MiCollab client issue using FQDN other than the server FQDN

[Philshep]

Hope one of you Guru's can assist with my issue 

Our customer has requested we use a different FQDN to the actual FQDN of the server for security reasons. We have created this and external DNS check resolves to the WAN IP of the MiCollab/MBG successfully. In MiCollab client deployment profile we have set the Config download host to Custom and entered the new FQDN. Within the MiCollab's MBG we have added the new FQDN to the MiCollab client connector. In MiCollab/MBG/settings/SIP options we have added this FQDN to allowed URL names.
When we run the diagnostic test all tests pass with the exception of the last one "Connection test from public internet to MiCollab Client Service" which fails with "ERROR: queryA ENOTFOUND". This relates to the FQDN not being resolvable from the internet but it clearly is.
The MiCollab mobile client when run simply shows "cannot connect to the server"
If I change the server name to be the same as the new FQDN then all works fine

Any ideas?

[boycey9]

Your certificates arnt matching the server name/FQDN, you will need a new one

[johnp]

I ran into something like this and could not get the MiCollab client to try and connect to anything other that the true server name. The customer could not do split dns for this, even though I changed MiCollab Service setting and the deployment profile, the client still used the true server name. Miyel tech support said that it can't be changed although I'm of the opinion it can. I my situation, I made them use another name internally for admin purposes. This may help

[Philshep]

Your certificates arnt matching the server name/FQDN, you will need a new one

The site uses a wildcard certificate for the domain boycey9

[Philshep]

I ran into something like this and could not get the MiCollab client to try and connect to anything other that the true server name. The customer could not do split dns for this, even though I changed MiCollab Service setting and the deployment profile, the client still used the true server name. Miyel tech support said that it can't be changed although I'm of the opinion it can. I my situation, I made them use another name internally for admin purposes. This may help

Thanks Johnp, We do have split DNS active here and internally it does resolve to the LAN IP & externally to the WAN IP. It does seem strange if this is not possible especially where you can choose a custom FQDN in the Config host option of the deployment profile
I have logged this with our distributor (useless) but at least it should get to Mitel support at some point for a definitive answer!

[Tech Electronics]

Philshep,

I ran into the same issue recently at a customer site. Apparently setting the Config Download Host to Custom is only for Downloading the client and the rest of the communication for the server is done to its own Hostname.

Downloading a QR Code reader/scanner will allow you to see what it is being sent to the phone and therefore how the public server doing the test sees the information.

The only way to get this to work, successfully, securely is to use the Split-DNS method with an external MBG; not the one within the MiCollab. We ended up putting one inside on the network edge instead of the DMZ and it worked as expected.

Just cluster the two MBGs together with your MiCollab as the Master and then setup the MBG Connection Token. Make sure the MiCollab is not in the Default Zone, but in a separate LAN Zone and set both weights to 100. The rest of your programming of the MiCollab MBG will be ported over to the Slave MBG and should work without an issue. Of course you will need to apply your certificate to the new MBG as well.

Sorry,

TE