locked
Remote users access to OCS2007R2 server without Edge server RRS feed

  • Question

  • Dear all:

    I have just finished installation of OCS 2007 R2 Sever with Windows server 2008 for testing , all of clients are able to access over internal network,
    but I still couldn't access OCS server from an remote network with non-domain users even loaded ROOTCA on that client  for some reason I prefer to make it works without edge server setup and is that possible ?Another question is Non-domain computer couldn't  access to OCS server over VPN as well, possible the DNS server issue ?

    MOC Client error :

    Cannot sign in because the server is temporerily unavailable . If the problems persists, contact your system administrator.

    I already open ports on my Juniper Firewall:

    443
    5060
    5061

    Can I get any suggestion from you ?

    Thanks

    - Johnny



     
    Tuesday, August 18, 2009 5:31 AM

Answers

  • Johnny,

    I will caution you against opening ports directly to your front end server, this is a very large security risk.  That being said, this still should be possible.  Please verify you have published the appropriate SRV record for your domain in your public DNS.  This will typcally be _sip._tls.domain.com and will point to your FE servers public name on port 5061 (if that is the port you are configured to use).  Please keep in mind the certificate will have to match both the private name of your pool and the public name, and all clients whether domain or otherwise will need to trust your CA for this to work.  Again, I strongly recommed you not go this route for security reasons, it is best to use the edge server to allow access to your network.

    Hope this helps.

    -kp
    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    Tuesday, August 18, 2009 12:08 PM