In this article we will have a look at the steps to add additional SIP domain in the already existing Lync 2013 deployment.
In short we need to perform the following tasks to add a new SIP domain
1) Add the new SIP domain in the existing Lync topology.
2) Publish the Topology and install the wizard on all the front end and edge servers.
3) Update your internal certificate with the new SIP domain entry through CA and then assign the new internal CA to the FE servers
4) Create the certificate for the new SIP domain and then install them on the edge servers and on the reverse proxy server .
Steps to add new SIP domain
1) First we need to add the new SIP domain to our topology
Inorder to do that we need to perform the following task
Open the Lync Server Topology Builder
Select download the topology from the existing deployment since we are going to modify the existing topology only
Once the topology builder is open – Right click on the topology and click edit properties
Click on add new domain and add the new sub domain.
Once done click on publish topology
Once it’s done click on the setup and rerun the setup
We have to rerun the above setup on all the FE servers and the edge servers.
Now we need to create the DNS records
The DNS records must be created in the following order
|Port||Service Protocol||Type||Entry||Server||Request Type|
|CNAME||lyncdiscover.exchangequery.com||Add it to your public DNS entry||New|
|A||sip.exchangequery.com||Point it to your FE server pool|
|A||meet.exchangequery.com||Point it to your FE server pool|
|5061||_sipfederationtls||SRV||sip.exchangequery.com||Should be created on your public DNS|
|443||_sip||sip.exchangequery.com||Should be created on your public DNS|
This above creation is only for IM and presence. For dial-in ,Audio/Video respective entries should be created in the DNS.
Now we need to create the certificate for the new SIP domain.
Updating your internal Certificate with the new SIP domain through CA and then assign the new internal CA to the FE servers is a normal process so im not explaining that part in this article. But make sure that you run the certificate wizard in the FE server and assign the new updated internal certificate.
For external certificate we can create the certificate through digicert,go daddy etc depending upon with whom you have bought the public certificates.
In this scenario lets take an example of creating certificate from the digicert.
Download the digicert utility tool for windows.
Create your private key and CSR by using this utility and request certificate from digicert.
Open digicert and click on create CSR.
Type in common name and select SSL certificate since we require SSL certificate.
Add all the required SAN’s should be added as shown below.
Choose the provider type
Now after click on create we will get the private CSR key generated for the new SIP domain as below
Now send this private CSR to digicert for the certificate . Once they issue for this new domain just download this certificate and install them on the edge servers and your reverse proxy servers.
Inorder to do that please log into http://www.digicert.com and log in to your account and click on request certificate.
Now choose the new SSL certificate type and paste the private CSR request we generated.
Now type the common name you wish to call the certificate . In our case we need to choose the server platform Lync server 2013 since we need to import this certificate on our edge server.
After this go to my certificates and download the certificates.Once they issue for this new domain just download this certificate and install them on the edge servers and your reverse proxy servers.
Now import this certificate on the edge servers by using Lync Server Deployment wizard.
Later request this same certificate for your reverse proxy server (F5,Kemp or TMG) on your certificate request and then install them on reverse proxy server for the mobile connectivity.
Now we have successfully added the new domain in our Lync Environment.
MVP- Exchange Server