“ADDING ADDITIONAL SIP DOMAINS
TO ALREADY DEPLOYED LYNC
ENVIRONMENT”
Mahmoud Hanafi [email protected]
Abstract In this document Steps to add additional SIP domains in already existing Lync deployment.
Table of Contents The propose of this document .................................................................................................................... 2
The steps in brief .......................................................................................................................................... 2
Steps to add the new SIP domain(s) to the Topology................................................................................ 2
Create DNS records for the new simple URLs, both internal and external ............................................... 4
Request new certificates with adding the new domain(s) name(s). ........................................................... 5
The propose of this document In this document we will demonstrate in steps how to add additional SIP domain in the already
existing Lync deployment.
The steps in brief 1. Add the new SIP domain(s) to the Topology.
2. Create DNS records for the new simple URLs, both internal and external.
3. Request new certificates with adding the new domain(s) name(s).
Steps to add the new SIP domain(s) to the Topology Open the Lync Server Topology Builder.
Select download the topology from the existing deployment.
After the topology builder has opened, Right click on the topology and click edit properties.
Click on add new domain to add the new sip domain.
Then click on publish topology
Create DNS records for the new simple URLs, both internal and
external
Port Service Protocol Type Entry Server
CNAME lyncdiscover.Test.com Add it to your public DNS entry
A sip.Test.com Point it to your FE server pool-(Internal+External) DNS
A meet.Test.com Point it to your FE server pool-(Internal+External) DNS
5061 _sipfederationtls SRV sip.Test.com Should be created on your public DNS
443 _sip sip.Test.com Should be created on your public DNS
5061 _sipinternaltls SRV sipinternaltls._tcp.Test.com Should be created on your internal DNS
Request new certificates with adding the new domain(s) name(s).
Open Lync server deployment wizard.
Select Install or Update Lync Server System.
Select Step 3 Request, Install or assign Certificates.
For internal certificate keep select the following option.
Then press Request and Next.
If you don’t have the option to connect directly to your internal CA, you should choose the second
option as the below.
Choose the path you will save the certificate request in and the CSR name.
Choose the following option if you have a certificate template, in our scenario bypass this option.
Type the same friendly name as the below.
At the end of this wizard you will need to select the new sip domain in my example it was
Test.com and your old domains to the SIP domain setting on subject Alternative Names
(SANs) section, then adding all your additional subject alternative names.
PS. “after upgraded the certificate you need to run the following command { Stop-
CsWindowsService} on your Lync server management shell”
Now after you generated the new certificate request through your internal CA, you just need
to install it on your FE servers, to do that you have two options here.
Option #1
Option #2
From start menu type mmc, file, Add/Remove Snap in, certificate, computer account and
finish.
And import the new certificate to personal as the below.
The final step in this wizard is to assign the new certificate to Lync services as the below
screen.
After you finish you need to start Lync service by the following command
{ Start-CsWindowsService}.
Important PS. “you need to export the same certificate with private key if you have more than
FE servers in order to add it to all your FE servers and this done by the following steps.”
Till now you can enable new sip domain users and access Lync with the new sip domain from
you internal network.
To access from External you just need to update your public certificate with your new SIP
domain and it’s (SANs).
