I find that I tend to forget a lot of the things I do to validate an OCS 2007 R2 remote access deployment when I spend a few months working on other projects so this post serves as way of reminding me what I typically do to validate remote access and an Edge server deployment.
Before I proceed, I am aware of the Microsoft Office Communications Server Remote Connectivity Analyzer which now supports Lync Server 2010 as well (http://recite.microsoft.com/). There are some aspects of the tool that I don’t really like but it does a great job of validating certain services that you can’t do with regular nslookups or telnet sessions.
Public DNS Records
Service | Type | DNS | IP |
Access Edge Services | A | sip.domain.com | <Unique Public IP Required> |
Web Conferencing Edge Services | A | webconf.domain.com | <Unique Public IP Required> |
A/V Edge Services | A | av.domain.com | <Unique Public IP Required> |
Reverse Proxy (ABS, group expansion, etc) | A | ocsproxy.domain.com | <Unique Public IP Required> |
Automatic sign-on | SRV Port: 443 |
_sip._tls.domain.com | Points to Access Edge Services A Record |
Federation | SRV Port: 5061 |
_sipfederationtls._tcp.domain.com | Points to Access Edge Services A Record |
Autodiscover (Exchange Services) | A | autodiscover.domain.com | <Unique Public IP Required> |
Communicator Web Access (CWA) | A | cwa.domain.com | <Unique Public IP Required> |
CWA Desktop Share | CNAME | as.cwa.domain.com | Points to cwa.domain.com |
CWA Desktop Share | CNAME | download.cwa.domain.com | Points to cwa.domain.com |
Validating Public DNS Records
A Records:
Validating the public A records are simple as all you need to do is start up a command prompt, execute nslookup, set the server to a public DNS server, and start typing in the A records as shown in the following:
C:Documents and Settingstluk>nslookup
Default Server: someDNS.internalDomain.com
Address: 172.16.1.5
> server 4.2.2.2
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
> sip.domain.com
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
Name: sip.domain.com
Address: 68.36.16.27
SRV Records:
Validating the public SRV records is what I tend to forget as I almost always forget the format of the record. As with the A records, start up a command prompt, execute nslookup, set the server to a public DNS server, perform the following:
C:Documents and Settingstluk>nslookup
Default Server: dc01.domain.com
Address: 172.16.1.5
> server 4.2.2.2
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
> set type=srv
> _sip._tls.domain.com
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
_sip._tls.domain.com SRV service location:
priority = 0
weight = 0
port = 443
svr hostname = sip.domain.com
> _sipfederationtls._tcp.domain.com
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
_sipfederationtls._tcp.domain.com SRV service location:
priority = 0
weight = 0
port = 5061
svr hostname = sip.domain.com
CNAME Records:
Validating the public CNAME records are just as simple as the A records. Start up a command prompt, execute nslookup, set the server to a public DNS server, perform the following:
C:Documents and Settingstluk>nslookup
Default Server: dc01.domain.com
Address: 172.16.1.5
> server 4.2.2.2
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
> set type=cname
> as.cwa.domain.com
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
as.cwa.domain.com canonical name = cwa.domain.com
> download.cwa.domain.com
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
download.cwa.domain.com canonical name = cwa.domain.com
Validating Connectivity
There isn’t an easy way to validate UDP ports but there are ways to validate TCP ports and that is to use good old telnet provided by Windows. Note that telnet isn’t installed by default after Windows Server 2003 and Windows XP so if it’s not available, simply add it via Programs and Features.
Access Edge Service, Web Conferencing, A/V, Reverse Proxy, CWA, Federation:
Simply start up the command prompt and execute:
telnet sip.domain.com 443
telnet webconf.domain.com 443
telnet av.domain.com 443
telnet ocsproxy.domain.com 443
telnet cwa.domain.com 443
telnet sip.domain.com 5061 – Federation
… if you are successful in connecting to that A record @ 443, you will see something like this:
Hope this helps anyone out there looking for something to quickly reference to for an OCS 2007 R2 remote access deployment.
2 Responses
Great post. All of the ways to verify connectivity are here. I will bookmark this.
Businesses recording phone calls using a call recording system is nothing new for different types of operations.