Client SRV resolution issues/Address Book logon combo RRS feed

  • Question

  • I have a clean install of OCS 2007 and everything appeared to be working great until I logged in with a client. This is an internal only installation using only IM and Archiving. The domain being installed into is single namespace DOMAIN.


    • The client is running in a Windows 2003 server.
    • Autoconfiguration has been configured:
      • SRV record for _sipinternaltls._tcp.DOMAIN created
      • Host A record for hostname.DOMAIN created
    • From the 2003 box I can resolve the SRV record doing NSlookup per the many DNS reference docs out there. But when I launch the OC Client, the event log indicates it can't locate the record. Even though I just found it using nslookup. So...I created the sip.DOMAIN CNAME record.
    • Wow! Client connects. Makes sense, since that is what is supposed to happen when the SRV record can't be resolved.
    • Now I get a popup asking for my credentials which never are accepted. I have checked the sites in IIS on the OCS server and they appear fine (http://www.ocspedia.com/ABS/ABS_Errs.htm)

    So...if I leave the CNAME in place clients can at least connect automatically, but it seems like they should be able to do the same by using the SRV record alone.


    Not sure what the deal with the address book repeatadly asking for my username is, but figure I should work one issue at a time. (And http://blogs.technet.com/networking/archive/2007/09/18/ocs-2007-continuous-prompts-for-address-book-download.aspx is not displaying correctly for me!)





    Friday, June 27, 2008 7:01 PM

All replies

  • I doubt strongly that OCS is supported in a Single Label Domain

    Maybe if you change your SIP URI to a two level domain it might work correctly

    Friday, June 27, 2008 11:07 PM

    CNAME is not supported for sure!

    I doubt if single label domain name is supported in OCS.


    I'd suggest to go for a different sip domain (not single label ) than the AD domain. then create the appropriate SRV record...


    R. Kinker
    MCTS - LCS 2005, MCTS - OCS 2007

    Sunday, June 29, 2008 2:32 PM
  • I have searched to get a definitive support policy on Single Label Domain Names, and have not found any prereq's that flat out say one way or the other. That is item 1 on whatever call this problem will inevitably result in.

    CNAME entry is allowing the client to use autoconfiguration. So it may not be supported, but is allowing the clients to at least login. That leaves me with the address book error. Repeated login prompts, and despite a known good password, can't access it.

    Incidentaly, I have tried to access the https://OCSServer/abs site and can't authenticate there. That initially led me to believe there was an issue with the security settings on the site...but they appear to be set correct. NTFS perms appear correct as well.
    • IIS Site is set to use integrated authentication only
    • Domain Users have read/list access

    Monday, June 30, 2008 6:55 PM
  • I've posted in some other threads regarding CNAME usage.  I've gotten it to work but also agree that the definition of supportability isn't documented well; it's left up for some interpretation.
    Monday, June 30, 2008 7:19 PM
  • What is baffling me the most, is why the MOC client won't resolve the SRV record. I can resolve from the command line using nslookup all day long...but the client reports in the list of event log errors, that it can't find the SRV records.
    Monday, June 30, 2008 11:19 PM