Tuesday, March 11, 2014

Lync Edge Testing Suite (Part 2) – Lync DNS Tester and IP Route Editor Tools

I am dedicating this post to the saying “measure twice, cut once”, as this saying is most apt when describing what you should do before deploying your Edge server. In addition to this, I will be bringing you, not one, but two new Powershell tools to help with your Lync Edge server deployments! In this post we are going to cover two areas of Lync Edge Server deployment. The first is Domain Name records and the second is IP Networking.

For Part 1 of the Lync Edge Suite series go here.

Lync DNS Naming


Domain Name records in Lync can be rather confusing, as over the various incarnations of Lync there have been many different clients and server functions that have required a variety of special DNS records to function. Here are two very useful Technet links for a detailed explanation of how internal and external DNS records work with Lync 2013:
  • Lync internal DNS records example Technet
  • Edge Server DNS records on Technet
In summary, there are many different records that have been added for various clients and features for Lync to function. So you should always check that all of your DNS records are configured in production. I've made a Powershell tool that may be useful in checking these records are configured.

Lync DNS Tester Tool




 Features
  • Make DNS requests to the server of your choice. The DNS server setting will specify the DNS server to make the request to. This means you can test your internal records on your internal DNS server, and your external records on a public DNS server.
  • Auto-fill common Lync DNS record names with the “Fill All” button. Tick the “Internal” or “External” checkboxes to select the records you would like to fill. You can even edit the variables at the start of the script to match your standard naming convention.
  • IPv6 support for Fill All. Tick the IPv6 box to fill with Quad-A records.
  • Can add your own A, AAAA, CNAME and SRV records.
  • Save yourself from getting RSI from typing all these nslookup commands manually!

Download Version 1.00(Lync DNS Tester Tool):


External Records

Lync's external DNS records all resolve to either the Edge server(s) or the External Reverse Proxy server for web service connections. The table below shows the records that the Lync DNS Tester Tool will auto fill when the “Fill All” button is pressed and the "External" check box is ticked:

Record Purpose
DNS Name
Host
Fixed / Variable
External Access name
sip.<domain name>
Access Edge IP
Variable
(Topology Builder)
External Audio/Video name
av.<domain name>
AV Edge IP
Variable
(Topology Builder)
External Web Conferencing name
webconf.<domain name>
Web Conf Edge IP
Variable
(Topology Builder)
External Web Services name / Reverse Proxy
lyncwebext.<domain name>
Reverse Proxy
Variable
(Topology Builder)
Dial-in simple name / Reverse Proxy
dialin.<domain name>
Reverse Proxy
Variable
(Topology Builder)
Meet simple name / Reverse Proxy
meet.<domain name>
Reverse Proxy
Variable
(Topology Builder)
External Web Apps Server / Reverse Proxy
waswebext.<domain name>
Reverse Proxy
Variable
(Web Apps Server)
Lync discover record for Mobile and Windows 8 App Store client. Technet
lyncdiscover.<domain name>
Reverse Proxy
Fixed
External SIP record. (not a mandatory record, however, it’s in the client lookup list)
sipexternal.<domain name>
Access Edge IP
Fixed
External SRV record for SIP connection
_sip._tls.<domain name>
Access Edge
Port 443
Fixed
External Federation SRV record for Open Federation
_sipfederationtls._tcp.<domain name>
Access Edge
Port 5061
Fixed
External XMPP Federation SRV record
_xmpp-server._tcp.<domain name>
Access Edge
Port 5269
Fixed

For the DNS names in the table that are marked as Variable, there are variables at the start of the script that can be edited to match the configuration of your environment, for example:

# External DNS Name Variables - Edit these to whatever you are using for your Lync environment
$sip = "sip"                  # External Access Edge
$av = "av"                    # External AV Edge
$webconf = "webconf"          # External Web Conf
$lyncwebext = "lyncwebext"    # Lync External Web Services / Reverse Proxy
$dialin = "dialin"            # dialin conferencing name
$meet = "meet"                # meet conferencing name
$waswebext= "waswebext"      # Web Apps server external name


Internal Records

If you tick the “Internal” check box and click the “Fill All” button, the following records will be added to the list box:

