locked
Confiusing about DNS configuration RRS feed

  • Question

  • I am a newbie on Office communication server 2007

     

    I do some Lab in a single cpmouter in  a LAN

    1. Install Office communication server in this computer whithout install any edge server. and  I am also install CA service and DNS in this computer.

     

    this is computer is a domain controler, and

    the domain name is ocslab.fw.nu,

    the full computer name is : virtualpc.ocslab.fw.nu

    sip domain is Surprisecslab.fw.nu

    certificate information:

    Issued to: virtualpc.ocslab.fw.nu

    Issued by: Virtual PC Enterprise Root CA

     

    here fw.nu is a free dns name, and I set virtualpc.ocslab.fw.nu and ocslab.fw.nu domain name to the wan ip address of router and forwarding tcp port 5061 to this computer so that virutalpc.ocslab.fw nu and ocslab.fw.nu can be accessed by remote user via tcp port 5061.


    and then I use communicator 2007 try to connect to office communication server from outside network, the client also install the certificate.

    the sign in address is user@ocslab.fw.nu , However it failes to automatically sign in, The following is communicator event log

     

    Communicator was unable to locate the login server.  No DNS SRV records exist for domain ocslab.fw.nu, so Communicator was unable to login.

     

    Because I can not add any SRV records in free dns, so the question is how is it possibile let remote user auto sign in.

     


     

    Thursday, September 13, 2007 5:49 AM

Answers

  • Hi,

     

    For external users, you should really have an OCS Edge server for them to be able to connect. But, if you don't worry about security, then you can do it as you've laid out.

     

    You also then need external DNS server with an SRV record for _sipinternal_tls.ocslab.fw.nu that points to an A record of your Edge Server's Access Edge interface (or in your case the servername): virtualpc.ocslab.fw.nu

     

    But really, i would set up an edge server to make this work properly.

     

    Regards,

    Matt

     

     

    Thursday, September 13, 2007 4:21 PM
  • If you want to go all the way perhaps the OCS deployment guides are good reading material. You can download them as a package.

     

    To quote the OCS Standard Edition Deployment Guide:

     

    During DNS lookup, SRV records are queried in the following order:

    1.       _sipinternaltls._tcp.domain - for internal TLS connections

    2.       _sipinternal._tcp.domain - for internal TCP connections (performed only if TCP is allowed)

    3.       _sip._tls.domain - for external TLS connections

    4.       _sip._tcp.domain - for external TCP connections

     

    Regards, Steven
    Thursday, September 13, 2007 4:58 PM

All replies

  • Hi,

     

    Try manual configuring the Communicator Client:

     

    In the client go to tools -> options -> personal ->manual configuration

    Choose "connect using TLS", use your external server name, and make sure you allow SSL through your firewall.

     

    Regards, Steven

    Thursday, September 13, 2007 1:26 PM
  • Thanks for your reply,

     I test manual configuration, the communicator can sign in to server.

     

    I feel confused about the wods from Microsoft documents

     

     "DNS Records Required for Automatic Client Sign-In. "

     

     

    I am not sure which kind of DNS server should be configured, internal or external?

    Thursday, September 13, 2007 3:12 PM
  • external in your scenario

     

    Thursday, September 13, 2007 3:27 PM
  • Hi,

     

    For external users, you should really have an OCS Edge server for them to be able to connect. But, if you don't worry about security, then you can do it as you've laid out.

     

    You also then need external DNS server with an SRV record for _sipinternal_tls.ocslab.fw.nu that points to an A record of your Edge Server's Access Edge interface (or in your case the servername): virtualpc.ocslab.fw.nu

     

    But really, i would set up an edge server to make this work properly.

     

    Regards,

    Matt

     

     

    Thursday, September 13, 2007 4:21 PM
  • If you want to go all the way perhaps the OCS deployment guides are good reading material. You can download them as a package.

     

    To quote the OCS Standard Edition Deployment Guide:

     

    During DNS lookup, SRV records are queried in the following order:

    1.       _sipinternaltls._tcp.domain - for internal TLS connections

    2.       _sipinternal._tcp.domain - for internal TCP connections (performed only if TCP is allowed)

    3.       _sip._tls.domain - for external TLS connections

    4.       _sip._tcp.domain - for external TCP connections

     

    Regards, Steven
    Thursday, September 13, 2007 4:58 PM