locked
Communicator 2007 cannot sign in to Communications Service RRS feed

  • Question

  • I have OCS Standard Server installed on my domain but some clients are unable to log on when Automatic Configuration is turned on. The clients that unable to do so have different SIP domains than the one in which the OCS server is installed (no issues with clients in the same SIP domain as OCS server). Do I need to enter DNS SRV records for each SIP domain?
    Friday, June 13, 2008 6:31 AM

All replies

  •  

    Ok mate, assuming your OCS Std server is called OCS1 with ip 1.2.3.4, for each sip domain you will need the following DNS entries:

     

    "SRV" record for _sip._tls.<sipdomain> which points to port 5061 on host ocs1.<sipdomain>

    "A" Record for ocs1.<sipdomain> pointing to IP 1.2.3.4

     

    Obviously, these DNS entries need to be available to the clients. This way, automatic client config will work.

    Friday, June 13, 2008 2:47 PM
  • Thanks for the quick response!

     

    From your post, this is what I understand:

     

    My OCS server = ocs01 in domain eidos.com (ocs01.eidos.com)

    IP Address = 10.1.1.100

     

    The SRV record to be entered in DNS = _sip.tls.bgstudio.com (this is entered under the eidos.com domain, not the bgstudio.com SIP domain, correct?)

    host = ocs1.bgstudio.com; IP address = 10.1.1.100

     

    Friday, June 13, 2008 4:13 PM
  • First off, internally you use the _sipinternaltls._tcp.domain.com SRV record, not _sip._tls.domain.com

    You need that entry for each supported sip domain. So in your example you're using eidos.com and bgstudio.com SIP domains. You should have 2 DNS zones defined internally - 1 for eidos.com and 1 for bgstudio.com.

    I usually register a host record for sip.domain.com in each supported SIP domain. So, in your case you would register sip.eidos.com and sip.bgstudio.com pointing to 10.1.1.100.

    Each zone needs the SRV record _sipinternaltls._tcp. So in your eidos.com zone you need _sipinternaltls._tcp.eidos.com pointing to sip.eidos.com and in your bgstudio.com domain you need _sipinternaltls_.tcp.bgstudio.com pointing to sip.bgstudio.com.

    Now on your ocs01.eidos.com server, you need a certificate with a subject name of ocs01.eidos.com (actual machine name) and SAN entries of both sip.eidos.com and sip.bgstudio.com.

    You could do it without registering the sip.domain host records and just point the service records at the ocs01.eidos.com server, but I like to register the SIP records in case the MOC client needs to fall back it searches for sip.domain.com.
    Friday, June 13, 2008 4:37 PM
  •  

    Ok, I believe I have the SRV records enterered correctly but it's still not working:

     

    In my bgstudio SIP domain I have this (not working):

    _sipinternaltls._tcp.bgstudio.com pointing to ocs01.eidos.com

    _sipinternal._tcp.bgstudio.com pointing to ocs01.eidos.com

     

    My eidos SIP domain (working):

    _sipinternaltls._tcp.eidos.com pointing to ocs01.eidos.com

    _sipinternal._tcp.eidos.com pointing to ocs01.eidos.com

     

    OCS server has the proper certificate and SAN entries of all SIP domains.

    The clients in the bgstudio SIP domain only work if I configure them manually.

     

    Thanks.

    Friday, June 13, 2008 5:55 PM
  • Hi,

     

    The point you're missing is the _sipinternaltls._tcp.bgstudio.com must point to ocs01.bgstudio.com, not ocs01.eidos.com.

    This A record (ocs01.bgstudio.com) must point to IP address of OCS, no alias or A record in the other DNS domain, or you will have this autologon issue.

     

    Monday, June 16, 2008 8:09 PM