Lately I have been troubleshooing a Lync 2010 SBA installed in a Lync 2010 infrastructure.
The SBA was unstable, and the Lync Registrar service (Lync FrontEnd) didn’t always start.
Yes – Not Always !
Sometimes it started, and sometime is didn’t…..
My experience is that the following Active Directory Supportability statement don’t make much sence.
Support for Read-Only Domain Controllers
Lync Server 2010 supports Active Directory Domain Services (AD DS) deployments that include read-only domain controllers or read-only global catalog servers, as long as there are writable domain controllers available.
I asked Microsoft what this statement really ment, and I got the following reply:
We are aware of the statement, but not sure if it means “We work with an
RODC as long as we need to read and require a RWDC if we need to write” or “We
have no problem with RODC’s being there but we ignore them and can only work
with a normal DC”.
The reply really got me thinking, and didn’t bring calm to my chest !!
I created a MS Support ticket for this – As I need to get to the bottom of this…
While I was waiting for the reponse on the Support Ticket, I did some Wireshark trace on the SBA during the start of the Lync FrontEnd service.
The Active Directory in this case is designed with multiple AD Sites. The site where the SBA is placed only contains a RODC, but RWDC are available at other sites – And accessible from the SBA.
This is, as I see it, covered by the Active Directory Supportability!
During the analyse of Wireshark traces, I saw that the SBA was randomly selecting DC’s to talk to based on DNS lookup – This is as expected, and I didn’t find any issues with this.
What I did notice is that the RODC was never among the DC’s that is was initialy communication with.
This is also expected as the RODC only register sites spesfic info in DNS.
Further into the Wireshark trace, I saw the following:
- When the Lync FrontEnd service was able to start, the SBA was communicating with the RODC.
- When the Lync FrontEnd service didn’t start, the SBA did never communicate with the RODC.
This lead me back to Active Directory Sites and Services, and the following – How can I ensure that the SBA is communicating with the closest RWDC ?
I have previously been told that “Lync ignores the configuration in Active Directory Sites and Services, and is not AD Sites and Services Aware – As Exchange are.”
Well, I was really not sure about the AD Sites and Services part, so I did a change !
I added the IP address of Lync SBA into the closest AD Site with a RWDC.
I added the following in Subnets:
– IP: “Lync SBA IP/32”
I added the host IP address newly added in Subnets to the closest AD Site with a RWDC.
The SBA was restarted to make the server pick up that AD Sites and Services change.
Once restartet, I used the following command to verify the change: nltest /dsgetsite
The command verified that the server had changed AD Site, and is now belonging to a AD Site with RWDC’s
The Lync Management Shell was used, and the following command was issued: start-cswindowsservice
To my big surprise, the services started immidiately!
This lead to more questions that answers, and I’m currently working the MS Support Case to get the full story around Lync 2010/2013 supportability for RODC!
For now the SBA is running without issues, and I have not reverted it back to the original AD Site.
I am awaiting the final conclusion of the MS Support Ticket.
To be continued……