Monday, February 14, 2011

Verifying and testing OCS 2007 R2 public DNS records and Edge connectivity

I find that I tend to forget a lot of the things I do to validate an OCS 2007 R2 remote access deployment when I spend a few months working on other projects so this post serves as way of reminding me what I typically do to validate remote access and an Edge server deployment.

Before I proceed, I am aware of the Microsoft Office Communications Server Remote Connectivity Analyzer which now supports Lync Server 2010 as well (http://recite.microsoft.com/).  There are some aspects of the tool that I don’t really like but it does a great job of validating certain services that you can’t do with regular nslookups or telnet sessions.

image

Public DNS Records

Service Type DNS IP
Access Edge Services A sip.domain.com <Unique Public IP Required>
Web Conferencing Edge Services A webconf.domain.com <Unique Public IP Required>
A/V Edge Services A av.domain.com <Unique Public IP Required>
Reverse Proxy (ABS, group expansion, etc) A ocsproxy.domain.com <Unique Public IP Required>
Automatic sign-on SRV
Port: 443
_sip._tls.domain.com Points to Access Edge Services A Record
Federation SRV
Port: 5061
_sipfederationtls._tcp.domain.com Points to Access Edge Services A Record
Autodiscover (Exchange Services) A autodiscover.domain.com <Unique Public IP Required>
Communicator Web Access (CWA) A cwa.domain.com <Unique Public IP Required>
CWA Desktop Share CNAME as.cwa.domain.com Points to cwa.domain.com
CWA Desktop Share CNAME download.cwa.domain.com Points to cwa.domain.com

Validating Public DNS Records

A Records:

Validating the public A records are simple as all you need to do is start up a command prompt, execute nslookup, set the server to a public DNS server, and start typing in the A records as shown in the following:

C:\Documents and Settings\tluk>nslookup
Default Server:  someDNS.internalDomain.com
Address:  172.16.1.5

> server 4.2.2.2
Default Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

> sip.domain.com
Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

Non-authoritative answer:
Name:    sip.domain.com
Address:  68.36.16.27

image

SRV Records:

Validating the public SRV records is what I tend to forget as I almost always forget the format of the record.  As with the A records, start up a command prompt, execute nslookup, set the server to a public DNS server, perform the following:

C:\Documents and Settings\tluk>nslookup
Default Server:  dc01.domain.com
Address:  172.16.1.5

> server 4.2.2.2
Default Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

> set type=srv
> _sip._tls.domain.com
Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

Non-authoritative answer:
_sip._tls.domain.com SRV service location:
          priority       = 0
          weight         = 0
          port           = 443
          svr hostname   = sip.domain.com
> _sipfederationtls._tcp.domain.com
Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

Non-authoritative answer:
_sipfederationtls._tcp.domain.com    SRV service location:
          priority       = 0
          weight         = 0
          port           = 5061
          svr hostname   = sip.domain.com

image

CNAME Records:

Validating the public CNAME records are just as simple as the A records.  Start up a command prompt, execute nslookup, set the server to a public DNS server, perform the following:

C:\Documents and Settings\tluk>nslookup
Default Server:  dc01.domain.com
Address:  172.16.1.5

> server 4.2.2.2
Default Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

> set type=cname
> as.cwa.domain.com
Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

Non-authoritative answer:
as.cwa.domain.com    canonical name = cwa.domain.com
> download.cwa.domain.com
Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

Non-authoritative answer:
download.cwa.domain.com      canonical name = cwa.domain.com

image

Validating Connectivity

There isn’t an easy way to validate UDP ports but there are ways to validate TCP ports and that is to use good old telnet provided by Windows.  Note that telnet isn’t installed by default after Windows Server 2003 and Windows XP so if it’s not available, simply add it via Programs and Features.

Access Edge Service, Web Conferencing, A/V, Reverse Proxy, CWA, Federation:

Simply start up the command prompt and execute:

telnet sip.domain.com 443

telnet webconf.domain.com 443

telnet av.domain.com 443

telnet ocsproxy.domain.com 443

telnet cwa.domain.com 443

telnet sip.domain.com 5061 - Federation

image image

image

… if you are successful in connecting to that A record @ 443, you will see something like this:

image image

image

Hope this helps anyone out there looking for something to quickly reference to for an OCS 2007 R2 remote access deployment.

2 comments:

ThomF said...

Great post. All of the ways to verify connectivity are here. I will bookmark this.

sip recording said...

Businesses recording phone calls using a call recording system is nothing new for different types of operations.