locked
OCS and LCS coexistence - TLS needed for the 2 servers to talk to each other? RRS feed

  • Question

  •  

    We just installed and configured a new OCS 2007 server in our environment with all the needed certs. I moved a test user over from our existing LCS 2005 server fine but the test account can't see any users on LCS and the LCS users can't see the test user on OCS.

     

    The existing LCS server was setup using TCP between the client and server. Do we need to install a cert on the LCS server and enable TLS communication now for the 2 servers to talk to each other?

     

    BTW, I did apply the 2 patches that I'm told are required on LCS to allow for coexistence but that didn't help.

     

    thanks,

    Stephen

    Friday, September 12, 2008 7:09 PM

All replies

  • In both LCS and OCS certificates are required for all server to server communication.  TCP can only be used as the client-server transport.  You can still use TCP in OCS but for LCS <-> OCS interop you will need MTLS configured with a trusted certificate on both servers.

    Friday, September 12, 2008 7:42 PM
    Moderator
  • Hi Stephen,

    You need certificate on the servers whenever an LCS or OCS server will talk to the other LCS or OCS Server.
    It means whenever there are two or more than two servers are involved and they need to talk to each other, we have to have MTLS enabled on all of the Servers.
    From the client to server, SIP communication an still happen over TCP. But since you are anyway enabling MTLS on the server, I'd strongly recommend to let client also communicate to the server over TLS.

    And you are right kb911996 and kb 921543 are required on the LCS servers when they are going to talk to the OCS Server. (Actually these patches are required on LCS Servers in any case)...

    Regards,
    R. Kinker
    MCSE 2003 (Messaging), MCTS - LCS 2005, MCTS - OCS 2007
    http://www.ocspedia.com
    http://www.itcentrics.com/LCS_Home.htm
    Sunday, September 14, 2008 1:22 PM