OCS 2007 PIC / Web Scheduling Hell RRS feed

  • Question




    I have the following setup 1 consolidated ENT OCS 2007 server and 1 consolidated OCS 2007 Edge Server. So far I am able to have client login and connect to the internal server and we have internal IM no problems. The users are enabled for Federated and PIC IM. However if a client go to add an MSN contact they add however when they go to message them they get the following:


    The following message was not delivered to <example>@hotmail.com. More details (ID:504)


    As best I can tell there is a problem between the edge server and internal server in routing SIP. I have configured the internal server to trust and communicate with the Edge server and when I run edge verification I get all success except the following this is when not testing federation:


    Enhanced Federation Domain Allow List Partner: None Found


    [0x43FC200C] Not all checks were successful 


    On all tests on the internal server I get all success except for a few phone warning however we are not integrated with our phone system yet. Any ideas?


    In regards to the Web Scheduler I have gone through the setup / activation and get all success however when any user goes to log into the /conf/int site using there domain\username the following page happens:


    Server Error in '/Conf/Int' Application.



    User or contact object not found for SID: S-1-5-21-54731450-520755517-1213672966-1466

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.


    Exception Details: System.ApplicationException: User or contact object not found for SID: S-1-5-21-54731450-520755517-1213672966-1466


    Source Error:


    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 


    Stack Trace:



    [ApplicationException: User or contact object not found for SID: S-1-5-21-54731450-520755517-1213672966-1466]

       Microsoft.LiveServer.Web.ADUtils.LookupUserOrContactDn(WindowsIdentity identity) +719

       Microsoft.LiveServer.Web.WMIUtils.GetUserObject(WindowsIdentity identity) +19

       Microsoft.LiveServer.Web.WMIUtils.GetSIPUri(WindowsIdentity identity) +18

       SchedulingApplication.OnRequest(Object s, EventArgs e) +213

       System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92

       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64



    Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433



    Any help or pointers would be much appreciated. I am more then willing to do the leg work if given some direction however I have exhausted google, experts-exchange searches and forums I’ve never seen before J


    Thank you in advance.




    Friday, February 8, 2008 12:50 AM

All replies

  • Re: your PIC question...have you received the confirmation from Microsoft that your PIC provisioning is complete?  The warning you listed above is benign - it's just telling you that that you're not federated with anyone.  Does remote access work?  If so, then you know that your Edge <-> Internal communication is fine, which only leaves a certificate or firewall issue.  Make sure the Access Edge certificate and DNS record match the FQDN that you specified in the PIC provisioning request, and be sure that the firewall is correctly handling port 5061 traffic.

    Friday, February 8, 2008 5:09 AM

    I think this is where my disconnect is on the PIC side of the issue. I tested last night from out of office if I could connect to the OCS server without VPN this does not seem to work. I get the following error:


    Cannot sign in because the server is temporarily unavailable.


    This is when connecting to the FQDN specified on my SSL cert using TLS. The current ports forwarded to this edge server are:


    TCP: 5061 – 5063


    TCP: 50000 – 52999

    UDP: 50000 - 52999


    Also I am unsure of what steps I need to take to initiate PIC provisioning on the external side of things. Internally I have enabled users for Federated / PIC contacts.


    Thank you again for assistance.




    I am able to make remote access work if I put in the FQDN of my OCS server :443. Is this normal or is there some configuration I should do so that users could directly connect to port 443 by name alone?




    In doing some digging it sounds like having the :443 on the end is perfectly normal and fine as long as it works. Secondly I finally dug and found out that I had to go to our VL portal to activate the provisioning process as such that has been kicked into gear. The only outstanding issue I have now is the error on the web scheduler.

    Friday, February 8, 2008 2:30 PM



    is the account that you are trying to log on with belong to the domain that the OCS server is in? i ran into that problem you had trying to log into the web scheduler with credentials from a second domain. It did not like it.

    Thursday, February 21, 2008 1:25 PM
  • Unfortunately we are simple and only have one domain. It doesn’t seem to matter if it’s a domain admin or just a simple user account I still get the error.

    Thanks for the reply. I almost wonder if it’s some sort of permissions / exchange setting I need to tweak?

    Thursday, February 21, 2008 2:07 PM
  • Look to me you configure the Access edge server to use port 443 for Remote access.

    For automatic configuration on the client you will need to have an SRV record with specify port=443

    With  Automatic configuration, the Remote client also need to have the certificate chain from the Root CA.

    If you are using third party CA (Verisign) for your external interface of your Access edge then the client should already have the certificate chain loaded.

    your SRV record should have something like this: XXX is your domain name.

    _sip._tls.XXX.com  SRV service location:
              priority       = 0
              weight         = 0
              port           = 443
              svr hostname   = sip.XXX.com
    Friday, February 29, 2008 11:29 AM
  • Tim,

    Did you found the solution for the "User or contact object not found for SID". I go the same problem.

    Friday, March 7, 2008 1:05 PM
  • As of today I still have not resolved the scheduling issue. I'd sure like to though but the error is so generic I'm not sure where to turn. All other issues have been resolved however.

    Friday, March 7, 2008 3:32 PM
  • I bet your communicator clients also display the error "cannot synchronize address book" ?

    Tuesday, December 16, 2008 3:50 PM