP%3EConclusion%20%2C%26nbsp%3B%26nbsp%3BWe%20better%20point%20all%20sip%20domains%20to%20On-prem%20RP%20lyncdiscover%2C%20for%20all%20hybrid%20%26amp%3B%20online%20domains.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118920%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118920%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHere's%20an%20example%20of%20a%20domain%20in%20my%20environment%20that%20uses%20lyncdiscover%20over%20port%2080%2C%20and%20shows%20web%20services%20in%20the%20primary%20SIP%20Doamin%20-%20this%20matches%20the%20domain%20on%20the%20Reverse%20Proxy%20certificate%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20910px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22543i521EEF1F6D86254C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%2222.jpg%22%20title%3D%2222.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESummary%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESIP%20Domains%20only%20on%20Skype%20for%20Business%20Online%3A%20point%20all%20records%20to%20cloud%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3ESIP%20Domains%20on-prem%20and%20online%20(hybrid)%2C%20point%20to%20on-premises%20Edge%20server(s)%20%26amp%3B%20Reverse%20Proxy%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EEdge%20server%20certificate%20will%20always%20require%20an%20additional%20SAN%20entry%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EReverse%20Proxy%20certificate%20won't%20if%20you%20are%20happy%20to%20allow%20lyncdiscover%20over%20http%20(port%2080)%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118918%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118918%22%20slang%3D%22en-US%22%3E%3CP%3EHowever%2C%20as%20the%20lyncdiscover%20record%20is%20constructed%20using%20the%20SIP%20Domain%20entered%20when%20a%20user%20signs%20into%20the%20Skype%20for%20Business%20mobility%20client%2C%20you%20cannot%20use%20the%20same%20logic%20used%20in%20the%20meet%20URL%20example.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20avoid%20updating%20the%20Reverse%20Proxy's%20public%20certificate%20SAN%20list%2C%20it%20can%20be%20done%2C%20but%20you%20will%20need%20to%20open%20port%2080%20(http)%20and%20allow%20for%20lyncdiscover%20to%20resolve%20and%20return%20the%20Skype%20for%20Business%20Front%20End%20pool's%20web%20services%20url%20unsecured.%20This%20works%20the%20following%20way%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Client%20enters%20in%20SIP%20Domain%20in%20Mobility%20client%20(eg%20john.doe%40domain.com%3C%2FP%3E%3CP%3E-%20Client%20tries%20to%20connect%20to%20secure%20web%20services%20(HTTPS)%20at%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Flyncdiscover.domain.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flyncdiscover.domain.com%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E-%20fails%3C%2FP%3E%3CP%3E-%20Client%20tries%20to%20connect%20to%20unsecure%20web%20services%20(HTTP)%20at%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Flyncdiscover.domain.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Flyncdiscover.domain.com%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E-%20successful%3C%2FP%3E%3CP%3E-%20XML%20is%20returned%20to%20client%20which%20contains%20Skype%20for%20Busienss%20pool%20web%20services%20URL%2C%26nbsp%3B%3CSTRONG%3Ewhich%20uses%20the%20primary%20pool%20SIP%20Domain%3C%2FSTRONG%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118909%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118909%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EDNS%20Records%20for%20web%20services%20(Reverse%20Proxy%20certificate)%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20most%20URLs%20in%20a%20hybrid%20Skype%20for%20Business%20environment%2C%26nbsp%3Byou%20can%20negate%20the%20need%20to%20add%20additional%20entries%20to%20the%20public%20certificate%20by%20only%20using%20the%20same%20main%20domain%20for%20all%20URLs.%20For%20example%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EMeet%20URLs%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20meet%20simple%20URL%2C%20when%20supporting%20multiple%20domains%2C%20can%20be%20constructed%20like%20the%20following%20example%2C%20which%20uses%20the%20same%20base%20domain%20for%20all%20supported%20hybrid%20SIP%20Domains%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Fskype.domain.com%2Fsipdomain1%2FMeet%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fskype.domain.com%2Fsipdomain1%2FMeet%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Fskype.domain.com%2Fsipdomain2%2FMeet%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fskype.domain.com%2Fsipdomain2%2FMeet%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Fskype.domain.com%2Fsipdomain3%2FMeet%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fskype.domain.com%2Fsipdomain3%2FMeet%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDialin%20URL%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAn%20on-premises%2Fhybrid%20Skype%20for%20Business%20environment%20only%20requires%20a%20single%20Dialin%20URL%2C%20no%20need%20for%20multiple%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Fdialin.domain.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdialin.domain.com%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118908%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118908%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EDNS%20Records%20for%20Remote%20User%2FFederation%20(Edge%20Server%20Certificate)%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EFor%26nbsp%3Beach%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Ehybrid%20domain%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ein%20your%20environment%2C%20you%20will%20need%20to%20create%20the%20following%20records.%20These%20will%20hit%20the%20public%20certificate%20on%20your%20Edge%20server%2Fpool.%20It's%20important%20that%20the%20domains%26nbsp%3Bare%20consistent%20between%20A%20Records%20and%20SRV%20Records.