Manage Registrar configuration settings in Skype for Business Server 2015

 

마지막으로 수정된 항목: 2015-08-17

Summary: Manage Registrar configuration settings for 비즈니스용 Skype 서버 2015.

You can use the Registrar to configure proxy server authentication methods. The authentication protocol you specify determines which type of challenges the servers in the pool issue to clients. The available protocols are:

  • Kerberos   This is the strongest password-based authentication scheme available to clients, but it is normally available only to enterprise clients because it requires client connection to a Key Distribution Center (Kerberos domain controller). This setting is appropriate if the server authenticates only enterprise clients.

  • NTLM   This is the password-based authentication available to clients that use a challenge-response hashing scheme on the password. This is the only form of authentication available to clients without connectivity to a Key Distribution Center (Kerberos domain controller), such as remote users. If a server authenticates only remote users, you should choose NTLM.

  • Certificate authentication   This is the new authentication method when the server needs to obtain certificates from Lync Phone Edition clients, common area phones, 비즈니스용 Skype and the Lync Windows 스토어 앱. On Lync Phone Edition clients, after a user signs in and is successfully authenticated by providing a personal identification number (PIN), 비즈니스용 Skype 서버 2015 then provisions the SIP URI to the phone and provisions a 비즈니스용 Skype 서버 signed certificate or a user certificate that identifies Joe (Ex: SN=joe@contoso.com ) to the phone. This certificate is used for authenticating with the Registrar and Web Services.

note참고:
We recommend that you enable both Kerberos and NTLM when a server supports authentication for both remote and enterprise clients. The Edge Server and internal servers communicate to ensure that only NTLM authentication is offered to remote clients. If only Kerberos is enabled on these servers, they cannot authenticate remote users. If enterprise users also authenticate against the server, Kerberos is used.
If you will use Lync Windows 스토어 앱 clients, you must enable certificate authentication.

Follow these steps to create a new Registrar.

  1. RTCUniversalServerAdmins 그룹의 구성원인 사용자 계정(또는 이와 동일한 사용자 권한을 가진 사용자 계정)이나 CsServerAdministrator 또는 CsAdministrator 역할이 할당된 사용자 계정에서 비즈니스용 Skype 서버 2015을 배포한 네트워크에 있는 컴퓨터에 로그온합니다.

  2. 브라우저 창을 연 다음 Admin URL을 입력하여 비즈니스용 Skype 서버 제어판을 엽니다. 비즈니스용 Skype 서버 제어판을 사용하여 시작할 수 있는 다양한 방법에 대한 자세한 내용은 Lync Server 관리 도구 열기를 참조하세요.

  3. In the left navigation bar, click Security and then click Registrar.

  4. On the Registrar page, click New

  5. In Select a Service, click the service to which the Registrar is to be applied and then click OK.

  6. In New Registrar Setting, select one or more of the following depending on the capabilities of the clients and support in your environment:

    • Enable Kerberos authentication to have the servers in the pool issue challenges using Kerberos authentication.

    • Enable NTLM authentication to have the servers in the pool issue challenges using NTLM.

    • Enable certificate authentication to have the servers in the pool issue certificates to clients.

  7. Click Commit.

You can use the Registrar to configure proxy server authentication protocols. For information about the available protocols, see Manage Registrar configuration settings in Skype for Business Server 2015.

note참고:
We recommend that you enable both Kerberos and NTLM when a server supports authentication for both remote and enterprise clients. The Edge Server and internal servers communicate to ensure that only NTLM authentication is offered to remote clients. If only Kerberos is enabled on these servers, they cannot authenticate remote users. If enterprise users also authenticate against the server, Kerberos is used.

Follow these steps to modify an existing Registrar.

  1. RTCUniversalServerAdmins 그룹의 구성원인 사용자 계정(또는 이와 동일한 사용자 권한을 가진 사용자 계정)이나 CsServerAdministrator 또는 CsAdministrator 역할이 할당된 사용자 계정에서 비즈니스용 Skype 서버 2015을 배포한 네트워크에 있는 컴퓨터에 로그온합니다.

  2. 브라우저 창을 연 다음 Admin URL을 입력하여 비즈니스용 Skype 서버 제어판을 엽니다. 비즈니스용 Skype 서버 제어판을 사용하여 시작할 수 있는 다양한 방법에 대한 자세한 내용은 Lync Server 관리 도구 열기를 참조하세요.

  3. In the left navigation bar, click Security and then click Registrar.

  4. On the Registrar page, click a service, click Edit, and then click Show details.

  5. In Edit Registrar Setting, select one or more of the following depending on the capabilities of the clients and support in your environment:

    • Enable Kerberos authentication to have the servers in the pool issue challenges using Kerberos authentication.

    • Enable NTLM authentication to have the servers in the pool issue challenges using NTLM.

    • Enable certificate authentication to have the servers in the pool issue certificates to clients.

  6. Click Commit.

  1. RTCUniversalServerAdmins 그룹의 구성원인 사용자 계정(또는 이와 동일한 사용자 권한을 가진 사용자 계정)이나 CsServerAdministrator 또는 CsAdministrator 역할이 할당된 사용자 계정에서 비즈니스용 Skype 서버 2015을 배포한 네트워크에 있는 컴퓨터에 로그온합니다.

  2. 브라우저 창을 연 다음 Admin URL을 입력하여 비즈니스용 Skype 서버 제어판을 엽니다. 비즈니스용 Skype 서버 제어판을 사용하여 시작할 수 있는 다양한 방법에 대한 자세한 내용은 Lync Server 관리 도구 열기를 참조하세요.

  3. In the left navigation bar, click Security and then click Registrar.

  4. On the Registrar page, and in the search field, type all or part of the name of the Registrar you want to delete.

  5. In the list, click the Registrar that you want, click Edit, and then click Delete.

  6. Click OK.

You can delete the Registrar configuration settings by using Windows PowerShell and the Remove-CsProxyConfiguration cmdlet. You can run this cmdlet from the 비즈니스용 Skype 서버 관리 쉘 or from a remote session of Windows PowerShell. 원격 Windows PowerShell을 사용하여 비즈니스용 Skype 서버에 연결하는 방법에 대한 자세한 내용은 "빠른 시작: 원격 PowerShell을 사용하여 Microsoft Lync Server 2010 관리"를 참조하세요. 프로세스는 비즈니스용 Skype 서버와 동일합니다.

  • The following command removes the Registrar security settings applied to the edge Server atl-edge-011.litwareinc.com:

    Remove-CsProxyConfiguration -Identity service:EdgeServer:atl-edge-011.litwareinc.com
    

  • The following command removes all the Registrar security settings applied to the Registrar service:

    Get-CsProxyConfiguration -Filter "service:Registrar:*" | Remove-CsProxyConfiguration
    

  • The following command deletes all the Registrar security settings that allow the use of NTLM for client authentication:

    Get-CsProxyConfiguration | Where-Object {$_.UseNtlmForClientToProxyAuth -eq $True}| Remove-CsProxyConfiguration
    

For details, see Remove-CsProxyConfiguration.

 
표시: