question

BehzadNajafizad-1149 avatar image
0 Votes"
BehzadNajafizad-1149 asked SharonZhao-MSFT commented

Access And Login skype for business 2015 in Public Domain

Hello
my current status is:
1- I initialize SFB 2015 Standard edition in my domain.local and publish topology by one sip local (skype.domain.local or )
2- I do configuration edge server by 3 NIC public and 1 NIC local.
3- prefix suffix in edge server has edge.domain.local
4- my edge topology have 1 sip (same sip local) and just external connection in the web external is webext.domain.com record
5- my dns record in public domain configured

My Question:
1- how user in public zone connect by public domain (domain.com) and login by local username and password?
2- do you need create additional sip domain in local skype or edge server?
3- certificate for local and public domain how create by one sip ?


office-skype-business-server-sign-inoffice-skype-business-server-edge-servers
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @BehzadNajafizad-1149

According to your description, this question seems to be related to SFB, so we would move the irrelevant tags.

0 Votes 0 ·
BehzadNajafizad-1149 avatar image
0 Votes"
BehzadNajafizad-1149 answered SharonZhao-MSFT commented

@SharonZhao-MSFT Tank you for answer my question but !

  • myDomain.local located in private zone and communicate by private dns

  • myDomain.com located in public zone and communicate by private dns

1- which on Primary DNS suffix in Edge Server? myDomain.local OR myDomain.com ???
2- In the Topology Builder what is name Edge Server ? SkypeEdge.local OR SkypeEdge.com
3- why not create addition domain in Skype topology ? if not add additional domain, in certificate step not create for myDomain.com record only webext.myDomain.com

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@BehzadNajafizad-1149

I found you have post a new case in our forum which should be the same question with this one. I will merge the two cases and reply you today.

The following is your description in the new case:

Wildcard CA For skype for business 2015 external access for remote users

How use Wildcard SSL for communicate by remote user (in public zone) to local zone (Reverse proxy or edge server)
1- I have one domain as primary sip domain and other domain additional sip domain
2- in Edge Server on the Step certificate (request and assign ) I can't use SSL SAN Certificate ....

what can do?

0 Votes 0 ·

@BehzadNajafizad-1149,

About the DNS suffix and FQDN for Edge server, it needs to use the public one(.com).

Certificate for Edge server doesn’t support wildcard SAN. This article explains the wildcard certificate in Lync server.
53918-image.png

Besides, you can refer to the following image to configure the certificate.
53905-image.png


If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




0 Votes 0 ·
image.png (15.9 KiB)
image.png (85.2 KiB)
SharonZhao-MSFT avatar image
0 Votes"
SharonZhao-MSFT answered SharonZhao-MSFT commented

@BehzadNajafizad-1149,

Question 1- how user in public zone connect by public domain (domain.com) and login by local username and password?

External user sign-in process is as below:
1. Client discovers Edge Server:
lyncdiscoverinternal.<sip-domain>
lyncdiscover.<sip-domain>
_sipinternaltls._tcp.<sip-domain>
_sipinternal._tcp.<sip-domain>
_sip._tls.<sip-domain>
sipinternal.<sip-domain>
sip.<sip-domain>
sipexternal.<sip-domain>
2.Client connects to Edge Server.
3. Edge Server proxies connection to Director.
4. Director authenticates user and proxy connection to user’s home pool.

Question 2- do you need create additional sip domain in local skype or edge server?

No. It only needs to deploy Edge server properly. For more details, please refer to this article

Question 3- certificate for local and public domain how create by one sip ?

About certificate, please refer to this link.


If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@BehzadNajafizad-1149
Do you have any further question on this topic?
If the suggestion helps, please be free to mark it as an answer for helping more people.

0 Votes 0 ·

@BehzadNajafizad-1149
Haven't received your update for a long time, any update now?
If the above suggestion helps, please be free to mark it as answer for helping more people.

0 Votes 0 ·