%20For%20example%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESRV%20_sip._tls.%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%26gt%3B%20A%20Record%20sip.%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3A443%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20means%20that%2C%20on%20your%20edge%20servers%2C%26nbsp%3B%3CSTRONG%3Eyou%20will%20need%20an%20additional%20SAN%20entry%20for%20each%20hybrid%20SIP%20Domain%20you%20want%20to%20support.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EA%20Records%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22text-base%20x-hidden-focus%22%3EType%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EFQDN%20IP%20Address%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3EA%3C%2FTD%3E%3CTD%3Esip.%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3E%3CEDGE%20server%3D%22%22%20access%3D%22%22%20public%3D%22%22%20ip%3D%22%22%20address%3D%22%22%3E%3C%2FEDGE%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESRV%20Records%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22text-base%20x-hidden-focus%22%3EType%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EService%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EProtocol%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EPort%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EWeight%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EPriority%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETTL%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EName%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETarget%3C%2FSPAN%3E%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3ESRV%3C%2FTD%3E%3CTD%3E_sip%3C%2FTD%3E%3CTD%3E_tls%3C%2FTD%3E%3CTD%3E443%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3CTD%3E%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3Esip.domain.com%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ESRV%3C%2FTD%3E%3CTD%3E_sipfederationtls%3C%2FTD%3E%3CTD%3E_tcp%3C%2FTD%3E%3CTD%3E5061%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3CTD%3E%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3Esip.domain.com%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118907%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118907%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20any%20SIP%20domains%20that%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Eonly%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eexist%26nbsp%3Bin%20Office%20365%2C%20all%20DNS%20records%20can%20point%20to%20Office%20365.%20There%20are%204%20records%20per%20domain%20that%20you%20need%20to%20configure%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESRV%20Records%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22text-base%20x-hidden-focus%22%3EType%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EService%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EProtocol%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EPort%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EWeight%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EPriority%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETTL%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EName%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETarget%3C%2FSPAN%3E%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3ESRV%3C%2FTD%3E%3CTD%3E_sip%3C%2FTD%3E%3CTD%3E_tls%3C%2FTD%3E%3CTD%3E443%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3CTD%3E%3CSTRONG%3E%3CDOMAINNAME%3E%3C%2FDOMAINNAME%3E%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3Esipdir.online.lync.com%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ESRV%3C%2FTD%3E%3CTD%3E_sipfederationtls%3C%2FTD%3E%3CTD%3E_tcp%3C%2FTD%3E%3CTD%3E5061%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3CTD%3E%3CSTRONG%3E%3CDOMAINNAME%3E%3C%2FDOMAINNAME%3E%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3Esipfed.online.lync.com%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ECNAME%20Records%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22text-base%22%3EType%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EHost%20name%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EDestination%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETTL%3C%2FSPAN%3E%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3ECNAME%3C%2FTD%3E%3CTD%3Esip.%3CSTRONG%3E%3CDOMAINNAME%3E%3C%2FDOMAINNAME%3E%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3Esipdir.online.lync.com%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ECNAME%3C%2FTD%3E%3CTD%3Elyncdiscover.%3CSTRONG%3E%3CDOMAINNAME%3E%3C%2FDOMAINNAME%3E%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3Ewebdir.online.lync.com%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20any%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Ehybrid%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3ESIP%20Domains%2C%20domains%20that%20exist%20in%20both%20Skype%20for%20Business%20On-Premises%20and%20Skype%20for%20Business%20Online%2C%20all%20DNS%20records%20need%20to%20point%20to%20your%26nbsp%3B%3CSTRONG%3Eon-premises%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EEdge%20Server(s)%20and%20Reverse%20Proxy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20does%20of%20course%20impact%20the%20number%20of%20SANs%20required%20on%20your%20public%20certificates.%20However%2C%20if%20you%20follow%20the%20below%20guidance%20you%20can%20limit%26nbsp%3Bthe%20number%20of%20SANs%20required%20on%20your%20Reverse%20Proxy%20certificate%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118906%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118906%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20John%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20wrote%20a%20detailed%20response%20that%20keeps%20being%20posted%20as%20an%20answer%20then%20mysteriously%20disappearing...