locked
Communicator does not use the External server name to connect?? RRS feed

  • Question

  • Hi,

    ( I have also post in Communicator forum because I have no idea where my problem is)

    I got OCS working internally.  I have configured a GPO to push out manual
    configuration to Communicator 2007 client.

    In Internal server name: ocspool.domain.com (TLS)
    In External Server name : ocspool.domain.com:443 (TLS)

    Now, I have setup my Edge servers with no problem.
    When I try to connect externally, I get this error message  :   "Cannot Sign
    in because the server is temporarily unavailable"

    Here is the problem:  If I check the Event Logs, I only see that it
    tries to connect to ocspool.domain.com (5061).  It never tries the external
    server name: ocspool,domain.com:443 ?

    I know that ocspool.domain.com:443 works because I can telnet thru.

    Anyone has seen that behavior?

    Thanks

    JP

    Monday, November 26, 2007 10:37 PM

All replies

  • JP,

     

    I assume you are using a split-DNS configuration and that FQDN resolves to different IP addresses when connecting from an internal client versus an external client?

     

    Your problem is due to the fact that the Communicator client doesn't know if it's internal or external, it is programmed to always attempt a connection to the internal server first.  The idea is your internal FQDN should not be resolvable when outside your network, so that should fail when the client is outside your network, and then it would move on to the external server name.  Because in your case the internal name does resolve (to the external IP) it will attempt a connection as if it were connecting to a Front-End server, over TLS, hence the 5061 port you see in the logs.

     

    You need to use a different FQDN for your external Edge Access Server, like sip.domain.com.

     

    Additionally, you can (and typically do) have the external name be resolvable from inside the network because the internal name will always resolve first and then attempt a connection, never moving on to the external name.

    Wednesday, November 28, 2007 4:08 AM
    Moderator