VCS - C VCS-E DNS

Similar Questions

• VCS Cluster DNS problems

  Hello

  I have created a DNS SRV to configure in the FULL of the VCS Cluster domain name.

  The problem is when devices try to enroll in the VCS Cluster; I put in the endpoints, in Gatekeeper registration DNS or IP address of the DNS SRV but the always end points will never reach the cluster of VCS.

  I check the logs in DNS SRV and I don't see any request from devices.

  I think I need to create a virtual IP address with DNS with load balancing, I mean: IP/DNS (FQDN) for the Cluster with load and balance when devices trying to connect to the cluster's IP/DNS it transmits the request to an IP or host name of a host in the cluster.

  DNS cLuster

  23.1.0.201 (vcs.xxx)

  The peer of the cluster:

  23.1.0.32 (vcscontroltc.xxx) Master

  23.1.0.33 (vcscontrolvag.xxx) slave

  XXX--> field

  Is this right?

  Thanks in advance.

  Best regards.

  Hello

  then 23.1.0.201 is the IP address of your DNS server?

  How you need to configure is:

  FULL of the cluster domain name: vcscluster.domain.local

  VCS counterpart A: vcscontroltc.domain.local

  VCS counterpart B: vcscontrolvag.domain.local

  With the above assumptions, that's what you create in DNS:

  -For the FULL domain name cluster, create two A records for vcscluster.domain.local one pointing to 23.1.0.32 and the other pointing to 23.1.0.33. With that, I recommend that you enable alternate on your DNS server.

  -For each peer, create a record, so vcscontroltc.domain.local points to the points 23.1.0.32 and vcscontrolvag.domain.local to 23.0.1.33.

  -Create SRV H323 and SIP records for vcscluster.domain.local. With that, I recommend that you create two SRV records for each service, pointing A Exchange and showing a B counterpart, with a weight and priority. For example:

  _sips._tcp.vcscluster.domain.local-> vcscontroltc.domain.local, priority 1, weight 50

  _sips._tcp.vcscluster.domain.local-> vcscontrolvag.domain.local, priority 1, weight 50

  If you follow the advice above, you should be able to configure all of your interior SIP and H323 endpoints with a h.323 gatekeeper address/SIP proxy address, of vcscluster.domain.local and endpoints must enroll in one of the peers, regardless of whether endpoints supports DNS SRV.

  If the domain that you use is public, you also want to add the SRV records for that domain name. These SRV records must point to your VCS Expressway, to ensure that incoming calls from URI function as it should. For example:

  _sips._tcp.domain.local-> vcse.domain.local, priority 1, weight 100

  If you have several VCS-E you can adjust the SRV records accordingly.

  Hope this helps,

  Andreas

• Jabber VCS Expressway - DNS resolution internal Highway itself

  Much of community support.

  I am currently configuration solution VCS Expressway (Highway E both Expressway C servers). Due to some restrictions of firewall that I need to resolve the fqdn Expressway C directly from the highway E server which means that I need to Hwy E resolve C Expressway fqdn withoout using the DNS server. I was wondering if there is a way to edit the VCS Expressway hosts file (if such a thing exists in the VCS) as anyone can do in the operating systems such as linux. I make this question because I took a capture .pcap of VCS and there saw the DNS query process but option number one was 127.0.0.1, which is the highway itself. Perhaps this connection attempt is just the highway to research in its DNS cache, but I'm not sure.

  Best regards

  Roberto Lopez.

  Ah, this is the reason why I asked. You don't need DNS for it.

  The way it will work is when the Traversal (in your case Expressway-C) client tries to connect to the server of course (in your case Expressway-E), the Traversal server will look at the common name on the cert that was produced by the customer of the crossing. He sees if the highway E would be there with what is specified when you configure the zone crossing on the highway e.

