Timed out waiting for client to present validation cookie

Toate mesajele

• 15 august 2007 15:28

   

   
  

  0

  This is defenitely a firewall issue... when I try to connect from a client via Edge in the DMZ I can connect to Life Meeting directly.

   

  With the firewall in between I get the error above. What other ports should be open then 5061, 443, 444?

   

  /Thomas

   
• 18 august 2007 10:31

   

   
  

  0
  I was right that it is a firewall issue. Live Meeting wants to connect over port 80 to verify the certificate by reaching my certiciate server. So it is not connecting on the external OCS FQDN via the reverse proxy but it tries to get access via the external and then the internal firewall to check the authorization.
  
  Strange because this never has been documented in the  Edge  Server deployment guide.
  
  
  Anyway after allowing connects on port 80 on both firewalls I got rid of the error above. Live Meeting is logging on now via Edge.
  
  Is there any clarification for the fact that Live Meeting also connects over port 80? Could it because of any certificate server mentioned in my root certificate?
  
  /Thomas
  
   
• 17 aprilie 2008 20:09

   

   
  

  0

  Ok, I am getting the same thing.  So on your external firewall...where did you allow port 80 traffic to go to....the Web Conferencing Edge Server or the External interface of your back end firewall?  Also where did you allow port 80 traffic to go to from your Internal firewall....the CA sitting on the internal network? 

   
• 21 aprilie 2008 18:03

   

   
  

  0
  I was directing it to my certificate server. This is of course not the way it should be implemented but it helped until I implemented public certificates on the edge interfaces
  
   
• 27 aprilie 2008 16:42

   

   
  

  0
  Hi,
  
  as soon as I configured webconf edge server role to listen on port 443 on the external NIC public IP, the machine started to get such errors in the event log. I thought that this is just some random traffic from the public internet, probing my public IP and port 443 to connect via the web browser or similat. But after reading your post, I am not so confident now
  
  Anyway, did you trace your own client connecting to livemeeting from external network, and that trace shows a port 80 probe from livemeeting client? I am not sure, why  the event log says (recognizes?) event source as web conferencing edge, if it has nothing to do / not bound to port 80, only to port 443?
  
   
• 5 mai 2008 12:07

   

   
  

  0
  No it has something to do with the fact that I have not used public certificates on my accessedge interfaces. All my external clients have the root certificate installed on the client PC. I was tracing traffic on the Cisco ASA and MS ISA firewall and found out that port 80 was blocked. After further investigation I concluded that external clients were trying to resolve the internal certificate server.
  
  If you use certificates from a public CA you should not get thes errors.
  
  /Thomas
  
   
• 11 mai 2008 19:20

   

   
  

  0
  The interesting fact is, that we have a valid public certificate since the beginning.
  
   
• 13 mai 2008 11:55

   

   
  

  0
  Interesting. Have you been able to trace your network traffic ?
  
   
• 15 iunie 2009 11:27

   

   
  

  0
  Hi Guys,
  
  I had the same issue, and found the solution to be clock difference.
  
  see this post
  http://www.remoteitservices.com/content/ocs-web-conferencing-edge-problem
  

  ---

  Ayman Abu_qutriyah