locked
unable to use live meeting for external users RRS feed

  • Question

  •  

    Hi all,

     

    I've a trouble when i want to use Live meeting for my external users.

    Internal users work fine with im, video, voice and Live meeting. Edge server is deploy.

     

    I've som messages on client, snooper on FE and on FE.mocs/validation wizard:

     

    On my internet mocs client: Unable to connect to Livemeeting service. Check URL and retry ... (no additionnal logs)

     

    On snooper on FE:

    TL_INFO(TF_PROTOCOL) [0]1D5C.0D6C::02/15/2008-15:09:46.126.0002ee5e (SIPStack,SIPAdminLog::TraceProtocolRecord:1224.idx(122))$$begin_record
    Instance-Id: 000011C2
    Direction: incoming;source="internal edge";destination="external edge"
    Peer: mocs.xxxx.local:5061
    Message-Type: response
    Start-Line: SIP/2.0 401 Unauthorized
    From: <sip:test@domain.com>;tag=b435809964;epid=eaaf9de071
    To: <sip:test@domain.com;gruu;opaque=app:conf:focus:id:754B9E5903E96B4EBF4E34FB87091DCC>;tag=EA1C720B20237DB0BED54CF386C61BDF
    CSeq: 1 INVITE
    Call-ID: e3334df96f6a446881b07704afa74e45
    Date: Fri, 15 Feb 2008 15:11:01 GMT
    WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="MOCS.domain.local", version=3
    Via: SIP/2.0/TLS (private ip):2404;branch=z9hG4bKDC29DE54.DB072453;branched=FALSE;ms-received-port=2404;ms-received-cid=100
    Via: SIP/2.0/TLS (public ip):3915;ms-received-port=3915;ms-received-cid=DC00
    Content-Length: 0
    Message-Body: –
    $$end_record

     

    On FE.mocs/validation wizard:

    I launch Validation wizard on my Fe.mocs Std and i have a trouble with report 'edge authentication A/V':

    "Failure [0xC3FC200D] One or more errors were detected

     

    Edge authentication A/V: unable to contact Edge d'authentication A/V server.

     

    For information, my trouble is just for lauching a live meeting session whith an external user on Internet.

     

    I use Isa 2K6 for publishing live meetings components.

     

    Do you have some ideas for this ?

     

    Any help would appreciate.

     

    Thanks a lot.

     

     

     

    Friday, February 15, 2008 10:41 PM

All replies

  • Have you deployed and properly configured all 3 edge roles?  The Confrencing edge needs a public IP, a DNS a record, and a public cert.  The name on the cert and the A record should match and that name should be listed on the properties sheet of both the forest and the pool (in the OCS console on the FE).

     

    From the client can you telnet to the Confrencing edge IP on 443?

    Saturday, February 16, 2008 8:35 AM
  • Yes i think it's correct according to EdgeDeploy.doc.

     

    My Edge conf is based on 3 nics: 2 for Wan (no nat) and 1 for lan.

     

    Web Conf and A/V roles on the same dedicated nic and Acces on another dedicated nic.

    1 dedicated NIC: Web Conferencing (443)

    1 dedicated NIC: Acces (5061, 443) and A/V (443 and 50000-59999)

     

    The internal nic is on the same subnet as MOCS.FE.

     

    Yes, my client can reach 443 ip port/edge and all edge ports has been test successfully form the internet.

     

    I user my own private Pki for certificates, it's a problem for external users ?

     

    I use MS.dns for my public dns ressources and i have a A record for edge.publicdomain.com

     

    what about my logs in the first post ?

     

     

    Saturday, February 16, 2008 3:23 PM
  • The edge servers should really be thought of as 3 seperate roles.  Infact, in some cases they are 3 seperate machines.  You should have 3 diffrent public IPs and 3 A records, one for each of the edge roles (access, conf, a/v).  The number of NICs doesnt matter, just the number of IPs.  What IP does your edge.publicdomain.com record point to?  You need something like access.publicdomain.com, conf.publicdoman.com and av.publicdomain.com.

     

    A private PKI should be fine as long as all your clients trust it.

     

    The first log (the capptured packet) is difficult to understand without more context.  The second error pertains to the a/v auth service and is likely a seperate problem.

