Remove From My Forums

OCS Edge Server - Access Edge and Internal CA Requirements

Question
0

Sign in to vote

Hi,

I've been able to get the OCS Edge to work using a public certificate on the access edge interface for IM. However, i'm setting up a dev network and want to use the internal CA on my access edge interface. The clients have the root and sub ca's installed and are able to get to the crl cdp. I used the certificate wizard on the ocs edge server to submit and retrieve my sip.domain.com certificate. Do I have to use a public certificate or can i use an internal cert? When I try to log in with the MOC client, i get services is not avalable error.

-Trung

Wednesday, July 29, 2009 5:18 PM

Answers

0

Sign in to vote
You can use internal certificates without any problem
Clients must have the Root CA and Subs but that is already ok for your clients.

You can enable logging in communicator and check what you can find in the eventlog and trace file
(In Communicator : Options - General)
- Belgian Unified Communications Community : http://www.pro-exchange.be -
- Marked as answer by Gavin-ZhangModerator Friday, August 7, 2009 3:38 AM
Thursday, July 30, 2009 12:53 PM
0

Sign in to vote
Are you using automatic configuration?
Ensure that the SRV records (_sipinternaltls) are in place or configure the Servers manually in the Communicator Client settings
- Belgian Unified Communications Community : http://www.pro-exchange.be -
- Marked as answer by Gavin-ZhangModerator Friday, August 7, 2009 3:38 AM
Friday, July 31, 2009 8:15 AM
0

Sign in to vote
Hi:

Per your description, you got services not available error when you use MOC from external.

1.     Like Deli Pro said you can use the internal certificates for the MOC from the external. But you should have configured the proper Authentication Certificates on the edge server firstly. You can comprehend clearly how to configure those refer to below links:

   http://technet.microsoft.com/en-us/library/dd425344(office.13).aspx

   http://technet.microsoft.com/en-us/library/dd425107(office.13).aspx

   http://technet.microsoft.com/en-us/library/dd441270(office.13).aspx

   http://technet.microsoft.com/en-us/library/dd441368(office.13).aspx

   According to the links you can check the configurations of your servers are right or not.

2.     Other side, you also should check the DNS Requirements for External User Access and DNS requirements for Automatic Client Sign-in firstly. you can refer to below links:

http://technet.microsoft.com/en-us/library/dd425138(office.13).aspx

http://technet.microsoft.com/en-us/library/dd425235(office.13).aspx

Hope this helpful!

Regards!
- Marked as answer by Gavin-ZhangModerator Friday, August 7, 2009 3:38 AM
Wednesday, August 5, 2009 8:56 AM

Moderator

All replies

0

Sign in to vote
You can use internal certificates without any problem
Clients must have the Root CA and Subs but that is already ok for your clients.

You can enable logging in communicator and check what you can find in the eventlog and trace file
(In Communicator : Options - General)
- Belgian Unified Communications Community : http://www.pro-exchange.be -
- Marked as answer by Gavin-ZhangModerator Friday, August 7, 2009 3:38 AM
Thursday, July 30, 2009 12:53 PM
0

Sign in to vote

Hi, the clients do have the Root and Sub CA certificates in the computer store. i'll turn on logging and see if i can find anything. my setup is identical besides the fact that I'm using an internal certificate instead of a public certificate. hmm...

Thursday, July 30, 2009 5:02 PM
0

Sign in to vote
Are you using automatic configuration?
Ensure that the SRV records (_sipinternaltls) are in place or configure the Servers manually in the Communicator Client settings
- Belgian Unified Communications Community : http://www.pro-exchange.be -
- Marked as answer by Gavin-ZhangModerator Friday, August 7, 2009 3:38 AM
Friday, July 31, 2009 8:15 AM
0

Sign in to vote

I've tested using automatic and manual configuration. I have the SRV records configured on my external DNS.

i see event logs that says the MOC is looking for sipinternal but i'm external to the domain. shouldn't it be looking for sip and not sipinternal?

Friday, July 31, 2009 2:59 PM
0

Sign in to vote
Hi:

Per your description, you got services not available error when you use MOC from external.

1.     Like Deli Pro said you can use the internal certificates for the MOC from the external. But you should have configured the proper Authentication Certificates on the edge server firstly. You can comprehend clearly how to configure those refer to below links:

   http://technet.microsoft.com/en-us/library/dd425344(office.13).aspx

   http://technet.microsoft.com/en-us/library/dd425107(office.13).aspx

   http://technet.microsoft.com/en-us/library/dd441270(office.13).aspx

   http://technet.microsoft.com/en-us/library/dd441368(office.13).aspx

   According to the links you can check the configurations of your servers are right or not.

2.     Other side, you also should check the DNS Requirements for External User Access and DNS requirements for Automatic Client Sign-in firstly. you can refer to below links:

http://technet.microsoft.com/en-us/library/dd425138(office.13).aspx

http://technet.microsoft.com/en-us/library/dd425235(office.13).aspx

Hope this helpful!

Regards!
- Marked as answer by Gavin-ZhangModerator Friday, August 7, 2009 3:38 AM
Wednesday, August 5, 2009 8:56 AM

Moderator

Answered by:

OCS Edge Server - Access Edge and Internal CA Requirements

Question

Answers

All replies