locked
External Web Content URL is required for External LiveMeeting? RRS feed

  • Question

  • For External LM:

    1. I've allowed External Anonymous LM
    2. I've deployed Edge with all AV, Webcon and SIP roles with valid public certs
    3. I've opened up external ports (443) and AV ports

    I can also confirm Internal LM works.

    My question is, and hopefully it's not too simple:

    Is the reverse proxy (and hence, a valid "External URL for Address Book ", "External URL for Meeting Content Download " and "File Share URL for External connections") on the OCS Pool required ?

    Is the standard implementation for this is to just install ISA on the Edge Server on a new IP address (with HTTPS Bridging) and point it to the Internal OCS Std Pool URL?

    Cheers
    Tuesday, September 8, 2009 12:36 AM

Answers

  • Matty_C

    A reverse proxy is not required, however you will run into issues with Address Book, Content Download, and Whiteboards (among other things) for external clients if you do not do this. 

    ISA should be  deployed on its own host machine and shouldn't share a server with OCS roles.  Typically you would just put a public IP on one of the NICs and use a publishing rule to get it internal.  Here's a good read on that:

    http://technet.microsoft.com/en-us/magazine/2009.03.isa.aspx?pr=blog

    hope this helps!

    -kp

    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    • Marked as answer by Matty_C Tuesday, September 8, 2009 3:23 AM
    Tuesday, September 8, 2009 2:27 AM

All replies

  • Matty_C

    A reverse proxy is not required, however you will run into issues with Address Book, Content Download, and Whiteboards (among other things) for external clients if you do not do this. 

    ISA should be  deployed on its own host machine and shouldn't share a server with OCS roles.  Typically you would just put a public IP on one of the NICs and use a publishing rule to get it internal.  Here's a good read on that:

    http://technet.microsoft.com/en-us/magazine/2009.03.isa.aspx?pr=blog

    hope this helps!

    -kp

    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    • Marked as answer by Matty_C Tuesday, September 8, 2009 3:23 AM
    Tuesday, September 8, 2009 2:27 AM
  • Kevin, thanks for clarifying.   I ended up using a BigIP for the reverse proxy.  

    What you said is interesting because LiveMeeting external anonymous clients were not able to connect via LiveMeeting.  The only configuration problem I could see what the null.company.com EXTERNALWEBFQN I set.

    I have just set the EXTERNALWEBFQDN for the Pool with LcsCmd and now I am seeing MOC Clients throw the "Cannot synchronize with the Corporate Address book". 

    The only thing I changed was the EXTERNALWEBFQDN URL which is a valid https (including cert) but is only resolvable from outside.  Internal clients won't be able to DNS it.   I figure we are dealing with split DNS here.  Internal clients shouldn't need to try to resolve the ExternalWebFQDN URL so it doesn't need to exist?    To test this, I set the EXTERNALWEBFQDN back to www.eventzero.com (which resolves, but isn't a valid OCS URL for content) and now the MOC internal clients are no longer complaining about Address Book sync issues.

    Does EXTERNALWEBFQDN need to be resolvable from Internal Clients?
    Tuesday, September 8, 2009 3:31 AM
  • Matty_C

    Did you use a public CA or a self signed for the live meeting roles?  Typically when I've run into issues with external clients not being able to connect it was a certificate problem, although not always. 

    As far as internal/external DNS, I'm not 100% sure the client has to be able to resolve the external names, but I've always replicated the public name space internally to the appropriate server, its quick and easy and may make things a bit easier.

    -kp
    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    Tuesday, September 8, 2009 3:56 AM