Requirements for Automatic Client Sign-In
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
This section explains the DNS records required for automatic client sign-in. When you deploy your Standard Edition Servers or pools, you can configure your clients to use automatic discovery to sign into the appropriate Standard Edition Server or Enterprise pool.
To support automatic client sign-in, you must:
Designate a single server or pool to distribute and authenticate client sign-in requests. This may be one of the existing server or pool in your enterprise that host users or you can designate a dedicated server or pool for this purpose that hosts no users. For high availability, we recommend that you designate an Enterprise pool for this function.
Create an internal DNS SRV record to support automatic client sign-in for this server or pool.
Note
SIP domain refers to the host portion of the SIP URIs assigned to users. For example, if SIP URIs are of the form *@contoso.com, then contoso.com is the SIP domain. The SIP domain is often different from the internal Active Directory domain. An organization may also support multiple SIP domains. For more information on configuring SIP domains, see the Microsoft Office Communications Server 2007 Administration Guide.
To enable automatic configuration for your clients, you must create an internal DNS SRV record that maps one of the following records to the FQDN of the Enterprise Edition pool (or Standard Edition server) that distribute sign-in requests from Office Communicator:
_sipinternaltls._tcp.<domain> - for internal TLS connections
_sipinternal._tcp. <domain> - for internal TCP connections (performed only if TCP is allowed)
You only need to create a single SRV record for the Standard Edition Server or Enterprise pool that will distribute sign-in requests.
Important
Only a single pool or Standard Edition Server can be designated to distribute sign-in requests. Create only one SRV record for the designated server or pool. Do NOT create this SRV record for additional internal servers or pools.
The following table shows some example records required for the fictitious company, Contoso that supports SIP domains of contoso.com and retail.contoso.com.
Table 30 Example DNS Records Required for Automatic Client Sign-In with Multiple SIP Domains
| FQDN of Pool Used to Distribute Sign-in Requests | SIP Domain | DNS SRV Record |
|---|---|---|
Pool1.Contoso.com |
Contoso.com |
An SRV record for _sipinternaltls._tcp.contoso.com domain over port 5061 that maps to Pool1.Contoso.com |
Pool1.Contoso.com |
Retail.Contoso.com |
An SRV record for _sipinternaltls._tcp.retail.contoso.com domain over port 5061 that maps to Pool1.Contoso.com |
Note
By default, queries for DNS records adhere to strict domain name matching between the domain in the user name and the SRV record. If you prefer that client DNS queries use suffix matching instead, you can configure the DisableStrictDNSNaming group policy. See the Microsoft Office Communicator 2007 Planning and Deployment Guide for more information.
Example of the Certificates and DNS Records Required for Automatic Client Sign-in
Using the examples in the preceding table, the Contoso organization supports the SIP domains of contoso.com and retail.contoso.com, and all its users have a SIP URI in one of the two following forms:
<user>@retail.contoso.com
<user>@contoso.com
The administrator at Contoso would configure pool1.contoso.com as the pool that will distribute its sign-in requests.
Required DNS Records:
SRV record for _sipinternaltls._tcp.contoso.com domain over port 5061 that maps to pool1.contoso.com
SRV record for _sipinternaltls._tcp. retail.contoso.com domain over port 5061 that maps to pool1.contoso.com
Required Certificates
In addition to this, the certificate assigned to the Front End servers in pool1.contoso.com must have the following in their Subject Alternate Names:
sip.contoso.com
sip.retail.contoso.com