%20Let%20me%20try%20just%20posting%20the%20summary%2C%20then%20the%20full%20post%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESummary%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3ESIP%20Domains%20only%20on%20Skype%20for%20Business%20Online%3A%20point%20all%20records%20to%20cloud%3C%2FLI%3E%3CLI%3ESIP%20Domains%20on-prem%20and%20online%20(hybrid)%2C%20point%20to%20on-premises%20Edge%20server(s)%20%26amp%3B%20Reverse%20Proxy%3CUL%3E%3CLI%3EEdge%20server%20certificate%20will%20always%20require%20an%20additional%20SAN%20entry%3C%2FLI%3E%3CLI%3EReverse%20Proxy%20certificate%20won't%20if%20you%20are%20happy%20to%20allow%20lyncdiscover%20over%20http%20(port%2080)%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118893%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118893%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20John%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20any%20SIP%20domains%20that%20%3CSTRONG%3Eonly%3C%2FSTRONG%3E%20exist%26nbsp%3Bin%20Office%20365%2C%20all%20DNS%20records%20can%20point%20to%20Office%20365.%20There%20are%204%20records%20per%20domain%20that%20you%20need%20to%20configure%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESRV%20Records%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22text-base%20x-hidden-focus%22%3EType%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EService%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EProtocol%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EPort%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EWeight%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EPriority%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETTL%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EName%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETarget%3C%2FSPAN%3E%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3ESRV%3C%2FTD%3E%3CTD%3E_sip%3C%2FTD%3E%3CTD%3E_tls%3C%2FTD%3E%3CTD%3E443%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3CTD%3E%3CSTRONG%3E%3CDOMAINNAME%3E%3C%2FDOMAINNAME%3E%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3Esipdir.online.lync.com%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ESRV%3C%2FTD%3E%3CTD%3E_sipfederationtls%3C%2FTD%3E%3CTD%3E_tcp%3C%2FTD%3E%3CTD%3E5061%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3CTD%3E%3CSTRONG%3E%3CDOMAINNAME%3E%3C%2FDOMAINNAME%3E%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3Esipfed.online.lync.com%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ECNAME%20Records%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22text-base%22%3EType%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EHost%20name%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EDestination%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETTL%3C%2FSPAN%3E%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3ECNAME%3C%2FTD%3E%3CTD%3Esip.%3CSTRONG%3E%3CDOMAINNAME%3E%3C%2FDOMAINNAME%3E%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3Esipdir.online.lync.com%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ECNAME%3C%2FTD%3E%3CTD%3Elyncdiscover.%3CSTRONG%3E%3CDOMAINNAME%3E%3C%2FDOMAINNAME%3E%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3Ewebdir.online.lync.com%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20any%20%3CSTRONG%3Ehybrid%3C%2FSTRONG%3E%20SIP%20Domains%2C%20domains%20that%20exist%20in%20both%20Skype%20for%20Business%20On-Premises%20and%20Skype%20for%20Business%20Online%2C%20all%20DNS%20records%20need%20to%20point%20to%20your%26nbsp%3B%3CSTRONG%3Eon-premises%3C%2FSTRONG%3E%20Edge%20Server(s)%20and%20Reverse%20Proxy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20does%20of%20course%20impact%20the%20number%20of%20SANs%20required%20on%20your%20public%20certificates.%20However%2C%20if%20you%20follow%20the%20below%20guidance%20you%20can%20limit%26nbsp%3Bthe%20number%20of%20SANs%20required%20on%20your%20Reverse%20Proxy%20certificate%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDNS%20Records%20for%20Remote%20User%2FFederation%20(Edge%20Server%20Certificate)%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EFor%26nbsp%3Beach%20%3CSTRONG%3Ehybrid%20domain%3C%2FSTRONG%3E%20in%20your%20environment%2C%20you%20will%20need%20to%20create%20the%20following%20records.%20These%20will%20hit%20the%20public%20certificate%20on%20your%20Edge%20server%2Fpool.%20It's%20important%20that%20the%20domains%26nbsp%3Bare%20consistent%20between%20A%20Records%20and%20SRV%20Records.%20For%20example%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESRV%20_sip._tls.%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%20%26gt%3B%20A%20Record%20sip.%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3A443%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20means%20that%2C%20on%20your%20edge%20servers%2C%26nbsp%3B%3CSTRONG%3Eyou%20will%20need%20an%20additional%20SAN%20entry%20for%20each%20hybrid%20SIP%20Domain%20you%20want%20to%20support.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EA%20Records%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22text-base%20x-hidden-focus%22%3EType%3C%2FSPAN%3E%20FQDN%20IP%20Address%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3EA%3C%2FTD%3E%3CTD%3Esip.