in this article I’ll explain step-by-step how to change the Ribbon SBC 1K/2K FQDN from a private domain to a routable domain.
You have an SBC 1K/2K used in a Skype for Business On-Prem deployment with a private AD Domain and you need to use it with Teams Direct Routing.
Teams Direct Routing needs a FQDN on an Internet routable public domain and Ribbon SBC could use only one SSL Certificate.
You need to change the FQDN of the SBC to meet the goal, while mantaining Enterprise Voice working on Skype for Business
Domain Name Examples
Non-Routable (private) domain: domain.local
Public routable domain: domain.com
SBC FQDN in private domain: sbc01.domain.local
SBC FQDN in public domain: sbc01.domain.com
- Choose the new FQDN with a routable domain, like sbc01.domain.com
- Create the A record on the internal DNS pointing to the internal IP of the SBC
- Create the A record on the external DNS pointing to the Public IP of the SBC
- Buy and obtain the public SSL certificate for the new Public FQDN. You need to have a private-public key pair certificate without cert chain to complete the process, like a .pfx file.
Ribbon SBC support these extensions [pem, der, cer, ber, p7b]
- In SfB Topology, add a new PSTN Gateway with the routable FQDN (sbc01.domain.com), with the same settings of the present SBC with private FQDN (sbc01.domain.local ), then publish the Topology
- In SfB Control Panel -> Voice Routing -> Trunk Configuration, add the new PSTN Gateway with public FQDN and configure it with the same setting of the present one.
Use Get-CsTrunkConfiguration to check every settings
- On Ribbon SBC -> Settings -> Security -> SBC Certificates -> Trusted CA Certificates import:
- the full set of Trusted CA Certificates of your Public CA
- Baltimore Trusted Root Certificate (https://cacert.omniroot.com/bc2025.crt)
- your internal Enterprise CA Certificates
If you have only one SBC, here starts services interruptions untill the end of process.
If you have multiple SBC in HA, do these steps on one SBC at a time
- In SfB Control Panel -> Voice Routing -> Route, enter in every route to remove the voice gateway with private FQDN
- In Ribbon SBC -> Settings -> System -> Nodel-Level Settings change the domain name (and also the Host name if you need) from a non routable to a routable domain, based on choice made at the beginning of this process
- Go to SBC -> Settings -> Security -> SBC Certificates and import the new certificate for the new FQDN
- Reboot the SBC and Connect to the Ribbon SBC with the new fqdn, maybe this is also a good moment to update the SBC firmware to the latest one (8.0.1 or above)
- In SfB Control Panel -> Voice Routing -> Trunk Configuration Remove the old FQDN Voice Gateway
- Remove the old FQDN Voice Gateway from the SfB Topology
As always, I hope this article could help some of you.