Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Edge Gateway implementation - Cannot get client to connect

    We have a new implementation of Shoretel Connect, with Edge Gateway which will be supporting remote phones and clients. I have a remote phone up and running, pointed at rast.domain.com. (for discussion purposes) Works fine, gets Directory, voicemail, makes and receives calls, no problem. Except, when I try to upload the phone log I get an Access Denied 401 error. The error also shows up on the server in the events as unauthorized access.

    Also, I cannot get the client to connect, with connect.domain.com in the server field. Get a "cannot reach connect.domain.com", which we have as the FQDN for the reverse proxy service, configured in the Director on the Reverse proxy tab for Edge. Cannot ping connect.domain.com; it resolves the address to the public ip correctly, but times out. (CAN ping Rast.domain.com and Turn.domain.com successfully) If I browse to connect.domain.com, it doesn't resolve the URL to point to the client install, just gives me a general not found error.

    Connect.domain.com is configured the same in regards to firewall / NAT as Rast.domain.com. Connect.domain.com resolves to public IP, which then resolves to internal dmz ip configured in the Reverse Proxy field, General tab, of the Edge gateway config in Director. (Forgive me if this sounds garbled, I'm the telco engineer, not the network engineer so this is the best synopsis I could give). Essentially, it's set up the same as Rast.domain.com, but with the applicable addresses for the Reverse Proxy service.

    Does anyone have any clue why a config that would work for Rast, would not work for Reverse Proxy?

  • #2
    We've got it working now. From our network/systems engineer: The main windows shoretel server is on 2012R2 (IIS8.5) which is proxy aware. There is an option to make a site or the whole IIS instance proxy 'aware' and I have turned both of them on.

    Once that change was made, we could ping the reverse proxy service' public IP, and the client was able to connect externally.

    Notably, you cannot browse to the FQDN of the reverse proxy service to download the client (except on the internal network). I thought that would be how we would distribute the client to remote users, but apparently our vendor can't do that either. Wonder how people are distributing the rather large install file to external users if they can't just send them a link.
    Last edited by jstevens78239; 11-18-2016, 10:13 AM.

    Comment


    • #3
      Would you kindly describe where this option is located? I am having trouble finding it and my google fu is returning how to turn IIS8.5 into a reverse proxy server. TAC advised this issue would be resolved by applying a wildcard cert to the director and reverse proxy interface. I would love to see this working before I reset the director certificate if possible.

      Comment


      • #4
        1. From the ‘Internet Information Services (IIS) Manager’ in the right frame highlight the server.
        2. In the center frame double click on ‘IP Address and Domain Restrictions’ which will change your focus.
        3. Next, click on ‘Edit Feature Settings…’ and a new window pops up where you place a check in the box labeled ‘Enable Proxy Mode’.
        4. Click OK and restart IIS.
        also set it on the ‘Default Web Site’ which is done the same way just start at the highlighting ‘Default Web Site’ on step 1 and following the rest of the steps.

        Comment

        Working...
        X