%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3E%3CEDGE%20server%3D%22%22%20access%3D%22%22%20public%3D%22%22%20ip%3D%22%22%20address%3D%22%22%3E%3C%2FEDGE%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESRV%20Records%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22text-base%20x-hidden-focus%22%3EType%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EService%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EProtocol%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EPort%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EWeight%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EPriority%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETTL%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3EName%3C%2FSPAN%3E%3CSPAN%20class%3D%22text-base%22%3ETarget%3C%2FSPAN%3E%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3ESRV%3C%2FTD%3E%3CTD%3E_sip%3C%2FTD%3E%3CTD%3E_tls%3C%2FTD%3E%3CTD%3E443%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3CTD%3E%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3Esip.domain.com%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ESRV%3C%2FTD%3E%3CTD%3E_sipfederationtls%3C%2FTD%3E%3CTD%3E_tcp%3C%2FTD%3E%3CTD%3E5061%3C%2FTD%3E%3CTD%3E1%3C%2FTD%3E%3CTD%3E100%3C%2FTD%3E%3CTD%3E1%20hour%3C%2FTD%3E%3CTD%3E%3CSTRONG%3Edomain.com%3C%2FSTRONG%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3Esip.domain.com%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDNS%20Records%20for%20web%20services%20(Reverse%20Proxy%20certificate)%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20most%20URLs%20in%20a%20hybrid%20Skype%20for%20Business%20environment%2C%26nbsp%3Byou%20can%20negate%20the%20need%20to%20add%20additional%20entries%20to%20the%20public%20certificate%20by%20only%20using%20the%20same%20main%20domain%20for%20all%20URLs.%20For%20example%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EMeet%20URLs%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20meet%20simple%20URL%2C%20when%20supporting%20multiple%20domains%2C%20can%20be%20constructed%20like%20the%20following%20example%2C%20which%20uses%20the%20same%20base%20domain%20for%20all%20supported%20hybrid%20SIP%20Domains%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Fskype.domain.com%2Fsipdomain1%2FMeet%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fskype.domain.com%2Fsipdomain1%2FMeet%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Fskype.domain.com%2Fsipdomain2%2FMeet%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fskype.domain.com%2Fsipdomain2%2FMeet%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Fskype.domain.com%2Fsipdomain3%2FMeet%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fskype.domain.com%2Fsipdomain3%2FMeet%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDialin%20URL%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAn%20on-premises%2Fhybrid%20Skype%20for%20Business%20environment%20only%20requires%20a%20single%20Dialin%20URL%2C%20no%20need%20for%20multiple%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%3CA%20href%3D%22https%3A%2F%2Fdialin.domain.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdialin.domain.com%3C%2FA%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EHowever%3C%2FSTRONG%3E%2C%20as%20the%20lyncdiscover%20record%20is%20constructed%20using%20the%20SIP%20Domain%20entered%20when%20a%20user%20signs%20into%20the%20Skype%20for%20Business%20mobility%20client%2C%20you%20cannot%20use%20the%20same%20logic%20used%20in%20the%20meet%20URL%20example.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20avoid%20updating%20the%20Reverse%20Proxy's%20public%20certificate%20SAN%20list%2C%20it%20can%20be%20done%2C%20but%20you%20will%20need%20to%20open%20port%2080%20(http)%20and%20allow%20for%20lyncdiscover%20to%20resolve%20and%20return%20the%20Skype%20for%20Business%20Front%20End%20pool's%20web%20services%20url%20unsecured.%20This%20works%20the%20following%20way%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EClient%20enters%20in%20SIP%20Domain%20in%20Mobility%20client%20(eg%20john.doe%40domain.com)%3C%2FLI%3E%3CLI%3EClient%20tries%20to%20connect%20to%20secure%20web%20services%20(HTTPS)%20at%20%3CA%20href%3D%22https%3A%2F%2Flyncdiscover.domain.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flyncdiscover.domain.com%3C%2FA%3E%20-%20fails%3C%2FLI%3E%3CLI%3EClient%20tries%20to%20connect%20to%20unsecure%20web%20services%20(HTTP)%20at%20%3CA%20href%3D%22http%3A%2F%2Flyncdiscover.domain.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Flyncdiscover.domain.com%3C%2FA%3E%20-%20successful%3C%2FLI%3E%3CLI%3EXML%20is%20returned%20to%20client%20which%20contains%20Skype%20for%20Busienss%20pool%20web%20services%20URL%2C%26nbsp%3B%3CSTRONG%3Ewhich%20uses%20the%20primary%20pool%20SIP%20Domain%3C%2FSTRONG%3E.%20Here's%20an%20example%20of%20a%20domain%20in%20my%20environment%20that%20uses%20lyncdiscover%20over%20port%2080%2C%20and%20shows%20web%20services%20in%20the%20primary%20SIP%20Doamin%20-%26nbsp%3B%3CSTRONG%3Ethis%20matches%20the%20domain%20on%20the%20Reverse%20Proxy%20certificate%3C%2FSTRONG%3E%3A%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20910px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22539i5F370A95A01EA8A0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%2222.jpg%22%20title%3D%2222.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESummary%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3ESIP%20Domains%20only%20on%20Skype%20for%20Business%20Online%3A%20point%20all%20records%20to%20cloud%3C%2FLI%3E%3CLI%3ESIP%20Domains%20on-prem%20and%20online%20(hybrid)%2C%20point%20to%20on-premises%20Edge%20server(s)%20%26amp%3B%20Reverse%20Proxy%3CUL%3E%3CLI%3EEdge%20server%20certificate%20will%20always%20require%20an%20additional%20SAN%20entry%3C%2FLI%3E%3CLI%3EReverse%20Proxy%20certificate%20won't%20if%20you%20are%20happy%20to%20allow%20lyncdiscover%20over%20http%20(port%2080)%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20helps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDamien%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118889%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118889%22%20slang%3D%22en-US%22%3E%3CP%3EI%20see%2C%20in%20this%20case%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnly%201%20Hybrid%20domain%2C%20let's%20say%20for%20example%2C%20%22hybrid.abc.com%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDNS%20record%20for%20Hybrid%20domain.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20Point%20to%20on-prem%20Edge%20for%20only%20%22hybrid.abc.com%22%20domain.