  Basically, DNS is not necessary. You just need to make sure that the domain Highway C FULL name is what is specified in the "TLS check name of the topic." Also make sure that if the certificates are signed by a CA, root/intermediate certificates must be downloaded to the two C/E Expressway. also, make sure you put the FULL name of the motorway E in the crossing area on the fast track C, and not the IP address.

  HTH

• public or private vcs-e dns?

  in my current setup my vcs-e uses local dns server, but I read there a public need, even if currently jabber works very well without any problem and mcu conferences work ok, my questions is do the need of vcs-e a public dns? and why? It would explain why I can't make calls outside my network when my video units are stored in the vcs - c?

  For PT. 1 & 2, you establish a B2B call to the external endpoints.

  # 3: Jabber Cisco will use a different area, which is the crossing area and if you say that it works if the area is in place.

  You have a DNS Zone configured on your VCS-E?

  DNS zone is used to find systems that are hosted on the outside (which are not locally, for example, a company). Destination alias are sought by a name using a DNS lookup.

  # 4: After creating a DNS on VCS - E Zone, you must create a search rule that will target your DNS Zone. See the configuration guide on and go through the task of 11 to 13 on p. 24-28.

  http://www.Cisco.com/c/dam/en/us/TD/docs/Telepresence/infrastructure/VCs/config_guide/x8-7/Cisco-VCs-basic-configuration-control-with-Expressway-deployment-guide-x8-7.PDF

  For #5. For SIP using B2B calls, see VCS for Cisco IP using the Port for Firewall Traversal Deployment Guide on pages 8-11 for a list of ports.

  http://www.Cisco.com/c/dam/en/us/TD/docs/Telepresence/infrastructure/VCs/config_guide/x8-7/Cisco-VCs-IP-port-usage-for-firewall-traversal-deployment-guide-x8-7.PDF

  Also try to test call B2B with this test site:

  [email protected] / * /.

  This tool also allows you to check the records of services/SRV SIP for successful B2B calls. You can check the SIP endpoint domain name you call and your video network SIP domain name if these entries have been found: https://cway.cisco.com/tools/SrvRecord/

  • _sip._udp. Domain
  • _sip._tcp. Domain

  Kind regards

  Acevirgil

• Trying to link my VCS to my TMS, but I get no response VCs https in the TMS

  Hello

  I'm trying to get my MSD to talk to my VCS, but whenever I try to get the two to talk to each other. In my TMS, it said "no https response" of the VCS. I know that HTTPS is enabled in my VCS, what else could be the problem?

  Do you have a hostname on your VCS? DNS is able to resolve the domain your RESUME FULL name?

  Please, try the following on your TMS:

  (1) in the TMS Server RDP
  (2) open Administrative Tools > local security policy
  3) go to security settings > local policies > Security Options > System cryptography: Use FIPS compatible algorithms for encryption, hashing, and signing.
  If this option is enabled, please disable it and then repeat the test.

• VCS Expressway & movi 4.2 configuration

  Hi all

  I created movi account manually in the TMS and it work perfectly with VCS - control.

  However, it cannot register for VCS expressway. Is it mandatory to have a name authority pointer record in DNS?

  For example, configure us abc.com as the domain name SIP Highway VCS, is mandatory to fix abc.com as public highway VCS by DNS server IP address?

  Thank you

  Ben

  That is to say you do not originate in the AMZ comes directly to the public IP address of the VCSE

  If that's the case at least, you should see registration tent if nothing can be seen then you need to look at the firewall

  is he ASA? try tp packets capture and see why you arew not hitting the VCSE using SIP

  as it could be firewall issue!

