locked
ocs federation between 2 trusted domains RRS feed

  • Question

  •  

    hi,

    i'm trying to enable ocs federation between 2 trusted domains in the same internal network (no ISA or any firewall), for each one i configured the edge server as mentioned in the edge server deployement guide, and i added it in the allow list of the other one, and when validating the edge server for both domain i got the same warning "enhanced federation domain allow list partner: none found" and NO other errors.  when i added a contact to a communicator user from the other domain it gave presence unknown and the invitation didn't reach the other user. There is one issue that i'm afraid may be causing this problem, i don't have an ISA server in both domains so eventually i didn't do any mentioned configuration related to proxy settings and publishing rules.

     

    thank a lot for ur help.

    Tuesday, May 20, 2008 10:41 AM

All replies

  • As long as you enter a resolvable FQDN in each Edge server configuration to that points to the other server, you should be able to get it working.  But if your name resolution and routing cause the two servers to attempt a connection to each other across their internal interfaces, I can only assume it will not work as the Edge servers would expect this traffic to travel over it's externally-facing network interface.

     

    Tuesday, May 20, 2008 1:51 PM
    Moderator
  • Did you configure the Service Records?

     

    SRV Record

    _sipfederationtls._tcp.domaina.com

    5061

    FQDN of Access EDGE for Domain A

    SRV Record

    _sipfederationtls._tcp.domainb.com

    5061

    FQDN of Access EDGE for Domain B

     

    You should enable a New Debug Session on your EDGE Server and use the Snooper tool to examine the Sip messages

    Tuesday, May 20, 2008 10:31 PM
  •  

    Hi again,

     

    First I’d like to thank you for your quick reply, second I checked again my edge servers’ configuration and here are the results:

    1. FQDN are correctly configured, name resolution point to the external interface of each server, I just changed the external a/v port to 443 on the edge servers of domainA
    2. SRV records are well configured as listed in the deployment guide and here

     

    I tried the validation procedure on all the servers and here are errors and warning received:

    1. OCS server of domainA
      1. Check Compatibility for Global Trusted Entries
        •  Error: Multiple server roles (TrustedEdgeProxy,TrustedMras,TrustedServer) are configured at the same address edge.domainA.com but they have different trust options.
      1. Warning: One or more phone usages are not assigned to any route or VOIP policy

     

    1. OCS EDGE server of domainA and domainB
      1. Check two party IM
        • Error: Attempting to establish SIP dialog: Processing failed as one or more steps did not complete successfully
        • Execution result: Failure [0xC3FC200D] One or more errors were detected
    1. OCS server of domainB
      1. Warning: One or more phone usages are not assigned to any route or VOIP policy

     

    Performing best practice analyzer on the server of domainA gave the following error when trying to access the edge server

     

    a.       18:04:48.853: Error (Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))) on WMI search SELECT __RELPATH, MajorVersion FROM MSFT_SIPVersion on scope root\cimv2 on server edge.domainA.com, skipping object.

    b.      15:56:17.523: Error (Security error.) opening registry key reg:/edge.domainA.com/HKEY_LOCAL_MACHINE/Software\Microsoft\Windows NT\CurrentVersion, skipping object.

     

    After performing all these validations and though the errors are persisting, users from both domains established finally a conversation but All users in domainA are getting a warning in communicator “limited external calling”

     

    Another major problem, if I stopped the front-end service of domainA it won’t start again unless I remove all edge server settings!!!

     

    thanks again for your help

     

    Nada

    Wednesday, May 21, 2008 3:25 PM
  •  

    Hi Nada,

     

    die you finaly found a solution for you problem with limited external calling ??

     

    Regards Timo

    Wednesday, November 19, 2008 12:46 PM
  • Hi Timo,

     

    This notification was appearing when ocs server couldn't connect to its configured edge server, once you remove the configuration or connect the edge server to the network, you won't have any "limited external call" notification.

     

    Nada

    Friday, November 21, 2008 7:54 AM
  • Hi,

     

    Are both domains on the same physical infrastructure, and do they belong to the same AD forest?   We have a very simple setup with 1 forest, 2 domains and I did not need to set up an Edge server at all.  Users from both domain will be able to connect to our OCS Std Server without an issue.

     

    Are you sure this is necessary?

     

     

    Wim

     

    Friday, November 21, 2008 1:02 PM
  • HI Wim,

     

    In my case, I have two different domains in 2 different forests on same physical infrastructure that's why i needed edge server for each domain. I think in your case, the ocs server will be for the forest, so users from both domains can connect to it.

     

    Regards,

     

    Nada

    Tuesday, November 25, 2008 7:28 AM