Asked by:
Live meeting from outside network

Question
-
Hi,
I am actually lost in configuring the edge server for anonymous live meeting access from external network.
I have few questions:
1) Do I have to use public CA certificate for my web conferencing edge server? Is it possible to use certificate from internal CA?
2) How can I configure the SRV records to work with Access Edge Server and Web Conferencing Edge Server? The both use 443 port.
Thanks.
Some more information
I used NAT to map those internal IPs in DMZ.
One Public IP for Access Edge
One Public IP for Web
Access Edge Server
Federation external: 172.1.1.8 5061
Remote access external: 172.1.1.8 443
Internal IP /port: 192.168.1.225 5061
Web Conferencing Edge Server
External IP/port 172.1.1.9 443
Internal IP /port: 192.168.1.225 8057
Is that ok ?Wednesday, November 26, 2008 6:35 AM
All replies
-
Hi,
1) You should use Public CA for your web conferencing EDGE as it will be difficult to hand out the root certificate of your internal CA to all the "anonymous" attendees.
2) You will only need to configure the external IP of your access edge server within the SRV record, when your client logs on through the access edge it will receive the approperiate FQDN to connect to the web conferencing server. So you only to create the proper DNS records that point to your Web Conferencing EdGE External IP. In addition you have to make sure that the URL's used by the web conferencing MCU is published trough your reverse proxy
have a look at the OCS Edge Planning Tool as well:
https://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=37
Sincerely,
Tonino Bruno
Wednesday, November 26, 2008 9:21 AM -
Thanks Tonino,
Regarding my second one,
What is a reverse proxy? Do I need to install it ?
I just followed your what you mentioned, I sent an invitation email to my gmail account, I wanna try anonymous live meeting, I input the entry code and Location link, it prompted out a windows login dialog, do you know why it happens?
Thanks for help.
EricWednesday, November 26, 2008 11:15 AM -
Eric,
You don't need to configure the reverse proxy, but if you don't then external clients will not be able to (1) download the OCS Address Book, (2) expand distribution lists, and (3) download some Live Meeting content.
Take a look at these blogs to better understand what the reverse proxy is:
http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19
http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33
Has the user you've been testing with been given access to allow anonymous users to attend Live Meeting sessions? Do you have have the proper DNS SRV and A records for your Access Edge Server published publicly? These things will be needed to facilitate external Live Meeting attendees.
Wednesday, November 26, 2008 2:20 PMModerator -
You may want to check the anonymous settings in your meeting policies. Have a look here for more information on how to do that:
http://technet.microsoft.com/en-us/library/bb663649.aspx
Sincerely,
Tonino Bruno
Wednesday, November 26, 2008 10:53 PM -
I already configured the allow anonymous access in global properties.
I have a test site outside internal network, and configured the DNS srv record for my sip, info as below
Domain : mydomain.com
Service : _sip
Protocol : _tls
Port No: 443
Host offering this service : sip.mydomain.com
When I input the entry code and the location, I can get into next step which I can input the name of the attendee, then when I go next, it will prompt out a windows login dialog asking me for login name and password, do you any ideas?
Thanks for help.
EricThursday, November 27, 2008 3:59 AM -
I have also tested anonymous access with and without a public certificates on the Edge servers. If you don't have a public certificate you should indeed manually install the root certificate together with the live meeitng console on the 'anonymous' client PC.
One other important thing: don't forget to allow anonymous access when you are planning your meeting. Set your meeting type to anonymous usin the Outlook add-in or the OCS Web Scheduler.
/Thomas
Thursday, November 27, 2008 7:37 AM -
I already installed the root cert from my CA.
One other important thing: don't forget to allow anonymous access when you are planning your meeting. Set your meeting type to anonymous usin the Outlook add-in or the OCS Web Scheduler
>> I cannot find any seeting in there, can you tell me the exact path? Thanks a lot.
EricThursday, November 27, 2008 8:10 AM -
Sorry for the late reply. Check the following video and you'll see what I mean:
http://communityclips.officelabs.com/Video.aspx?videoId=6c2abe7b-403c-4012-9663-7db355e3950a
Download the Add-in from:
http://office.microsoft.com/en-us/livemeeting/HP101541141033.aspx
Download the OCS Web Scheduler from:
http://www.microsoft.com/downloads/info.aspx?na=45&p=4&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=b9bf4f71-fb0b-4de9-962f-c56b70a8aecd&u=details.aspx%3ffamilyid%3d96B42DC8-E769-4EFD-B7A6-ECA03058F8AD%26displaylang%3den
/ThomasSunday, November 30, 2008 6:37 PM