R2 Remote user access: Intermittent Sign In RRS feed

  • Question

  • Hi Guys, hoping someone can help here.

    Just installed OCS 2007 R2 pool with consolidated edge. All servers are 2008 64bit. Edge server has external interface on the public internet switch, the internal interface in the DMZ. Telnet'd all ports both ways, everything connects fine.

    My problem is when a remote user MOC client is configured manually to sign in the R2pool.domain.com:443, sometimes it works, sometimes it fails and gives the error "cannot sign in because the server is temporarily unavailable...". When it does sign in successfully it's slow. Unlike my R1 edge, MOC clients sign in in an instant.

    What confuses me is how it can work, then not work!! Any pointers would be most appreciated. I ahve rebuilt twice and also built a replica server and swapped, both servers result in the same experience.

    Wednesday, September 16, 2009 2:41 PM

All replies

  • You mentioned an R1 Edge, is this a migration/coexistence deployment of OCS R1/R2 or have you completely replaced all R1 components?

    It's possible that maybe the new server's are having connectivity issues with the back-end SQL server, but if you have only a single Front-End Server and all users are one one pool and you only see the issue externally and not with internal users, then that is probably not the case.  then I would ask how the Edge server is configured (number of interfaces, private/public IPs, etc.)

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, September 16, 2009 2:56 PM
  • We have an R1 pool, with R1 AV Edge & R1 Access Edge, all running on Server 2003. Currently these have been installed side by side/coexistence in the same domain.

    Everything works fine with the R1 infra. Even signing in remotely with a R2 Client, as a R2 pool user to the R1 edge works in an instant. It's as soon as I try signing in to the R2 edge with whatever combination of user then it fails more often than not.

    With the R2 edge there a 3 IPs bound to the external interface sip/webcon/av. The internal interface is connected via 1 IP to the DMZ. Rules have been put in place on the firewall and I can telnet to required ports in either direction. Client is configured to use TLS and server settings are configured manually.

    External DNS entries have been created and resolve.

    Thanks Jeff.
    Thursday, September 17, 2009 8:19 AM
  • It sounds like you have a pretty standard setup then, hard to say what would be causing the delay.  You may need to open a PSS ticket and start logging traces files from all the servers during those failures to track down the root cause.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, September 17, 2009 12:15 PM
  • Quick update: I built a 2003 R2 edge server this morning and that was successfull....for about 15 minutes. Then back to the same problem.
    Thursday, September 17, 2009 1:33 PM
  • Hi Guys, thought I would update and put some closure on this problem. I installed the communicator client on the edge server itself and it logged in fine everytime. So I had an issue with my external NIC and out to the web. Tracked it down to a dodgy port that the external interface was plugged into on our public IP switch. Glad thats over with.

    Does anyone recomend NAT'ing the the edge server?? 
    Monday, September 21, 2009 6:40 PM
  • If your firewall meets the requirements (http://technet.microsoft.com/en-us/library/dd441361(office.13).aspx) then it should work just the same as using a public IP address.  Either solution will offer the same results so a recommendation really is based on what make more sense in your network and which offers the Edge server a simpler configuration.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, September 22, 2009 1:20 PM