A call to Microsoft support resulted in the engineer indicating port 8057 shouldn't be load balanced. Upon posting to an internal Microsoft forum site, I was informed that this is in fact true. Also, the Microsoft employee indicated the way you should be configuring the web conferencing edge server configuration is to list the actual server names in the internal fqdn entry of the properties of OCS. To do this follow these steps:
- Right-click your Enterprise Pool and choose Properties, then Web Conferencing Properties.
- You need to add entries for each web conferencing Edge server in your environment. Click the Add button and type the name of the server in the internal dialog box (i.e. serverA.dmz.contoso.com). Then type the external load balanced "shared name" (i.e. webconf.contoso.com).
- Repeat the same process for each Edge server you're load balancing to making sure the internal name represents the actual server name.
If you investigate the documented firewall rules on the Microsoft web site, port 8057 over MTLS is used. I'm still puzzled as to how you can have MTLS working without the certificate names matching the name(s) defined in the pool settings.
Another poorly documented configuration is the firewall rule required to make Live Meeting work with hardware load balancers and multiple Edge servers. Yes, you need to permit port 8057 from "any" to the DMZ but don't send it through your load balancer. Make sure the rule permits 8057 traffic from the LAN to the internal interfaces of each Edge server.
That's all for now.