Tuesday, March 6, 2012

Configure UAG Direct Access for Lync 2010

An NRPT exception consists of a fully-qualified DNS name that has no associated DirectAccess DNS Server address. This tells the DNS client to resolve the excepted name using its normal interface-configured DNS server instead of following the more general rule and sending the query to the internal DNS server.
The example below, output from the netsh namespace show policy command on a DirectAccess-enabled client, shows an exception followed by a more general rule:
Settings for sip.yourdomain.com
Certification authority :
DNSSEC (Validation) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS Servers) :
DirectAccess (IPsec) : disabled
DirectAccess (Proxy Settings) : Bypass proxy
For Lync, there are a set of standard names that you may need to include as exceptions in a DirectAccess NRPT configuration. These are:
LocationTypeFQDNMaps to/Comments
External DNSAaccess.sipdomain.comSIP Access Edge external interface
External DNSAwebcon.sipdomain.comWeb Conferencing Edge external interface
External DNSAav.sipdomain.comA/V Edge external interface
External DNSSRV_sip._tls.sipdomain.comSIP Access Edge external interface (access.sipdomain.com)Required for automatic configuration of Lync 2010 clients to work externally
External DNSSRV_sipfederationtls._tcp.sipdomain.comSIP Access Edge external interface (access.sipdomain.com)Required for automatic DNS discovery of federated partners known as “Allowed SIP Domain” (called enhanced federation in previous releases).
Table 1 DNS Records Required for Single Consolidated Edge Topology: Consolidated Edge

LocationTypeFQDNMaps to/comments
External DNSAlsrp.sipdomain.comUsed to publish Address Book Service, distribution group expansion, and conference content.
External DNSAdialin.sipdomain.comDial-in conferencing published externally
External DNSAmeet.sipdomain.comConferences published externally
External DNSAlsweb-ext.sipdomain.comLync Server 2010 external Web Services FQDN
Table 2 DNS Records Required for Single Consolidated Edge Topology: Reverse Proxy

Once you have figured out the NRPT exceptions that you need to make to suit your organization’s external-facing service names, you can set them up in the UAG DirectAccess Infrastructure Server Configuration step


  1. I have added all four including internal and external address but lync client is still unable to connect.

  2. The concept of this is Lync should ontact your edge server while logging in from DA.So you can trace the connectivity wher it is exactly going and accordingly you need to exclude the same from DA.Hope you want to connect lync externally(Remote Login).