  HTH

• View, Split DNS and SSL Certs HELP

  We have:

  1. Internal security server - not on the domain, IP address of the 10.121.125.110 and the external address of 209.68.96.26
     1. Installed SSL certificate for view.victorschools.org
        
     2. View.victorschools.org DNS entry to 209.68.96.26
        
  2. Broker server - the field, has internal IP address of the 10.121.127.107
     1. Installed SSL certificate for broker.vcs.local
        
     2. Broker.vcs.local DNS entry to 10.121.125.107
        
     3. View.victorschools.org DNS entry to 10.121.125.107
        

  The problem arises on two fronts:

  1. Portable professor who has installed the view client pointing at view.victorschools.org. Internally, that the DNS entry pointing to the broker server that has the broker.vcs.local cert. Unless the client is configured to check no certs, the connection will not work. When we try us immediately returns with a cert mismatch error.
     
  2. Personal devices - student charge the Customer View on a laptop or iPad and it points to view.victorschools.org. It works fine at home, but even once will not work on campus because there is an incompatibility of cert
     

  Can I solve this problem by changing a DNS entry and have view.victorschools.org point to 10.121.125.110 which is the internal IP address of the Security Server? Of course, this will make any student with a personal device point to our security at home or school server. I know we want internal devices to point to the broker and external clients to point to the Security server. Here is a discussion of the same thing, I feel less the number of SSL certificate.

  http://communities.VMware.com/thread/431399

  I know that a windows CA to generate certificates with Subject Alternative names (SAN). Can we generate a cert from our CA window for broker.vcs.local and view.victorschools.org and install it on the server broker to solve this problem?

  Replace the SSL on broker a SAN certificate.

  If you route everything through the Security Server, you create a single point of failure, not to mention a bottleneck in the network.

• Question record DNS SRV + VCS Expressway

  Hi all

  I have a South, VCS in the DMZ, and I am facing a problem with the SRV DNS records.

  VCS Expressway Hostname:-VCSe

  Domain: example.com

  FULL VCSE domain name: VCSe.example.com

  and I have an a record set up for the same FQDN in DNS Public Server.

  I have a sip domain configured as 'cisco.com' in my VCS Expressway.

  What is the SRV records, I need to create in the Public DNS server.

  Kind regards

  Nikhil Jayan

  Nikhil,

  It seems that you have not checked the link I sent you earlier... A very explicit documents. in any case that we talked about earlier is we were talking about signs send calls to the highway as well as parts of the record.

  In your deployment, you have a different domain for DNS and SIP domain. Also as you say you meet Highway cluster and you want to record to both endpoints and then I suggest you to check the document for the creation of cluster on cisco webesite.

  Now, if you have a cluster for Highway then you must create several srv records that would be pointing to each domain name FULL of the approved cluster with equal weight. In normal use scneario of domain common to different services are recommended.

  Srv records would have seen something like that.

  _sips._tcp.company.com. 86400 IN SRV 1 1 5061 vcse1.company.com.

  _sips._tcp.company.com. 86400 IN SRV 1 1 5061 vcse2.company.com.

  _sip._tcp.company.com. 86400 IN SRV 1 1 5060 vcse1.company.com.

  _sip._tcp.company.com. 86400 IN SRV 1 1 5060 vcse2.company.com.

  _h323ls._udp.company.com. 86400 IN SRV 1 1 1719 vcse1.company.com.

  _h323ls._udp.company.com. 86400 IN SRV 1 1 1719 vcse2.company.com.

  _h323cs._tcp.company.com. 86400 IN SRV 1 1 1720 vcse1.company.com.

  _h323cs._tcp.company.com. 86400 IN SRV 1 1 1720 vcse2.company.com.

  _h323rs._udp.company.com. 86400 IN SRV 1 1 1719 vcse1.company.com.

  _h323rs._udp.company.com. 86400 IN SRV 1 1 1719 vcse2.company.com.

  However, your case is different. In your deplyoment what you have to do is any request for the domain "cisco.com" should be resolved in FQDN of the VCS-Highway peers with equal weight.

  for example

  _tcp.gmail.com. IN SRV 20 0 5222     talk2.l.google.com.

  Therefore, any request to gmail.com would resolve to the talk2.1.google.com server.

  same way you have to make it work.

