Unable to Create Certificates on the Edge Server

すべての返信

• 2007年3月29日 19:10

   

   
  

  0
  You could use the old certreq tool from the LCS 2005 sp1 resource kit - when you say the wizard fails, does the application actually bomb-out? What errors are you seeing?
   
• 2007年3月29日 20:29

   

   
  

  0

  Brian,

   

  Once again thanks for your reply.  It does not bomb out, but allows the wizard to complete but indicates that it has failed.  I am not able to locate an log files for which I can review.  I am thinking that it might be an permissions issue, but I could be wrong.  Your help is appreciated.

   

  Regards,

  Eugene

   
• 2007年3月29日 20:44

   

   
  

  0
  Hi Eugene - the certificate wizard is a helpful tool but definately not a requirement. I would guess from what you have said that you have selected to request the certificate immediately and the system is unable to communicate (access, restrictions, LAN, etc.) with the cert store. Assuming you are creating the certificates for an internal PKI, you can always run the wizard and select to perform the request offline. That will create a cer file which you would then be able to import into your certificate store.
   
• 2007年3月29日 21:51

   

   
  

  0

  Brian - You are correct in regards to attempting to have the system repond with the certificate immediately, however even with I try to create a certificate for an offline request I have the same issue.  Just to make sure that I have not missed anything I am going to remove and reinstall the edge server.  Partly because I have tried so many things that I would like to start fresh.  Please let me know if you have any thoughts.

   

  Thanks,

  Eugene

   
• 2007年3月29日 21:53

   

   
  

  0

  Brian - I am actually having the same problem if I attempt to do an offline request as well.  At this point I have tried so many things that I am going to take a couple of steps back and remove and reinstall the edge server.  Please let m know if you have any thoughts.

   

  Thanks,

  Eugene

   
• 2007年3月29日 22:43

   

   
  

  0
  That is bizarre (technical term)...I am not sure an un-install is required, but if you have the time... Don't forget that the wizards are only there to make things easier; if you understand the certificate process and can make the certificate using an offline request file, try using the 2005sp1 SDK tool and making the request using it. You would then need to lauch the computer management and manually add the certificates using the property pages found there (of course after the certificates are installed in the local computer certificate store).
   
• 2007年3月30日 3:31

   

   
  

  0

  Brian, 

   

  I went ahead and did the uninstall.  After all it is just an edge server and did not take all that long.  Although it is the edge server that is holding things up for me at this point.  I tried a server things to get a valid certificate in the system but was not having any success.  I have now tried to use the 2005SP1 Cert Utility and have created a key that I expected to work fine.  However, after importing the key to the local computer, making sure that the CA is a in the root trust and I have selected the certificate manually under computer management I get the following error:

   

  Office Communications Server snap-in can not save some or all of the settings. 

   

  It appears that if I change anything anything I can apply/save the settings, however if I do anything with any of the four features that I can apply a certificate to I am not able to apply/save the settings.

   

  I seem to recall having a simular issue with LCS 2005 SP1 but do not recall the solution.  It could possible have something to do with the FQN that I am using either internal or external, and the Subject Names in the certificate.  I have the internal FQDN set to the pool name of the Office Communications Server, and the External set to sip.<domain>.com. 

   

  Can you tell me or are you aware of any dependencies that may exist that would cause the issue that I am seeing?

   

  Once again thanks for your help.

   

  Eugene

   
• 2007年4月2日 18:16

   

   
  

  0

  When you associate the certificate, does it accept it ok? Are there any warnings regarding the name? On the edge server, there is no pool name per se. However, the internal name should be a resolveable DNS name while the external should be the actual computer FQDN and set in DNS as such. So if you want your external name to be sip.domain.com your computer name is best set to sip.domain.com as well (set in the computer properties).

   

  The exact issue I have not seen personally - do you have any event logs recorded at any time?

   
• 2007年4月6日 0:53

   

   
  

  0

  I apologize for my absense as we have several projects going on at the same time. 

   

  I have overcome the accepting of the certificates on the edge server and am now working on the validation of the services on the edge server and the OCS server.  I have some failures that I am currently working through. 

   

  I know that this is not a solution but in-order to correc the issue I was having I wipped the server and installed it clean.  It appears that it may be something that I did in the process of getting it to work that was causing the issue. 

   

  In regards to the naming of the system I just want to make sure that I am on the right track as this seems to be very trivial.  I have the compter name set to server with a FQDN of server.domain.com where domain.com is my domain name.  I have a DNS server that forwards DNS request that has a record of server.domain.com which resolves to the servers private address.  It appears that from what you are saying that I should have the public address resolve to server.domain.com and use whatever such as internalsip.domain.com where I have a record for internalsip in DNS that resolves to the private address.

   

  Anyhow, I just want to make sure as it seems that I am good, but may just be causing myself some confusion in regards to the names and setting up the certificates with the right names.

   

  Thanks again for your help,

   

  Regards,

  Eugene

   
• 2007年4月13日 6:34

   

   
  

  0
   

  Hi eugenecjr,

  Can you let us know the status of your issue? Did you figure out a solution? Would you share it with the forum? If not, please let us know ASAP.

  Thanks!

   
• 2007年5月2日 19:18

   

   
  

  0

  I apologize for my absence.  I have been working on several projects at one time.

   

  I am currently still have a problems with the certificates, however I believe it may be an issue in which I am not properly naming them in regards to the Internal FQDN and the External FQDN of the Edge server vs. the name required to access the OCS pool. 

   

  I am now able to create the certificates needed such that this thread appears to no longer apply.

   

  Regards,

  Eugene