locked
Communicator does not use the External server name section.. RRS feed

  • Question

  •  

    Hi,

    I got OCS working internally.  I have configured a GPO to push out manual
    configuration to Communicator 2007 client.

    In Internal server name: ocspool.domain.com (TLS)
    In External Server name : ocspool.domain.com:443 (TLS)

    Now, I have setup my Edge servers with no problem.
    When I try to connect externally, I get this error message  :   "Cannot Sign
    in because the server is temporarily unavailable"

    Here is the problem:  If I check the Event Logs, I only see that it
    tries to connect to ocspool.domain.com (5061).  It never tries the external
    server name: ocspool,domain.com:443 ?

    I know that ocspool.domain.com:443 works because I can telnet thru.

    Anyone has seen that behavior?

    Thanks

    JP
    Monday, November 26, 2007 10:35 PM

All replies


  • Hi there,

    Did you ever get a solution for this. I have exactly the same problem when I set a manual configuration (or via group policy). It just does not seem to query the external server. It only trys to the first, internal server sip-int.domain.com and fails.

    If I set the policy to automatic it work fine and connects to the external server sip.domain.com
    Friday, August 28, 2009 5:38 AM
  • The way that Manual configuration works is it first attempts to the resolve the name of the computer in the Internal Servername or IP Address field, and if that resolution fails, then it will move on to the External Servername or IP Address entry.  If it does resolve the Internal servername it will stop there and assume it's 'internal' and connect to that server.  If the connection fails (e.g. port or cert errors) then you'll see an error; the client does not attempt to lookup the External field at this point.  This is because the client has no way to 'know' if it's internal or external, this is why it is best practice to use different FQDNs for the internal pool and the Access Edge FQDN.

    You can force the client to connect to the correct FQDN and port by duplicating the External field's value in the Internal field, like this:

    Internal Servername or IP Address: ocspool.domain.com:443
    External Servername or IP Address: ocspool.domain.com:443

    Ideally you should be using a different Access Edge FQDN, like sip.domain.com for external access and make sure that ocspool.domain.com is NOT resolvable outside your network.

    Here's an excellent blog article with more details on setting up OCS records without Split-DNS, if that is your current limitation:
    http://blogs.technet.com/gclark/archive/2009/05/02/ocs-dns-automatic-configuration-when-split-dns-is-not-an-option.aspx
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, August 28, 2009 2:35 PM
    Moderator
  • Hi Jeff,

    You have explained it how I also understand the process, and my configuration works perfectly (internally/externally) when using automatic connection, so this proves that means that my certificates and DNS/SRV records are correctly configured.

    In my situation when the Client (based externally) is configured for manual connection with the following settings

    Internal Servername or IP Address: sip-int.domain.com
    External Servername or IP Address: sip.domain.com

    The sign-in fails with the "Cannot Sign in because the server is temporarily unavailable".

    In the event log it appears as though the Communicator tries the internal addres s (sip-int.domain.com) and stops - it does not apepar to try and resolve the sip.domain.com address which would work.  The Internal servername or IP address "sip-int.domain.com" is NOT an external address (i.e. no external DNS records), so the name resolution should fail, and then should move on to the External servername or IP address




    Thursday, September 17, 2009 4:07 AM
  • That is correct.  So either one of two things is happening, your clients ARE somehow resolving the sip-int.domain.com record externally, or they are actually resolving the external name but are unable to connect to the Access Edge server.  Make sure that the clients don't have a ocal HOSTS entry or have that sip-int record cached from a previous VPN connection or something along those lines.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, September 17, 2009 12:11 PM
    Moderator
  • Hi guys,

    I have download OC on my personal laptop at home in the hope I can use it to commincate with my parter who uses it at work.
    Is this even possible? If so, does anyone have any idea what IP addresses I would use cos I have hit a brick wall.
    Thanks
    Kraig
    Thursday, October 8, 2009 2:02 PM