Specifying the service discovery records for the Mobile Device Extension for AD RMS
As covered at the beginning of this document, we must create one or more DNS SRV records in the organization’s domain or domains:
-
One record for each email domain suffix that users will use, for example litware369.com in our configuration the test lab environment.
-
One record for every FQDN used by the AD RMS clusters in place to protect content.
As far as the former is concerned, since our fictitious organization litware369.com has only users with the email addresses <user alias>@litware369.com, for example janets@litware369.com and roberth@litware369.com) for the two users created before, only one DNS SRV record with the following value is required:
_rmsdisco._http._tcp.adrms.litware369.com 443 adrms.litware369.com
The following table can be used as a guide for the SRV record properties:
Field
|
Value
|
Domain
|
_tcp.litware369.com
|
Service
|
_rmsdisco
|
Protocol
|
_http
|
Priority
|
0
|
Weight
|
0
|
Port number
|
443
|
Host offering this service
|
adrms.litware369.com
|
As far as the latter is concerned, in the chosen test topology for our test lab, i.e. a single cluster in a single forest, only one DNS SRV record must be created for the AD RMS cluster adrms.litware369.com, pointing to the same cluster. This record has the following value:
_rmsdisco._http._tcp.adrms.litware369.com 443 adrms.litware369.com
The following table can be used as a guide for the SRV record properties:
Field
|
Value
|
Domain
|
_tcp.adrms.litware369.com
|
Service
|
_rmsdisco
|
Protocol
|
_http
|
Priority
|
0
|
Weight
|
0
|
Port number
|
443
|
Host offering this service
|
adrms.litware369.com
| Creating the service discovery records in the public registrar
For illustration purposes, we use the Go Daddy registrar in our Azure-based test lab environment.
To add the above service discovery records, proceed with the following steps:
-
Open a browsing session with the browser of your choice from your local machine and navigate to http://www.godaddy.com/ and click Sign In. in the upper right corner. A Sign in dialog appears.
-
Enter your credentials and click Sign In. Once authenticated, The My Account page (https://mya.goddady.com) opens up.
-
On the Products tab, at the end of the DOMAINS row, click Launch.
-
On the Domains page, find the domain name in which the service discovery records should be added, in our case litware369.com.
-
Click the domain name, in our case LITWARE369.COM. The Domain Details page opens in a new tab in your browser.
-
Click DNS Zone File in the toolbar.
-
Click Add Record. An Add Zone Record dialog opens up.
-
Click the down arrow for the Record type: box and select SRV (Services). The Add DNS Record dialog displays the related fields.
-
To add the first service discovery record _rmsdisco._http._tcp.litware369.com 443 adrms.litware369.com:
-
For Name, type “_tcp.litware369.com” for the domain for which the record is valid.
-
For Target, type “adrms.litware369.com” for the host offering this service.
-
For Protocol, type “_http”.
-
For Service, type “_rmsdisco”.
-
For Priority, type “0”.
-
For Weight, type “0”.
-
For Port, type “443”.
-
For TTL:, leave the value set to 1 Hour.
-
Click Add Another.
-
Repeat step 9 for the second discovery record _rmsdisco._http._tcp.adrms.litware369.com 443 adrms.litware369.com.
-
Click Finish.
-
Click Save Changes to save your two new SRV records
-
Scroll down to the SRV (Service). You should see the two newly added SRV records.
-
Click OK.
To check the above DNS for SRV entries for our domain, open a Windows PowerShell command prompt and run the following command:
PS C:\Users\AzureAdmin.LITWARE369> nslookup -type=SRV litware369.com 209.244.0.3
Server: resolver1.level3.net
Address: 209.244.0.3
litware369.com
primary name server = ns09.domaincontrol.com
responsible mail addr = dns.jomax.net
serial = 2014073101
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 604800 (7 days)
default TTL = 600 (10 mins)
PS C:\Users\AzureAdmin.LITWARE369>
Note You can specify one of the name server of your DNS zone instead of the external DNS server used above (209.244.0.3). In our illustration with GoDaddy.com, see the article Finding Your Hosting Account's Name servers85 to determine the name servers. For our litware369.com zone, the name servers are ns09.domaincontrol.com (216.69.185.5) and ns10.domaincontrol.com (208.109.255.5).
If you see the SRV entry, you can continue with the deployment of the Mobile Device Extension. The Azure-based test lab environment uses a split brain DNS configuration. Thus, the above records enables a correct resolution whatever network the device is connected to.
For organization that do not use such a DNS configuration, the optional next section illustrates how to locally declare these records.
Creating the service discovery records in the local DNS
To create the discovery record on the local DNS on the DC1 computer, proceed with the following steps:
-
Open a remote desktop session as LITWARE369\AzureAdmin on the DC1 computer if needed.
-
Open an elevated Windows PowerShell command prompt if none, and run the following command to add the first service discovery record _rmsdisco._http._tcp.litware369.com 443 adrms.litware369.com:
PS C:\users\AzureAdmin> Add-DnsServerResourceRecord -ZoneName "litware369.com" -Srv -Name "_rmsdisco._http._tcp" -DomainName "adrms.litware369.com" -Port 443 -Priority 0 -Weight 0
PS C:\users\AzureAdmin>
-
Run the following command to add the second service discovery record _rmsdisco._http._tcp.adrms.litware369.com 443 adrms.litware369.com:
PS C:\users\AzureAdmin> Add-DnsServerResourceRecord -ZoneName "litware369.com" -Srv -Name "_rmsdisco._http._tcp.adrms" -DomainName "adrms.litware369.com" -Port 443 -Priority 0 -Weight 0
PS C:\users\AzureAdmin>
Dostları ilə paylaş: |