Configuration of OCS edge servers

More and more people are asking how to configure ocs edge servers and how to configure certificates. In fact, I can't answer this question either, because I wrote it while groping in the next operation. For the first time, I decided to take a look when I asked more people. I hope those guys who have been asking me how to configure the edge will never answer, forgive me, hahaha

This deployment document is not the final version. At present, I have not fully figured out what the problem is. I hope the experts will read this article and give more comments to improve this document. Currently, this document provides the following functions: Internet login, file transfer, message transfer, and live meeting. The speech and video function test will be completed in the near future.
First, describe my experiment environment.

Domain Name: hello. local

Edge Server Name: ocsedge, dual Nic, Intranet ip: 192.168.2.4 Internet ip: 10.0.1.1 not added to domain

Domain control: li. hello. local IP Address: 192.168.2.1, enterprise and Certificate Server

Ocs server integration all roles: ocs. hello. local, IP Address: 192.168.2.3 enterprise slave server

SQL Server: SQL. hello. local IP Address: 192.168.2.2

1. There is no deployment document at hand. At first, according to the idea of deploying the exchange2007 Edge server, since it is an edge server, it is certainly not added to the domain. First, add the dns suffix of The Edge server and add the corresponding a record to the dns server. At the same time, create an SRV record, _ sipfederationtls, tcp, 5061, pointing to the FQDN of the external access Edge server, the role is the alliance's and public IM connections.

My computer-properties-computer name-change-others, fill in the dns suffix consistent with the domain name (I don't know if this step is redundant, it should be no more than it is important, check the relevant documents)
22. JPG(19.5 KB)

2. Add related a records to the dns server on domain control

3. Run the installer and set relevant information.
Ocs1.JPG(42 KB)

Ocs2.JPG(42.46 KB)

Ocs6.JPG(36.99 KB)

4 The certificate section is described in detail below

After completing the above steps, you should run the certificate allocation step. First, my Edge server does not have any Certificate Authority installed or from a Certificate Authority. I apply to the enterprise root certificate on the DC

4.1 create a certificate
Ocs7.JPG(27.61 KB)

4.2 select components
Ocs8.JPG(31.57 KB)

4.3 name and Security Settings, PS: The name here is not the FQDN name, set the FQDN name in the following steps
Ocs10.JPG(35.11 KB)

4.4 enter the FQDN name of the Edge server in the name used by the server.
Ocs11.JPG(47.62 KB)

4.5 select the Certificate Authority. Because I remotely applied to the enterprise and certificate on the DC, I entered the following information according to the format. Root is the name of my ca, and Li. Hello. Local is the DC Server and Root Certificate Server. PS: before that, I have installed my certificate on the Edge server to trust this computer with the Certificate Authority.
Ocs12.JPG(36.27 KB)

4.6 connect to the root certificate authority on the DC and ask me to fill in the account CREDEN
Ocs13.JPG(16.31 KB)

4.7 confirm relevant information and click Next
Ocs14.JPG(31.04 KB)

4.8 if everything is correct and the network is correct, the certificate will be correctly applied
Ocs15.JPG(34.33 KB)

4.9 In this step, the certificate is allocated. Go to my computer-manage, open the ocs Edge server console, right-click the root node, and choose Properties-select edge Interface
Ocs16.JPG(49.68 KB)

4.10 first, allocate the Certificate for internal excuses and click Configure

Select a certificate and select the certificate we applied for in the preceding steps.

Ocs17.JPG(29.18 KB)

4. 11. The above methods are used to allocate certificates for the remaining three items.

4.12 after the certificate is assigned, restart the computer to take effect. Run the ocs edge installer. It is found that the certificate allocation step has a green check mark and is displayed completely. You can perform the next communication verification.

4.13 fill in the test account, set the pool and related information to start the test
During the test, one of my accounts was just open and I received the test information. The communication is normal.
Ocs21.JPG(23.77 KB)

4. 14. I log on to an account on the Edge server and can log on successfully. Concurrent Test message. Everything is normal
Ocs18.JPG(106.2 KB)

4.15 this is an instant message received by another client.
Ocs1_jpg(19.02 KB)

4.16 This is the file transfer I performed with another computer (domain) on the Edge server. The test is successful.
Ocs21.JPG(137.6 KB)

4.17 OK. The above test shows that the Edge server is successfully deployed, and the instant message and document transmission functions are normal.

The following is a test of the conferencing function. When you start live meeting on the Edge server, the system prompts you to enter the account and password. It is estimated that this is an issue of identity authentication, but the connection is normal after filling in. Normal use
25. JPG(80.49 KB)

OK, all done. The Edge server is deployed and tested.
I hope you will not be intimidated when you see the figure below. This is a lot of error messages generated by the Edge server function test ~~~~~~~~~~, However, I have read the error message that the consortium configuration issues are all important.
I will search for specific problems and final improve this document.
Ocs19.JPG(105.14 KB)

Er, I always think we should refer to Microsoft's KB, and there are differences between certificates and my understanding. There are two SRV records missing from Internet DNS, and so on. However, you can learn and make some sense in doing so ~