Complex autoconfigure problem with Live Meeting RRS feed

  • Question

  • Good morning, Folks,

    I haven't really downed my 1st cup of coffee yet, so we'll see how coherent this post is...

    Here's the deal... We're trying to get autoconfigure to work with the following setup:

    Internal SIP domain is


    External domain is


    We've got the internal piece up an running, now working on the edge machines.  The user login is their email address which is jo.blo@state.gov.  I realize this complicates things... and it's making my head hurt... not my call.  Anyway...

    So if I change my sip address to internal.gov (rather than my email address which is also the outside domain sip), autoconfigure works wonderfully.

    I've been able to tolerate the manual configuration internally, but now we are starting to host live meetings with thousands of people and we also want to host them for people not internal to the state's network.  Would I (should I) add an additional srv record?  Will this hinder our external deployment configuration?  We need to be able to have people log into the live meeting and have the url and TLS settings configured as they join.

    I'm sorry if this is all disjunct and nonsensicle... I will do some research and check back here in a few.  Thank you in advance for any help offered.

    Tuesday, March 17, 2009 1:26 PM

All replies

  • Hi,

    Let me try: just bcas i have downed 7 Coffee mugs since this morning. :)

    If I understand this correctly:

    Our purpose is to invite External REMOTE users to join the conference whose sip URI is anuj@state.gov. But internally you work as Internal.gov ? Is this interpretation correct ? 

    Probably a simple fact may lead us to the achievement:

    Assuming an internal user who has anuj@state.gov creates a LM. sends it to external participants.

    External attendee clicks on the "Location" link, the link will have something like this


    User clicks the location link --> Live meeting console comes up --> first task LM console does is to check for DNS SRV records based on state.gov domain.

    _sip._tls.state.gov will queried.

    which must resolve to a host A record of Access edge.

    After this Authentication will be done based on what we have configure, Open, closed or Anonymous.

    So i see 2 req.

    1. SRV records.
    2. Certificates having correct names.

    please let me know if my understanding is correct.


    CN=anuj,CN=airan,OU=UC,DC=[msft],DC=com GlobalID == anujairan@hotmail.com - SearchEngine == www.live.com - Mobile == WindowsMobile6.1 - Drive == SkyDrive
    Tuesday, March 17, 2009 4:05 PM
  • Thank you for your reply, Anuj,

    Your assumptions are about 100% correct, as far as I can see... with the exeption of the fact that we'd also like to allow Bill@yahoo.com or any other address to be able to attend these meetings as well.

    I will double check the external DNS settings for the SRV and certificate to be the external.gov addresses.

    Also, I will confirm internal DNS server settings, but I'm almost certain that we've got them set up correctly with the internal.gov address(s) (since if I change my sip to internal.gov all my autoconfiguration works fine).

    I wish that I could test the external peice, but our F5 isn't configured yet (should be tomorrow). 

    Thank you again for your help!

    Tuesday, March 17, 2009 4:38 PM
  • Inviting Bill from Yahoo must require Anonymous Access allowed on Edge and Global meeting policy. The anonymous authentication will be done using Digest Authentication.

    This would still require SRV's for state.gov and Certficates. Also you have to choose a common certfiicate vendor which are present by default on all external OS.

    CN=anuj,CN=airan,OU=UC,DC=[msft],DC=com GlobalID == anujairan@hotmail.com - SearchEngine == www.live.com - Mobile == WindowsMobile6.1 - Drive == SkyDrive
    Tuesday, March 17, 2009 4:59 PM
  • All that is true... anonymous attendees CAN attend the meetings, but autoconfigure is not working internally.  We HAVE to have this working for AT LEAST the external users, but would prefer it worked internally AND externally.  I guess I'm wondering if we need to replace the certs internally with our state.gov as a SAN, and what ramifications would this have?  Keep in mind that our external deployment's domain is the same as the sip address internally which is not the same as the internal sip domain...
    Tuesday, March 17, 2009 6:30 PM