How to enable Federated Contacts RRS feed

  • Question

  • We've recently rolled out OCS 2007 R1 in the last little while. We bought the PIC licenses and its enabled on our MVLS site. However I can't seem to add say my hotmail as an example to see if my OCS client will make that connection to my MSN client. When I go to to the access Edge server and look at its config it shows a red X under the "external user access" beside Federated contacts. I'm wondering if this is the issue. I can't seem to get any of the federated contacts to work on my OCS.

    Brandon Vignando
    Monday, June 8, 2009 7:47 PM

All replies

  • Brandon,

    Please check under Forest>Properties>Global Properties and verify you have federation enable with the internal FQDN of your edge server listed.
    You will also need to verify on your edge server that the AOL, MSN, and Yahoo boxes are checked, and verify you have a _sipfederationtls._tcp.yourdomain.com record pointing to your access edge interface on port 5061.  This interface needs to have a cert applied to it with a subject name that matchines the service public FQDN (such as sip.yourdomain.com).  You also have to enable users for PIC on a user by user basis.  Finally, when adding a MSN contact who's address isn't actaully MSN.com, you need to use the following format  username(emaildomain)@msn.com, for examply
    kevinmpeters(gmail.com)@msn.com.  Give that a shot, and keep in mind it can take some time (10 days or so) for all of the provisioning to be put in place for PIC. 

    Here's a link to the OCS R2 Edge server deployment guide, Federation starts on page 85, but I'd recommend looking over the certificates section as well:

    Please post back if you need more assistance.

    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    Tuesday, June 9, 2009 3:28 AM
  • Thanks for the reply. I have done checked all the above, so I have an edge server, all the boxes are checked and Microsoft wants to federate with the company and have run the tests and can see te edge server and the SRV records in DNS.

    Only part that doesn't work is adding. I'm running R1 not R2. Does this make adding MSN or any federated contact different ? I have checked the MVLS site and it shows the provisioning is finally done with the PIC (it actually took over 6 weeks to finish). I tried typing in a contact as you said. So lets pretend my hotmail is bobsmith@hotmail.com I would click to add a contact on my list and add him like bobsmith(hotmail)@msn.com ? If so I've tried that and it says the address is not valid.

    Brandon Vignando
    Tuesday, June 9, 2009 12:00 PM
  • Bob,

    When you added the contact mentioned above did you do it from the search box or from Tools>Add A Contact?   Have you seen any errors on your edge server about fereration? 



    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    Tuesday, June 9, 2009 3:51 PM
  • I did the tools>Add a contact.

    I just checked the logs and there is tons of errors. They look like the following

    Event Type: Error
    Event Source: OCS Protocol Stack
    Event Category: (1001)
    Event ID: 14502
    Date:  6/9/2009
    Time:  11:44:04 AM
    User:  N/A
    Computer: EDGE01
     A significant number of connection failures have occurred with remote server lcsap.msg.yahoo.com IP There have been 121 failures in the last 182 minutes. There have been a total of 181 failures.
    The specific failure types and their counts are identified below.
    Instance count   - Failure Type
    181                 8007274D
    This can be due to credential issues , DNS , firewalls or proxies. The specific failure types above should identify the problem.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Brandon Vignando
    Tuesday, June 9, 2009 4:13 PM
  • Hi Bob.

    When adding a MSN domain like hotmail is, the correct address to add is bobsmith@hotmail.com  from Tools>Add A Contact. It is only when the contact have a MSN account with an e-mail address like gmail or company address you need to use username(emaildomain)@msn.com.

    More information can be found at this site http://office.microsoft.com/en-gb/communicator/HP012301851033.aspx
    For a list of all the supported public IM domains see this site http://support.microsoft.com/default.aspx/kb/897567/EN-US

    As for the event id errors I would double check your sip.yourdomain.com certificate is ok and maybe add that IP as trusted server.

    Ståle Hansen
    http://msunified.net /about

    Tuesday, June 9, 2009 4:39 PM
  • alright i called Microsoft Premier and they said its actually cause there is a change in their system so even though it says active its not.

    They also checked my system. Said nothing special was going on that needed to be changed.
    Brandon Vignando
    Friday, June 12, 2009 1:53 PM