locked
Live Meeting/Web Conferencing RRS feed

  • Question

  • We are unable to access Live Meeting Content externally, but internally works fine.  Listed below is our setup.

     

    Edge Server ---                                Edge.company.com

    External Web Farm FQDN:              IM.company.com

    Web Conferencing Edge Server        Web.Company.com

                                                   

    We have Group Expansion and Address Book working fine published through ISA 2006 server. 

     

    IM works as expected through the Web Farm, we also have configured CWA successfully

     

    Here is where the confusion lies.  When connecting to the live meeting client externally, the Advanced Connection Settings window of Live Meeting has checked "Use These Servers", where the External web farm fqdn is listed.  Test Connection appears to work fine, but meetings are unable to start.

    1.) should this address be changed to the web.company.com dns name which is the published web conferencing server?  Am I misunderstanding the purpose of these entities?

     

    Around the time of the attempt, the front end server shows an error in the OCS event log:

    Source: OCS Data MCU

    Failed to Connect External users because the list of proxies is empty.

     

    I read on another post that this is a certificate issue possibly, but here is the cert we're using:

     

    SN=web.company.com

    san=ocsserver.company.com

    san=edge.company.com

    san=edge

     

    I've read a few posts where an ISA server is required for this, but how?  What is the published web site, and the listening name if this is the case? 

     

    Network monitoring shows traffic on all expected servers, so it's most likely a configuration or authentication issue, but we've been unable to isolate it so far.

     

     

    Wednesday, December 19, 2007 7:34 PM

All replies

  • I have a similar situation.  The Livemeeting 2007 client works just fine inside the network but cannot get it to start meetings from outside the network.  We have just one OCS server and one consolidated edge server.  IM works just fine from internal and external connections so I'm pretty sure the certificates are ok.

    edge server: blg-edge.company.com
    OCS server: blg-ocs1.company.com

    Our edge server is visible on the internet on all ports.  It is *not* a member of our internal domain.

    In the Livemeeting client, I enter all of the login credentials and then can successfully test the connection.  But the actual meeting will not start (it times out).

    Here's the weird part... I loaded the Livemeeting client directly on the edge server.  And it works just fine there.  But I'm not entirely sure which network interfaces it's hitting on the edge server.

    Any assistance is greatly appreciated.
    Tuesday, January 1, 2008 4:41 PM
  • Yeehah... problem solved.  Turns out the port for the AV Edge TLS signal on the inernal side of the edge server did not match the port on the internal OCS server.  Changed it to 5063 and all is well!
    Tuesday, January 1, 2008 5:17 PM
  • Any other thoughts?  We do not have the av edge role configured.  We're now thoroughly confused on this and we think we should step back.

     

    Are the Web conferencing and the external web farm fqdn the same thing?  I know they're different roles, but should the web conferencing server dns name be the same as the web farm fqdn? 

     

    Also, I would love to know the steps in the tls conversation when a Live Meeting request is initiated.  Using a network monitoring tool shows that a live meeting request uses the external web farm, in our case is im.company.com.  We have the configured web conferencing role as web.company.com, so why is it going after the web farm fqdn, and no traffic ever for the web conferencing role? 

     

    Are we missing a piece here?

     

    Wednesday, January 2, 2008 5:53 PM
  • In the Advanced settings in the LM client - you should use the "edge.company.com" or whatever the main Access Edge FQDN that you are using (many places use sip.company.com). Even though it's not intuitive: You shouldn't use the webfarm FQDN or the webconferencing FQDN.

     

    Change that in the client and you should be fine. If that doesn't work, you can try putting edge.company.com:443 for the external server and ocspool.company.com:5061 for the internal.

     

    Also, the web conferencing FQDN is definitely different than the "external web farm" FQDN. The "external web farm" is only used for downloading meeting content, group dl expansion, and the address book download. I have no idea why OCS calls this "external web farm" - it is really, really misleading.

     

    Regards,

    Matt

     

     

    Thursday, January 3, 2008 6:39 PM
  • You're spot on about the misleading part.  

     

    Ok, all of this is correctly configured.  I have a machine that has both internal and external FQDN's manually inserted, and when the machine is lan connected the LM client works fine.  When Internet Connected, it briefly connects but is then disconnected.

     

    I am able to run the LM client also on the EDGE box, and works fine.  Nothing is logged in the OCS Event Log on the Edge or FE servers.

     

    We do see in the OCS FE IIS logs an error of 401 2 2148074254 which is from the source of our EDGE internal ip.  However, this is NOT consistent with connection attempts from the outside, but may be related.  The Verb is

    GET /etc/place/null/SlideFiles/blank.png - 443 - %IP of Edge Box%.  This entry is the third of three, and is preceeded by two 401 1 errors all the same URL. 

     

    Is this related?

     

    The IIS VS "etc" has Basic and Anonymous authentication, which I thought would address this issue.  What should the authentication be on each VS?

    Can anyone suggest other things to look for?

     

    Monday, January 7, 2008 4:04 PM