Different UPN suffixes in one domain and OCS 2007 RRS feed

  • Question

  • I am setting up a lab at the moment and have OCS SE working with native upn logins.
    However I need to give differet group of users separate upn suffixes to login in with. These work with the workstation login, Outlook etc except when it comes to getting OC to login. It just hangs.
    The validation message was:
    "Failed to establish security association with the server: User annie.leibovitz Domain bigbank.com Protocol Kerberos Server sip/ocs02.vtestcom.com Target Invalidated"

    If I use the native upn suffix with the same users it works ok.

    The UPN suffixes are setup in the forest fine, how ever is there any DNS or OCS changes that need to be made to get it to work?

    Tuesday, January 6, 2009 2:30 AM

All replies

  • Hi,

    that should work just fine.. I do it all the time. I add a UPN suffix on forest level, modify the user logon name on the account to use the correct UPN suffix, configure the UPN suffix as a SIP Domain in OCS and finally alter the user's SIP Address into the new UPN Suffix.

    IF you are using automatic configuration you do need to make sure you have the correct SRV records in place AND that the certificate on your SE server is configured with the additional FQDN for your SIP Domain.

    Check your event logs for additional information...

    Tonino Bruno

    Tonino Bruno | Belgian Pro-Exchange Community | http://www.pro-exchange.be
    Tuesday, January 6, 2009 8:52 PM