Lync SRV and Host Record Zone Mismatch

I ran across a nice little change from previous versions of Communicator today when playing around with the Lync client. If the zone of the SRV record for automatic sign-in does not match the zone of the host record it points to, the user will be prompted if they really want to connect to the server.

For example, my host record here is fepool.ptown.local, but my SRV record for automatic sign-in is _sipinternaltls._tcp.confusedamused.com, which points to fepool.ptown.local as the host providing the service. When signing in, the user is presented with this dialog:

Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?

By default in earlier versions of the product the client would be unable to connect unless an administrator had disabled strict name checking on the client workstation. In the end, I’m not sure how valuable this change is. It’s usually not a big deal to add another host record to the zone to correct the error.

Here

Recent content I've written for you—just for you!— to enjoy while you're here.

There

Quick commentary and links to other sources you'll find interesting. I promise.

Everywhere

Some personal background, links to related projects, and other ways to connect.

Hi there. My name is Tom Pacyk and this is my small home on the web. I love the intersection of design, technology, and communication, which is a combination that led me to a career in sales and marketing roles at places like Zoom and ServiceNow. They're a bit old now, but I also had the opportunity to publish a couple of books along the way.

Portland, Oregon is home for me, my wife Beth, and our three kids, but I'm actually a Midwestern transplant—I grew up in the Chicago suburbs and went to school at Purdue and Illinois. When I find some free time I'm probably going to concerts, rooting for the Portland Timbers, or working on my Sunshine Burn Photography project.