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ECertificate%20for%20Hybrid%20domain.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20Get%20only%20one%20certificate%20for%20%22hybrid.abc.com%22%3C%2FP%3E%3CP%3E-%20No%20need%20to%20consider%20Certificate%20and%20DSN%20records%20for%20Online%20domains.%26nbsp%3B%3C%2FP%3E%3CP%3E-%20No%20need%20to%20include%20all%20other%20ONLINE%20DOMAINS.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDNS%20record%20for%20Online%20Domains.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20Don't%20change%20DNS%20records%20for%20Online%20domains.%26nbsp%3B%3C%2FP%3E%3CP%3E-%26nbsp%3B%3CSPAN%3ENo%20additional%20certificates%20required%20for%20Online%20domain.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118888%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118888%22%20slang%3D%22en-US%22%3E%3CP%3ECurrently%20all%20SIP%20domains%20pointed%20to%20online%26nbsp%3B%3CSTRONG%3Ewebdir.online.lync.com.%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EGo%20to%20first%20question%20if%20we%26nbsp%3B%26nbsp%3Bhybrid%20one%20sip%20domain%2C%20I%20need%20to%20hybrid%20all%20sip%20domains%20right%3F%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20online%20SIP%20domains%26nbsp%3B%20lyncdiscover%20can%20still%20point%20to%26nbsp%3B%3CSTRONG%3Ewebdir.online.lync.com.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ehybrid%20domain%20can't%20see%20online%20sip%20domains%20%2C%20if%20we%20didn't%20point%20all%20online%20SIP%20domains%20SRV%20to%20on-premise%20edge%20server%3F%20Because%20it%20require%20additional%20SANs%20certificate%20for%20edge%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20can't%20save%20cost%20for%20the%20SAN%20certificate%20for%20another%20online%20SIP%20domains%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118887%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118887%22%20slang%3D%22en-US%22%3E%3CP%3EAnd%20yes%2C%20you%20can%3CSPAN%3E%26nbsp%3Bpoint%20lyncdiscover%20to%20online%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Ewebdir.online.lync.com%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118886%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118886%22%20slang%3D%22en-US%22%3E%3CP%3EMake%20it%20simple%2C%20for%20Online%20SIP%20domain%2C%20use%20the%20DNS%20records%20given%20by%20Microsoft%20in%20the%20portal.%20For%20Hybrid-domains%2C%20point%20to%20On-prem%20Edge%20and%20Reverse%20Proxy%2C%20if%20you%20have%20one.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118885%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118885%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20we%20put%20lyncdiscover%20to%20online%26nbsp%3B%3CSTRONG%3Ewebdir.online.lync.com%20%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E1%20online%20domain%3C%2FP%3E%3CP%3E2.domain.com%3C%2FP%3E%3CP%3E3.domain.com%3C%2FP%3E%3CP%3E4.domain.com%3C%2FP%3E%3CP%3E5.domain.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EHybrid%20and%20Online%20SIP%20domains%3C%2FSTRONG%3E%20%2C%20SIP%20and%20SIP%20federation%20update%20to%20on-premise%20edge%20server.%3C%2FP%3E%3CP%3ESip.2.domain.com%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESip.3.domain.com%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ESip.4.domain.com%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ESip.5.domain.com%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThen%20we%20can%20minimize%26nbsp%3Bthe%20impact%20login%20process%20to%20another%20on-line%20sip%20domains%20users.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118884%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118884%22%20slang%3D%22en-US%22%3E%3CP%3EYes.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118882%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118882%22%20slang%3D%22en-US%22%3E%3CP%3EHybrid%20domains%3C%2FP%3E%3CP%3E1.domain.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1%20online%20domain%3C%2FP%3E%3CP%3E2.domain.com%3C%2FP%3E%3CP%3E3.domain.com%3C%2FP%3E%3CP%3E4.domain.com%3C%2FP%3E%3CP%3E5.domain.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20federation.%20I%20need%20point%20all%20to%20the%20on-premise%20edge%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118881%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118881%22%20slang%3D%22en-US%22%3E%3CP%3EAssumed%20the%20followings%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHybrid%20domains%3C%2FP%3E%3CP%3E1.domain.com%3C%2FP%3E%3CP%3E2.domain.com%3C%2FP%3E%3CP%3E3.domain.com%3C%2FP%3E%3CP%3E4.domain.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1%20online%20domain%3C%2FP%3E%3CP%3E5.domain.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20this%20case%2C%20Yes%2C%20you%20can%20point%205.domain.com%20to%20SFB%20Online%2C%20while%201-4.domain.com%20points%20to%20Hybrid%20Edge.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118818%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118818%22%20slang%3D%22en-US%22%3EWe%20can%E2%80%99t%20only%20hybrid%20one%20sip%20domain.%3CBR%20%2F%3EWe%20want%20to%20minimize%20the%20impact%20for%20another%20domains%20%2C%20can%20we%20still%20point%20lyncdiscover%20to%20online%20for%20another%20SIP%20domains%20login%3F%3CBR%20%2F%3EBut%20the%20SIP%20federation%20can%20still%20work%20because%20we%20will%20add%20sip.adomain.com%20sip.bdomain.com...%20on%20on-premise%20edge%20server.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118812%22%20slang%3D%22en-US%22%3ERe%3A%20Hybird%20SIP%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118812%22%20slang%3D%22en-US%22%3E%3CP%3EPossible%20to%20simplify%20your%20question%20as%20I%20am%20not%20getting%20what%20you%20wanted%20to%20achieve%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20have%205%20sip%20domains%2C%20and%20you%20plan%20to%20use%201%20sip%20domain%20as%20a%20Hybrid%3F%20And%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

