locked
OCS 2007: cannot use FQDN as next hop in static route? RRS feed

  • Question

  •  

    Per http://office.microsoft.com/en-us/help/HP101245511033.aspx,

     

    "Use the Routing tab to define the static routes to be used by the servers in this pool. A static route is composed of a fixed URI (Uniform Resource Identifier) for an outbound network connection and the FQDN (fully qualified domain name) or IP address of the next hop computer on the route".

     

    But in the OCS2007 MMC, FQDN option is grey out.  I can only use IP address.  Is this by designed?

     

    Thanks!

    Michael

    Tuesday, December 2, 2008 6:56 PM

All replies

  • Hi,

     

    Change the protocol to TLS, and FQDN will be available. With TLS you will need to use certificate associated to the selected FQDN.

     

    Tuesday, December 2, 2008 9:40 PM
  • Thanks a lot!  You know any reason MS doesn't allow FQDN with TCP?

     

    What I tried to achieve was failover by DNS.

     

    I have multiple IP addresses binding to a DNS A record.  I want to use that A record as the next-hop in static route.  I'm assuming that OCS will try all the IP in a round-robin fashion.  Is that true?

     

    Thanks again!

    Tuesday, December 2, 2008 11:57 PM
  • I guess because they probably think the other way around

    You required FQDN when you use TLS

    And IP would be fine for TCP

     

    Wednesday, December 3, 2008 12:14 AM
  •  Deli Pro-Exchange wrote:

    I guess because they probably think the other way around

    You required FQDN when you use TLS

    And IP would be fine for TCP

     

     

    Right.  It makes sense to only allow FQDN in TLS.

     

    But in TCP, they should allow both IP and FQDN.

    Wednesday, December 3, 2008 12:28 AM
  • An name is forced for TLS because it must match the certificate's Subject Name, which will never be an IP address but a FQDN.  Since TCP connections for client/server communications over TCP5060 don't require certificates, then an IP address could be a valid entry.
    Wednesday, December 3, 2008 12:58 AM
    Moderator
  •  Jeff Schertz wrote:
    An name is forced for TLS because it must match the certificate's Subject Name, which will never be an IP address but a FQDN.  Since TCP connections for client/server communications over TCP5060 don't require certificates, then an IP address could be a valid entry.

     

    Yes, IP address *could* be a valid entry.  But why don't they allow people use FQDN on TCP?

    Wednesday, December 3, 2008 2:09 AM