locked
Office Communicator Connection problems at Remote Sites Using VPN RRS feed

  • Question

  • I've just installed OCS 2007 Standard at our corporate office on a Server 2003 R2 machine.  All functionality seems to be working within our corporate office, but communicator will not connect at our remote sites.

     

    Details:

    Remote sites connect to Corporate Office via T1 VPN through Cisco ASA 5505 firewalls.  Firewalls are setup to allow any traffic from the approve subnet (no filtering or blocking based on data type).  DNS is handled by AD at corporate site, each club has separate subnet.

     

    The client machine at the remote site can see the OCS server and the SIP DNS entry.  It also picks up the auto configuration, so it sees the OCS server and DNS settings.

     

    I ran a debug session on the OCS server while running a login from a remote site.  The debug report shows that the client does successfully connect to the OCS server and authenticates, but then fails in the end with an error: WSAECONNRESET.  The text description states a send failed and it terminated the connection as a result.  The client reports that the server is temporarily unavailable and to try again.

     

    A Few Tertiary Questions:

    Our network is private and we are not going to allow outside access to the OCS… but we communicate to our remote sites through T1 public internet connections via VPN… we don’t need an edge server to facilitate this correct?

    Also, during our experiments within the corporate site IM chat sessions with multiple users the chat fails and does not display messages to the users.  One-on-one works fine (as wells as audio and video conferences).

     

    Thanks in advance for your help!

    Friday, June 6, 2008 3:17 AM

Answers

  • Jeff,

     

    This is a fresh OCS implementation, we've never used any communication system other than exchange.

     

    At the moment we are unable to get our remote users to connect (we believe we may have found the culprit, but haven't implemented the fix yet), so the attendees in the chat are all at the corporate level.  Their presence does show correctly as available and in the chat (all users can see each other).

     

    If you don't mind, I actually had a specific question for you.  I trolled the forum for any tips and information regarding the OCS system and found an artcle that you posted regarding changing the computer name of a server that you misnamed initially.  You explained the difficulty in correcting the problem due to the massive AD attributes on the domain... with that in mind, our OCS install was done to test it before actually commiting and purchasing the full version (we are on a eval).  If we proceed with purchasing and want to move the OCS to a more powerful server, would it be possible/easy to do a fresh install and "clone" the settings of the eval server, then name the new server the same as the eval server was and assign the same IP?  If not, would the best solution be to decommission the eval server as Microsoft explains on the OCS technet guide and redeploy on the new server?

     

    I hope you don't mind me asking the longwinding question and THANKS for all of your posts throughout the forum and responding to my question!

     

    [UPDATE]

    I figured out the multi-user chat problem this morning, we are having a certificate issue that is causing TLS to fail.  I deactivated the TLS protocol and it works over TCP.  We are going to be purchasing a new certificate when we upgrade to a full edition.

     

    Friday, June 6, 2008 2:59 PM

All replies

  • Was this an upgrade from LCS or a fresh OCS implementation?

     

    And to verify, the multiple-attendee chat sessions which are failing are all corporate office users and don't include any of the remote office users?  If so, when you invite additional users to a 1-on-1 chat session does their presence show correctly, or do they appear offline?

     

    Friday, June 6, 2008 1:25 PM
    Moderator
  • Jeff,

     

    This is a fresh OCS implementation, we've never used any communication system other than exchange.

     

    At the moment we are unable to get our remote users to connect (we believe we may have found the culprit, but haven't implemented the fix yet), so the attendees in the chat are all at the corporate level.  Their presence does show correctly as available and in the chat (all users can see each other).

     

    If you don't mind, I actually had a specific question for you.  I trolled the forum for any tips and information regarding the OCS system and found an artcle that you posted regarding changing the computer name of a server that you misnamed initially.  You explained the difficulty in correcting the problem due to the massive AD attributes on the domain... with that in mind, our OCS install was done to test it before actually commiting and purchasing the full version (we are on a eval).  If we proceed with purchasing and want to move the OCS to a more powerful server, would it be possible/easy to do a fresh install and "clone" the settings of the eval server, then name the new server the same as the eval server was and assign the same IP?  If not, would the best solution be to decommission the eval server as Microsoft explains on the OCS technet guide and redeploy on the new server?

     

    I hope you don't mind me asking the longwinding question and THANKS for all of your posts throughout the forum and responding to my question!

     

    [UPDATE]

    I figured out the multi-user chat problem this morning, we are having a certificate issue that is causing TLS to fail.  I deactivated the TLS protocol and it works over TCP.  We are going to be purchasing a new certificate when we upgrade to a full edition.

     

    Friday, June 6, 2008 2:59 PM
  • Good catch on the cert issue; OCS's reliance on certificates for encrypted TLS connection is one of the most complicated changes versus previous TCP-only implementation of LCS.  I've been burned in the past before by not reading closely what I just configured on a cert Smile

     

    I think it's possible to clone the server, but probably not easy.  I would personally follow the supported path of decommissing the evaluation server.

    Friday, June 6, 2008 3:51 PM
    Moderator