Answered by:
AV Edge server validation errors

Question
-
Hi All
I'm having issues validating my AV edge server, When I run a validation check I get the following
Sending allocate without authentication for transport Udp Exception: RemoteHost did not respond properly or it could not be reached. If its a Tcp connection, connection might have been closed Failure
[0xC3FC200D] One or more errors were detectedI can't see anything getting denied at the firewall (isa 2006). I have run Wireshark on the edge server and I am getting the following on packets from the edge server to the internal OCS:
Message: Allocate Error Response
Under Attribute Error-Code I get:
Error Reason Phase: The request did not contain a Message-Integrity attribute
Any ideas?
Dave
Monday, February 18, 2008 4:44 PM
Answers
-
Should have guessed shouldn't I.
Reboot the firewall and it all works
Grrrrrrrr
DaveWednesday, February 20, 2008 10:17 PM
All replies
-
Should have guessed shouldn't I.
Reboot the firewall and it all works
Grrrrrrrr
DaveWednesday, February 20, 2008 10:17 PM -
I am facing exactly the same issue at a customer. AV validation doesnt succeed, it timeouts during the "Sending allocate without authentication for transport TCP" and in wireshark I see first UDP STUN response the same as yours (however, next 2 STUN response packets contain no error).
I hope that the ISA restart may solve my issue also.
Update: The issue may also happen, if the edge server is not configured in a supported way, for example: a single network card with the 2 IP address (external and internal) that are in the same subnet (ex. 10.0.0.10 and 10.0.0.11), so responses may not coming back from the good IP (the IP that the OCS expects to see) -> you can check these in STUN response packets, they contain different IP as the source then the IP address in the UDP packet header.
Other problem may happen, if external IP is not a valid public IP (as in this case the 10.0.0.xxx is not a valid public IP)Tuesday, April 29, 2008 9:12 AM -
I had this same problem but did things a little different.
In my case the problem was recognized when I introduced a new standard edition R2 server.
I went to the Edge server and added the new server to the authorized internal OCS servers on the edge server. I am not sure if i didn't give the edge server time to replicate but that did not work, so I ran through the configuration wizard and just accepted all defaults and then this problem was resolved (maybe services got restarted). Anyways just wanted to post in case someone else was having this problem.
JayTuesday, June 23, 2009 1:12 PM