OCS 2007 Cannot use livemeeting from outside the firewall
I have Office Communications Server 2007 set up. I have the internal side working perfectly. I also have another server set up with Access Edge and Web Conferencing Edge. I can use the OCS client from the outside perfectly with automatic sign in. The only problem i cannot figure out is why live meeting will not work. I have checked and double checked all of my configuration and my certificates set up.
When I test live meeting I can see that it connects to the server but it never initiates the meeting. I have ran logging and I get the following error over and over again
SIP/2.0 401 Unauthorized
I also ran a packet sniffer on both ends and after extensive research I have come to believe that it may be IIS permissions on the internal OCS 2007 server that is causing the issue. It was a week ago when I ran upon this so I dont remember what exactly pointed me that way.
The reason I believe there might be an issue is when I first set up OCS 2007 I had an issue with downloading the address book. I found that the install does not setup the permissions properly for the address book. I think I changed the Authentication and Access Control Permissions on another part of the IIS tree that I should not have. I believe that if I find what is wrong there I may be able to resolve the problem. I usually make an IIS backup every time I make a change but in haste I failed to do so when I made this change.
So what I am asking is for anyone who has a successful OCS 2007 with Edge and has live meeting working for external users. Take a look at your IIS settings in (esp the webconf folder) and see if there is anything different with Authentication and Access control on some of your subfolers and such.
Currently the entire Default websit have these checked on mine
Enable anonymous access
Integrated Windows Authentication
Any help would be appreciated. I am almost sure the problem resides in IIS so if I have missed anything any suggestions would be appreciated too
When I test live meeting I can see that it connects to the server but it never initiates the meeting. I have ran logging and I get the following error over and over again
SIP/2.0 401 Unauthorized
I also ran a packet sniffer on both ends and after extensive research I have come to believe that it may be IIS permissions on the internal OCS 2007 server that is causing the issue. It was a week ago when I ran upon this so I dont remember what exactly pointed me that way.
The reason I believe there might be an issue is when I first set up OCS 2007 I had an issue with downloading the address book. I found that the install does not setup the permissions properly for the address book. I think I changed the Authentication and Access Control Permissions on another part of the IIS tree that I should not have. I believe that if I find what is wrong there I may be able to resolve the problem. I usually make an IIS backup every time I make a change but in haste I failed to do so when I made this change.
So what I am asking is for anyone who has a successful OCS 2007 with Edge and has live meeting working for external users. Take a look at your IIS settings in (esp the webconf folder) and see if there is anything different with Authentication and Access control on some of your subfolers and such.
Currently the entire Default websit have these checked on mine
Enable anonymous access
Integrated Windows Authentication
Any help would be appreciated. I am almost sure the problem resides in IIS so if I have missed anything any suggestions would be appreciated too
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hmmm that brings up an interesting question. I had my external FQDN to POOL01.DOMAIN.COM and I do not have that specified externally. I look at the log and its for properties like ExternalUpdatesDownloadURL
It just doesnt make sense the point of the Edge serve was so that you would not be able to access the OCS server directly from the internet.
It just doesnt make sense the point of the Edge serve was so that you would not be able to access the OCS server directly from the internet.
The OCS Access Edge server provide Communicator and Live Meeting client connectivity from external for IM, Web Conferencing and A/V.
There are three functions where those two clients ride the IE engine which uses http port 443 through a Reverse Proxy (Not your OCS Access Edge) to access the OCS Server Web components for external Communication Address Book download, Group Expansion in Communicator, and access to web conference meeting content from outside your network.
The Reverse Proxy (normally ISA 2006) provides the security from outsie to the OCS Server web components via configuraiton of a web publishing rule.
There are three functions where those two clients ride the IE engine which uses http port 443 through a Reverse Proxy (Not your OCS Access Edge) to access the OCS Server Web components for external Communication Address Book download, Group Expansion in Communicator, and access to web conference meeting content from outside your network.
The Reverse Proxy (normally ISA 2006) provides the security from outsie to the OCS Server web components via configuraiton of a web publishing rule.
ASKER
Thx for all your help. It ended up having to do with the fact that I am using split DNS. OCS Edge did not like the reference to a internal domain even though it could resolve from DNS properly.
ASKER
Thx for the help. These ideas helped me work things out to my final solution
ASKER