locked
Client Sign On RRS feed

  • Question

  • My OCS pilot is starting to smoke - all was well...video, voice, federation, conferencing...but my clients are now all being asked to sign on? A quick change to client that allows logging shows in the host PCs lots of screaming messages about DNS ...

    So I look at my DNS server - I have SRV entries for sipinternal."domain.org.co.uk" which points to port 5061 ((should it no be 5060???) and sipinternaltls on por 5061 all pointing to my OCS Standard edition front end.  ((please! My ancestors created the domain naming mess :) I also have a external domain name for our sie as "domain.com" so in my internal DNS I also have tcp SRV entries for the same. I also have the A record for the server as he fqdn of server.domain.org.co.uk


    Weirdly if I put the DNS entry for sipinternal to port 5060 I cant call out...but if its on 5061 its calling out on our voice calls...Am pretty 100% its meant to be port 5060.
    Weird part two..none of my users can ((now)) logon - the passwords they type in and user details havent changed...I have tried manually setting the logon options to the sipinternal.domain.org.co.uk and port - but no logon using auto or manual methods
    Weird part three ...i can telnet to the ocs front end server from clients on port 5061 but no on 5060 using the DNS names...

    So although my event log on y client pc is full of dns issues - the users can resolve dns ...port 5060 if I change DNS to use this for sipinternal.domain.org.co.uk
    my users cant dial out...

    weird weird weird and am tired and getting mied up. any light or ideas to look at logs here or there would be really great please

    Sunday, August 16, 2009 8:24 PM

Answers

  • Sigh. It was late at night ...my head was muddled - we got it eventually - was actually a weird one...the SPN name hadnt been created because one of my RTC service accounts had expired. Twas weird indeed but needed to simply start at the beginning work my way through the setup until we found the smelly offending account.

    cheers
    Sunday, August 23, 2009 2:46 PM

All replies

  • Robert,

    Port 5060 is only used for certificate-less communications over TCP, which an OCS server does not even listen on by default.  Port 5061 is used for certificate-based TLS communications.

    Take a look at this blog for more details on the Automatic Sign-In process:
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=14
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Sunday, August 16, 2009 9:50 PM
    Moderator
  • Sigh. It was late at night ...my head was muddled - we got it eventually - was actually a weird one...the SPN name hadnt been created because one of my RTC service accounts had expired. Twas weird indeed but needed to simply start at the beginning work my way through the setup until we found the smelly offending account.

    cheers
    Sunday, August 23, 2009 2:46 PM