Auto Login - wierd issue RRS feed

  • Question

  • Help me from going mad please.

    I am configuring auto login, I have done it many times but I think I am going mad.

    If I use manual login it all works, via TLS and the certificate is fine.

    My domain is vlan205.local, all users are configured as userid@vlan205.local. The OCS pool is called vlan205-ocs1.vlan205.local. My SRV record is _sipinternaltls._tcp.vlan205.local and this points to an A record for the OCS pool

    BUT, I get this error in the event log on my clients,


    Event Type:    Error
    Event Source:    Communicator
    Event Category:    None
    Event ID:    2
    Date:        6/24/2008
    Time:        10:10:49 PM
    User:        N/A
    Computer:    VLAN205-CLIENT2
    Communicator was unable to locate the login server.  The DNS SRV record that exist for domain vlan205.local point to an invalid server vlan205-ocs1.vlan205.local which is not trusted to provide support for the domain because the server's domain is not an exact match.

    Am I going insane? I have checked and double checked!

    Has anyone else seen this issue, the domains are the same, so why do I get an error that indicates they are not the same


    Tuesday, June 24, 2008 9:20 PM

All replies

  • What you will have to do (in your internal DNS) is to create a ZONE named the same as your "SIP" domain in my case visualgov.com since I want to use my users email addresses in OC 2007.

    After that you start with creating two A records, one Named "sip" and one named "sipinternal" these two should point to the IP address of your standard OCS server or your enterprise pool.

    Second you should create a SRV record looking like this:

    Domain: visualgov.com

    Service: _sipinternaltls

    Protocol: _tcp

    Port: 5061

    Host offering service: should be the A record (in my case sip.visualgov.com)

    After you have created these DNS records you should create a certificate with the Subject name of your FQDN of the server. And a Subject alternative name of the A record (in my case sip.visualgov.com)

    This should do it internally.

    And the external DNS configuration is just as the guide says it is.


    Keith Kabza OCS-MVP



    Wednesday, June 25, 2008 5:29 AM
  • Thanks for taking the time to reply, but we seem to be on crossed lines.

    My SIP domain is vlan205.local, my AD domain is vlan205.local, my server domain suffix is vlan205.local and my SRV records are in the DNS zone for vlan205.local pointing to the pool address which is in vlan205.local. Basically everything is vlan205.local, there are no other domains involved.

    Yet I still get the error message telling me that the server is not trusted because the domain suffix of the server does not match the SIP address.

    Now, I know all about the limitations of having a SIP address suffix of .local - but we are not interested in connecting this to the outside world and matching SIP and SMTP addresses is not required for this system. Basically I just want auto config to work using our single domain.

    Many thanks,

    Wednesday, June 25, 2008 6:35 AM