locked
OCS configuration with multiple domains RRS feed

  • Question

  • I have 2 domains under one root forest. I have OCS Standard 2007 R2 installed on domain1 and all DNS entries entered properly to allow for automatic config/connection for any users enabled under domain1. Now the problem is getting users on domain2 to also sign in...  In OCS, I can switch to the other domain, enable the users for OCS and then configure them with success, but when I go to actually sign in that user, I receive a message from the OCS server stating that it cannot find the login name. I have both domain names added to the global forest properties and dns entries set on both domain1 dns server and root dns server. Certificate issued to both domains is accepted successfully. This is completely an internal setup; no external connections. But still I cannot get users on domain2 to successfully sign in. What am I missing?  Any help would be greatly appreciated !
    !
    Friday, February 20, 2009 9:59 PM

All replies

  • Are you trying to login as domain\username as the username? I have seen problems when people try and use their SIP address as the login name as well as the sign on name.

    Thats just a quick thing to check....Otherwise what are you seeing in the event viewer on either the OCS server or client?


    Mark
    Friday, February 20, 2009 11:06 PM
  • Hello,

    It may happen due SRV record or certificate problem. Can you confirm that certificate that you are using is implemented as root CA (i mean some case people users only domain cerificate CA).

    It will be helpful if you can enable the logging and check for the errrors in the log file generated at communicator folder in user profile.

    Pleasee let me know if it resolves the issue.
    HCL OCS Team
    Saturday, February 21, 2009 1:25 PM
  • I did have the cert authority running on domain1 and not the root. So I removed the cert and CA entirely and installed on one of our root DC's. Domain1 pulled the new cert automatically and continues to log on users fine. However, I'm still having the issue with domain2. Checking the event log, it only shows DNS errors for when I have the client set to automatic configuration, but if I set it to manual and specifiy the FQDN of the server, no errors are logged. I only receive the "Cannot sign in to Communicator because this sign-in address was not found. Please verify the sign-in address....." I tried domain\userID, but Communicator says that sign-in ID does not exist. (this occurs even if I try it with a known working id on domain1, but as soon as I turn it around to userid@domain1.com, it works fine again)

    Any other thoughts?





    Monday, February 23, 2009 10:43 PM