locked
Unknown URL when Validating Web Conference and A/V Conferencing RRS feed

  • Question

  • I have performed a validation several times in regards to the Web Conference and A/V Conferencing.  Each time I get failures that point to an HTTP 401 error which appears to be based off of the URL of http://<poolnameFQN>:444/LiveServer/DataMCU and http://<LCSServerFQN>:444/LiveServer/MCUFactory I have searched through all available settings looking for the designation of port 444 which does not exist in IIS for any of the websites but can not find it. 

     

    Is this part of the initial install where the virtual folders were not created in IIS or a site using port 444 was expected to be setup before hand?

     

    Can this setting be changed and how can I setup the virtual folders for LiveServer manually?

     

    Any help will be appreciated.

     

    Regards,

    Eugene

    Tuesday, March 27, 2007 4:11 PM

Answers

  • Peter and I were working on this problem together.

     

    As it turns out the "Enhanced Key Usage" of our 3rd party certificate was only configured for Server Authentication (OID=1.3.6.1.5.5.7.3.1) and did not include Client Authentication (OID=1.3.6.1.5.5.7.3.2).  When we obtained and applyed a new certificate that included usage for both Server and Client Authentication, everything began working properly and the 61030 and 61013 events disappeared.

     

    Since the status of the original certificate was OK, the notes on these errors in the validation report were slightly misleading.  I'm not sure if it's possible, but it would have saved us time if the validation errors had specifically indicated that the missing client authentication key usage was the culprit.

     

    Matt D.

    MCSE, MCDBA

    Saturday, April 7, 2007 2:17 AM

All replies

  • The port 444 calls you are referring to are in reference to the A/V MCU. I have never tried to change the port, so unfortunately I am not sure one way or the other. Is there a need to change the port? If you go to a web browser and attempt to go to the page directly, does it succeed? I would guess you are having a certificate issue - basically FQDN vs. short name of the server. Let me know if that helps or if there are any other questions.
    Tuesday, March 27, 2007 9:34 PM
  • Brian,

     

    Thanks for your reply.  I do not have a need to change the port but was only in the process of validating it.  One of my test following my submission of this issue was to try and connect to the url provided.  When doing so I was prompted for a certificate which does not exist on my machine.  I believe that you are correct when you say that it must be an issue with the FQDN vs. the short name.  I am going to work on getting the certificate issue resolved and will let you know the results. 

    Wednesday, March 28, 2007 2:06 PM
  • Did you ever get this resolved?  We are experiencing the same problem with a SE install with Web Conferencing and A/V Conferencing installed and activated.  However, whenever we try to validate one of the servers (Front End, Web Conferencing, A/V Conferencing) we get an error about anything referring to port 444.  What is/should be running on port 444?  Is there somewhere to configure this?  We have installed a valid certificate from a public CA, the firewall is open on that port, and netstat shows that it is listening.  We are also logging an error in the Event Logs every couple of seconds:

     

    Event Type: Error
    Event Source: OCS MCU Infrastructure
    Event Category: (1022)
    Event ID: 61030
    Date:  4/3/2007
    Time:  1:46:43 PM
    User:  N/A
    Computer: <ComputerName>
    Description:
    The process RtcHost(2200) did not receive a certificate from the client.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    We also get the following error every 2-5 minutes:

     

    Event Type: Error
    Event Source: OCS MCU Infrastructure
    Event Category: (1022)
    Event ID: 61013
    Date:  4/3/2007
    Time:  10:40:33 AM
    User:  N/A
    Computer: <ComputerName>
    Description:
    The process AVMCUSvc(3580) failed to send health notifications to the MCU factory at https://<FQDN>:444/LiveServer/MCUFactory/.
    Failure occurrences: 29, since 4/3/2007 10:33:18 AM.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    I am assuming these are all related?  Thanks in advance for any help!

    Tuesday, April 3, 2007 6:57 PM
  • Sorry for the late reply,

     

    After some looking around I found that you will not find port 444 in IIS and that it is being hosted by one of the OCS services.  If anybody finds this to be incorrect please chime in.  So it would be my understandint ath there is an issue with either the Web Conference or the A/V Conferencing setups.  To verify if the port is reachable you can do a telnet <computer name> <port>  if you get a blinking courser in the upper right hand corner then you know that you are connected to the port and that the issue is most likely the configuration.

     

    As for what I did, I believe that it may have just been a restart.  So I may have made changes and either restarted the service and this issue along with serveral others came up.  After correcting the settings, sorry I have been making alot of changes and am not sure what it was, I restarted again and all was good.

     

    I know that this is not much, but sometimes just a simple understanding of what is going on will help.

     

    Regards,

    Eugene

    Friday, April 6, 2007 1:04 AM
  • Thanks for the update.  Unfortunately I have restarted many times and the certificate errors don't seem to stop.  We are able to telnet to the port without any problem, and netstat shows that the SYSTEM process is listening on that port, so it seems to be running correctly.  We even get this in the event logs on startup:

     

    Event Type: Information
    Event Source: OCS MCU Factory
    Event Category: (1021)
    Event ID: 51020
    Date:  4/6/2007
    Time:  8:22:49 AM
    User:  N/A
    Computer: <ComputerName>
    Description:
    The MCUFactory is listening for HTTP requests on https://<FQDN>:444/LiveServer/MCUFactory/.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
     

    However, we still get the previous errors after any one of the MCUs start.  If anyone else has any suggestions or ideas, we would be very grateful.  Or if anyone knows where to configure the certificate that the RTCHost needs that might be helpful as well.

     

    Thanks again,

     

    Peter

    Friday, April 6, 2007 12:30 PM
  • Can you run your validation wizards and post your HTML results for the various functions?
    Friday, April 6, 2007 5:15 PM
  • Peter and I were working on this problem together.

     

    As it turns out the "Enhanced Key Usage" of our 3rd party certificate was only configured for Server Authentication (OID=1.3.6.1.5.5.7.3.1) and did not include Client Authentication (OID=1.3.6.1.5.5.7.3.2).  When we obtained and applyed a new certificate that included usage for both Server and Client Authentication, everything began working properly and the 61030 and 61013 events disappeared.

     

    Since the status of the original certificate was OK, the notes on these errors in the validation report were slightly misleading.  I'm not sure if it's possible, but it would have saved us time if the validation errors had specifically indicated that the missing client authentication key usage was the culprit.

     

    Matt D.

    MCSE, MCDBA

    Saturday, April 7, 2007 2:17 AM
  • Hi,

     

    I am trying to make the web server certificate template on my CA to include Client Authentication in addition to Server Authentication. How would I be able to do this?

     

    I would appreciate any help.

     

    Thanks. 

    Tuesday, July 10, 2007 6:06 PM
  • So how does this affect using Self Signed Certificates?

    Can Self Signed Certs be used with LCS in a test/DEV environment?

     

     

    Thanks

     

    Damian Yates

    GTSI Corporation

    Monday, July 16, 2007 8:00 PM