Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Add additional sip domain in an R2 environment RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,
    Is there an overview of the tasks at hand when you want to change your mail proxy address and create a corresponding sip domain ?
    On the Exchange level this is pretty standard but for OCS R2 this is more intuitive:
    - add sip domain to the list
    - add needed DNS entries (internal / external)
    - create new certs to add the additional sip domain
    - What about external ABS URL - change it using lcscmd (if i want to phase out the old sip domain name ?)
    - ....

    Wim
    Friday, July 31, 2009 8:43 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    For internal configuration:

    On the Your Server’s Subject Name page, do the following:

    • In Subject name, verify that the pool fully qualified domain name (FQDN) is displayed.
    • In Subject Alternate Name, verify that the required entries exist. Optionally, click Subject Alternate Name, and then type any alternate names that identify the pool during authentication.
    1. Subject alternate names (SANs) are required on your server for each supported Session Initiation Protocol (SIP) domain in the format sip.<domain> if all of the following are true:
    • Your organization supports multiple SIP domains.
    • Clients are using automatic configuration.
    • This pool is used to authenticate and redirect client sign in or this is the first Standard Edition server to which clients connect.

    For external access, here is a little something from the edge server documentation:

    On the Your Server's Subject Name page, type or select the subject name and subject alternate name of the Edge Server:

    • The subject name should match the fully qualified domain name (FQDN) of the server published by the external firewall for the external interface on which you are configuring the certificate. For the external interface of the Access Edge Server, this certificate subject name should be sip.<domain>.
    • If multiple Session Initiation Protocol (SIP) domain names exist and they do not appear in Subject alternate name, type the name of each additional SIP domain as sip.<domain>, separating names with a comma. Domains entered during configuration of the Access Edge Server are automatically added to this box.

    So, this implicates that you do need to change the certs on the pool and external side of the edge server since the new to be used sip domain is not on the existing certs...

    thanks for the feedback guys

    Tuesday, August 4, 2009 3:56 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I should have clarified better in my previous post.  Supporting Automatic Configuration on the client would require the Certifictes be updated, since the new domain name would be used in the client lookup process and would have to match a SN/SAN value in the external cert.  But technically only the Access Edge external cert would need to be updated.  The previous domain name could still be used on the Web Conferencing and A/V Edge roles, as those FQDNs are passed in-band and the domain name suffix on those don't have to match the SIP domain.

    If you are using Manual Configuration then there is no requirement to change them.  But if it also can't hurt to redo them all using the same namespace either.

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, August 4, 2009 4:23 PM
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Wim

    AFAIK your intuition is right, but I do not think that changing ABS URL is true for your scenario. ABS Download (external link) is not directly related to the sip domain name.


    I would use a script or wbem to change the ABS URL if needed.
    http://tfl09.blogspot.com/2009/02/ocs-wmi-and-powershell.html


    Cheers
    Werner
    Friday, July 31, 2009 9:54 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    If you are adding a new SIP domain there is no real technical requirement to change all the FQDNs and certificates.  You can simply add the new SIP domain name to the OCS configuration and then deploy additional SRV/A records to support Automatic sign-In. 

    But if for some reason you have to remove the old domain name entirely (corporate branding, planned loss of control of DNS domain records) then you would need to complete all those steps.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, July 31, 2009 12:31 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    For internal configuration:

    On the Your Server’s Subject Name page, do the following:

    • In Subject name, verify that the pool fully qualified domain name (FQDN) is displayed.
    • In Subject Alternate Name, verify that the required entries exist. Optionally, click Subject Alternate Name, and then type any alternate names that identify the pool during authentication.
    1. Subject alternate names (SANs) are required on your server for each supported Session Initiation Protocol (SIP) domain in the format sip.<domain> if all of the following are true:
    • Your organization supports multiple SIP domains.
    • Clients are using automatic configuration.
    • This pool is used to authenticate and redirect client sign in or this is the first Standard Edition server to which clients connect.

    For external access, here is a little something from the edge server documentation:

    On the Your Server's Subject Name page, type or select the subject name and subject alternate name of the Edge Server:

    • The subject name should match the fully qualified domain name (FQDN) of the server published by the external firewall for the external interface on which you are configuring the certificate. For the external interface of the Access Edge Server, this certificate subject name should be sip.<domain>.
    • If multiple Session Initiation Protocol (SIP) domain names exist and they do not appear in Subject alternate name, type the name of each additional SIP domain as sip.<domain>, separating names with a comma. Domains entered during configuration of the Access Edge Server are automatically added to this box.

    So, this implicates that you do need to change the certs on the pool and external side of the edge server since the new to be used sip domain is not on the existing certs...

    thanks for the feedback guys

    Tuesday, August 4, 2009 3:56 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I should have clarified better in my previous post.  Supporting Automatic Configuration on the client would require the Certifictes be updated, since the new domain name would be used in the client lookup process and would have to match a SN/SAN value in the external cert.  But technically only the Access Edge external cert would need to be updated.  The previous domain name could still be used on the Web Conferencing and A/V Edge roles, as those FQDNs are passed in-band and the domain name suffix on those don't have to match the SIP domain.

    If you are using Manual Configuration then there is no requirement to change them.  But if it also can't hurt to redo them all using the same namespace either.

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, August 4, 2009 4:23 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Wimos:
    Like Jeff said all depends your decision.
    And your published procedures are perfect.

    Regards!
     

    Wednesday, August 5, 2009 10:31 AM
    Moderator