14 august 2007 19:39
After getting the Live Meeting connection running via Edge I was able to schedule and test meetings. Suddenly I'm getting the following error in the Edge server Communicator eventvwr.
Event Type: Error
Event Source: OCS Web Conferencing Edge Server
Event Category: (1023)
Event ID: 41991
Time: 9:26:49 PM
Timed out waiting for client to present validation cookie
Over the past 3 minutes Office Communications Server has disconnected client(s) 1 time(s) because of timing out waiting for cookie to be presented. The last such client which was disconnected is "126.96.36.199:2239"
Cause: This can occur if client does not present a validation cookie within 20 seconds of getting connected
Check to make sure that the connection came from a trustworthy client.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I am able to connect with Communicator + to validate the connection. My client PC has the root certificate installed and all the firewall have been disabled. Has anyone else experienced this error before and know a possible solution?
15 august 2007 15:28
This is defenitely a firewall issue... when I try to connect from a client via Edge in the DMZ I can connect to Life Meeting directly.
With the firewall in between I get the error above. What other ports should be open then 5061, 443, 444?
18 august 2007 10:31I was right that it is a firewall issue. Live Meeting wants to connect over port 80 to verify the certificate by reaching my certiciate server. So it is not connecting on the external OCS FQDN via the reverse proxy but it tries to get access via the external and then the internal firewall to check the authorization.
Strange because this never has been documented in the Edge Server deployment guide.
Anyway after allowing connects on port 80 on both firewalls I got rid of the error above. Live Meeting is logging on now via Edge.
Is there any clarification for the fact that Live Meeting also connects over port 80? Could it because of any certificate server mentioned in my root certificate?
17 aprilie 2008 20:09
Ok, I am getting the same thing. So on your external firewall...where did you allow port 80 traffic to go to....the Web Conferencing Edge Server or the External interface of your back end firewall? Also where did you allow port 80 traffic to go to from your Internal firewall....the CA sitting on the internal network?
21 aprilie 2008 18:03I was directing it to my certificate server. This is of course not the way it should be implemented but it helped until I implemented public certificates on the edge interfaces
27 aprilie 2008 16:42Hi,
as soon as I configured webconf edge server role to listen on port 443 on the external NIC public IP, the machine started to get such errors in the event log. I thought that this is just some random traffic from the public internet, probing my public IP and port 443 to connect via the web browser or similat. But after reading your post, I am not so confident now
Anyway, did you trace your own client connecting to livemeeting from external network, and that trace shows a port 80 probe from livemeeting client? I am not sure, why the event log says (recognizes?) event source as web conferencing edge, if it has nothing to do / not bound to port 80, only to port 443?
5 mai 2008 12:07No it has something to do with the fact that I have not used public certificates on my accessedge interfaces. All my external clients have the root certificate installed on the client PC. I was tracing traffic on the Cisco ASA and MS ISA firewall and found out that port 80 was blocked. After further investigation I concluded that external clients were trying to resolve the internal certificate server.
If you use certificates from a public CA you should not get thes errors.
11 mai 2008 19:20The interesting fact is, that we have a valid public certificate since the beginning.
13 mai 2008 11:55Interesting. Have you been able to trace your network traffic ?
15 iunie 2009 11:27Hi Guys,
I had the same issue, and found the solution to be clock difference.
see this post