     

    Have you tried running a validation on the edge server?

     

     

    Saturday, February 16, 2008 4:39 PM
  •  

    Ok i change my edge configuration with your recommandation.

     

    edge.domain.com  pub ip 1
    conf.domain.com  pub ip 2
    av.domain.com  pub ip 3

     

    edge.domainpriv.local private ip

     

    Yes Validation wizard is ok (just 1 error for no srv federation).

     

    I see my desktop log when i try to connect to livemeeting i have this error:

    ----

    LiveMeeting was unable to resolve the DNS hostname of the login server mocs.domainpriv.local

    Resolution:

    If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for mocs.enneade.local because it could not be resolved.

     

    Im' trouble with this capture ... why Communicator/Live meeting try to access my internal ip srv ?

     

     

    I'm using for the moment manual configuration : like this:

     

    Internal ip srv: mocs.domainpriv.local

    External Ip srv: edge.domaine.com:443

     

    It's correct or not ? Manual or Auto is prefered ?

     

     

     

    Sunday, February 17, 2008 8:32 PM
  • Are you getting the same error as before?  Communicator can connect but live meeting cannot?

     

    Communicator and Live meeting will try the internal configuration as well as the external incase the client is located inside your network.  Just for troubleshooting purposes, you may want to try setting both internal and external server names on the client to edge.domaine.com:443.

     

    Automatic configuration is prefered if you can configure it.  See the edge deployment guide for all the details.  but manual configuration will work fine and is often better for testing until you get the servers working properly.

    Monday, February 18, 2008 3:41 PM
  • Hi James, first thanks for your support, it's a pleasure for me.

     

    Yes i have the same error as before.

     

    I try a new method ... on my internal outlook i send and email to my external users with Livemeeting option.

     

    On the external user, i receive the mail and i can connect to the meeting with read-only acces ... but it's ok.

     

    The reverse is not possible. Could you confirm that it's possible, without send an email, to start an Im conversation from external user to internal user ... and launch on taskbar 'share informations with livemeeting' ?

     

    For automatic configuration, i see the MS Doc for edge deployement but i really don't understand or it's a mistalke about external and/or internal users.

     

    I explain,i've an internal Active Directory name mydomain.local and mypublicdomain.com  ... all my Mocs Solution is based on my Local FQDN AD (here: mydomain.local)ok fot that. But when i'm in my local compagny  .. my communicator use the private name (here mydomain.local) ok ? I hope Smile When i'me outside my compagny i want to use Ocs Solution with remote Edge acces, so communicator user external server with valid certificate, correct ? but i don't understand exactly what user@domain use ???? private or public (with adding UPN sufix on my private AD)

     

    Sorry for all it's very confused for me ...

     

     

    Monday, February 18, 2008 5:15 PM
  • The fact that live meeting works though email, but IM meetings dont work makes me think that the confrencing edge server DNS address is not properly listed on the confrencing properties page for the OCS pool.  The OCS Front-end server needs to know the external DNS name you have assigned to the confrening edge in order to direct external clients to the right place.  I dont have an OCS machine in front of me, but there should be a tab on the web properties of the ocs pool where you enter both the internal and external names of the confrencing edge.  You should enter "conf.domain.com".

     

    Setting up srv records for sign on is fairly easy if you have a good understanding of DNS.  You just need 2 srv records.  If the sip addresses of your users are name@domain.com use the following:

     

    _sip._tls.domain.com - this record should point to the name and port of the external interface of your access edge server

    _sipinternaltls._tcp.domain.com - this record should point to the port and name of your front end server


    This assumes you are using TLS for everything.

    Monday, February 18, 2008 11:04 PM
  • Hi UC'ers

    Go to the OCS front end server MMC snapin.

    Right click on Your server name/ then Properties / then Web Conferencing Properties.

    The second tab will be Web Conferencing Edge Server and a GUI to set the Internal and External FQDN of your web conferencing edge server.

    Here is an image of what you are looking for: http://www.box.net/shared/58ovqusqzz

    Good luck,
    KOT
    • Proposed as answer by Mac McRae Monday, September 14, 2009 11:03 AM
    Monday, September 14, 2009 11:02 AM