Sign in

Microsoft.com

Microsoft

Remove From My Forums

OCS and LCS coexistence - TLS needed for the 2 servers to talk to each other?

Question
0

Sign in to vote

We just installed and configured a new OCS 2007 server in our environment with all the needed certs. I moved a test user over from our existing LCS 2005 server fine but the test account can't see any users on LCS and the LCS users can't see the test user on OCS.

The existing LCS server was setup using TCP between the client and server. Do we need to install a cert on the LCS server and enable TLS communication now for the 2 servers to talk to each other?

BTW, I did apply the 2 patches that I'm told are required on LCS to allow for coexistence but that didn't help.

thanks,

Stephen

Friday, September 12, 2008 7:09 PM

All replies

0

Sign in to vote

In both LCS and OCS certificates are required for all server to server communication. TCP can only be used as the client-server transport. You can still use TCP in OCS but for LCS <-> OCS interop you will need MTLS configured with a trusted certificate on both servers.

Friday, September 12, 2008 7:42 PM

Moderator
0

Sign in to vote

Hi Stephen,

You need certificate on the servers whenever an LCS or OCS server will talk to the other LCS or OCS Server.
It means whenever there are two or more than two servers are involved and they need to talk to each other, we have to have MTLS enabled on all of the Servers.
From the client to server, SIP communication an still happen over TCP. But since you are anyway enabling MTLS on the server, I'd strongly recommend to let client also communicate to the server over TLS.

And you are right kb911996 and kb 921543 are required on the LCS servers when they are going to talk to the OCS Server. (Actually these patches are required on LCS Servers in any case)...

Regards,
R. Kinker
MCSE 2003 (Messaging), MCTS - LCS 2005, MCTS - OCS 2007
http://www.ocspedia.com
http://www.itcentrics.com/LCS_Home.htm

Sunday, September 14, 2008 1:22 PM