Contact Service not working on Workplace client reg to SBC, works when reg to SM

[spooky_tooth]

Happy New Year everyone!
In the SBC I have a reverse proxy for AADS setup on port 8443 and PPM on port 443 going to SM. PPM and auto config from AADS are working fine but I can't get the "Contact Service" to work. I notice when I browse to the public certed B1 at "

https://sip.domain.com:8443/acs/resources/"

I can see that the REST API links for GET, POST, etc. point to the actual FQDN of the AADS server and not to the B1 FQDN. As the AADS FQDN is not resolvable from the outside world none of the links work when you click them. If I put a host entry in the PC running Windows client I can click on any of the links from a web browser test and the contact service on the client starts to work also. Does anyone know if there is a way to re-write the FQDN in the links in the REST API to the FQDN of the B1? I have so far tried messing with the reverse proxy listen domain and re-writing the URL in the SBC to no avail.
Thank you!

 

[kyle555]

On the internet, Aads.You.com should resolve to a public IP on B1 where the reverse proxy lives.

In the network it should resolve to the private IP.

You need a cert with that aads subAltName on the SBC on that reverse proxy. It can be from a private CA if that CAs root cert URL is defined in the SET TRUSTCERTS line of the AADS autoconfig.

 

[spooky_tooth]

Thanks Kyle I'll give that a try!

 

[biglebowski]

Interesting, I get the same thing.

The clients are being given the internal FQDN of the AADS server rather than the public address, it's like split horizon DNS is being ignored.