Link to home
Create AccountLog in
Avatar of pghzooit
pghzooitFlag for United States of America

asked on

Live Communication Server Mobile--BIG POINTS

I am trying to set up Live Communicator on a smart phone. I have it installed but I am unable to get the phone to recognize the server name. I installed the certificate from the server LCS is installed on. What are some example server names people are entering onto the phones?

The certificate I do have is a root certificate on the client side. The error message I get on the phone is:
Error: Unable to connect to server. Please check if correct certificates are installed.

For server name on the mobile phone should it be an external IP?  I am connecting by using TLS.

Should the sign in name be the users email address?

The server that LCS is installed on is also the certificate server. The certificate that is on the mobile device was generated to connect to our exchange server(different server).  Should this certificate work or do we need to generate another certificate? If so, how is this done. I have never done this. In addition, the certificate that we are currently using was generated before LCS was installed. Does that matter?
Avatar of TheCleaner
TheCleaner
Flag of United States of America image

I'm in the same boat however I actually even used a Verisign certificate...so I'm interested to see what someone says.
you have to use the common name or the FQDN name for the server not the IP address
the certificate should be issued to the External FQDN for example:lcs.domain.com
Not to hijack the author's question...so I'll let him respond, but for me I am using the FQDN.  Communicator client on a home PC works without a VPN, but mobile doesn't.
well it depends on how do you connect, if you are conneting using the TCP then you can use the IP,if you are using TLS then you should use the FQDN
Avatar of sppence
sppence

Assuming that remote connectivity without a VPN is working from a PC with your internal cert installed on it (if not, then back up and get this working before moving on to mobile devices), then you'll need to make sure you have the following set up in your mobile phone:

Import the ROOT certificate from your CA (the CA root, not the cert issued to the server if different) into your phone (you may have already done this if you're using exchange activesync).  If you need help with this, check out http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx.

On commuicator mobile, under options>general, enter the public FQDN of your LCS access proxy (the same server your working PC is connecting to) - if you're using TLS on a port other than 5061, enter the server name as fqdn:port.  Under options>accounts, put in your sign-in name (the same as you would on office commuicator on a PC), then enter your user name in the format domain\username, and your domain password.
pghzooit,

***I got my issue resolved and yours, but I'll only post the resolution to yours as mine isn't anything about this thread:****

1.  For your issue, the problem seemed to be that Windows Mobile OS doesn't check intermediary certificates by the public providers like Verisign for some strange reason.

            a.  get a registry editor for your phone...there are many but I like this one:  http://www.breaksoft.com/Blog/Utilities/2005/1/Mobile_Registry_Editor.aspx  because you can modify your registry using your computer instead of the buttons on the phone.

            b.  edit the following regkey - HKCU\Software\Microsoft Communicator\System Settings\DisableCRLCheck key from 0 to 1

            c.  reboot your phone...that's it...it should work now, and will still use the proper cert.
Avatar of pghzooit

ASKER

Do I need to open any ports on the firewall? I have opened TCP 5061 and UDP 5061. Do these even need to be opened?
The server LCS is on is also our sharepoint server. Can I use the URL of the sharepoint server to connect to LCS? ex. sharepoint.domain.com
When I connect to sharepoint externally I use https. Will this cause any problems?
Port TCP 5061 is the only port that needs opened through the firewall.

Did you follow the LCS deployment guide?  It sounds by your questions that you kind of winged it.
thecleaner,

isn't there another way to get communicator mobile to work besides modifying the registry. I am hesitant to modify the registry on a $300 phone and turn it into a paper weight. Shouldn't have microsoft thought about this flaw before they released the software? I did read the deployment guide but it doesn't seem detailed enough. That's why I am in a forum asking all of you. A lot of places in the deployment guide would say "if you need more assistance ask your sys admin." Big help that was.
ASKER CERTIFIED SOLUTION
Avatar of TheCleaner
TheCleaner
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer