Lync 2013 Step-by-step: Add additional SIP domains in existing deployment
In this article, we will have a look at the steps to add an additional SIP domain in the already existing Lync 2013 deployment.
In short, we need to perform the following tasks to add a new SIP domain.
**Steps to add new SIP domain **
Topology
First, we need to add the new SIP domain to our topology,
In order to do that, we need to perform the following task:
Open the Lync Server Topology Builder.
Select Download Topology from the existing deployment since we are going to modify the existing topology only.
https://exchangequery.files.wordpress.com/2015/04/topo.png
Once the topology builder is open, right-click on the topology and click Edit Properties.
https://exchangequery.files.wordpress.com/2015/04/topo1.png
Click on Add New Domain and add the new subdomain.
https://exchangequery.files.wordpress.com/2015/04/topo2.jpg
Once done, click Publish Topology.
https://exchangequery.files.wordpress.com/2015/04/topo3.png
Once it’s done, click on the setup and rerun the setup.
https://exchangequery.files.wordpress.com/2015/04/topo4.png
**Note: **We have to rerun the above setup on all the FE servers and the Edge servers.
DNS
Now we need to create the DNS records.
The DNS records must be created in the following order:
| Port | Service Protocol | Type | Entry | Server | Request Type |
| CNAME | lyncdiscover.exchangequery.com | Add it to your public DNS entry | New | ||
| A | sip.exchangequery.com | Point it to your FE server pool | |||
| A | meet.exchangequery.com | Point it to your FE server pool | |||
| 5061 | _sipfederationtls | SRV | sip.exchangequery.com | Should be created on your public DNS | |
| 443 | _sip | sip.exchangequery.com | Should be created on your public DNS | ||
Note: This above creation is only for IM and presence. For dial-in, Audio/Video respective entries should be created in the DNS.
Certificate
Now we need to create the certificate for the new SIP domain.
Internal
Updating your internal Certificate with the new SIP domain through CA and then assigning the new internal CA to the FE servers is a normal process so no explanation of that part is in this article. But make sure that you run the certificate wizard in the FE server and assign the newly updated internal certificate.
External
For an external certificate, we can create the certificate through DigiCert, Go Daddy etc. depending upon with whom you have bought the public certificates from.
In this scenario, let's take the example of creating the certificate from the DigiCert.
Download the DigiCert utility tool for windows.
Create your private key and CSR by using this utility and request certificate from DigiCert.
Open DigiCert and click on create CSR.
https://exchangequery.files.wordpress.com/2015/04/test111.jpg
Type in the common name and select SSL certificate since we require an SSL certificate.
All the required SAN's should be added as shown below.
Choose the Provider type.
https://exchangequery.files.wordpress.com/2015/04/cer3.jpg
Now, after clicking on Create we will get the private CSR key generated for the new SIP domain as below.
https://exchangequery.files.wordpress.com/2015/04/cer4.jpg
Send this private CSR to DigiCert for the certificate. Once they issue the new domain just download this certificate and install them on the edge servers and your reverse proxy servers.
In order to do that, please log into www.digicert.com and log in to your account and click on Request Cert.
https://exchangequery.files.wordpress.com/2015/04/cer5.jpg
Now choose the new SSL certificate type and paste the private CSR request we generated.
https://exchangequery.files.wordpress.com/2015/04/cer6.jpg
Type the common name you wish to call the certificate . In this case we need to choose the server platform Lync Server 2013 since we need to import this certificate on our edge server.
https://exchangequery.files.wordpress.com/2015/04/cer7.jpg
After this, go to my certificates and download the certificates. Once they issued this new domain just download this certificate and install them on the edge servers and your reverse proxy servers.
Edge servers
Import this certificate on the edge servers by using Lync Server Deployment wizard.
Later, request this same certificate for your reverse proxy server (F5, Kemp or TMG) on your certificate request and then install them on reverse proxy server for mobile connectivity.
Now we have successfully added the new domain in our Lync environment.