locked
There was a problem verifying the certificate from the server. Please contact your system administrator

    คำถาม

  • I have OCS R2 standard edition which is working fine for everyone. but only two users are having a problem with logon.
    I setup accounts the same way like others but I have the following error on one user's event viewer.

    Event Type: Error
    Event Source: Communicator
    Event Category: None
    Event ID: 4
    Date:  17/07/2009
    Time:  3:54:04 PM
    User:  N/A
    Computer: OPTIPLEX-158
    Description:
    Communicator could not connect securely to server sipinternal.nps.org.au because the certificate presented by the server did not match the expected hostname (sipinternal.xxx.xxx.xx).
     
     Resolution:
     If you are using manual configuration with an IP address or a NetBIOS shortened server name, a fully-qualified server name will be required.  If you are using automatic configuration, the network administrator will need to make sure that the published server name in DNS is supported by the server certificate.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    ----------------
    Event Type: Information
    Event Source: Communicator
    Event Category: None
    Event ID: 8
    Date:  22/07/2009
    Time:  11:34:39 AM
    User:  N/A
    Computer: OPTIPLEX-158
    Description:
    Communicator was unable to authenticate to the server sip/server-comms.nps.qum due to following error: 0x8009030c.
     
     Resolution:
     Please check that the password is correct and that the user name and SIP URI are specified correctly.  If the login continues to fail, the network administrator should verify that the user account is not disabled, that it is enabled for login to the service and that the password for the account hasn't expired or been reset.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    -------------------
    Please help

    17 สิงหาคม 2552 3:47

คำตอบ

  • That error appears to be related to a name-mismatch and not certificate-chaining trust issues, but if it's only a couple of clients that are having the problem then I doubt the OCS server certificate has the incorrect Subject Name.

    How are those specific clients configured to locate the OCS server, Automatic Sign-In (via DNS SRV/A lookup) or are you using Manual Configuration on them?  It's possible that the wrong server name FQDN is used in the Manual Configuration on the OC clients so that although the DNS resolution works on the entered-values, they don't EXACTLY match a certificate's SN/SAN value.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • ทำเครื่องหมายเป็นคำตอบโดย mkhan100 7 กันยายน 2552 23:22
    17 สิงหาคม 2552 13:37
    ผู้ดูแล

ตอบทั้งหมด

  • Is this a private certificate or a public certificate? If private, are the root certificates loaded on these two computers? What operating system are the computers running (those that work and those that do not). Are they all members of the domain?

    Thanks.
    Brian Ricks, MCSE, MVP BriComp Computers, LLC http://blogs.bricomp.com/blogs/uc/default.aspx
    17 สิงหาคม 2552 11:06
  • That error appears to be related to a name-mismatch and not certificate-chaining trust issues, but if it's only a couple of clients that are having the problem then I doubt the OCS server certificate has the incorrect Subject Name.

    How are those specific clients configured to locate the OCS server, Automatic Sign-In (via DNS SRV/A lookup) or are you using Manual Configuration on them?  It's possible that the wrong server name FQDN is used in the Manual Configuration on the OC clients so that although the DNS resolution works on the entered-values, they don't EXACTLY match a certificate's SN/SAN value.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • ทำเครื่องหมายเป็นคำตอบโดย mkhan100 7 กันยายน 2552 23:22
    17 สิงหาคม 2552 13:37
    ผู้ดูแล
  • I had this problem only on two pcs. In one pc, the problem resolved by itself after couple of reboot.

    The other computer is still having problem. I can remember that some time before, I had to rejoin that computer in the domain after someone accidently deleted that computer account from the domain.

    By the way, we have automatic sigh in for clients and no one is having that problem.

    Jess, you are always great.

    I am planning to let the user logon another computer and see the result, so I can be sure of.

    I will let you know as soon as I can

    Thanks very much Brian
    Jeff, you are always great.

    • ทำเครื่องหมายเป็นคำตอบโดย Gavin-ZhangModerator 28 สิงหาคม 2552 8:09
    • ยกเลิกการทำเครื่องหมายเป็นคำตอบโดย Gavin-ZhangModerator 3 กันยายน 2552 11:05
    18 สิงหาคม 2552 23:45
  • Hi
    Any update?
    I think the issure maybe caused by the client system problem.
    Hope it is work now!

    Regards!
    24 สิงหาคม 2552 2:11
    ผู้ดูแล
  • Have you found a working solution for this? I get the second event ID 8 occasionally on my clients, it seems to hit them randomly and it requires a couple of reboots to get it wotking again.

    There ar almost some every day that has the problem, my configuration is a bit complex since we have OCS in one forest and the users in another forest. Most of the time it works, but then some gets kicked out of the system and has to reboot to get back.

    Anyone have a idea what to look for?

    Regards

    Peter
    2 กันยายน 2552 7:22
  • The MOC and OCS have the last patch and hotfix applied?
    Bruno Estrozi - MCSE/MCTS/MCITP - Unified Communications Specialist | http://brunoestrozi.spaces.live.com
    2 กันยายน 2552 13:17
  • That error appears to be related to a name-mismatch and not certificate-chaining trust issues, but if it's only a couple of clients that are having the problem then I doubt the OCS server certificate has the incorrect Subject Name.

    How are those specific clients configured to locate the OCS server, Automatic Sign-In (via DNS SRV/A lookup) or are you using Manual Configuration on them?  It's possible that the wrong server name FQDN is used in the Manual Configuration on the OC clients so that although the DNS resolution works on the entered-values, they don't EXACTLY match a certificate's SN/SAN value.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS

    This issue has started after someone by mistake has deleted computer account for AD. Before that it was working OK.
    How it resolved: Get Off from the Domain > Delete Comuter Account from AD> Rejoin to the Domain

    Thanks guys for all you expet advice. some of these are really eye opening.

    Thanks to Jess Schertz again.
    7 กันยายน 2552 23:26
  • Hello,

    How do I fix this if the machine was never on the domain?  I have a personal machine that is trying to connect to the OCS server and I get this same error message.

    c.
    14 กันยายน 2552 18:20
  • If the computer does not trust the Issusing Certifcate Authority of the OCS certificates, then you'll need to copy the CA certificates to over and put them in the proper location.  Take a look at this article for more assistance: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=72
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    14 กันยายน 2552 18:49
    ผู้ดูแล