locked
OCS Automatic Configuration RRS feed

  • Question

  • I currently have an OCS setup on a domain for this example i will call it domain1.com, the users that currently use the system are on domain2.com;

    in the client the users enter their username as user.name@domain2.com and in the manual configuration boxes enter sip.domain1.com:443 and this works fine.

    I have had an SRV record created for domain2.com as _sip._tls.domain2.com and this points to sip.domain1.com.

    when we switch the client to automatic configuration it will not log in and I can see an error in the event log say that the SRV record for domain2.com point to an invalid server sip.domain1.com which is not trused to provide support for the domain because the servers domain is not an exact match.

    Could anyone help with this.
    Monday, January 12, 2009 1:57 PM

Answers

  • Hi,

    This is a common mistake: you can't directly point your SRV record to an A record in another domain, if you do so you receive this error msg.
    The workaround is to create an A record sip.domain1.com, then a CNAME record sip.domain2.com alias of sip.domain1.com
    the SRV record _sip._tls.domain2.com will point to sip.domain2.com.
    After that you will maybe need to recreate certificates to take this in account (with according SAN)
    Wednesday, January 14, 2009 9:48 PM
  • Actually the Microsoft documentation states that the SRV record should only point to an A record, not a CNAME record.  So the sip.domain2.com record should also be an A record pointing to the same IP as the server.  Also, (not related to OCS requirements) if reverse lookup is desired (for troubleshooting) only the first A record should have a matching PTR record.  I've used CNAME records and comment in the past about how they worked in lab scenarios but later found (and was told by MS) that they only don't support using CNAME records paired with SRV for Automatic Configuration.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, January 15, 2009 1:59 PM
    Moderator
  • Yes.  Each domain requires it's own separate pair of records.  Think of the Automatic Configuration records as a 'married' pair of SRV and A records.  Can't use CNAME instead of A, and both in the pair must be int he same domain.  You cannot point an SRV record in domainA to a A record in domainB.

    For your scenario you'll typically require (assuming Enterprise Edition):

    DNS A record for server: ocsserver.domain.com
    DNS A record for pool: ocspool.domain.com
    SRV record for Automatic Configuration: _sipinternaltls._tcp.domain.co.uk
    A record for Automatic Configuration: ocspool.domain.co.uk

    (All three A records above point to the same IP address.  If using Standard Edition then the first two A records for the server/pool are the same).

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, July 20, 2009 8:03 PM
    Moderator

All replies

  • Hi,

    This is a common mistake: you can't directly point your SRV record to an A record in another domain, if you do so you receive this error msg.
    The workaround is to create an A record sip.domain1.com, then a CNAME record sip.domain2.com alias of sip.domain1.com
    the SRV record _sip._tls.domain2.com will point to sip.domain2.com.
    After that you will maybe need to recreate certificates to take this in account (with according SAN)
    Wednesday, January 14, 2009 9:48 PM
  • Actually the Microsoft documentation states that the SRV record should only point to an A record, not a CNAME record.  So the sip.domain2.com record should also be an A record pointing to the same IP as the server.  Also, (not related to OCS requirements) if reverse lookup is desired (for troubleshooting) only the first A record should have a matching PTR record.  I've used CNAME records and comment in the past about how they worked in lab scenarios but later found (and was told by MS) that they only don't support using CNAME records paired with SRV for Automatic Configuration.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, January 15, 2009 1:59 PM
    Moderator
  • I would like to expand on this thread a little bit if I may..

    If the SRV record for domain.co.uk points to an 'A' record for sip.domain.com, according to what is stated above this would not be supported.  Is that true, even if the domain.co.uk is listed as a supported domain on the OCS pool (in addition to the domain.com)?  If not, would that mean the OCS pool would need to respond not only to sip.domain.com, but also to sip.domain.co.uk (assuming an 'a' record for both)? 

    Monday, July 20, 2009 6:01 PM
  • Yes, that is correct

    From the documentation:
    To support external user access through Microsoft Office Communicator and the Microsoft Office Live Meeting client. A DNS SRV record for _sip._tls.<domain>, over port 443, where <domain> is the name of your organization’s SIP domain. This SRV record must point to the A record of the Access Edge service. If you have multiple SIP domains, you need a DNS SRV record for each domain—each SRV record can point to a different Edge Server, if you want, to spread the workload.

    Keep in mind this discussion is specific to supported Automatic Configuration for clients and has nothing to do with the pool itself actually supporting a specif SIP domain.  You could still use Manual Configuration to point clients using any SIP domain to a single OCS pool DNS record by hard-coding it in the client (or using GPO to publish the server settings in the client).


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, July 20, 2009 6:34 PM
    Moderator
  • I definitely understand that each sip domain requires an SRV record, however I was looking more specifically as to whether the SRV record for a particular domain (ie. domain.co.uk) must point to an 'A' record in the same domain (ie., would prefer srv for domain.co.uk to point to sip.domain.com instead of sip.domain.co.uk).

    Monday, July 20, 2009 7:49 PM
  • Yes.  Each domain requires it's own separate pair of records.  Think of the Automatic Configuration records as a 'married' pair of SRV and A records.  Can't use CNAME instead of A, and both in the pair must be int he same domain.  You cannot point an SRV record in domainA to a A record in domainB.

    For your scenario you'll typically require (assuming Enterprise Edition):

    DNS A record for server: ocsserver.domain.com
    DNS A record for pool: ocspool.domain.com
    SRV record for Automatic Configuration: _sipinternaltls._tcp.domain.co.uk
    A record for Automatic Configuration: ocspool.domain.co.uk

    (All three A records above point to the same IP address.  If using Standard Edition then the first two A records for the server/pool are the same).

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, July 20, 2009 8:03 PM
    Moderator