locked
AV Edge server validation errors RRS feed

  • Question

  • Hi All

     

    I'm having issues validating my AV edge server, When I run a validation check I get the following

     

    Sending allocate without authentication for transport Udp    Exception: RemoteHost did not respond properly or it could not be reached. If its a Tcp connection, connection might have been closed
      Failure
    [0xC3FC200D] One or more errors were detected

     

    I can't see anything getting denied at the firewall (isa 2006). I have run Wireshark on the edge server and I am getting the following on packets from the edge server to the internal OCS:

     

    Message: Allocate Error Response

     

    Under Attribute Error-Code I get:

    Error Reason Phase: The request did not contain a Message-Integrity attribute

     

     

    Any ideas?

     

    Dave

    Monday, February 18, 2008 4:44 PM

Answers

  • Should have guessed shouldn't I.

    Reboot the firewall and it all works

    Grrrrrrrr

    Dave
    Wednesday, February 20, 2008 10:17 PM

All replies

  • Should have guessed shouldn't I.

    Reboot the firewall and it all works

    Grrrrrrrr

    Dave
    Wednesday, February 20, 2008 10:17 PM
  • I am facing exactly the same issue at a customer. AV validation doesnt succeed, it timeouts during the "Sending allocate without authentication for transport TCP" and in wireshark I see first UDP STUN response the same as yours (however, next 2 STUN response packets contain no error).

    I hope that the ISA restart may solve my issue also.

    Update: The issue may also happen, if the edge server is not configured in a supported way, for example: a single network card with the 2 IP address (external and internal) that are in the same subnet (ex. 10.0.0.10 and 10.0.0.11), so responses may not coming back from the good IP (the IP that the OCS expects to see) -> you can check these in STUN response packets, they contain different IP as the source then the IP address in the UDP packet header.
    Other problem may happen, if external IP is not a valid public IP (as in this case the 10.0.0.xxx is not a valid public IP)
    Tuesday, April 29, 2008 9:12 AM
  • I had this same problem but did things a little different.

    In my case the problem was recognized when I introduced a new standard edition R2 server.

    I went to the Edge server and added the new server to the authorized internal OCS servers on the edge server. I am not sure if i didn't give the edge server time to replicate but that did not work, so I ran through the configuration wizard and just accepted all defaults and then this problem was resolved (maybe services got restarted). Anyways just wanted to post in case someone else was having this problem.


    Jay
    Tuesday, June 23, 2009 1:12 PM