If we plan to hybrid a sip domain on the tenant,  but they have five sip domains.

I know if we plan to hybrid one sip domain and we need to hybrid four domains on a same tenant.

For the DNS, can we still point four hybrid domains to lyncdiscover to lynconline?

All sip domains Sip federation SRV records will point to on-premise edge server.

 

 

Thanks.

 

23 Replies
Highlighted

Possible to simplify your question as I am not getting what you wanted to achieve? 

 

You have 5 sip domains, and you plan to use 1 sip domain as a Hybrid? And? 

Highlighted
We can’t only hybrid one sip domain.
We want to minimize the impact for another domains , can we still point lyncdiscover to online for another SIP domains login?
But the SIP federation can still work because we will add sip.adomain.com sip.bdomain.com... on on-premise edge server.
Highlighted

Assumed the followings;

 

Hybrid domains

1.domain.com

2.domain.com

3.domain.com

4.domain.com

 

1 online domain

5.domain.com

 

In this case, Yes, you can point 5.domain.com to SFB Online, while 1-4.domain.com points to Hybrid Edge.

Highlighted

Hybrid domains

1.domain.com

 

 

1 online domain

2.domain.com

3.domain.com

4.domain.com

5.domain.com

 

For federation. I need point all to the on-premise edge?

Highlighted

Yes. 

Highlighted

Can we put lyncdiscover to online webdir.online.lync.com ?

1 online domain

2.domain.com

3.domain.com

4.domain.com

5.domain.com

 

Hybrid and Online SIP domains , SIP and SIP federation update to on-premise edge server.

Sip.2.domain.com 

Sip.3.domain.com 

Sip.4.domain.com 

Sip.5.domain.com 

 

Then we can minimize the impact login process to another on-line sip domains users. 

 

Highlighted

Make it simple, for Online SIP domain, use the DNS records given by Microsoft in the portal. For Hybrid-domains, point to On-prem Edge and Reverse Proxy, if you have one.  

Highlighted

And yes, you can point lyncdiscover to online webdir.online.lync.com

Highlighted

Currently all SIP domains pointed to online webdir.online.lync.com. 

Go to first question if we  hybrid one sip domain, I need to hybrid all sip domains right? 

But online SIP domains  lyncdiscover can still point to webdir.online.lync.com.

 

hybrid domain can't see online sip domains , if we didn't point all online SIP domains SRV to on-premise edge server? Because it require additional SANs certificate for edge server.

 

We can't save cost for the SAN certificate for another online SIP domains?

 

Thanks.

Highlighted

I see, in this case;

 

Only 1 Hybrid domain, let's say for example, "hybrid.abc.com".

 

DNS record for Hybrid domain.

- Point to on-prem Edge for only "hybrid.abc.com" domain.  

 

Certificate for Hybrid domain.

- Get only one certificate for "hybrid.abc.com"

- No need to consider Certificate and DSN records for Online domains. 

- No need to include all other ONLINE DOMAINS. 

 

DNS record for Online Domains.

- Don't change DNS records for Online domains. 

No additional certificates required for Online domain.

