23/ذو الحجة/1428 09:48 ص
i am setting up a Edge server but i am getting an error at Internal next hop. The error is as followed :
DNS resolution succeeded: 10.10.80.22
TLS connect failed due to incorrect remote subject name: 10.10.80.22:5061 Error Code: 0x80090322 outgoing TLS negotiation failed; HRESULT = -2146893022.
The OCS 2007 has the following network addresses:
The Edge server has 2 interfaces:
I am thinking that it is the certificate, but i am not sure. Does anyone have a idea ?
23/ذو الحجة/1428 11:42 مالمشرف
Judging by the "TLS connect failed" and "subject name" strings in that error, I'd agree that it is certificate related.
Does the certificate's subject name on your front-end server match that of the server's FQDN? Assuming your Edge server is not a member of your internal domain, have you exported the internal CA's root certificate to your Edge server?
28/ذو الحجة/1428 07:28 ص
Yes it does, and my Edge server is a part of my domain.
28/ذو الحجة/1428 05:58 م
MS recommends that your edge server be a member of a workgroup rather than a domain. This probably isn't the heart of your issue, but it might help clear things up a bit if you deactivated (through the OCS admin console) the Edge server in your domain and rebuilt it in a workgroup.
Are you using standard or enterprise? When you are using enterprise, the next hop needs to be the pool name rather than the server name. If it is standard, then you don't need to worry about this.
The other thing to doublecheck is that you have used the FQDN in all of the OCS setup steps (rather than the IP address). If you've entered the IP address rather than the FQDN when it asks for "internal next hop" you'll see similar errors to what you've posted.
Lastly, on your edge server, have you configured a static route so that it can route to both the 10.X.X.X networks and the 192.168.X.X networks? If not, this could cause some routing trouble.
30/ذو الحجة/1428 09:16 ص
I checked all this and everything is set up correct except for the certificates i guess..
the weird thing is:
Server a = OCS 2007 Ent edition
Server b = Edge server
When i create a certificate on server a with the server name as subject, my clients will not be able to log in by auto discovery. If i change the settings to manual and fill in the server the clients DO connect and then the EDGE test gives no failures.
So i am sure that it is something with the certificates but i dont know where i went wrong...
30/ذو الحجة/1428 04:08 م
30/ذو الحجة/1428 06:06 م
You aren't, by chance, using one NIC with 2 IPs bound to it, are you? I've also seen this happen where traffic gets generated from the wrong IP when you're using 1 NIC 2/ multiple IPs bound to it.
30/ذو الحجة/1428 06:54 مالمشرف
Here's a little background on the issue Matt is talking about.
05/محرم/1429 07:05 ص
no i am not. I will just run some other tests, and maybe i can try to renew the certificate..Will let you know!