  Thank you

  Alok

• DNS records in the VCS - ARM deployment

  Hello team cisco,

  Regarding a deployment on VCS (control and Highway) - Mobile and remote access, I saw in the guides from cisco that there is some DNS records it should be implemented in your public DNS host and private, however, he is considered by our team work, this step may be omitted if we put the IP address directly. It would be posible or necesarely I have to configure DNS records?

  Respect of

  Bill

  Hi Jose,

  as I said in my previous comment, you must advertise the documents.

  Yes, you will need to announced records and SRV deployment of the e-highway.

  Thank you

• Jabber "work' from the outside (internet) don't"work"well internally.

  Hi all

  I had problems with my jabber,

  in my case, I just use the local DNS server for internal jabber client and use host etc. for external jabber client in the laptop.

  Logon and the intercom call jabber works fine, , but I can not connect use jabber from outside (internet).

  There is no firewall in my LAB topology,

  just:

  -> MCU 5310

  public-> router-> switch-> VCS-E (static NAT 1:1)

  -> VCS - C

  -> TMS

  VCS-E use single NIC and it using a NAT 1:1 to the public.

  and here's a screenshot of my VCS E DNS and VCS - C research.

  

  

  Please advise...

  Thank you

  Ovindo

  Hello!

  In short, if you use the 1:1 NAT it is mandatory to have the 'dual interface option', even if you only

  use an interface, but allows a field set the external nat IP.

  Also all communications to this interface must go to the external ip address.

  You want to use the records SRV records in addition has if this area must be accessible.

  Learn about deployment guides, including:

  http://www.Cisco.com/en/us/docs/Telepresence/infrastructure/VCs/config_guide/Cisco_VCS_Basic_Configuration_Control_with_Expressway_Deployment_Guide_X7-2.PDF

  In addition, there are several assignments similar issues here in the forum, please use the search or google.

  Please remember useful frequency responses and identify useful or correct answers.

• Trying to neighbour my VCS for an external VCS

  I'm trying to my local VCS for an external VCS of the neighbor, but when set up the neighbor as well as the rule of research I can dial is no longer the local alias I've preconfigured only the pseudonym of endpoint devices.

  It seems that if you added the rule of neighbor search area above your local area search rules.  In general, you should set the priority of your rules look something similar to the below.

  1. Local areas
  2. Neighbour areas
  3. Crossing Zones
  4. DNS zones

• Cisco VCS and LDAP for authentication of users

  I have a question about setting up LDAP for authentication of the user on the VCS. I want to have redundancy in my LDAP link. I believe that this is possible by setting a FULL domain name to the address of the LDAP server, then selecting a type of SRV resolution. What I'm not clear on is what the value for the server address would be if I used actually as SRV type of resolution. I should also add that I am looking to use TLS

  To clarify, if my AD domain name is myad.netcraftsmen.net. I have set the field as server address:

  myad.netcraftsmen.NET: assuming that VCS properly interrogate the DNS for the _service._proto correct parameters?

  or would I need to create an SRV record to that effect and set the field server address with the address (including the fields of _service._proto)

  or I need to specify one of the SRV records formats used by MS AD areas (there are several).

  If the latter, then what SRV record for TLS. I don't see records with port 389 (non-secure).

  My intuition tells me that this is probably the first option, but I could be far away.

  Anyway, thanks in advance for any input.

  Kind regards

  Bill

  Hi William,.

  I just checked it on a X6.1 VCS, and it seems that VCS searches SRV _ldap._tcp.domain (where 'domain' has been entered as the server address), both when the encryption is set to 'None' and 'TLS '.

  Hope this helps,

  Andreas

• VCS Cluster configuration

  I'll put up a cluster between VCS - 02c in version 8.x and one of them will be the captain. I will put all endpoints in the VCS - C Master points, what would happen if the master of VCS - C problems? My end points would be automatically transferred to another VCS - C (backup)?

