Answered by:
how to config the OC outside the domain?

Question
-
I have a OC client outside the domain? how to let it login in the OCS server?
my pool name: ocspool.oceanstudio.net
the cwa port is 445
Manual configuration:
Internal server name or IP address: ocspool.oceanstudio.net:445
External server anme or IP address: ocspool.oceanstudio.net:445
Connect using : TLS
when login, an error: "There was a problem verifying the certificate from the server. Please contact your system administrator."
In domain: automation config, logon no problem.Tuesday, July 21, 2009 11:53 AM
Answers
-
If you haven't already you'll need to deploy an Edge server with at least the Access Edge role to allow OC clients to login to OCS from external networks.
Take a look at the Planning for External User Access section of the documentation for more details:
http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS- Marked as answer by Haiyang Ju Tuesday, July 21, 2009 2:02 PM
Tuesday, July 21, 2009 1:54 PMModerator
All replies
-
I do not know how your whole configuration looks like and maybe there are more errors then that you described. The error message is very clear and related to certificate name or certificate root certificate error.
For CWA to publish you need normally a SAN certificate with the following names on it:
cwa.company.com
as.cwa.company.com
download.cwa.company.com
If you create the listerner for the publishing rule on your firewall do not forget to listen to all three FQDN above which you have hopefully registered the right way in DNS for external access.
HTH
Cheers
WernerTuesday, July 21, 2009 12:24 PM -
can I use a certificate like "*.company.com"?Tuesday, July 21, 2009 12:27 PM
-
No wild card certificates are not supported last I checked.
Mitch Roberson |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCTTuesday, July 21, 2009 12:55 PM -
My envirement:
Server 1: AD Server(DNS Server) - FQDN: ad.oceanstudio.net --- 192.168.1.200
Server 2: OCS Server - FQDN: ocs.oceanstudio.net, ocspool FQDN: ocspool.oceanstudio.net----192.168.1.201
Server 3: Exchange Server/OWA/CWA - FQDN: exch.oceanstudio.net ---------- 192.168.1.202
OWA: https://owa.oceanstudio.net -- 443
CWA: https://cwa.oceanstudio.net --- 443, listener port: 444
OWA and CWA certificate: *.oceanstudio.net
because I only have one internet IP, so I install owa and cwa on the same server and same port.
the port publish:
443 192.168.1.202
444 192.168.1.202
25 192.168.1.202
now the owa, cwa and all servers work very well.
in internal server, the OC used Automatic configuration, and in DNS, there is a SRV record: _sipinternaltls to ocspool.oceanstudio.net, port: 5061
now I want to login my OC outside the domain, and use the Manual configuration, how to set the "Internal server name or IP address" and "External server name or IP address" ? or need I publish other port to Internet?Tuesday, July 21, 2009 1:28 PM -
hi mitch roberson,
but when the cwa works very well when I used the wild certificate. you can visit: https://cwa.oceanstudio.net/
test username: oceanstudio\dongjing
password: pass@word1
it's Chinese version by default.
if I really need the SAN certificate, how to apply one in domain?Tuesday, July 21, 2009 1:35 PM -
To use manual configuration set your Internal server using just the FQDN (assuming that TLS is used) and the External server as FQDN:Port.
For example:
Internal Servername or IP Address: pool.domain.com
External Servername or IP Address: sip.domain.com:443
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCSTuesday, July 21, 2009 1:39 PMModerator -
Hello Jeff,
what is sip.domain.com? what is External Server? need I install another server? in my envirement, how to set it? thanks.Tuesday, July 21, 2009 1:45 PM -
If you haven't already you'll need to deploy an Edge server with at least the Access Edge role to allow OC clients to login to OCS from external networks.
Take a look at the Planning for External User Access section of the documentation for more details:
http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS- Marked as answer by Haiyang Ju Tuesday, July 21, 2009 2:02 PM
Tuesday, July 21, 2009 1:54 PMModerator -
yes, now I understand. thanks.Tuesday, July 21, 2009 2:01 PM