Forum Discussion
Duncan_25164
Nimbostratus
NimbostratusLoad Balancing OCS 2007
Hi there,
I am having major issues load balancing our OCS 2007 Enterprise Front End server farm. I have followed the document at:
http://www.f5.com/pdf/deployment-guides/microsoft-ocs-ltm94-dg.pdf
to the letter, but I am still getting a client error saying the certificate couldn't be verified. I assumed this config is doing straight TLS passthrough, and not doing type of offloading as the document makes no mention whatsoever about certificates or installing them on the F5 LTM. I have installed the certificate (obtained from our internat enterprise CA) on the F5 to check it out, and everything seems fine with it, but I am still getting this error.
Thanks in advance,
Duncan
- Duncan, right now, Microsoft will not support 3rd party decryption of the TLS on the SIP traffic. So you are right, it will be pass through for your port 5061 virtual server.
On that port 5061 virtual server, do you have a client or server SSL profile set? 
Duncan_25164Hi,
I have the client SSL profile set, as the document states it should be. Is this correct?- We'll want to unset that profile for the port 5061 virtual server, as we will not be terminating the SSL.
This may be an issue with our documentation. Can you tell me what page of the guide you found that on? I'll make sure we get it fixed. - Duncan_25164What do you mean by unset? I have to choose something. Must I use TCP? I just tried that but I still get the error. The exact error is "There was a problem verifying the certificate from the server. Please contact etc..."
It is on page 19, point 8. - Duncan_25164Whoa, sorry. I made a mistake. I don't have any SSL profile set. I was refering to Protocol Profile. Sorry about that.
There is no SSL profile set.
