TL_ERROR(TF_CONNECTION) [0]0D44.0D30::01/18/2012-10:21:20.668.00000161 (SIPStack,SIPAdminLog::TraceConnectionRecord:1224.idx(157))$$begin_record
LogType: connection
Severity: error
Text: The client connection is not allowed on the internal edge of the Access Edge Server
Peer-IP: 172.16.28.56:1524
Transport: TLS
Result-Code: 0xc3e93d6b SIPPROXY_E_CONNECTION_INTERNAL_FROM_CLIENT
$$end_record

However no matter what I do I cannot logon onto the OC EA server. The error I am getting in OCSLogger is as follows:

L_ERROR(TF_CONNECTION) [0]0E2C.0E24::01/18/2012-09:04:25.856.00000160 (SIPStack,SIPAdminLog::TraceConnectionRecord:1224.idx(157))$$begin_record
LogType: connection
Severity: error
Text: The connection was closed before TLS negotiation completed. Did the remote peer accept our certificate?
Local-IP: 172.16.28.56:5061
Peer-IP: 172.16.28.56:1503
Connection-ID: 0×1000
Transport: TLS
$$end_record

I can succesfully ping the FQDN of the Internal Interface of the OC AE Server. The internal Interface is on the same IP Subnet as our Internal Network.

Any support in this regard would be much appreciated.

I have configured a server with two NICs. One for DMZ and the other for Internal. I received a Public CA that I have assigned to the External Interface and then generated a new Local CA using our Enterprise CA server. This I assigned to the Internal Interface. ( I have used the same Private SA to generate the certificate for the OC SE server).

Server could not register for notifications for configuration changes for a class from the WMI Provider.

Class: MSFT_SIPProxySetting
Cause: This could happen in some instances due to insufficient permissions or because the server is unable to contact the Active Directory (or SQL back-end).
Resolution:
Please make sure you have sufficient privileges and this computer can talk to the Active Directory (or SQL back-end).

please help out

Can you please tell me the features available with this setup.

Thanks
Saneesh

When opening the ports on the internal interface on the edge server the guidelines say to open 443, 5062, and 3478 to ANY IP address.

Is this to any internal Pool or FE, or literally to ANY internal client address as well as server on the corp intranet.

Many thanks in advance………Mike

I created a new host/alias for the OCS server under the new zone newdomain.com and pointed the _sipinternaltls for this newdomain to the new host/alias. I can see see (using WireShark) that the client is getting the SRV record from the DNS server, so that is at least good to know. Now it seems (only my guess) that the issue is now pointing to the certificate. The message below came for the Event Log.

Communicator could not connect securely to server ocs.newdomain.com because the certificate presented by the server did not match the expected hostname (ocs.newdomain.com).

Resolution:
If you are using manual configuration with an IP address or a NetBIOS shortened server name, a fully-qualified server name will be required. If you are using automatic configuration, the network administrator will need to make sure that the published server name in DNS is supported by the server certificate.

Your thoughts please. Thank you.

Communicator was unable to locate the login server. The DNS SRV record that exist for domain newdomain.com point to an invalid server ocs.olddomain.com which is not trusted to provide support for the domain because the server's domain is not an exact match.

Resolution:
The network administrator will need to double-check the DNS SRV record configuration to make sure that the SRV record for the domain points to a server name that conforms to the DNS naming convention in the server deployment guide.

Does it mean that I cannot point the new SIP address newdomain.com to ocs.olddomain.com because the SIP address are different? I thought we can have multiple SIP addresses using a single OCS server?

Can I just create an alias for the OCS server and use the newdomain.com as its domain name? Your thoughts? Thank you.