OCS 2007 Federation traffic only goes 1-way thru LTM 6400 9.4.5 HF2

So I have 2 federated OCS orgs, one running OCS 2007, one running Lync. The users in the Lync org can see presence for OCS users, and can initiate IM conversations with the OCS folks. However, the OCS users cannot see presence of Lync users, and can not initiate a conversation with a Lync user, even if they provide the SIP address.

In this situation A1 - lync with numerous federation (sip and xmpp) and B1 OCS 2007 (no federations, yet)

· From A1 I can initiate a messaging session and B1 is able to respond.

· A1 can see the status of B1

· During the IM session, B1 sees the status of A1 as "unknown"

· B1 is neither able to see status of A1 or is able to initiate an IM session.

I originally followed the guide “Deploying the BIG-IP LTM v9.x with Microsoft Office Communications Server 2007”, but I’ve been reading that I might need 5065 and 5069 as well. Is there any information available regarding this type of design, with the directors behind the F5 as well? Or if anyone has done this or is able to pass along some insight, any help would be appreciated.

Virtual Servers:

AV-edge-int-stun-vs Common IP ADDRESS 3478 Standard Edit...

Forwarding-VS Common IP ADDRESS 0 (Any) Forwarding (IP) Edit...

Web-edge-ext-ssl-vs Common IP ADDRESS 443 (HTTPS) Standard Edit...

acc-edge-ext-ssl-vs Common IP ADDRESS 443 (HTTPS) Standard Edit...

acc-edge-int-sip-vs Common IP ADDRESS 5061 Standard Edit...

av-edge-ext-ssl-vs Common IP ADDRESS 443 (HTTPS) Standard Edit...

av-edge-int-sip-vs Common IP ADDRESS 5062 Standard Edit...

av-edge-int-ssl-vs Common IP ADDRESS 443 (HTTPS) Standard Edit...

dir-sip-tls-vs Common IP ADDRESS 5061 Standard Edit...

dir_sip_mtls_vs Common IP ADDRESS 5060 Standard Edit...

fe-444-vs Common IP ADDRESS 444 Standard Edit...

fe-http-vs Common IP ADDRESS 80 (HTTP) Standard Edit...

fe-rpc-vs Common IP ADDRESS 135 Standard Edit...

fe-sip-tls-vs Common IP ADDRESS 5061 Standard Edit...

fe-ssl-vs Common IP ADDRESS 443 (HTTPS) Standard Edit...

ocs-edge-sip-vs Common IP ADDRESS 5061 Standard Edit...

Pools:

AV-edge-int-stun-pool Common

Acc-edge-ext-ssl-pool Common

Acc-edge-int-sip-pool Common

Av-edge-ext-ssl-pool Common

Av-edge-int-sip-pool Common

Av-edge-int-ssl-pool Common

Dir-sip-tls-pool Common

Fe-444-pool Common

Fe-http-pool Common

Fe-rpc-pool Common

Fe-sip-tls-pool Common

Fe-ssl-pool Common

Web-edge-ext-ssl-pool Common

dir_sip_mtls Common

fe_5060_pool Common

ocs-edge-sip Common

So if the OCS user initiates the conversation by providing the SIP address of a Lync user, the OCS side gets a 483 error in the conversation window, and OCS logging shows the following:

TL_ERROR(TF_CONNECTION) [7]1D28.1AC8::05/05/2011-18:25:19.000.00adb10e (SIPStack,SIPAdminLog::TraceConnectionRecord:1224.idx(157))$$begin_record

LogType : connection

Severity : error

Text : Receive operation on the connection failed

Local-IP : :1158

Peer-IP : :5061

Peer-FQDN : sip.lyncorg.com

Peer-Name : ocsedge.lyncorg.com

Connection-ID : 0x272D402

Transport : M-TLS

Result-Code : 0x80072746 WSAECONNRESET

$$end_record

And...

TL_ERROR(TF_CONNECTION) [7]1108.10F8::05/05/2011-18:21:11.890.00f9ed54 (SIPStack,SIPAdminLog::TraceConnectionRecord:1224.idx(157))$$begin_record

LogType : connection

Severity : error

Text : The connection was closed before TLS negotiation completed. Did the remote peer accept our certificate?

Local-IP : :5061

Peer-IP : :50965

Connection-ID : 0x275F400

Transport : TLS

$$end_record

Anyone?

-Me