locked
Live meeting from outside network RRS feed

  • Question

  • Hi,

    I am actually lost in configuring the edge server for anonymous live meeting access from external network.

    I have few questions:

    1) Do I have to use public CA certificate for my web conferencing edge server? Is it possible to use certificate from internal CA?

    2) How can I configure the SRV records to work with Access Edge Server and Web Conferencing Edge Server? The both use 443 port.

    Thanks.

    Some more information

    I used NAT to map those internal IPs in DMZ.

    One Public IP for Access Edge
    One Public IP for Web

    Access Edge Server
    Federation external: 172.1.1.8 5061
    Remote access external: 172.1.1.8 443
    Internal IP /port: 192.168.1.225 5061

    Web Conferencing Edge Server
    External IP/port   172.1.1.9 443
    Internal IP /port: 192.168.1.225 8057

    Is that ok ?
    Wednesday, November 26, 2008 6:35 AM

All replies

  • Hi,

     

    1) You should use Public CA for your web conferencing EDGE as it will be difficult to hand out the root certificate of your internal CA to all the "anonymous" attendees.

     

    2) You will only need to configure the external IP of your access edge server within the SRV record, when your client logs on through the access edge it will receive the approperiate FQDN to connect to the web conferencing server. So you only to create the proper DNS records that point to your Web Conferencing EdGE External IP. In addition you have to make sure that the URL's used by the web conferencing MCU is published trough your reverse proxy

     

    have a look at the OCS Edge Planning Tool as well:

    https://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=37

     

    Sincerely,

    Tonino Bruno

    Wednesday, November 26, 2008 9:21 AM
  • Thanks Tonino,

    Regarding my second one,

    What is a reverse proxy? Do I need to install it ?
    I just followed your what you mentioned, I sent an invitation email to my gmail account, I wanna try
    anonymous live meeting, I input the entry code and Location link, it prompted out a windows login dialog, do you know why it happens?

    Thanks for help.

    Eric
    Wednesday, November 26, 2008 11:15 AM
  • Eric,

     

    You don't need to configure the reverse proxy, but if you don't then external clients will not be able to (1) download the OCS Address Book, (2) expand distribution lists, and (3) download some Live Meeting content.

     

    Take a look at these blogs to better understand what the reverse proxy is:

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33

     

    Has the user you've been testing with been given access to allow anonymous users to attend Live Meeting sessions?  Do you have have the proper DNS SRV and A records for your Access Edge Server published publicly?  These things will be needed to facilitate external Live Meeting attendees.

    Wednesday, November 26, 2008 2:20 PM
    Moderator
  • You may want to check the anonymous settings in your meeting policies. Have a look here for more information on how to do that:

    http://technet.microsoft.com/en-us/library/bb663649.aspx

     

    Sincerely,

    Tonino Bruno

    Wednesday, November 26, 2008 10:53 PM
  • I already configured the allow anonymous access in global properties.

    I have a test site outside internal network, and configured the DNS srv record for my sip, info as below

    Domain : mydomain.com
    Service : _sip
    Protocol : _tls
    Port No: 443
    Host offering this service : sip.mydomain.com

    When I input the entry code and the location, I can get into next step which I can input the name of the attendee, then when I go next, it will prompt out a windows login dialog asking me for login name and password, do you any ideas?

    Thanks for help.

    Eric

    Thursday, November 27, 2008 3:59 AM
  • I have also tested anonymous access with and without a public certificates on the Edge servers. If you don't have a public certificate you should indeed manually install the root certificate together with the live meeitng console on the 'anonymous' client PC.

     

    One other important thing: don't forget to allow anonymous access when you are planning your meeting. Set your meeting type to anonymous usin the Outlook add-in or the OCS Web Scheduler.

     

    /Thomas

    Thursday, November 27, 2008 7:37 AM
  • I already installed the root cert from my CA.

    One other important thing: don't forget to allow anonymous access when you are planning your meeting. Set your meeting type to anonymous usin the Outlook add-in or the OCS Web Scheduler
    >> I cannot find any seeting in there, can you tell me the exact path? Thanks a lot.

    Eric
    Thursday, November 27, 2008 8:10 AM
  • Sorry for the late reply. Check the following video and you'll see what I mean:

    http://communityclips.officelabs.com/Video.aspx?videoId=6c2abe7b-403c-4012-9663-7db355e3950a

    Download the Add-in from:

    http://office.microsoft.com/en-us/livemeeting/HP101541141033.aspx

    Download the OCS Web Scheduler from:

    http://www.microsoft.com/downloads/info.aspx?na=45&p=4&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=b9bf4f71-fb0b-4de9-962f-c56b70a8aecd&u=details.aspx%3ffamilyid%3d96B42DC8-E769-4EFD-B7A6-ECA03058F8AD%26displaylang%3den

    /Thomas
    Sunday, November 30, 2008 6:37 PM