Record Purpose
DNS Name
Host
Fixed / Variable
Dial-in simple record internal
dialin.<domain name>
Lync Front End Server or Web Load Balancer
Variable
(Topology Builder)
Meeting simple record internal
meet.<domain name>
Lync Front End Server or Web Load Balancer
Variable
(Topology Builder)
Lync web services external record. Required for internal Mobile clients. Technet
lyncwebext.<domain name>
External Reverse Proxy
Variable
(Topology Builder)
Office Web Apps farm internal name
wasweb.<domain name>
Office Web Apps Server
Variable (Web Apps Server)
Admin console simple name
admin.<domain name>
Front End Server or Web Load Balancer
Variable (Topology Builder)
SIP record. Required for Lync Phone Edition, or automatic logon of clients without DNS SRV records, and for strict domain matching. Not required in all cases.
sip.<domain name>
Lync Front End Server(s)
Fixed
Internal SIP record. (not a mandatory record, however, it’s in the client lookup list)
sipinternal.<domain name>
Lync Front End Server(s)
Fixed
Lync Discover Internal - Mobile and Windows 8 App Store client. Technet
lyncdiscoverinternal.<domain name>
Front End Server or Web Load Balancer
Fixed
SIP internal SRV record
_sipinternaltls._tcp.<domain name>
Front End Server(s)
Port 5061
Fixed


For the DNS names in the Internal table that are marked as Variable, there are variables at the start of the script that can be edited to match the configuration of your environment, for example:

# Internal DNS Name Variables - Edit these to whatever you are using for your Lync environment
$wasweb = "wasweb"            # Internal Web Apps Server
$admin= "admin"              # Lync administrator web access

Note: The dialin, meet, and waswebext records will be the same for both Internal and External records. The settings for these names are made in the External settings. For a non-split brain DNS scenario you will either need to deploy Pin Point records, or an internal zone for the external domain name.

In addition to the tables above, you must also remember to check that your Lync Edge server(s) hostname/pool name has been added manually to the internal DNS server. These records are not automatically populated in DNS because Edge servers are not a domain joined machines, and will not automatically get added through Active Directory DNS integration. This is also the case with Lync Front End Pool names, so if you have added a new Front End pool to your topology you should always check that the DNS records have been added to the Internal DNS server manually.


Edge Server Networking


Edge server networking is also an important part of an Edge server deployment. An Edge server is a multi-network interface machine, which means that it needs to make decisions on which interface it will route packets out of when making connections to other machines. In nearly all cases (unless you only have limited external subnets connecting to your Edge) you will make your external Edge interface the owner of the default gateway address (0.0.0.0) and you’ll individually specify your internal subnets using static routes.

Example:



Below is a simple example of an Edge environment with an Internal and External interface:

Network
Net Mask
Next Hop
Interface
0.0.0.0 (Default Route)
0.0.0.0
210.10.10.17
210.10.10.18
192.168.5.0
255.255.255.0
192.168.1.1
192.168.1.2
192.168.6.0
255.255.255.0
192.168.1.1
192.168.1.2
192.168.7.0
255.255.255.0
192.168.1.1
192.168.1.2

For the Default route, you simply edit the Default Gateway within the External Interface within the Adapter settings in the Windows Control Panel, for example:



To set the other static routes within the server you usually use Command Line tools. However, rather than having to remember the syntax in the rare occasions that you have to do this, I decided to make a GUI tool to make this process a little easier.

IP Route Editor Tool




 Features
  • List all routes on server.
  • Add persistent routes.
  • Delete persistent routes.
  • Routes are colour coded in order of importance. (Grey = Localhost, Black = Broadcast, Green = Static Routes)
  • Routes can be added with or without specifying Interface value. If the Interface value is not set then the server will automatically associate the route to the interface that is on the same subnet as the Next Hop IP Address.

Simply enter the Network, Net Mask, Next Hop, and Interface (note that it's not necessary to enter the Interface if you'd prefer not to, as the machine can figure this out based on the Next Hop address), and press the Add button. Hopefully this one will be pretty straight forward for you to use!

Update (5/9/2014)

1.01 Update:

  • Updated to now run on Powershell 2.0
  • Script is now signed
1.02 Update (Additional user input validation added):

  • Updated the Regex check on the IP Address fields to better police against people accidentally putting bitmasks (ie. /23) after IP Addresses. This previously would result an incorrect route table entry because the route command would do strange things with this input.
  • In previous versions the network IP Address was not policed to check that it was the actual network address based on the mask supplied (ie. not a host address). The result was the (non-network) host IP being input into the Route command and it not showing up in the Current Route Table. The network mask setting is now ANDed with the subnet mask to ensure that a real network address is being input.
  • In previous versions the Next Hop address was not policed to check that it was on a locally connected network. The result was that the Route command would accept the input even though it was incorrect and add it to the route list. This bad route once entered was also not displayed in the Current Route Table. In this version the Next Hop IP address supplied by the user is first checked to see that it is on a directly connected network before the command Route ADD command is run. An error will also be displayed if the Next Hop is not on a locally connected network.
  • Made the form resizeable.

Download Version 1.02 (IP Route Editor Tool):



The Wrap Up


Well, there you go, two more tools for your Lync Edge deployment kit bag. I hope you enjoy them, and get some use out of them. Like always, if you find any bugs or issues with the tools, please report them back to me and if I can reproduce them I will fix them.


1 comments: