locked
Adding a second OCS server RRS feed

  • Question

  •  

    Quick Question:  I have two locations (connected via WAN) and OCS (standard) setup and running in one location handling users in both locations.

    I am now trying to install another standard OCS in that other location.

    My question is what do I need to do with my DNS entries?  sipinternal SRV?  Right now everything points to the first OCS system.  Do I change that?  I know that can re-direct the users at that new location to the new server at that location, but will the two servers automatically communicate?  Any other things needed?

    Also, do I create a new certificate on this new OCS server or assign the one created on the first OCS server?

    Any help would be appreciated,

    Thanks

    Tuesday, August 26, 2008 2:51 PM

Answers

  • You definitely need a certificate on the second server, at least for server-to-server MTLS communications, and also for client-to-server TLS traffic (if not using TCP on OC clients).

     

    I usually run the validation wizards multiple times as replication lag can cause some false errors.

    Tuesday, August 26, 2008 7:59 PM
    Moderator

All replies

  • No need to change any DNS entries as the one they are currently pointing to will act as a Director for all OCS users in your forest.  Given that certificates are configured correctly, your pools (or standard servers) will talk to each other since they are part of the same forest.

    Tuesday, August 26, 2008 5:20 PM
  • Steven,

    Does that mean I did not have to create a cert in the second OCS server? 

    I did create it, gave it the FQDN, sent it to the CA, he issued it back and I assign it to that server.  While running front end validation, I get the following error:

     

    DNS Resolution succeeded: 10.12.17.11
    TLS connect succeeded: 10.12.17.11:5061
    Routing trust check and MTLS connectivity: Send is called for Connection in Disconnected state
    Suggested Resolution: Routing trust check and/or MTLS connection establishment failed.
    This is usually caused by the remote server not accepting the certificate presented by the
    current machine. Check the local and remote server certificates for any
    misconfiguration. In addition, check whether the local server is recognized
    as a trusted server by the remote server.

     

    Update:  I tried the validation check again and it worked OK this time.  Not sure why.

    Tuesday, August 26, 2008 5:45 PM
  • You definitely need a certificate on the second server, at least for server-to-server MTLS communications, and also for client-to-server TLS traffic (if not using TCP on OC clients).

     

    I usually run the validation wizards multiple times as replication lag can cause some false errors.

    Tuesday, August 26, 2008 7:59 PM
    Moderator