locked
cannot expand DL's from remote access Communcator clients or communicator mobile RRS feed

  • Question

  •  

    i think that's because the internal interface can't see the CRL of the internal cert server that is the CA for the internal front end server and the internal interface of the Edge server. Does that sound right? Just open 80 and 443 from the Edge internal interface to the internal CA?
    Friday, November 14, 2008 3:56 PM

Answers

  • Do you have a reverse proxy configured for publishing your Address Book IIS site to external clients?  The group expansion feature also works throough the same configuration.  The communications for this are not routed through the Edge, but via a separate web proxy rule.
    Friday, November 14, 2008 6:22 PM
    Moderator

All replies

  • Do you have a reverse proxy configured for publishing your Address Book IIS site to external clients?  The group expansion feature also works throough the same configuration.  The communications for this are not routed through the Edge, but via a separate web proxy rule.
    Friday, November 14, 2008 6:22 PM
    Moderator
  • Not routed through Edge? that's definitely a shocker, so i need to open up 443 to the server that hosts teh /abs virtual directory? How does the communicator client find it externally, is there another DNS record i need?

    Friday, November 14, 2008 6:26 PM
  • An externally connected client is passed the ExternalWebFQDN in-band and them attempts to connect to the service over 443 (via HTTP over SSL) to access the Web Components IIS site on the internal Front-End Server. 

     

    If you didn't define an External Web Farm FQDN during the original server deployment, you can configure it using lcscmd.exe.

     

    Code Snippet

    lcscmd /web /action:updatepoolurls /externalwebfqdn:<WebfarmFQDN> /poolname:<poolname>

     

     

    You'll also need to deploy an external DNS A record to resolve the FQDN (e.g. abs.contoso.com) to the IP address of the web proxy (e.g. ISA web listener).

     

    Take a look at Step 2.1 in the Edge Deployment guide for more details on the Reverse HTTP Proxy requirement.  I also have some more details on that here:

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19

    Friday, November 14, 2008 6:57 PM
    Moderator