Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

ocs 2007 r2 edge certificates problem

Avatar of MarkMichael
MarkMichael asked on
ExchangeMicrosoft Server OSWindows Server 2008
22 Comments1 Solution2003 ViewsLast Modified:
Hi experts,

I'm having trouble setting up my first edge server for ocs 2007 r2.
Current setup:

OCS Internal Server
- working fine
- set up with internal CA (specifically installed for this job)

OCS Edge (For IM only)
- got ports open between OCS Internal and Edge (443 and 5061)
- I have a single NIC with IPs
- - first IP is for example: 192.168.1.10
- - second IP is for example: 192.168.1.20 (we have NAT'd external address to this and set up the sip.domain.com and srv records to point to this NAT)

- I'm using the first IP as the Internal interface.
- I have set up the routing to next hop on the wizard and on the internal ocs server (added server fqdn to local hosts file).


The 2 certificates in use
1. Internal interface on the edge is from the Internal CA, generated an offline request, and processed it with the Internal CA and downloaded and installed by assigning it to Internal Interface through the wizard (had to install chain from Internal CA too, as they are not contactable)
2. External interface has a UCC certificate from comodo and I installed this fine too. Generated request with wizard and selected the box to include the server fqdn in the response (this being servername.domain.com and not sip.domain.com). Why do i need to include that?

I have only port 443 open to the NAT (external interface) and when connecting a client with auto configuration or manual, it says:
 

"There was a problem verifying the certificate from the server. Please contact your system administrator"

I currently dont have DNS outbound or web access on this server. Is this required? The certificate is showing up as valid from the certificate store.

Any ideas?
ASKER CERTIFIED SOLUTION
Avatar of Jeff_Schertz
Jeff_SchertzFlag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 22 Comments.
See Answers