Question : DNS records for TLS in OCS 2007 R2

I have added two sip-domains in our AD/Communicatins Server 2007 R2 (SE)
Primary sip domain: jetpakgroup.net (also the AD domain)
Secondary sip domain: jetpak.se (mail domain for users in jetpakgroup.net).

commsrv02.jetpakgroup.net is the internal servername for the OCS 2007 R2 (enabled with a real certificate from Thawte).

If enabling a user for Communicator with a username from @jetpakgroup.net eg. (SAM account) it works fine with automatic logons.
I've created a DNS record in the "jetpakgroup.net"-zone for _sipinternaltls pointing to commsrv02.jetpakgroup.net port 5061.

If enablig a user for Communicator with a username from @jetpak.se it doesn't work with automatic logons. In the "jetpak.se"-zone i've created _sipinternaltls pointing to commsrv02.jetpakgroup.net. I've also tried creating a _sipinternal and just a _sip . But nothing seems to work.

But on the other hand - if I type the server name in the communicator client instead of using automatic logons - it works fine.

What should the DNS record look like for the secondary sip domain? (Jetpak.se) so I can use it with automatic logons.

Regards
Jonas

Answer : DNS records for TLS in OCS 2007 R2

unfortunately you can't add it by your self, you must create a new request (but make sure to include all the SIPDomains you are planing to support in the SAN of the certificate); then send it to your CA to sign the new request, then assign it to your server.

the below link include instruction on creating, and assigning new certificate:
http://technet.microsoft.com/en-us/library/dd425371(office.13).aspx

additional, Microsoft released a very comprehensive document (just short of 100 pages) that covers everything from basic requirements down to specific scenarios, and the certificate requirements for each scenario.

http://go.microsoft.com/fwlink/?LinkId=163083