TLS Connect Failed RRS feed

  • Question

  • Hi all,

    I am receiving the following error when running the OCS 2007 Front End Server validation check against my standard edition server which is used for internal only IM.

    DNS Resolution succeeded: x.x.x.x x.x.x.x
    TLS connect succeeded: x.x.x.x:5061
    Routing trust check and MTLS connectivity: Succeeded
    TLS connect failed: y.y.y.y:5061 Error Code: 0x274d No connection could be made because the target machine actively refused it
    Suggested Resolution: Make sure that the server is listening on the specified IP address/Port/Transport. If you have a firewall make sure that this port is open. Make sure that the server is running. If this is an Edge Server, ensure that remote user access has been enabled. This can be ignored if you have not enabled the transport on the target server.
    Suggested Resolution: Ensure that the DNS records have been setup correctly. If this server is an Access Edge Server, make sure outside user access is enabled.

    The IP that errors (y.y.y.y) is assigned to an additional interface configured on my server and is not related to OCS. Communication with OCS from clients is working correctly using x.x.x.x:5061.

    I have configured all services via the OCS Server Admin tool to use the single x.x.x.x address rather than the default All, but am unable to identify the location of the configuration for the y.y.y.y address.

    This is not causing a fault, however I would like to remove the error for completeness sake.

    Note:  Disabling the 2nd interface and rerunning the validation check removes the error. Perhaps OCS dynamically detects all available interfaces?

    How can I get OCS to ignore this additional interface?

    Many Thanks

    Wednesday, February 11, 2009 8:34 PM

All replies

  • Edit:  My mistake - I was mixing up configuration settings.
    Thursday, February 12, 2009 12:24 AM
  • Mike, are you sure about that?  Under the Front-End Server properties you can change the Listening Address Settings from 'All' to just a single IP address.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, February 12, 2009 2:40 AM
  • Hi Mike / Jeff,

    I have already restricted the IPs listened on within the properties of the Front End, Web Conferening and A/V Conferencing services within OCS and the website in IIS. However unfortunately it still detects the additional interface when running the Front End Server validation.



    Thursday, February 12, 2009 3:12 AM
  • If the certificates Subject Name does NOT match the actual server name then you will see this error and you can ignore it as cosmetic. WMI returns the servers name reguardless of what DNS name you tried to connect to and verify against the cert.
    Thursday, February 12, 2009 5:12 AM
  •  Check out this link below.

    Thursday, February 12, 2009 5:26 AM
  • Thanks for the response and information Mark.

    The Subject Name on the certificate and the server name do match in my case.
    Thursday, February 12, 2009 8:57 PM