  Hello

  Setup is a cluster of VCS VCS a set up a Master and others as a slave.

  Your points of termination/Codec must register to the VCS cluster (you need to update your DNS with VCS cluster name i.e. clustervcs.domain.com with the ip addresses of two VCS.  You can use SRV records to do a primary and the other back).  If your CODEC does not support the SRV record then you can put the IP of master VCS and the registration, the VCS Master will provide the idec with its ip address and ip address of the slave VCS.

  A good link:

  http://www.netcraftsmen.NET/blogs/entry/Cisco-VCs-clustering-configuration.html

  I hope this helps.

  Kind regards

  Ahmed

• Cisco VCS - server certificate

  I get the warning "certificate unsecure: this cystem uses the default server certificate.". We recommend... "On my VCS' are

  1. is there something that I have to take into consideration related to endpoints or other VCS (this is a cluster) before you download a new certificate?

  2. communication between endpoints will affect?

  Hello

  If you are looking to get your certificates signed by yourself or a public certification authority I would first make sure that your servers have host names and configured DNS records. In addition, if you plan to use the edge of the collaboration (MRA) you should take a look at the additional without required for this:

  http://www.Cisco.com/c/dam/en/us/TD/docs/voice_ip_comm/Expressway/config...

  You shouldn't have issues with endpoints being affected, in my experience, the certificates have affected only edge of collaboration.

  Thank you, Simon

• Understand the flow of appeal through VCS c/e

  Hey Geeks,

  I write this to understand "how to work things. Here's the design.

  I have a VCSC configured with the name of the domain example.com SIP (we have internal DNS server to resolve)

  I have a VCSe configured with the name of the cisco.com SIP domain (we have external DNS server to make globally routable)

  I create a link bw VCSC and VCSe course.

  How the call will flow between the Ep A and B Ep

  Scenario a.

  My Ep A is [email protected] / * / dials Ep B Jabber client (user) recorded on VCSe [email protected] / * /

  How call flows; I understand that the flow of the beginning IE Ex 90 will send a register message to VCSC etc etc.

  Scenario B:

  If Ep A [email protected] / * / call a 3rd party (distinct) = (inter appeal cases) End point ie [email protected] / * /

  How runs the call.

  Please excuse me for asking layman explanation:

  Thanks in advance

  Vikram

  Hi Vikram,

  First thing to note is in most of the customer scenario prefer same sip domain on highways and control so that they can avoid transform and simplify the numbering plan.

  Happens to your scenario.

  Scenario a.

  EP A VCS-contrl<--traversal-->VCS - Ex <--SIP--><--sip-->Ep B (points of termination assumptions made using the SIP protocol)

  EP began with the sending of a guest for VCS-cntrol SIP message, which gets transmitted to VCS - by VCS-cntrl exp, hope you're installation rules research properly on vcs control.

  VCS - exp send this appeal to Ep B and call connect. You can google for SIP call flow, so nothing different happens in this case.

  Scenario B

  EP A VCS-cntrl<--traversal-->VCS - Exp<-->public cloud<--SIP--><-->Ep B (dell.com)

  A DNS zone, which uses the dns configured on exp do query srv records to the external field like "dell.com" is now required to apply for external part VCS - exp

  in this scenario again Ep began with the sending of a message to the VCS-cntrl invitation gets sent to the SCV - exp rules-based research. VCS - exp begins looking for new address based on the rule of the research and since it does not find the URI ending with exp and "dell.com" starts to send query record srv for the domain "dell.com". DNS configured on exp in the SRV company A sends question and get an answer for this domain with the company B VCS - exp - ip address, and then vcs - exp in company A starting configuration of the call to the remote ip address.

  now in the present, you can have several scenarios and I recommend you consult the guide deployment for VCS-control and traversal solution VCS - exp.

  Rgds,

  Alok