An NRPT exception consists of a fully-qualified DNS name that has no associated DirectAccess DNS Server address. This tells the DNS client to resolve the excepted name using its normal interface-configured DNS server instead of following the more general rule and sending the query to the internal DNS server.
The example below, output from the
netsh namespace show policy command on a DirectAccess-enabled client, shows an exception followed by a more general rule:
Settings for sip.yourdomain.com
———————————————————————-
Certification authority :
DNSSEC (Validation) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS Servers) :
DirectAccess (IPsec) : disabled
DirectAccess (Proxy Settings) : Bypass proxy
For Lync, there are a set of standard names that you may need to include as exceptions in a DirectAccess NRPT configuration. These are:
| Location | Type | FQDN | Maps to/Comments |
| External DNS | A | access.sipdomain.com | SIP Access Edge external interface |
| External DNS | A | webcon.sipdomain.com | Web Conferencing Edge external interface |
| External DNS | A | av.sipdomain.com | A/V Edge external interface |
| External DNS | SRV | _sip._tls.sipdomain.com | SIP Access Edge external interface (access.sipdomain.com)Required for automatic configuration of Lync 2010 clients to work externally |
| External DNS | SRV | _sipfederationtls._tcp.sipdomain.com | SIP Access Edge external interface (access.sipdomain.com)Required for automatic DNS discovery of federated partners known as “Allowed SIP Domain” (called enhanced federation in previous releases). |
Table 1 DNS Records Required for Single Consolidated Edge Topology: Consolidated Edge
| Location | Type | FQDN | Maps to/comments |
| External DNS | A | lsrp.sipdomain.com | Used to publish Address Book Service, distribution group expansion, and conference content. |
| External DNS | A | dialin.sipdomain.com | Dial-in conferencing published externally |
| External DNS | A | meet.sipdomain.com | Conferences published externally |
| External DNS | A | lsweb-ext.sipdomain.com | Lync Server 2010 external Web Services FQDN |
Table 2 DNS Records Required for Single Consolidated Edge Topology: Reverse Proxy
Once you have figured out the NRPT exceptions that you need to make to suit your organization’s external-facing service names, you can set them up in the UAG DirectAccess
Infrastructure Server Configuration step
I have added all four including internal and external address but lync client is still unable to connect.
ReplyDeleteThe concept of this is Lync should ontact your edge server while logging in from DA.So you can trace the connectivity wher it is exactly going and accordingly you need to exclude the same from DA.Hope you want to connect lync externally(Remote Login).
ReplyDelete