Autenticación de varios Sufijos UPN alternativos en OCS2007

Todas las respuestas

• 

  

  0

  Inicie sesión para votar

  Estimado tenes que crear los registros SRV sipinternaltls y un registro asociado al nombre del Pool de OCS 2007 para cada dominio SIP que queres hacer automatic logon.
  
  http://www.ocspedia.com/FE/DNS_POOL.htm
  
  Saludos.

  ---

  Saludos Carlos Dinapoli

  sábado, 20 de junio de 2009 16:26

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  Hola
  
  Te paso el procedimiento para agregar o remover SIP y como crear los registros SRV
  
  
  Specifying Supported Internal SIP Domains
  http://technet.microsoft.com/en-us/library/bb936650.aspx
  
  Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in
  
  

  You must create DNS SRV records in your internal DNS for every Session Initiation Protocol (SIP) domain. The procedure assumes that your internal DNS has zones for your SIP user domains.

  To create a DNS SRV record

  1. On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

  2. In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.

  3. Click Other New Records.

  4. In Select a resource record type, click Service Location (SRV), and then click Create Record.

  5. Click Service, and then type _sipinternaltls.

  6. Click Protocol, and then type _tcp.

  7. Click Port Number, and then type 5061.

  8. Click Host offering this service, and then type the FQDN of the pool.

  9. Click OK.

  10. Click Done.

  After you have created the DNS SRV record, create a DNS A record. For Enterprise Edition, create a DNS A record for each pool FQDN and URL FQDN that is not the same as the server FQDN. For Standard Edition, create a DNS A record for the Standard Edition server.

  To create a DNS A record

  1. On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

  2. In the console tree for your domain, expand Forward Lookup Zones, and then right-click the domain in which your Office Communications Server will be installed.

  3. Click New Host (A).

  4. Click Name (uses parent domain name if blank), and then type the name of the server or pool.

  5. Click IP Address, and then do one of the following:

     • For Enterprise Edition, type the VIP of the load balancer.
       
     • For Standard Edition, type the IP address of the Standard Edition server.
       

     Note:
     If you deploy only one Enterprise Edition server that is connected to the back end without a load balancer, type the IP address of the Enterprise Edition server. A load balancer is required if you deploy more than one Enterprise Edition server in a pool.

  6. Click Add Host, and then click OK.

  7. To create an additional A record, repeat steps 4 and 5.

  8. When you are finished creating all the A records that you need, click Done.

  To verify that the required records have been created successfully, wait for DNS replication (if you have just added the records), and then verify that the records were created as described in the next procedure.

  Note:
  For illustrative purposes, the following steps use example.com as the domain portion of the SIP URI namespace. When performing these steps, use your actual SIP domain name instead.

  To verify the creation of a DNS SRV record

  1. Log on to a client computer in the domain with an account that is a member of the Administrators group or has equivalent permissions.

  2. Click Start, and then click Run.

  3. In the Open box, type cmd, and then click OK.

  4. At the command prompt, type nslookup, and then press ENTER.

  5. Type set type=srv, and then press ENTER.

  6. Type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for the TLS record is as follows:

     Copy Code

     Server: <dns server>.example.com Address: <IP address of DNS server> Non-authoritative answer: _sipinternaltls._tcp.example.com SRV service location: priority = 0 weight = 0 port = 5061 svr hostname = poolname.example.com poolname.example.com internet address = <virtual IP Address of the load balancer> or <IP address of a single Enterprise Edition server for pools with only one Enterprise Edition server>

  7. When you are finished, at the command prompt, type exit, and then press ENTER.

  After you configure the DNS records, verify that the FQDN of the Standard Edition server or Enterprise pool can be resolved by DNS.

  To verify that the FQDN of the Enterprise pool or Standard Edition server can be resolved

  1. Log on to a client computer in the domain.

  2. Click Start, and then click Run.

  3. In the Open box, type cmd, and then click OK.

  4. At the command prompt, type ping <FQDN of the Enterprise pool or Standard Edition server>, and then press ENTER.

  5. Verify that you receive a response similar to the following, where the IP address returned is one of the following:

     • For Enterprise Edition, the IP address of the load balancer for your Enterprise pool or, in the case of an Enterprise pool with a single Enterprise Edition server, the IP address of the Enterprise Edition server.
       
     • For Standard Edition, the IP address of the Standard Edition server.
       

     	Copy Code
     Reply from 172.27.176.117: bytes=32 time<1ms TTL=127 Reply from 172.27.176.117: bytes=32 time<1ms TTL=127 Reply from 172.27.176.117: bytes=32 time<1ms TTL=127 Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

  • Marcado como respuesta didoarce martes, 12 de octubre de 2010 23:25

  lunes, 22 de junio de 2009 19:58

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  Gracias Andres.Lozada:
  
  El procedimiento que me indicas ya lo tenía realizado, te muestro el resultado:
  
  C:\Users\Administrador>nslookup
  Servidor predeterminado:  ad01.cuenca-hosting.com.ec
  Address:  10.0.2.2

  > set type=srv
  > _sipinternaltls._tcp.cuenca-hosting.com.ec
  Servidor:  ad01.cuenca-hosting.com.ec
  Address:  10.0.2.2

  DNS request timed out.
      timeout was 2 seconds.
  _sipinternaltls._tcp.cuenca-hosting.com.ec      SRV service location:
            priority       = 0
            weight         = 0
            port           = 5061
            svr hostname   = ocs.cuenca-hosting.com.ec
  ocs.cuenca-hosting.com.ec       internet address = 10.0.2.6

  **************para el otro dominio*************************************

  > _sipinternaltls._tcp.laeuropea.com.ec
  Servidor:  ad01.cuenca-hosting.com.ec
  Address:  10.0.2.2

  DNS request timed out.
      timeout was 2 seconds.
  _sipinternaltls._tcp.laeuropea.com.ec   SRV service location:
            priority       = 0
            weight         = 0
            port           = 5061
            svr hostname   = ocs.laeuropea.com.ec
  ocs.laeuropea.com.ec    internet address = 10.0.2.6
  >
  
  
  Pero cuando trato de autenticar la cuenta del OCS con el dominio "laeuropea.com.ec"  recibo el siguiente mensaje:
  
  
  
    "Hubo un problema al comprobar el certificado del servidor. Pongase en contacto con el administrador del sistema"
  
  
  
  Y no me deja iniciar sesión de OCS, pero si le cambio y en vez de colocar usuario@laeuropea.com.ec y coloco usuario@cuenca-hosting.com.ec se conecta normalmente al OCS
  
  Saludos.

  miércoles, 24 de junio de 2009 20:39

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  Como estan creado el certificado?, estan usando ambos nombres de dominio usando el campo SAN (Subjetc Alternative Name)?.
  Por lo que mencionas el SN del Certificado esta generado para el dominio cuenca-hosting.com.ec pero no tenes el SAN para laeuropea.com.ar
  
  El error que te esta dando ahora seguramente es por esto que te comento.

  ---

  Saludos Carlos Dinapoli

  domingo, 12 de julio de 2009 21:45

  Responder

  |

  Citar
• 

  

  0

  Inicie sesión para votar

  hola,
  
  Algun resultado?
  
  Gracias
  Andrés Lozada

  martes, 21 de julio de 2009 23:27

  Responder

  |

  Citar