Asked by:
Federation route needed? (validation errors related to this)? Federation meaning?

Question
-
We have one domain, one forest..
I'm not real clear on what the whole federation concept implies.. but running the FE validation results with these messages:
Default outgoing route for federation: None available
Suggested Resolution: Federation is enabled at the forest level. However, no global or default federation servers are available. Ensure that these settings point to a valid server and that the server is running.Failure
[0xC3FC200D] One or more errors were detectedGlobal Federation Route: sourceserver.pst.local
Global Federation Route: The specified value equals the current server or pool.Warning
[0x43FC200C] Not all checks were successfulChecking local federation route Local Federation Route: None Found Warning
[0x43FC200C] Not all checks were successfuland also these:
This "liveserver" doesnt exist either.. actually not sure where to find live server at to install?
Attempting to send a CCCP HTTP request https://serverb.domain.local:444/LiveServer/Focus HTTP Connectivity Error : TrustFailure
HTTP Connectivity Error : Trust failure can happen if the remote server presented a certificate
that was not recognized as valid. This can also happen if the remote server certificate subject name
is not recognized as a trusted server.
HTTP Connectivity Error : Ensure that the certificate of the local server and remote server are both
valid, have not expired, and contain valid subject name. In addition, ensure that the certificate chain
of both Server(s) are valid. Ensure that the certificate chain of the local server is installed
on the remote server and vice-versa. The most up-to date certificate chain that was used to issue
the server certificate must be present.Failure
[0xC3FC200D] One or more errors were detectedCheck user logon Failure
[0xC3FC200D] One or more errors were detectedAttempting to login user using Kerberos Maximum hops: 2
Failed to register user: User sip:testuser2@domain.com@ Server
Failed to send SIP request: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Suggested Resolution: Make sure that the server is listening on the specified IP address/Port/Transport. If you have a firewall make sure that this port is open. Make sure that the server is running. If this is an Edge Server, ensure that remote user access has been enabled. This can be ignored if you have not enabled the transport on the target server.Failure
[0xC3FC200D] One or more errors were detectedAttempting to login user using NTLM Maximum hops: 2
Failed to register user: User sip:testuser2@domain.com @ Server
Failed to send SIP request: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Suggested Resolution: Make sure that the server is listening on the specified IP address/Port/Transport. If you have a firewall make sure that this port is open. Make sure that the server is running. If this is an Edge Server, ensure that remote user access has been enabled. This can be ignored if you have not enabled the transport on the target server.Failure
[0xC3FC200D] One or more errors were detectedAttempting to login user using Kerberos Maximum hops: 2
Failed to register user: User sip:testuser@domain.com @ Server
Failed to send SIP request: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Suggested Resolution: Make sure that the server is listening on the specified IP address/Port/Transport. If you have a firewall make sure that this port is open. Make sure that the server is running. If this is an Edge Server, ensure that remote user access has been enabled. This can be ignored if you have not enabled the transport on the target server.Failure
[0xC3FC200D] One or more errors were detectedAttempting to login user using NTLM Maximum hops: 2
Failed to register user: User sip:testuser@domain.com @ Server
Failed to send SIP request: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Suggested Resolution: Make sure that the server is listening on the specified IP address/Port/Transport. If you have a firewall make sure that this port is open. Make sure that the server is running. If this is an Edge Server, ensure that remote user access has been enabled. This can be ignored if you have not enabled the transport on the target server.Failure
[0xC3FC200D] One or more errors were detectedCheck two-party IM Check two-party IM: Skipped due to user registration failure Failure
[0xC3FC200D] One or more errors were detectedTuesday, October 23, 2007 6:12 PM
All replies
-
also getting an error for the user trying to logon via Kerberos and NTLM:
Attempting to login user using Kerberos Maximum hops: 2
Failed to register user: User sip:testuser@domain.local @ Server
Failed to send SIP request: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Suggested Resolution: Make sure that the server is listening on the specified IP address/Port/Transport. If you have a firewall make sure that this port is open. Make sure that the server is running. If this is an Edge Server, ensure that remote user access has been enabled. This can be ignored if you have not enabled the transport on the target server.Tuesday, October 23, 2007 6:15 PM -
Looks to me like you're having a certificate-issue and a missing federation route.
Do you have an Edge server deployed at all?
Do you have a CA available internally?
Tuesday, October 23, 2007 7:16 PM -
Martijn Haverhoek wrote: Looks to me like you're having a certificate-issue and a missing federation route.
Do you have an Edge server deployed at all?
Do you have a CA available internally?
We just have OCS installed on one internal box (behind the firewall).. Do I need the whole federation thing? Not sure what it gives us, since getting this error, I unchecked the federation option in the admin console..
I'm using a local server certificate.. its install in the trusted certficates section.. for the CWA portion i'm using a godaddy ssl certificate for wan1.domain.com.. I also added the intermediate certificate to the local store for the wan1 ssl ..
We arent using any edge servers..
I also cant seem to get live meeting server requests to work.. even the test of it fails.. as there is not path to https://server:444/liveserver
Also.. attempts to do 3 party IM's fail with "
An error occurred while trying to start the conference" ID: 5001
Tuesday, October 23, 2007 8:35 PM -
What is meant by federation.. are we losing something by not having a federation setting turned on?Thursday, October 25, 2007 3:34 PM