When opening the ports on the internal interface on the edge server the guidelines say to open 443, 5062, and 3478 to ANY IP address.

Is this to any internal Pool or FE, or literally to ANY internal client address as well as server on the corp intranet.

Many thanks in advance………Mike

I created a new host/alias for the OCS server under the new zone newdomain.com and pointed the _sipinternaltls for this newdomain to the new host/alias. I can see see (using WireShark) that the client is getting the SRV record from the DNS server, so that is at least good to know. Now it seems (only my guess) that the issue is now pointing to the certificate. The message below came for the Event Log.

Communicator could not connect securely to server ocs.newdomain.com because the certificate presented by the server did not match the expected hostname (ocs.newdomain.com).

Resolution:
If you are using manual configuration with an IP address or a NetBIOS shortened server name, a fully-qualified server name will be required. If you are using automatic configuration, the network administrator will need to make sure that the published server name in DNS is supported by the server certificate.

Your thoughts please. Thank you.

Communicator was unable to locate the login server. The DNS SRV record that exist for domain newdomain.com point to an invalid server ocs.olddomain.com which is not trusted to provide support for the domain because the server's domain is not an exact match.

Resolution:
The network administrator will need to double-check the DNS SRV record configuration to make sure that the SRV record for the domain points to a server name that conforms to the DNS naming convention in the server deployment guide.

Does it mean that I cannot point the new SIP address newdomain.com to ocs.olddomain.com because the SIP address are different? I thought we can have multiple SIP addresses using a single OCS server?

Can I just create an alias for the OCS server and use the newdomain.com as its domain name? Your thoughts? Thank you.

On the same note, we started to create the new domain setting within the LAN. In the forest Global Properties, we have added the new SIP domains (newdomain.com). On our DNS server we have created a new Forward Lookup Zone for newdomain.com and within this zone created the SRV record _sipinternaltls (pretty much copied what we did with our olddomain.com DNS records). Now if you go to one of the client PCs and do an nslookup for set type=SRV for _sipnternaltls._tcp.newdomain.com it will return the OCS server's address.

We picked one of our test accounts and change the SIP address to use the newdomain.com. If the OC client is set to use manual there is no problem to sign-in using the newdomain.com SIP address. However, we get the error "Cannot sign in because the server is temporarily unavailable. Please try again later." if its set to use Automatic configuration.

Why would it work if set manually and not work when set to automatic? FYI – we have not changed our certificate yet on our OCS R2 Server.

Thanks again,
Dario

is it possible to use a domain service account when I configure the RTCProxyService?
I need it because my Edge Server is in a DMZ domain, not the same of the FE.

Do you now if is it supported by MS?

Thanks!

To everyone out there, kindly let us know what should we do once our company switches its domain address from (example only) domain1.com to domain2.com?

We appreciate all inputs. Thank you kindly.