Shulou(Shulou.com)06/02 Report--

This blog post enters the second part of the Skype for business 2015 comprehensive deployment series: it will explain in detail how to configure AD domain environment, how to configure DNS server, how to set up CA certificate authority, how to configure computer automatic certificate request policy, how to create file sharing, how to add Skype DNS related records and authentication, and other configuration steps to prepare for Skype for business 2015 installation. Thank you very much for the imperfections of this article, please correct them in the comments section.

AD Domain Environment Deployment

Enter the server system and configure the network IP (because it is both the first domain controller and DNS server, the DNS configuration points to itself), as shown in the following figure:

Verify computer name and Ip address

Open Server Manager and add the role Active Directory Domain Services

Confirm that the role is correct, click Next to install

Click "Promote this server to domain controller," as shown below:

Select Add New Forest and enter the root domain name: itwish.cn, as shown below:

Select the function level of the new forest and root domain, check "Domain Name System (DNS) Server", and enter the restore password, as shown in the following figure:

Default next step.

Default next step.

Select the storage path, default next.

Default next step.

All prerequisite tests were successfully passed, as shown in the following figure:

Wait for the installation to complete, restart the computer, and log in as a domain administrator. Complete AD Domain Environment Installation

configure the DNS service

AD domain controller installation is complete, wait for the computer to restart, and log in as domain administrator account.

Open the local TCP/IPv4 properties box, as shown below, and adjust the DNS address 127.0.0.1 to the local IP address: 172.16.10.100. as shown below

Open the DNS server configuration interface in the service manager and create a new 10.16.172.in-addr.arpr reverse zone, as shown below:

Configure the forward zone_msdcs.bicionline.org zone general options replication function, select "All dns servers in this forest," name server IP address is the local IP

Configure forward zone itwish.cn general options replication function, select "All dns servers in this forest"; name server IP address is the local IP

Start nslookup, the resolution is normal: as shown below

At this point, the installation of the first domain environment and DNS service in the forest is complete

Configure CA Certificate Services

Open Server Manager and add the role Active Directory Certificate Services

Default Next

Check "Online Responder" and "Certification Authority web registration" for Next

Default Next

Default Next

installation

Configure Active Directory Certificate Services for the target server, adding credentials

Check Certification Authority, Online Responder, and Certification Authority web registry

Specify CA setting type, default Next

Specify CA type, default next step

Specify the private key type, default next step

Specify encryption options, default next

Specify CA name, default next step

Specify expiration date, default to next step

Specify database location, default next step

Click Configure,

Complete Certificate Authority Installation

After the configuration is completed, open Certificate Authority to check whether the certificate is configured successfully, as shown in the following figure, Certificate Server is configured successfully.

Configure domain computer auto-request certificate policy

Open Server Manager and select Tools-Group Policy Management to configure computer certificate policies

Click Lin: itwish.cn--Domain- itwish.cn -- Domain controllers Policy, right-click Edit, and enter the Group Policy Management Editor window.

Click Computer Configuration--Policy--Windows Settings--Security Settings--Public Key Policy--Automatic Certificate Request Settings

Right-click to create a new automatic certificate request

Select "Computer" to default to the next step

click Finish

Update policy to make it effective

Domain Control Server Creating File Sharing

Skype for Business Server supports basic Windows Server file sharing. However, this file share does not explicitly provide high availability. For high availability environments, we recommend using Distributed File System (DFS) file shares.

Create folder C:\sharepoint on the domain server side to achieve sharing. Right-click the folder and choose Properties; click Advanced Sharing; check Share this folder, click Rights, add the local Administrators group, grant Allow: Full Control, Change, Read permission, and click OK.

Create DNS related records

For Skype for Business Server to function properly and be accessible to users, DNS records must be provided.

described

record type

name

resolves to

Load balancing type

Internal Web Service FQDN

A

web.itwish.cn

VIP for internal Web services

supported software and hardware

pool FQDN

A

pool.itwish.cn

IP address of server SFB

DNS

SFB FQDN

A

lync.itwish.cn

IP address of server SFB

DNS

Skype for Business auto-discovery

A

lyncdiscoverinternal.itwish.cn

VIP for internal Web services

supported software and hardware

Meeting Simple URL

A

meet.itwish.cn

VIP for internal Web services

supported software and hardware

Dial in simple URL

A

dialin.itwish.cn

VIP for internal Web services

supported software and hardware

Web Planner Simple URL

A

scheduler.itwish.cn

VIP for internal Web services

supported software and hardware

Manage Simple URLs

A

admin.itwish.cn

VIP for internal Web services

supported software and hardware

Old version found

SRV

_sipinternaltls._ tcp.itwish.cn

Pool FQDN (port 5061)

not apply

Open DNS server, right-click "itwish.cn" and create new host (A or AAAA..) Record, establish all A record hosts in the above table in turn.

Open DNS server, right-click "itwish.cn", create "other new records", select service location (SRV), create records

View DNS Server A records

View DNS Server SRV Records

verify DNS

At this point, this blog post about Skype for Business 2015 comprehensive deployment series II introduction is complete.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.