locked
Can the pool FQDN be changed ?!? RRS feed

  • Question

  • My OCS pool is named "OCS" (isn't that original?) and with the internal domain, the FQDN is formed as "ocs.internal.corp".

    This gave me some problems with the ABS external publishing (I use ISA for this) because the external URL is "ocs.external.com" and thus the internal and external certificates don't match, this is why i had to disable SSL communication from the ISA to the "ABS/ext" website, a solution i don't like too much.

    I know i could have created a cert with a SAN to match the external URL but i don't like that solution either, so i think it would be better to change the pool FQDN and have the same URL on both sides (we have a split DNS config so it shouldn't be a problem)

    Is there a way to fchange this FQDN or do i have to create a new pool and start all over ?!

     

    Regards

     

    P.S.: Excuse my english, i'm a spanish speaker...

    Thursday, January 24, 2008 2:45 PM

All replies

  • Maybe I don't understand your configuration, but you should be able to have ISA handle this situation.

     

    Your 'ocs.external.com' certificate is used for your listener for external communications destined for ABS/ext. ISA can then use a locally installed certificate from your internal CA for your OCS.internal.corp. This should be OK whether the name is the same or not. (i.e.: if ocs.company.org is the external and internal name, but with different certs) ISA can use different certs for the internal and external connections.

     

    Let me know what I'm missing, or if this helps

    Tuesday, January 29, 2008 3:09 PM
  • When using split DNS the proper configuration is to include any SIP names in the SAN field. Also you can use a certificate from a Windows Enterprise CA for internal for internal communications and a third-party cert for external communications.

     

    Also, make sure you understand that the external Web Farm and external FQDN are different things when reffered to in the deployment documentation; I've always found this a bit mis-leading.  The external Web Farm was refers to the IIS/ISA reverse proxy, and the external FQDN is your Access Edge Server interface.  I typically use "ocspool.internal.com" and "sip.external.com" for Communicator endpoints, and "abs.external.com" for the web farm; helps keeps things straight.

     

    I cover some of the scenarios and how to use multiple certs when proxying connections with ISA in this blog: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19.

    Wednesday, January 30, 2008 2:01 PM
    Moderator
  • BTW, no you can not change the name of the pool.  You'll need to delete the current pool and create a new pool, moving all the user between them.


    Excerpt from: http://technet.microsoft.com/en-us/library/bb936625.aspx

    "You might remove an Enterprise pool as part of a change to your environment. For example, to change a pool name you move users out of the current pool, deactivate all server roles in the pool, remove the pool, create a new pool, activate servers to associate them with the new pool, and then move users to the new pool."


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, May 13, 2009 5:37 PM
    Moderator