locked
how to config the OC outside the domain? RRS feed

  • Question

  • I have a OC client outside the domain? how to let it login in the OCS server?
    my pool name: ocspool.oceanstudio.net
    the cwa port is 445
    Manual configuration:
    Internal server name or IP address: ocspool.oceanstudio.net:445
    External server anme or IP address: ocspool.oceanstudio.net:445

    Connect using : TLS

    when login, an error: "There was a problem verifying the certificate from the server. Please contact your system administrator."

    In domain: automation config, logon  no problem.
    Tuesday, July 21, 2009 11:53 AM

Answers

  • If you haven't already you'll need to deploy an Edge server with at least the Access Edge role to allow OC clients to login to OCS from external networks.

    Take a look at the Planning for External User Access section of the documentation for more details:
    http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by Haiyang Ju Tuesday, July 21, 2009 2:02 PM
    Tuesday, July 21, 2009 1:54 PM
    Moderator

All replies

  • I do not know how your whole configuration looks like and maybe there are more errors then that you described. The error message is very clear and related to certificate name or certificate root certificate error.

    For CWA to publish you need normally a SAN certificate with the following names on it:

    cwa.company.com
    as.cwa.company.com
    download.cwa.company.com

    If you create the listerner for the publishing rule on your firewall do not forget to listen to all three FQDN above which you have hopefully registered the right way in DNS for external access.

    HTH

    Cheers
    Werner
    Tuesday, July 21, 2009 12:24 PM
  • can I use a certificate like "*.company.com"?
    Tuesday, July 21, 2009 12:27 PM
  • No wild card certificates are not supported last I checked.
    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT
    Tuesday, July 21, 2009 12:55 PM
  • My envirement:
    Server 1: AD Server(DNS Server) - FQDN: ad.oceanstudio.net --- 192.168.1.200
    Server 2: OCS Server - FQDN: ocs.oceanstudio.net, ocspool FQDN: ocspool.oceanstudio.net----192.168.1.201
    Server 3: Exchange Server/OWA/CWA - FQDN: exch.oceanstudio.net    ---------- 192.168.1.202
                            OWA: https://owa.oceanstudio.net -- 443
                            CWA: https://cwa.oceanstudio.net --- 443, listener port: 444
                            OWA and CWA certificate: *.oceanstudio.net
    because I only have one internet IP, so I install owa and cwa on the same server and same port.

    the port publish:
    443          192.168.1.202
    444          192.168.1.202
    25            192.168.1.202

    now the owa, cwa and all servers work very well.
    in internal server, the OC used Automatic configuration, and in DNS, there is a SRV record: _sipinternaltls to ocspool.oceanstudio.net, port: 5061

    now I want to login my OC outside the domain, and use the Manual configuration, how to set the "Internal server name or IP address" and "External server name or IP address" ? or need I publish other port to Internet?
    Tuesday, July 21, 2009 1:28 PM
  • hi mitch roberson,
         but when the cwa works very well when I used the wild certificate. you can visit: https://cwa.oceanstudio.net/ 
        test username: oceanstudio\dongjing
        password: pass@word1
    it's Chinese version by default.

    if I really need the SAN certificate, how to apply one in domain?
    Tuesday, July 21, 2009 1:35 PM
  • To use manual configuration set your Internal server using just the FQDN (assuming that TLS is used) and the External server as FQDN:Port.

    For example:

    Internal Servername or IP Address: pool.domain.com
    External Servername or IP Address: sip.domain.com:443

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, July 21, 2009 1:39 PM
    Moderator
  • Hello Jeff,
          what is sip.domain.com? what is External Server? need I install another server? in my envirement, how to set it? thanks.
    Tuesday, July 21, 2009 1:45 PM
  • If you haven't already you'll need to deploy an Edge server with at least the Access Edge role to allow OC clients to login to OCS from external networks.

    Take a look at the Planning for External User Access section of the documentation for more details:
    http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by Haiyang Ju Tuesday, July 21, 2009 2:02 PM
    Tuesday, July 21, 2009 1:54 PM
    Moderator
  • yes, now I understand. thanks.
    Tuesday, July 21, 2009 2:01 PM