locked
Communication between Edge and Front End RRS feed

  • Question

  •  

    Hi Guys,

     

    I started to deploy a OCS2007 environment. What's already done:

    - created a consolidated pool for internal communication

    - internal communication works well

     

    What's the problem:

    - no connection between front end and edge server

     

    If I start to validate the front end server I get the following message:

     

    Code Snippet

    Default outgoing route for federation: None available
    Suggested Resolution: Federation is enabled at the forest level. However, no global or default federation servers are available. Ensure that these settings point to a valid server and that the server is running.
    Failure:
    [0xC3FC200D] One or more errors were detected

    DNS Resolution succeeded: 172.16.0.207 172.16.0.222
    TLS connect succeeded: 172.16.0.207:5061
    Routing trust check and MTLS connectivity: Timed Out
    Suggested Resolution: Routing trust check and/or MTLS connection establishment failed.
    This is usually caused by the remote server not accepting the certificate presented by the
    current machine. Check the local and remote server certificates for any
    misconfiguration. In addition, check whether the local server is recognized
    as a trusted server by the remote server.

    TLS connect succeeded: 172.16.0.222:5061
    Routing trust check and MTLS connectivity: Succeeded
    Failure:
    [0xC3FC200D] One or more errors were detected

    DNS Resolution succeeded: 172.16.0.207 172.16.0.222
    TLS connect succeeded: 172.16.0.207:5061
    Routing trust check and MTLS connectivity: TlsTransport is not connected, State=Disconnected
    Suggested Resolution: Routing trust check and/or MTLS connection establishment failed.
    This is usually caused by the remote server not accepting the certificate presented by the
    current machine. Check the local and remote server certificates for any
    misconfiguration. In addition, check whether the local server is recognized
    as a trusted server by the remote server.

    TLS connect succeeded: 172.16.0.222:5061
    Routing trust check and MTLS connectivity: Succeeded
    Failure:
    [0xC3FC200D] One or more errors were detected

     

     

    Well, it looks like a certificate problem and so I checked both certificates, the internal certificate of the edge server and the certificate of the front end server. I tried several configurations of the certificates and always received the same error.

     

    Yesterday I checked the DNS entries of the edge server and found out, that both the internal connection and the external connection have the same name (don't know how this happen, but I changed it). So now both of them have different entries in the DNS. After that the problem disappear and everything looks good. As I came back this morning and tried to connect from outside the internal network I get no connection. I looked into the event manager of the edge server and saw that the client was not trusted. Ok back to the front end and tried the validation again and the error was back!

     

    Well, do somebody has an idea??? I would be really appreciate for any idea or help!

     

    Cheers Dominic

    Thursday, May 8, 2008 9:22 AM

All replies

  • Dominic,

    Did you use subject alternate names in your certificates?

    I'm quoting from another post:

    "You said this above and I just didn't get the terminology, but for others who google their way over here I'll spell it out:  When you create the self signed certificate for your OCS server, there are fields for SANs (Subject Alternate Names), where you put in as many FQDNs as you require (in my case ocs.blah.com and ocs.blah.local), and once that's installed (and you have SRV and DNS records in place) the TLS error goes away. 

     

    Here's a site that illustrates it further:

    http://fawzi.wordpress.com/2008/02/16/configuring-ocs-2007-for-dns-splitting/

     

    Joe"

    Friday, May 9, 2008 4:54 AM
  • So after a while I found the problem. It was really simple, during the DNS replication something went wrong and the DNS record was duplicated. So I deleted one on the DNS server and everything works fine, but I didn't found out why it was duplicated.

     

    So solved ...

     

    Dominic

     

    Wednesday, May 14, 2008 1:34 PM