 

 

 

Highlighted

Hi John,

 

For any SIP domains that only exist in Office 365, all DNS records can point to Office 365. There are 4 records per domain that you need to configure:

 

SRV Records

 

TypeServiceProtocolPortWeightPriorityTTLNameTarget

SRV_sip_tls44311001 hour<DomainName>sipdir.online.lync.com
SRV_sipfederationtls_tcp506111001 hour<DomainName>sipfed.online.lync.com

 

CNAME Records

 

TypeHost nameDestinationTTL

CNAMEsip.<DomainName>sipdir.online.lync.com1 hour
CNAMElyncdiscover.<DomainName>webdir.online.lync.com1 hour

 

For any hybrid SIP Domains, domains that exist in both Skype for Business On-Premises and Skype for Business Online, all DNS records need to point to your on-premises Edge Server(s) and Reverse Proxy.

 

This does of course impact the number of SANs required on your public certificates. However, if you follow the below guidance you can limit the number of SANs required on your Reverse Proxy certificate

 

DNS Records for Remote User/Federation (Edge Server Certificate)

 

For each hybrid domain in your environment, you will need to create the following records. These will hit the public certificate on your Edge server/pool. It's important that the domains are consistent between A Records and SRV Records. For example:

 

SRV _sip._tls.domain.com > A Record sip.domain.com:443

 

This means that, on your edge servers, you will need an additional SAN entry for each hybrid SIP Domain you want to support.

 

A Records

 

Type FQDN IP Address

Asip.domain.com<edge server access public IP address>

 

 

SRV Records

 

TypeServiceProtocolPortWeightPriorityTTLNameTarget

SRV_sip_tls44311001 hourdomain.comsip.domain.com
SRV_sipfederationtls_tcp506111001 hourdomain.comsip.domain.com

 

DNS Records for web services (Reverse Proxy certificate)

 

For most URLs in a hybrid Skype for Business environment, you can negate the need to add additional entries to the public certificate by only using the same main domain for all URLs. For example:

 

Meet URLs

 

The meet simple URL, when supporting multiple domains, can be constructed like the following example, which uses the same base domain for all supported hybrid SIP Domains:

 

https://skype.domain.com/sipdomain1/Meet

https://skype.domain.com/sipdomain2/Meet

https://skype.domain.com/sipdomain3/Meet

 

Dialin URL

 

An on-premises/hybrid Skype for Business environment only requires a single Dialin URL, no need for multiple:

 

https://dialin.domain.com

 

However, as the lyncdiscover record is constructed using the SIP Domain entered when a user signs into the Skype for Business mobility client, you cannot use the same logic used in the meet URL example.

 

If you want to avoid updating the Reverse Proxy's public certificate SAN list, it can be done, but you will need to open port 80 (http) and allow for lyncdiscover to resolve and return the Skype for Business Front End pool's web services url unsecured. This works the following way:

 

  1. Client enters in SIP Domain in Mobility client (eg john.doe@domain.com)
  2. Client tries to connect to secure web services (HTTPS) at https://lyncdiscover.domain.com - fails
  3. Client tries to connect to unsecure web services (HTTP) at http://lyncdiscover.domain.com - successful
  4. XML is returned to client which contains Skype for Busienss pool web services URL, which uses the primary pool SIP Domain. Here's an example of a domain in my environment that uses lyncdiscover over port 80, and shows web services in the primary SIP Doamin - this matches the domain on the Reverse Proxy certificate:

22.jpg

 

 

 

Summary

 

  • SIP Domains only on Skype for Business Online: point all records to cloud
  • SIP Domains on-prem and online (hybrid), point to on-premises Edge server(s) & Reverse Proxy
    • Edge server certificate will always require an additional SAN entry
    • Reverse Proxy certificate won't if you are happy to allow lyncdiscover over http (port 80)

 

I hope this helps.

 

Damien

 

Highlighted
Solution

Hi John,

 

I wrote a detailed response that keeps being posted as an answer then mysteriously disappearing... Let me try just posting the summary, then the full post:

 

Summary

 

  • SIP Domains only on Skype for Business Online: point all records to cloud
  • SIP Domains on-prem and online (hybrid), point to on-premises Edge server(s) & Reverse Proxy
    • Edge server certificate will always require an additional SAN entry
    • Reverse Proxy certificate won't if you are happy to allow lyncdiscover over http (port 80)

 

Highlighted

For any SIP domains that only exist in Office 365, all DNS records can point to Office 365. There are 4 records per domain that you need to configure:

 

SRV Records

 

TypeServiceProtocolPortWeightPriorityTTLNameTarget

SRV_sip_tls44311001 hour<DomainName>sipdir.online.lync.com
SRV_sipfederationtls_tcp506111001 hour<DomainName>sipfed.online.lync.com

 

CNAME Records

 

TypeHost nameDestinationTTL

CNAMEsip.<DomainName>sipdir.online.lync.com1 hour
CNAMElyncdiscover.<DomainName>webdir.online.lync.com1 hour

 

For any hybrid SIP Domains, domains that exist in both Skype for Business On-Premises and Skype for Business Online, all DNS records need to point to your on-premises Edge Server(s) and Reverse Proxy.

