CWA 2007 R2 External Access Question RRS feed

  • Question

  • I have OCS 2007 R2 Environment with a front end + edge server.

    Today i installed Communicator Web Access Server 2007 R2.

    I want to use only one server for internal and external access.

    There are two network cards, both configured with an internal ip-address of our LAN.

    I created a virtual server for internal access today, with port 443 and binding to the first network card with a SAN Certficate. Everything went fine. I can access CWA from our internal LAN.

    I created another virtual server for external access, again with port 443 and binding to the second network card with the SAN Certificate. This also went fine.

    I disabled the IIS Default Website and prevented the external network interface of my CWA Server from registering DNS Record.

    Tomorrow i want to publish the external access with ISA Server 2006 SP1.

    Now here are my questions:

    1.) During Creation of virtual servers i could specify a listening port for sip traffic. I chose 5061 for internal virtual server and 5062 for external virtual server. Was that right?

    2.) Our internal domain is the same as our external domain (ourdomain.com). I have published the websites for cwa as follows:
    internal access: ourcwaserver.ourdomain.com
    external access: im.ourdomain.com

    Was that right?

    3.) Are there any firewall ports that have to be opened between a. CWA Server and Front End Server b. CWA Server and Edge Server?

    4.) Do you see any other misconfiguration in my setup?

    Tuesday, August 18, 2009 8:39 PM


All replies

  • O.K., no reply so far, so i will try to configure external access now and post the results later.

    In the meantime any answers are welcome.
    Wednesday, August 19, 2009 10:56 AM
  • Hello Thomas

    on a first view this sounds complicated for me ...

    If you have intern and extern the same ourdomain.com name why do you use different names for accessing CWA? I would suggest to use for internal and external access the same names.

    1. I have setup only 1 CWA Server named cwa.ourdomain.com with the necessary SAN certificate (cwa.ourdomain.com,as.cwa.ourdomain.com and download.cwa.ourdomain.com)
    2. Then I created the necessary DNS records on the internal DNS server responsible for internal direct access and on the external DNS server for external access.
    3. Then I published the CWA server on ISA for external access. Do not forget to listen on all three names in your publishing rule.

    Worked for me, ... if you have further questions, please ask

    Wednesday, August 19, 2009 11:26 AM
  • O.K.,

    i did setup external access today and it worked fine. I can reach im.mydomain.com from outside the organisation. Only thing thats not working is desktop sharing. I believe that is caused due to missing cname records in internal dns.

    So now i have:

    https://cwaserver.mydomain.com for internal access and

    https://im.mydomain.com for external access

    As you suggested i would like to use im.mydomain.com for internal access too. During setup of CWA i could define the urls for internal and external access. How can i change the url for internal access after setup?

    As i read in technet documentation i need to create additional entries in internal DNS.

    a.) An additional A Record im.mydomain.com pointing to ip of cwa server
    b.) as.im.mydomain.com pointing to im.mydomain.com
    c.) download.im.mydomain.com pointing to im.mydomain.com
    d.) an additional cname record that maps im.mydomain.com to cwaserver,mydomain.com



    • Edited by UTTO Wednesday, August 19, 2009 8:49 PM
    Wednesday, August 19, 2009 8:43 PM
  • O.K.,

    i changed the internal url to im.mydomain.com today.

    I had to alter the SPN that was registered for the cwaservice account after the change.

    I created the following DNS Records:

    A Record im.mydomain.com pointing to ip of cwa server
    CName as.im.mydomain.com pointing to im.mydomain.com
    CNAME download.im.mydomain.com pointing to im.mydomain.com

    Now i can login to im.mydomain.com from our internal lan successfully.

    But there are two problems.

    1.) When a user logs in CWA the status is Offline and cannot be changed
    2.) When i want to invite someone by email there appears no message that i can copy.

    How to resolve that?
    Thursday, August 20, 2009 10:57 AM
  • If you go to the CWA Console and there on properties, what are your configuration settings? Especially on the Authentication Tab. (Built-in-Authentication/Forms Authentication?) Have you run all the validation wizzards on your frontend (Validate Configuration/Validate Connectivity) and are they all error free?

    Thursday, August 20, 2009 12:02 PM
  • We had some problems with one of our domain controllers. It works great now.
    Friday, August 21, 2009 2:29 PM