locked
Certificate Problems RRS feed

  • Question

  • Hello, I have a problem that is driving me insane. I installed Office Communications Server 2007 Beta 3 Enterprise Edition on a Windows Server 2003 R3. After setting up Active Directory, SIP and others, I came to the Certificate part. So, since I don't have access to another computer to be made a server right now, I made the same server a Certificate Server and created some random Certificate. Afterwards, I ran tests of connectivity and according to it, everything is working o.k.

    However; I can't login at all using Office Communicator 2007 Beta. I get the error message "There was a problem verifying the certificate from the server. Please contact your system administrator".

    So, I went to the client and did http://myserver/certsrv to install those certificates in the client so it became trusted. However, it simply won't work. So I decided to check in the server itself, where I installed Communicator to try the thing, but it threw the same error message, being even more weird, since the server is the Certificate Authority.

    I also tried installing the certificates manually (MMC -> Export, on the server, and MMC -> Import, on the client) with no luck.

    A little help would be greatly appreciated. Thanks in advance.
    Monday, May 21, 2007 5:52 PM

Answers

  • Well in fact, I have it working right now. All I did was change the hosts and the lmhosts file of the client computer adding 10.0.0.2 and pool01.communications.frs

    Thanks for the help anyway Smile.
    Friday, May 25, 2007 8:11 PM

All replies

  • Ok, now that's fixed. I was using the IP Address instead of the FQDN. With that I'm now able to connect (at least on the server).

    However, on the client I can't connect because:

    Communicator was unable to resolve the DNS hostname of the login server pool01.communications.frs.
     
     Resolution:
     If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full.  If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for pool01.communications.frs because it could not be resolved.

    I have no idea how to fix it but it now makes sense, I can't ping pool01.communications.frs, I can only ping to the IP (10.0.0.2) or to the computer name (FRS-SERV).
    Monday, May 21, 2007 8:57 PM
  • I've got quite the same problems concerning certificates. The difference for me is that I correctly installed the OCS with the certificate and I installed the certificate thanks to http://192.168.0.1/certsrv on my client.

    Anyway, when I try to do a TLS connection to the server with 192.168.0.1 as my OCS Server IP, I've got this error :

    "There was a problem veryfying the certificate from the server"

    And when I check into the event logs, I've got this :

    "Communicator could not connect securely to server 192.168.0.1 because the certificate presented by the server did not match the expected hostname 192.168.0.1"

    Any idea ?
    Tuesday, May 22, 2007 10:01 AM
  • That was exactly my first problem... I was connecting to 10.0.0.2 using TLS on Communicator. That wasn't working and was giving me the "There was a problem verifying the certificate from the server". You're supposed to use the FQDN of the pool.

    That would be the same address that you used for the certificate. In my case it was pool01.communications.frs. When I changed that, I got past that error (on both the server and the client, however I need to do something else on the client since it's now throwing me a different error).
    Wednesday, May 23, 2007 5:52 PM
  • Hi Antonio,

    Did you do the error's suggested resolution? Did you create an A record for pool01.communications.frs? This has to be done manually. You also need to create an SRV record, as documented in the OCS Setup guides.

    Please try this and let us know how it went.

    Thanks.

    Thursday, May 24, 2007 6:06 PM
  • Well in fact, I have it working right now. All I did was change the hosts and the lmhosts file of the client computer adding 10.0.0.2 and pool01.communications.frs

    Thanks for the help anyway Smile.
    Friday, May 25, 2007 8:11 PM
  • hello,

    This sounds as though it could be a DNS / DHCP issue

     

    I experienced a similar issue during early testing, which was resolved by adding the IP address of the LCSPOOL to the NIC that was being used by the hosting server(s)

     

    Firstly ensure that you have created the correct DHCP / DNS records for the Front-End, LCSPOOL ect ...

     

    Example if you have deployed Standard Edition, or Enterprise Edition in Consolidated Config' the

    Open the Network Connections

    Select the NIC that is being used by the Host server

    Right Click and select Properties

    Select Internet Protocol (TCP/IP)

    Properties

    Under the "General" tab select Advanced (Bottom Right)

    Under IP Address select add

    Add the IP Address and subnet for the LCSPOOL

    Click OK as required to exit

     

    You should only need to modify the hosts file if you have installed OCS into a DEV environment and you're testing it from a computer that sits within a different domain, or you have not enabled DNS / DHCP within the test environment

     

    Hopefully this helps


    Arthur

    Friday, July 20, 2007 6:24 PM
  • hello,
    dont worry

    i had this problem so , u can consider ur IIS maybe ur iis has been configured incorrect

    be sure ur ssl port in default web site in iis  has been configured on 443

    otherwise change it to 443 port

    good lock
    Monday, October 5, 2009 11:35 AM