Question : Remote connectivity to Microsoft OCS 2007 R2 Fails

Hello, I am looking for assistance in configuring remote access for Office Communications server 2007 R2.

I currently have a standard server setup in a domain on server 2003.

The server names are:
AE- env2k3edg01
FE - env2k3ocs01
Internal domain - envisionts.local
external domain - envision-ts.net
external DNS for AE role: sip.envision-ts.net

 I am using an internal CA for all certificates as this is a test setup.  The AE server is set up in a DMZ with seperate IP addresses for the 3 external roles NAT'd in the DMZ segment to the external world and 1 internal IP address in the same network segment of the OSC standard server.  I am able to telnet between the AE and FE servers on ports 5061 and 443

  Internally I am able to connect with test users and chat back and forth, however I am not able to connect externally.  

I am recieving the following error approximately every three hours on the FE server, no errors are being logged on the AE server.

A significant number of connection failures have occurred with remote server env2k3edg01.envisionts.local IP 192.168.106.103. There have been 60 failures in the last 87 minutes. There have been a total of 60 failures.
The specific failure types and their counts are identified below.
Instance count - Failure Type
60 80072746


Results from the https://www.testocsconnectivity.com/ website are listed below.

======================================================================
 Attempting to Resolve the host name sip.envision-ts.net in DNS.
 Host successfully Resolved

Testing TCP Port 443 on host sip.envision-ts.net to ensure it is listening/open.
 The port was opened successfully.

Testing SSLCertificate for validity.
 The certificate passed all validation requirements.validation checks.

Testing Microsoft Office Communications Server remote sign in through Access Edge Server: Port Number (sip.envision-ts.net:443), for SignInAddress ([email protected]).
 Specified Remote Connectivity test(s) failed. Please examine below details of specific reason for failure.
=======================================================

When running a validation test on the edge server for SIP logon the test is successfull when using the name of the front end server, however fails when using the name sip.envision-ts.net.  Pinging sip.envision-ts.net from the AE server resolves to the IP address of the FE server.

The error from the validation test is:

Maximum hops: 2
Successfully established security association with the server: User user1 Domain envisionts Protocol NTLM Target env2k3ocs01.envisionts.local
Failed to register user: User sip:[email protected] @ Server sip.envision-ts.net
Failed registration response: [
SIP/2.0 504 Server time-out
FROM: <sip:[email protected]>;epid=epid01;tag=d010dc74b4
TO: <sip:[email protected]>;tag=9A27B4B22B0A0A3151917112D5C8D11D
CSEQ: 3 REGISTER
CALL-ID: 9e2e27add23d4c69b7cfedf9d1596bd8
VIA: SIP/2.0/TLS 192.168.106.103:1032;branch=z9hG4bK5123515;ms-received-port=1032;ms-received-cid=1600
CONTENT-LENGTH: 0
AUTHENTICATION-INFO: NTLM rspauth="01000000000000001F76F08DA90DC621", srand="7108E5AD", snum="1", opaque="6DD97A59", qop="auth", targetname="env2k3ocs01.envisionts.local", realm="SIP Communications Service"
ms-diagnostics: 1022;reason="Cannot process routing destination";source="env2k3ocs01.envisionts.local";Destination="sip:envision-ts.net:5061;maddr=sip.envision-ts.net;transport=Tls"

The server configuration and connectivity validation tests are all successfull on both the AE server and the FE server.

I've been banging my head against this for the past couple of weeks now, any help would be appreciated.

Answer : Remote connectivity to Microsoft OCS 2007 R2 Fails

Nevermind, got them to open on Wireshark version 1.2.7 on Windows.  Strange that it wouldn't open on the same OS they were made...