how to config the OC outside the domain?

All replies

• 

  

  0

  Sign in to vote

  I do not know how your whole configuration looks like and maybe there are more errors then that you described. The error message is very clear and related to certificate name or certificate root certificate error.
  
  For CWA to publish you need normally a SAN certificate with the following names on it:
  
  cwa.company.com
  as.cwa.company.com
  download.cwa.company.com
  
  If you create the listerner for the publishing rule on your firewall do not forget to listen to all three FQDN above which you have hopefully registered the right way in DNS for external access.
  
  HTH
  
  Cheers
  Werner

  Tuesday, July 21, 2009 12:24 PM
• 

  

  0

  Sign in to vote

  can I use a certificate like "*.company.com"?

  Tuesday, July 21, 2009 12:27 PM
• 

  

  0

  Sign in to vote

  No wild card certificates are not supported last I checked.

  ---

  Mitch Roberson |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT

  Tuesday, July 21, 2009 12:55 PM
• 

  

  0

  Sign in to vote

  My envirement:
  Server 1: AD Server(DNS Server) - FQDN: ad.oceanstudio.net --- 192.168.1.200
  Server 2: OCS Server - FQDN: ocs.oceanstudio.net, ocspool FQDN: ocspool.oceanstudio.net----192.168.1.201
  Server 3: Exchange Server/OWA/CWA - FQDN: exch.oceanstudio.net    ---------- 192.168.1.202
                          OWA: https://owa.oceanstudio.net -- 443
                          CWA: https://cwa.oceanstudio.net --- 443, listener port: 444
                          OWA and CWA certificate: *.oceanstudio.net
  because I only have one internet IP, so I install owa and cwa on the same server and same port.
  
  the port publish:
  443          192.168.1.202
  444          192.168.1.202
  25            192.168.1.202
  
  now the owa, cwa and all servers work very well.
  in internal server, the OC used Automatic configuration, and in DNS, there is a SRV record: _sipinternaltls to ocspool.oceanstudio.net, port: 5061
  
  now I want to login my OC outside the domain, and use the Manual configuration, how to set the "Internal server name or IP address" and "External server name or IP address" ? or need I publish other port to Internet?

  Tuesday, July 21, 2009 1:28 PM
• 

  

  0

  Sign in to vote

  hi mitch roberson,
       but when the cwa works very well when I used the wild certificate. you can visit: https://cwa.oceanstudio.net/ 
      test username: oceanstudio\dongjing
      password: pass@word1
  it's Chinese version by default.
  
  if I really need the SAN certificate, how to apply one in domain?

  Tuesday, July 21, 2009 1:35 PM
• 

  

  0

  Sign in to vote

  To use manual configuration set your Internal server using just the FQDN (assuming that TLS is used) and the External server as FQDN:Port.
  
  For example:
  
  Internal Servername or IP Address: pool.domain.com
  External Servername or IP Address: sip.domain.com:443
  

  ---

  Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS

  Tuesday, July 21, 2009 1:39 PM

  Moderator
• 

  

  0

  Sign in to vote

  Hello Jeff,
        what is sip.domain.com? what is External Server? need I install another server? in my envirement, how to set it? thanks.

  Tuesday, July 21, 2009 1:45 PM
• 

  

  0

  Sign in to vote

  If you haven't already you'll need to deploy an Edge server with at least the Access Edge role to allow OC clients to login to OCS from external networks.
  
  Take a look at the Planning for External User Access section of the documentation for more details:
  http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx

  ---

  Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS

  • Marked as answer by Haiyang Ju Tuesday, July 21, 2009 2:02 PM

  Tuesday, July 21, 2009 1:54 PM

  Moderator
• 

  

  0

  Sign in to vote

  yes, now I understand. thanks.

  Tuesday, July 21, 2009 2:01 PM