locked
Cannot Sign In Communicator RRS feed

  • Question

  • Since i did not get any response earlier i'm re-adding some new additional information which would give people better insight into the matter.

    Our Environment:

    Exchange 2007 on Windows 2008 Server                                         192.168.0.254
    DC on Windows Server 2003 and OCS 2007  R1                               192.168.0.253

    I followed the Consolidated Setup for Enterprise Edition

    The installation of OCS went smoothly; i had an issue with service accounts where the service was not starting (RTCService, RTCComponent...)
    Firstly i would like to ask why this account would not fire up, i set the account to password does not expire, incase but it fails to start any service they are members of their own RTC universal group.

    I sorted the problem by adding domain\administrator and added the administrator to all the RTC Usergroups (Is this the right thing to do?)
    All services are running fine though. Also i change for the Application pool for the respective Identity to domain\administrator in IIS

    When creating users i chose to created with their email addresses and they are enabled and it shows in the communication column that the users are enabled.

    I had created a certificate earlier and assigned to the computers already. Certificate name is office.schs.org.ae. CA is installed on the OCS server.

    The pool name is office.schs.org.ae and i have a dns record for sip.schs.org.ae and office.schs.org.ae and sipinternal.schs.org.ae pointing to my ocs server 192.168.0.253 

    Is this the right thing to do?

    I also created a DNS SRV record for _sipinternals and chose _tcp and port 5061 for the pool office.schs.org.ae

    Is this necessary?

    I installed communicator on a computer entered his email address and it tried logging in it told me that communicator could not find the certificate. So when i go to http://servername/certsrv i am given an option to download the certificate, but this certificate is not the one i created this is the one i guess which is made when i first installed CA and this may be the Root Certificate 

    Now if i export the one which i created and add it to the client trusted section communicator tells me that there was and error verifying the certificate

    However if i visit the hyperlink above and download the root certificate and add it to the trusted section of the clients pc, automatically communicator comes up and tells me to enter credentials username and password.

    Why is this not happening with the certificate i created for OCS

    After entering right credentials i get the following error.

    Cannot sign in to Communicator. You may have entered your sign-in address, username, op password incorrectly, or the authentication service may be incompatible with this version of the program.

    Username and password is right i dont know abt the authentication, OCS shows NTLM and Kerberos enabled with tick marks.

    We have ISA 2006 in our environment and it does not block any traffic from the computer.

    I have no idea how to progress further; im not sure if what i have done in the dns entry is right or not. Im facing this problem on all computers.

    We are planning to user OCS so far only internally for IM and Webchat

    --------------------------------------------------------------------------------

    Event LOG on my PC has nothing regarding communicator

    Event LOG on the OCS server has the following below.

    The process DataMCUSvc(416) failed to send health notifications to the MCU factory at https://office.schs.org.ae:444/LiveServer/MCUFactory/.

    Failure occurrences: 5, since 6/25/2009 8:49:50 AM

    The process IMMcuSvc(2584) failed to send health notifications to the MCU factory at https://office.schs.org.ae:444/LiveServer/MCUFactory/.

    Failure occurrences: 5, since 6/25/2009 8:49:52 AM.

    The process AVMCUSvc(6072) failed to send health notifications to the MCU factory at https://office.schs.org.ae:444/LiveServer/MCUFactory/.

    Failure occurrences: 5, since 6/25/2009 8:49:52 AM.


    ------------------------------------------------------------

    Note: I change my address Book Url from https to http. I also want to change the Group Expansion and the Meeting URL but Wbemtest does not allow me and gives me an error and to dismiss the changes.

    How does it change for address book and not the others, i stopped all office related services. The strange this i notice that when changing the URL for Group Expansion it will allow to change the hyperlink for example group can be changed to group1 but i cannot change the https to http (want i want is to access the url without https)

    Lastly is certificates really neccessary and can this be avoided

    Can anyone please help on this matter.

    Sheldon


    MVP - Most Valuable Primate
    Tuesday, June 30, 2009 6:08 PM

Answers

  • This one was fairly simple after pulling out my hair for 2 weeks the solution was very short. I noticed that NTLM and Kerebros authentication were both used. Since we dont use the latter, i just went to front end folder in OCS console and in properties changed the authentication from Both to only NTLM and voila! it works fine

    I even managed to solve the Address Book Issue.
    MVP - Most Valuable Primate
    Wednesday, July 1, 2009 10:24 AM