locked
Signin form a machine outside of domain? RRS feed

  • Question

  • Hi,

    I've just intsalle OCS 2007 R2 and tested it succesfully with Office Communicator 2007 in a machine that is part of domaint.

    Is it possible to connect with Office Communicator 2007 from a machine that is not part of any domain?

     

    I've tryed it and i am receiving this error message:

    "There was a problem verifying the certificate from the server. Please contact your system administrator."

     

    Thanks

    Monday, December 13, 2010 10:00 AM

Answers

  • It is not a requirement that workstation be domain-connected but the reason it works natively is that the domain member will automatically trust the certificate on your OCS server in most deployments as it's from a trusted internal CA.

    You'll need to export the certificate chain from an domain member and import it into the workstation you are testing from.  See this blog article for more details: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=72


    Jeff Schertz, Microsoft Solutions Architect - Polycom | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by unexpectedkas Monday, December 13, 2010 4:47 PM
    Monday, December 13, 2010 1:35 PM
    Moderator

All replies

  • It is not a requirement that workstation be domain-connected but the reason it works natively is that the domain member will automatically trust the certificate on your OCS server in most deployments as it's from a trusted internal CA.

    You'll need to export the certificate chain from an domain member and import it into the workstation you are testing from.  See this blog article for more details: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=72


    Jeff Schertz, Microsoft Solutions Architect - Polycom | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by unexpectedkas Monday, December 13, 2010 4:47 PM
    Monday, December 13, 2010 1:35 PM
    Moderator
  • Thank you very much Jeff,

    I'm going right to the blog to test it and will come back to post the results.

    Monday, December 13, 2010 2:51 PM
  • So you were rigth.

    Additionally, I've changed the machine DNS to my server.

     

    Now I can signin, chat and video call from outside of domain.

     

    Thanks a lot.

    Monday, December 13, 2010 4:50 PM
  • Last question about this topic:

     

    Is it possible to configure the Communicator to autosignin from a machine outside of domain?

    Tuesday, December 14, 2010 4:05 PM
  • Yes, see this article for directions on how to setup the SRV records on an external DNS zone:
    http://technet.microsoft.com/en-us/library/dd425138(office.13).aspx

    Also take a look at the latter half of this article for more details on how to handle automatic lookup for multiple SIP domains, if applicable:
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Lists/Posts/ViewPost.aspx?ID=79


    Jeff Schertz, Microsoft Solutions Architect - Polycom | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, December 14, 2010 5:51 PM
    Moderator