Hello all,
We have a LCS 2005 installation that runs great internally, but we're having some issues with the Access Proxy. First, a bit of background...
Two Domain Controllers, dc1.example.local and dc2.example.local (both running DNS).
LCS 2005 w/SP1 with a Verisign SSL cert set to lcs.example.local (bought it before we had ever considered our own CA, which we now have)
Enterprise CA joined into the example.local forest.
LCS Access Proxy with two NICs:
1) External NIC has a 192.168.0.X address which is static NAT'ed via our firewall. The EXT NIC has a Verisign cert associated with it, access.example.com <---- NOTE that the external NIC's cert is .COM
2) Internal NIC has a 192.168.1.X address and a certificate from our internal CA (fully trusted, did the steps), access.example.local <---- NOTE that the internal NIC's cert is .LOCAL
Our internal users are set to use lcs.example.local and work perfectly.
Our external users (mobile staff, not branch offices) are set to access.example.com.
Ok so here's my two problems:
1) My remote users can log into LCS when they set their Office Communicator client to access.example.com. They can search/add users to their contacts lists, but they cannot use any of the "other" features (app sharing, whiteboard, video conf, etc.). When you try and initiate a sharing session you get the following error message:
"Cannot establish the data sharing session with John Doe, either because John Doe canceled the session, or because you or the person you are calling is behind a firewall or Network Address Translator (NAT)."
Um, why? The LCS AP needs to be behind a firewall, that's just common sense and is even documented as such (though the MS examples show an ISA box and we run something from one of the other big firewall vendors). The NAT rules have to be working correctly since all of the IM and user search/add functionality works flawlessly. Does anyone have any clue as to where to even begin trying to sort this one out?
2) My second question is how to go about making the end-user experience seamless. Our internal users work perfectly when their Office Communicator client is set to the LCS server (lcs.example.local). Our external users have to manually st their Communicator clients to TLS and access.example.com. Is their a slick way to make the access.example.com/lcs.exa
mple.local
transition transparent to the end users as they come in/out of the office. Or are they going to be forced to make the changes by hand every time they travel?
I have this sneaking suspicion that the problem is with DNS- either entries missing/wrong on our hosted record (excample.COM) or our internal DNS (example.local). Anyone have any ideas? Thanks for all the help, it's greatly appreciated.
Start Free Trial
