LCS to OCS 2007 R2 RRS feed

  • Question

  • I"m doing a migration from LCS 2005 SP1 to OCS 2007 R2.  I have the new OCS 2007 R2 pool setup and configured, however I am unable to send IMs to users on LCS from OCS and vice versa.  The following error is showing up in the Event Log on the OCS FE server:

    Do the certificate name and friendly name on the certificate in LCS need to match?

    TLS outgoing connection failures.

    Over the past 20 minutes Office Communications Server has experienced TLS outgoing connection failures 12 time(s). The error code of the last failure is 0x80090322 (The target principal name is incorrect.) while trying to connect to the host "FRD01LCSIM01.domain.net".
    Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
    For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.

    Wednesday, June 17, 2009 3:56 PM

All replies

  • Hi trent ¡¡ Did you use the same CA to create both certificates (LCS and OCS)? if you did it , you can discard an untrust CA. Are you using a SAN in your LCS certificate? Your OCS pool is listenig for TLS connections in port 5061? MTLS is the default for server communication.
    Can you run a validation wizard in the front end server to see the errors?

    Tanx ¡¡¡

    Amado Imperial
    Wednesday, June 17, 2009 10:16 PM
  • the certificate that was being used on the LCS server did not have the server name listed and was only issued to sip.domain.net.  I issues a new certificate with the server name and the sip.domain.net listed as a Subject Alternative Name and everything is working properly.

    Thursday, June 18, 2009 10:29 PM