- OCS R2 64bit italian localization domain member, FQDN ocsr2.domain.locale and an internal CA cert assigned to webconf, a/v edge, client access, etc
- OCS R2 64bit italian localization EDGE, FQDN ocsr2edge.domain.local (not a domain member, notice the missing "e") and internal CA cert for private nic for ocsr2edge.domain.local, public trusted CA cert for av.domain.com, livemeeting.domain.com, sip.domain.com each on a separate public DMZ NIC.
Added to internal DNS av.domain.com resolving to its public IP.
both internal FQDNs are added to each trust list, but i still cannot pass A/V edge validation.
A/V Authentication Edge Server: Impossibile contattare
A/V Authentication Edge Server. Per risolvere l'errore, verificare quanto
segue: 1. Il proxy in uscita è raggiungibile. 2. Il proxy in uscita e A/V
Authentication Edge Server si trovano nei rispettivi elenchi di server
trusted. 3. I certificati del proxy in uscita e di A/V Authentication Edge
Server sono validi. 4. Il certificato del server per conferenze è
valido. 5. Il parametro Gruu di A/V Authentication Edge Server è
corretto.
Problem I have, apart from validation, is external users can IM to inside/outside but cannot start voice/video calls.
Telnet from ocsr2.domain.locale to ocsr2edge.domain.local to port 5062 is ok
I find no deployment guide or example which clarify when FQDN is meant as INTERNAL or EXTERNAL.
What certificate are you using for the A/V Authentication service? What name are you using?
- Belgian Unified Communications Community : http://www.pro-exchange.be -
absolutely my bad, I was using the unneeded public certificate for av.domain.com also on A/V auth service, instead of an internal ca issued cert matching my private fqdn ocsr2edge.domain.local! thanks
another one for you, still on validation error of the edge:
Nessuna istanza WMI restituita dalla query : select * from MSFT_SIPFederationNetworkProviderTable where Enabled = 'TRUE' Nessuna istanza WMI restituita dalla query : select * from MSFT_SIPFederationPartnerTable Trovato Perimetro esterno indirizzo di attesa : access_edge_ip:5061:TLS - Abilitato Trovato Perimetro esterno indirizzo di attesa : access_edge_ip:5061:TLS - Abilitato Trovato Perimetro esterno indirizzo di attesa : av_edge_ip:443:TLS - Abilitato Trovato Perimetro esterno indirizzo di attesa : webconf_edge_ip :443:TLS - Abilitato Risoluzione della destinazione ambigua in indirizzo IP errato: ocsr2edge.domain.local Risoluzione proposta: Se è necessario connettersi al server Access Edge Server corrente, specificare un nome di destinazione che venga risolto in modo non ambiguo in un indirizzo IP esterno del server Access Edge Server corrente.
Seems like validation doesn't like internal fqdn, error is "Resolution of ambiguous destination to IP address error: ocsr2edge.domain.local", and suggested resolution is: "If you need to connect to the current Access Server Edge, specify a not ambiguous destination name resolvable to an external IP address of current Access Edge Server".
The certificate you request from your internal CA for the A/V Authentication Service needs to match the FQDN of your AV Edge Server interface i.e. av.domain.com. Have you got it setup like that?
