Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 3 — Active Directory (direct):
Example DNS SRV configuration for Active Directory
VCS Deployment Guide: Authenticating Devices (VCS X7.0)
Page 21 of 44
Appendix 3 — Active Directory (direct):
Example DNS SRV configuration for Active
Directory
Example DNS SRV configuration for Active
Directory
DNS SRV values needed
The following is a list of DNS SRV records that VCS will expect to find. DNS SRV records will be set
up automatically by the AD server if the AD server can access the DNS server.
up automatically by the AD server if the AD server can access the DNS server.
SRV lookup
Comment
_ldap._tcp.dc._msdcs.<Domain>
Provides the address of the Domain Controller for the
domain.
domain.
_ldap._tcp.Default-First-Site-
Name._sites.dc._msdcs.<Domain>
Name._sites.dc._msdcs.<Domain>
Provides the first site name.
_kerberos._udp.<Domain>
Provides the KDC server address for access via UDP.
This entry must list port 88 for each KDC.
This entry must list port 88 for each KDC.
_kerberos._tcp.<Domain>
Provides the KDC server address for access via TCP.
This entry must list port 88 for each KDC.
This entry must list port 88 for each KDC.
_ldap._tcp.<Domain>
Provides the LDAP service on the Domain Controller.
This record must list port 389 for the DC.
This record must list port 389 for the DC.
Dig commands to check DNS SRV settings
Presence of the correct DNS entries can be validated by executing:
root# dig <DNS server> -t any <full dnssrv record, e.g. _ldap._tcp.dc._msdcs.<DOMAIN>>
Example response:
; <lt;>> DiG 9.2.2 <lt;>> <DNS server> -t any <full dnssrv record>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3072
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
; <full dnssrv record>. IN ANY
;; ANSWER SECTION:
<full dnssrv record>. 600 IN SRV 0 100 389 <A record 1>.
<full dnssrv record>. 600 IN SRV 0 100 389 <A record 2>.
;; ADDITIONAL SECTION:
<A record 1>. 3600 IN A <IP address 1>
<A record 2). 1200 IN A <IP address 2>
;; Query time: 0 msec
;; SERVER: <DNS server>#53(10.1.1.16)
;; WHEN: Wed Oct 7 14:39:31 2004
;; MSG SIZE rcvd: 171
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3072
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
; <full dnssrv record>. IN ANY
;; ANSWER SECTION:
<full dnssrv record>. 600 IN SRV 0 100 389 <A record 1>.
<full dnssrv record>. 600 IN SRV 0 100 389 <A record 2>.
;; ADDITIONAL SECTION:
<A record 1>. 3600 IN A <IP address 1>
<A record 2). 1200 IN A <IP address 2>
;; Query time: 0 msec
;; SERVER: <DNS server>#53(10.1.1.16)
;; WHEN: Wed Oct 7 14:39:31 2004
;; MSG SIZE rcvd: 171