Connecting to a Microsoft Office Communications Server community
Connect to a Microsoft™ Office Communications Server community so that your users can exchange instant messages with Microsoft Communicator users.
Before you begin
You must establish the local community and enable SSL (Secure Socket Layer) encryption before adding an Office Communications Server community.
Remember that the IBM® Sametime® Gateway servers must have access to a DNS server that can resolve public DNS records (A records, SRV records, and PTR records). For example the following commands should be able to resolve successfully:
nslookup sip.oscar.aol.com
nslookup 64.12.162.119
nslookup -type=all -class=all _xmpp-server._tcp.google.com
nslookup [OCS Edge Server]
Expected state:
- Single server: the Sametime Gateway server is started.
- Cluster: the deployment manager is started, and the node agent plus Sametime Gateway server are started on at least one node.
About this task
Review the following checklist to ensure that your OCS federation settings are correct:
DNS:
- The SIP domain public SRV record is structured as follows:
_sipfederationtls._tcp.domain.com
- The SRV record points only to port 5061.
- The SRV record points to the fully qualified domain name (FQDN) of the Access Edge Server.
- The A record points to Access Edge Server's external IP address.
- The SIP domain matches the domain of the Access Edge Server (for example, if the SIP domain is example.com, the Access Edge Server's domain must also be example.com.
- Your DNS SRV record has had sufficient time to replicate on the Internet if it is new or recently changed (replication may take up to 24 hours).
Certificates:
- The Access Edge Server's FQDN listed in the SRV record exists in the Access Edge Server's own SN or SAN.
- If hosting multiple SIP domains, a separate SRV record and A record exist for each domain, with each FQDN appearing in the certificate's SN or SAN.
- Your certificate is issued by a trusted Windows™ Certificate Authority and has not expired.
Network:
- The Access Edge Server's internal FQDN can be accessed on port 5061 from an internal IP address.
- The Access Edge Server's external FQDN can be accessed on port 5061 from an internal IP address.
- The SIP address of the a federated partner (such as sipfed.microsoft.com) can be accessed on port 5061 from the Access Edge Server.
Federation:
- Federation is enabled at the forest level in the OCS administration tool (in the "Global Properties" section) and the Access Edge Server's internal FQDN is entered correctly.
- Federation is enabled per user in Access Edge Server (click ).
- Microsoft.com appears in the allow tab for Enhanced Federation on the Access Edge Server (optional if using Open Federation) and, if your are using Direct Federation only, make sure to enter sipfed.microsoft.com in the Access Edge Server.
- Compmgmt.msc has been enabled (right-click Office Communications Server 2007 and selecting ).