locked
OCS 2007 R2 validation error to Edge RRS feed

  • Question

  • Hello there,

    Issue is that during the various validations on the front-end server (Enterprise Edition), am getting the following error during the "Connecting to A/V Authentication Edge Server to get credentials" step...

    A/V Authentication Edge Server: Could not contact A/V Authentication Edge SErver.
    To resolve this error, check for the following
    1. The outbound proxy is reachable.
    2. The outbound proxy and A/V Authentication Edge Server are in trusted server list of each otehr.
    3. The outbound proxy and A/V Authentication Edge Server have valid certificates.
    4. Conference Server certificate is valid.
    5. A/V Authentication Edge SErver Gruu is correct.

    Can't connect from outside the LAN yet, so want to resolve this. Any suggestions appreciated.

    Thanks,
    Greg
    Tuesday, November 3, 2009 1:34 AM

Answers

  • Hello guys,

    Thanks for responses. You know what? I should have updated this thread. Turns out that I had all the configurations set right (after many reads of posts of yours and by others Jeff), and the problem was that I was using Windows Server 2008 R2 for all the servers.

    SO after doing it all over again with new installs of Windows Server 2008 (not R2, but just with SP2), it immediately began working.
    Next up, trying to figure out how to properly configure Unified Messaging and connect it to a trial SIP Trunking connection. Hmmmm.

    Thanks again,
    Greg
    Thursday, November 19, 2009 2:24 PM

All replies

  • Have you read the Edge Deployment Guide? (OCS 2007 R2 Deploying Edge Servers.doc)
    http://www.microsoft.com/downloads/details.aspx?familyid=E9F86F96-AA09-4DCA-9088-F64B4F01C703&displaylang=en

    You should certainly look at:
    - Firewall requirements
    - Connect Your Internal Servers with Your Edge Servers


    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Tuesday, November 3, 2009 10:18 AM
  • Hello Deli,

    Yes, I have read this and all the other latest OCS 2007 R2 deployment documentation, have run the planning tools for edge/front-end, and have gone back/forth/the other serveral times regarding this. I have configured all the necessary DNS records internally/externally (I think), but still can't connect. Interestingly enough, I had this working once in another environment but this time around am not finding the "missing link" yet.

    Basically I can telnet the ports needed both internally and externally, am getting no certificate errors, and am unsure what is missing.

    Thanks,
    Greg
    Tuesday, November 3, 2009 2:49 PM
  • Hi,

    what edge interface did you configure for A/V authentification on your fronnt-end ?
    ThorstenWujek
    Tuesday, November 3, 2009 6:46 PM
  • Hello Thorsten,

    I just checked, and it is pointing to the Edge server's internal LAN adapter via the server's internal FQDN, and using port 5062.
    Also media port range is set to what I believe was the default, the range being 49152 - 65535
    Encryption Level says "Require encryption"
    Tuesday, November 3, 2009 8:58 PM
  • Hi,

    Can you do a nslookup and does it resolve the same IP as you specified as the internal interface?
    Does the edge server validation run fine?

    Can you do a telnet from the edge server towards the next hop internal address on port 5061?

    Jeroen
    Microsoft minded UC specialist - http://www.reijling.nl
    Thursday, November 19, 2009 11:04 AM
  • Are you receiving any errors in the Event Log related to this? Take a look at this blog for an example of troubleshooting a specific A/Authentication issue: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=68

    It may not be the exact errors you are seeing but it should help guide you toward troubleshooting the issue.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, November 19, 2009 2:03 PM
    Moderator
  • Hello guys,

    Thanks for responses. You know what? I should have updated this thread. Turns out that I had all the configurations set right (after many reads of posts of yours and by others Jeff), and the problem was that I was using Windows Server 2008 R2 for all the servers.

    SO after doing it all over again with new installs of Windows Server 2008 (not R2, but just with SP2), it immediately began working.
    Next up, trying to figure out how to properly configure Unified Messaging and connect it to a trial SIP Trunking connection. Hmmmm.

    Thanks again,
    Greg
    Thursday, November 19, 2009 2:24 PM