Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Edge Server Connection RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I installed my edge server and now I am trying to access it from the outside with the OCS client.  If I try the automatic settings on the client, I get this message :

     

    Communicator was unable to resolve the DNS hostname of the login server sipexternal.anaheim.net

     

    I have added all of the correct SRV records.  Any idea why I get this message?  I did not find any documentation about this record.  When I created it , I could not connect because the certificate did not match.

     

     

    Tuesday, June 19, 2007 6:44 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Mpowley,

     

    any update on this  ?

     

    I checked the documentation and the client queries hsould be as follows:

     

    Client DNS Queries

    During DNS lookup, SRV records are queried in the following order:

    ·         _sipinternaltls._tcp.domain - for internal TLS connections

    ·         _sipinternal._tcp.domain - for internal TCP connections (performed only if TCP is allowed)

    ·         _sip._tls.domain - for external TLS connections

    ·         _sip._tcp.domain - for external TCP connections

    If the first query succeeds, the client uses that first record and does not continue querying for any other SRV records.

     

    So there is no sipexternal.<your domain> when using automatic configuration and the third client query should be successful.

     

    Regards

     

    Athanasios

     

    Monday, June 25, 2007 4:10 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    I forgot to add, that if I manually set the connection, it works.
    Tuesday, June 19, 2007 9:28 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Mpowley511,

     

    I succesfully resolved the A Record of your external Edge Server interface (sipexternal.anaheim.net) and this means it is published correctly. But I failed to resolve the corresponding SRV Record _sip._tls.anaheim.net. which is a requirement for automatic configuration.  


    Based on the Edge Server Deployment Documentation you need the following SRV Record:

    Page 44


    DNS records
    The following DNS SRV records are required by the Access Edge Server

     

    A DNS SRV (service location) record for _sip._tls.contoso.com over port 443 where contoso.com is the name of your organization’s SIP domain. This SRV record must point to an A record with the external FQDN of the Access Edge Server that resolves to the VIP on the external load balancer used by the Access Edge Servers. If you have multiple SIP domains, you need a DNS SRV record for each. This SRV record supports automatic configuration for remote users for instant messaging and conferencing.


    Would you please publish that too and verify if it works then.


    Thanks and Regards

    Athanasios

    Wednesday, June 20, 2007 1:11 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
     Athanasios Carassimos [MSFT] wrote:

    Hello Mpowley511,

     

    I succesfully resolved the A Record of your external Edge Server interface (sipexternal.anaheim.net) and this means it is published correctly. But I failed to resolve the corresponding SRV Record _sip._tls.anaheim.net. which is a requirement for automatic configuration.  


    Based on the Edge Server Deployment Documentation you need the following SRV Record:

    Page 44


    DNS records
    The following DNS SRV records are required by the Access Edge Server

     

    A DNS SRV (service location) record for _sip._tls.contoso.com over port 443 where contoso.com is the name of your organization’s SIP domain. This SRV record must point to an A record with the external FQDN of the Access Edge Server that resolves to the VIP on the external load balancer used by the Access Edge Servers. If you have multiple SIP domains, you need a DNS SRV record for each. This SRV record supports automatic configuration for remote users for instant messaging and conferencing.


    Would you please publish that too and verify if it works then.


    Thanks and Regards

    Athanasios

     

    I did set up the record -  Here is a nslookup from dns server 4.2.2.2:

     

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\mpowley>nslookup
    Default Server:  coadc01.anaheim.intranet
    Address:  172.20.1.36

    > server 4.2.2.2
    Default Server:  vnsc-bak.sys.gtei.net
    Address:  4.2.2.2

    > set type=srv
    > _sip._tls.anaheim.net
    Server:  vnsc-bak.sys.gtei.net
    Address:  4.2.2.2

    Non-authoritative answer:
    _sip._tls.anaheim.net   SRV service location:
              priority       = 0
              weight         = 10
              port           = 443
              svr hostname   = edge.anaheim.net
    >

    Wednesday, June 20, 2007 6:29 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Mpowley511,

     

    I myde a typo yesterday and this was the reason why I could not resolve the SRV Record. Trying it again today I was able to do so.

     

    I think we need some more information on this issue.

    You wrote that the certificates did not match when you created the SRV Record and tried to connect.

     

    Did you issue a certificate to the Edge proxies external interface from a internal CA or is it a public certificate ?

    Is the issuing CA trusted by the client ?  

    Which error message do you receive exactly when you use automatic configuration ?

    Did you execute the Validation wizard on the Edgeproxy with checked Auto Login option and receive any failures ?

     

    Could you send me the logs, if so please also provide your email address so I can get in contact with you.  

     

     

    Regards

     

    Athanasios

     

     

    Thursday, June 21, 2007 12:32 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

     I created an A record for sipexternal.anaheim.net  -  When I created the record, I could not connect because my public certificate's name did not match.  Here is the message that I got:

     

    Communicator could not connect securely to server sipexternal.anaheim.net because the certificate presented by the server did not match the expected hostname (sipexternal.anaheim.net).

     

    This seems odd that I need this address and need to have the SAN on the cert.   

    Thursday, June 21, 2007 3:37 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Mpowley511,

     

    as far as I understood you are using a public certificate for the external interface of your edge server.

    Resolving the SRV record _sip._tls.<yourdomain.com> I receive edge.<your domain.com>.

    Of course there is also the sipexternal A Record but :

     

    Which FQDN entry did you use in this certificate ?

    Are there any other entries in the SAN field ?

     

     

    Regards

     

    Athanasios

     

    Thursday, June 21, 2007 4:41 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Mpowley,

     

    any update on this  ?

     

    I checked the documentation and the client queries hsould be as follows:

     

    Client DNS Queries

    During DNS lookup, SRV records are queried in the following order:

    ·         _sipinternaltls._tcp.domain - for internal TLS connections

    ·         _sipinternal._tcp.domain - for internal TCP connections (performed only if TCP is allowed)

    ·         _sip._tls.domain - for external TLS connections

    ·         _sip._tcp.domain - for external TCP connections

    If the first query succeeds, the client uses that first record and does not continue querying for any other SRV records.

     

    So there is no sipexternal.<your domain> when using automatic configuration and the third client query should be successful.

     

    Regards

     

    Athanasios

     

    Monday, June 25, 2007 4:10 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I created  the A record for sipexternal.anaheim.net and added it to SAN on the certificate.  It works. I am puzzled why the address is necessary.  I could not find it anywhere in the documentation.
    Wednesday, June 27, 2007 12:20 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I encountered this after i changed the ip addresses around and neglected to change them on our dns server. In this case the clients were pointing fine to my external sip domains but internally the servers were not capable of communicating correctly. External calls were "flaky" sometimes they worked other times they didn't. Made the modifications in DNS for internal communications and rebooted and this resolved this error.
    Jay
    Tuesday, March 10, 2009 9:32 PM