locked
OCS edge external user access RRS feed

  • Question

  • I am having some trouble getting external user access to our office communication server. This is how it is setup:

    Internal server: officecomm.mydomain.net (private ip) using a private certtificate from an internal CA

    edge server: officecommedge.mydomain.com (public IP) public cert, ports 443,5061,50000-59999, and 3478 open
                      officecommedge.mydomain.com (private IP)

    Internally all chat is working. Externally officecommedge.mydomain.com resolves and I am able to telnet to 443 but not login.

    The external clients are manually setup with a internal server of officecomm.mydomain.net, external server of officecommedge.mydomain.com:443 and TLS checked. On the external client event log I get this error:

    Communicator was unable to resolve the dns hostname of the login server officecomm.mydomain.net

    On my edge server i am getting this error in the event log:

    a significant number of connection failures have occurred with remote server Unknown IP 172.21.4.xxx (this is my officecomm.mydomain.net server) failure type C3E93D68.

    When I try to validate my officecomm.mydomain.com server i get these failures:

    DNS Resolution succeeded: 167.142.xxx.xxx
    TLS connect succeeded: 167.142.xxx.xxx:5061
    Routing trust check and MTLS connectivity: TlsTransport is not connected, State=Disconnected
    Suggested Resolution: Routing trust check and/or MTLS connection establishment failed.
    This is usually caused by the remote server not accepting the certificate presented by the
    current machine. Check the local and remote server certificates for any
    misconfiguration. In addition, check whether the local server is recognized
    as a trusted server by the remote server.

    DNS Resolution succeeded: 167.142.xxx.xxx
    TLS connect succeeded: 167.142.xxx.xxx:5061
    Routing trust check and MTLS connectivity: Timed Out
    Suggested Resolution: Routing trust check and/or MTLS connection establishment failed.
    This is usually caused by the remote server not accepting the certificate presented by the
    current machine. Check the local and remote server certificates for any
    misconfiguration. In addition, check whether the local server is recognized
    as a trusted server by the remote server.


    Any advise to help me resolv this would be greatly appriciated, I assume there is a certificate or dns issue somewhere but unfortunatly those are not my strong points.

    Thanks,








    Wednesday, October 31, 2007 3:28 PM

All replies

  • I have this issue working now, I had the wrong internal sip domain in the edge server.

    Thanks,
    Wednesday, October 31, 2007 6:52 PM
  • For me the problem was the wrong FQDN for the edge server in the forest properties (mmc snap in on the full server), full writeup here.
    Thursday, December 20, 2007 10:11 PM