locked
error signing into OCS remotely RRS feed

  • Question

  • Hi everyone,

    I am hoping someone can point me in the right direction. I have just setup a new OCS environment for a proof of concept. I don't have everything setup the way I would like but since this is a test I think it should work.

    edge server - 2 NIC - 1 is 192.168.253.203 2 is 192.168.253.204 The firewall is doing NAT from the real worked to the 192.168.253.203 with ports 5061 and 443. I am not worried about a/v because this is for IM only right now.

    My OCS Standard is running on 192.168.253.205 with no firewall between the edge and internal. The OCS is also running my CA. I have setup two SRV records

    _sip._tls.test.com pointing to sip.test.com 5061 since I am using 1 IP I am using 5061 for my Access edge
    _sipfederationtls.test.com pointing to sip.test.com on 5061

    My edge isn't joined but I have put my Root internal CA on and created a cert at my internal CA. I Have put the root CA on my laptop and am trying to connnect and I get nothing. I get a error of "Cannot sign in because remote server is unavailab
    Internally everything is working fine. I can telnet to my server external IP on both 443 and 5061 and it connects. I cannot get hardcoding the info or auto connect to work on both communicator/LM.

    Any thoughts would be great.

    Tony
    Tuesday, July 28, 2009 12:52 AM

Answers

  • Hi Kevin,

    Thanks for the quick response. I was banging my head on this for the past 2 hours. I though I would run through everything again and found the problem. My firewall tech pointed my NAT at my internal IP instead of my external. Soon as I changed that I was GOLDEN :)

    Again Thanks for the quick response.

    Tony
    • Marked as answer by moto822 Tuesday, July 28, 2009 1:53 AM
    Tuesday, July 28, 2009 1:53 AM

All replies

  • Hi Tony,

    Let's start at the top:

    Edge server:  the 2 NICs should be on different subnets whenever possible.  Also, did you check the "this address is behind a NAT" box on the edge?

    Also, please make sure the access edge is actually configured to use 5061, otherwise by default in R2 it is 443 (I'd recommend leaving it 443).  If it is 443 you'll need to update your _sip._tls record to point to sip.test.com on 443.

    To troubleshoot you can turn on logging in communicator and have the events go to the windows log, this will tell you what records are being queried and how it's trying to connect.  To do this click on the drop down arrow in the upper left hand corner of MOC and choose "Tools">"Options">"General" and select "Turn on Windows Event Logging for Communicator".

    Let me know what you get from there.

    -kp
    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    • Marked as answer by moto822 Tuesday, July 28, 2009 1:51 AM
    • Unmarked as answer by moto822 Tuesday, July 28, 2009 1:51 AM
    Tuesday, July 28, 2009 1:22 AM
  • Hi Kevin,

    Thanks for the quick response. I was banging my head on this for the past 2 hours. I though I would run through everything again and found the problem. My firewall tech pointed my NAT at my internal IP instead of my external. Soon as I changed that I was GOLDEN :)

    Again Thanks for the quick response.

    Tony
    • Marked as answer by moto822 Tuesday, July 28, 2009 1:53 AM
    Tuesday, July 28, 2009 1:53 AM
  • Tony,

    Glad you have it working, I'd still recommend chaning the subnet on the access edge interface, you may see some flaky behavior there.  Even though it's just a POC it may cause some flaky behavior and tank the experience.  Have a good one!

    -kp


    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    Tuesday, July 28, 2009 2:44 AM
  • Hi Kevin,

    I have been working on doing that as we speak. Do you know if I have my Access edge setup to 5061 should my SRV record be pointing to 5061 or 443. I have had some issues with this a while back and can't remember. I thought if I had it set to 5061 I would have problems with Live meeting connecting.

    thanks

    tony
    Tuesday, July 28, 2009 3:13 AM
  • Tony,

    The SRV records should point to whichever port the service is actually using.  For Live Meeting, the LM client will use the SRV record to talk to the edge server, the edge server will then pass the information on where the differenet services reside back to the LM client in band.  It's important to make sure the ports are open, with hostnames and certificates for each service configured properly on the Edge and FE servers.

    -kp
    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    Tuesday, July 28, 2009 11:39 AM