 

This does of course impact the number of SANs required on your public certificates. However, if you follow the below guidance you can limit the number of SANs required on your Reverse Proxy certificate

Highlighted

DNS Records for Remote User/Federation (Edge Server Certificate)

 

For each hybrid domain in your environment, you will need to create the following records. These will hit the public certificate on your Edge server/pool. It's important that the domains are consistent between A Records and SRV Records. For example:

 

SRV _sip._tls.domain.com > A Record sip.domain.com:443

 

This means that, on your edge servers, you will need an additional SAN entry for each hybrid SIP Domain you want to support.

 

A Records

 

Type FQDN IP Address

Asip.domain.com<edge server access public IP address>

 

 

SRV Records

 

TypeServiceProtocolPortWeightPriorityTTLNameTarget

SRV_sip_tls44311001 hourdomain.comsip.domain.com
SRV_sipfederationtls_tcp506111001 hourdomain.comsip.domain.com

 

Highlighted

DNS Records for web services (Reverse Proxy certificate)

 

For most URLs in a hybrid Skype for Business environment, you can negate the need to add additional entries to the public certificate by only using the same main domain for all URLs. For example:

 

Meet URLs

 

The meet simple URL, when supporting multiple domains, can be constructed like the following example, which uses the same base domain for all supported hybrid SIP Domains:

 

https://skype.domain.com/sipdomain1/Meet

https://skype.domain.com/sipdomain2/Meet

https://skype.domain.com/sipdomain3/Meet

 

Dialin URL

 

An on-premises/hybrid Skype for Business environment only requires a single Dialin URL, no need for multiple:

 

https://dialin.domain.com

Highlighted

However, as the lyncdiscover record is constructed using the SIP Domain entered when a user signs into the Skype for Business mobility client, you cannot use the same logic used in the meet URL example.

 

If you want to avoid updating the Reverse Proxy's public certificate SAN list, it can be done, but you will need to open port 80 (http) and allow for lyncdiscover to resolve and return the Skype for Business Front End pool's web services url unsecured. This works the following way:

 

- Client enters in SIP Domain in Mobility client (eg john.doe@domain.com

- Client tries to connect to secure web services (HTTPS) at https://lyncdiscover.domain.com - fails

- Client tries to connect to unsecure web services (HTTP) at http://lyncdiscover.domain.com - successful

- XML is returned to client which contains Skype for Busienss pool web services URL, which uses the primary pool SIP Domain.

Highlighted

Here's an example of a domain in my environment that uses lyncdiscover over port 80, and shows web services in the primary SIP Doamin - this matches the domain on the Reverse Proxy certificate:

22.jpg

 

Summary

 

SIP Domains only on Skype for Business Online: point all records to cloud
SIP Domains on-prem and online (hybrid), point to on-premises Edge server(s) & Reverse Proxy
Edge server certificate will always require an additional SAN entry
Reverse Proxy certificate won't if you are happy to allow lyncdiscover over http (port 80)

Highlighted

Hi Damien,

Thank you for your detail explain.

We didn't plan to reduce SANs for RP lyncdiscover for all sip domains.

Conclusion ,  We better point all sip domains to On-prem RP lyncdiscover, for all hybrid & online domains.

Highlighted

Hi John,

 

It would be incorrect to point online only domains to on-premises Reverse Proxy. These should point directly to Skype for Business Online.

 

Damien

Highlighted

Thanks.

 

Demystifying multiple SIP domains in Skype for Business Hybrid Deployments

https://channel9.msdn.com/Events/Ignite/New-Zealand-2016/M385

 

Refer to this channel9, it did mention lyncdiscover online should point to on-prem Reverse proxy.

But I think in general it can point to lync online since it still relay on sip federation SRV records to do federation and sip federation all online and on-prem sip domains will point to on-prem edge server , so online to on-perm federation should have no issue.

 

Highlighted
This is getting interesting — proposed understanding of the issue by the community contributors against what’s best work for the situation.


Highlighted

Yes, but that only is the case for Hybrid domains. Why would I point cloud only lyncdiscover records at my on-premises Reverse Proxy? What would be the next hop?

Highlighted
Moje neulozene prihlasovacieudajecloudpetonagy na internetových strankach
Related Conversations
Multiple email addresses
MikeInTokyo in Office 365 on
1 Replies
EFS Files On domain Profile windows 10
Justn in Windows 10 on
2 Replies
Tenant/domain best practices for nonprofil with School
Jonas Back in Education on
1 Replies
Deleting spam emails
JonathanLeslie in Outlook on
2 Replies
Domain not Available on Office 365, but not registered.
Jack-DJC in Office 365 on
1 Replies