locked
Federation with Microsoft fails although OCS Access Edge server passes Microsoft federation test

    Domanda

  • Hi there

    We have recently deployed an OCS edge server to faciliate both federation and remote access for MOC.

    Remote Access works perfectly, no vpn required and the address book is full accessible from any remote location with internet access.

    We also want to federate with Microsoft, and after a few attempts we passed their federation test (required dns, ports, connectivity, etc).

    However, federation still isn't working.

    When we add the sip address of a Microsoft person to our contacts list in MOC, it still shows up as 'Presence Unknown'. When the Microsoft person adds my sip address to his contacts, he gets the same message.

    We are using ISA 2006 as a reverse proxy, and have a single 2007 R1 Standard Edition front-end server and the same version edge server. Only the Access Edge server role has been deployed thus far.

    Can anyone advise on where to look to resolve this?

    Please believe me when I say I have gone through all settings comparing them to Microsoft guides and a third party OCS 2007 book.

    Obviously I am doing something wrong.

    I don't know how relevant it is but the Web Components validation test fails with the following Group Expansion error:

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------

    You are not authorized to view this page

    You do not have permission to view this directory or page using the credentials that you supplied.

    --------------------------------------------------------------------------------


    Please try the following:

     

     

    Contact the Web site administrator if you believe you should be able to view this directory or page.

    Click the Refresh button to try again with different credentials.

     

    HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
    Internet Information Services (IIS)

    --------------------------------------------------------------------------------------------------------------------------------------------------

    Also, when I was going through settings on the front-end sever, I noticed that under General Settings the following was listed:

    General Settings 
     Forest: Information not available in this view
     Schema version: Information not available in this view
     Prep state: Information not available in this view

    This was not the way it was when the server was deployed, could this issue be preventing federation success? I certainly believe it can't be healthy though I don't know what has caused this to occur, perhaps someone fiddling with AD?

    Anyway, any advice welcome.

    Thanks in advance

    Chisum













    mercoledì 28 ottobre 2009 09:36

Risposte

  • Cool, all working now. Didn't change anything. Guess it was Microsoft... Thanks for the responses
    venerdì 30 ottobre 2009 15:19

Tutte le risposte

  • How long has it been since requesting the federation with Microsoft and what channels did you do it through?  Just stating that Microsoft does not use Open Federation and only select Partners can federate with microsoft.com for OCS.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    mercoledì 28 ottobre 2009 12:42
    Moderatore
  • We are a Microsoft partner, MS are keen to federate with us.

    A chap at MS has told me presence should now be showing both ways, but isn't yet.

    However I don't want to call PSS for support unless I really need to.

    What I can't figure out is how we can pass MS's federation test and MOC remote access works perfectly and yet federation does not work.

    Any advice?

     

    mercoledì 28 ottobre 2009 13:26
  • Is this the first Federation you have setup with this OCS deployment? Also, what certficate are you using on the Acess Edge role?
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    mercoledì 28 ottobre 2009 14:29
    Moderatore
  • Hi

    Yes, this is the first attempt at Federation.

    A public cert from a public cert auth, its kosher, we've used their certs before for other edge type roles.

    Plus we wouldn't have passed the MS federation test if the public cert wasn't correct.

    Since MOC remote access works perfectly, and we pass the MS fed test, I can only guess that the issue lies with ISA. Perhaps some element needs published that hasn't been?

    Thanks for replying.

    Chi
    mercoledì 28 ottobre 2009 14:54
  • Cool, all working now. Didn't change anything. Guess it was Microsoft... Thanks for the responses
    venerdì 30 ottobre 2009 15:19
  • John,

    Just wondering if you resolved the issue in the General Settings section where it says "Information not available in this view"?

    We have the same thing and I never noticed it before.

    Thanks,

    William

     

    sabato 5 dicembre 2009 04:04