Child domain, Certificate issues RRS feed

  • Question

  • Server certificate different than Communication server login.


    Configuring Communications Server 2007 and Certificate Authority server.

    Domain is PNE.BC.CA

    Communications server certificate is servername.PNE.BC.ca

    E-mail addresses and Communication server logins are username@pne.ca (not @pne.bc.ca)


    Office communicator works properly using servername.pne.bc.ca for internal server name.


    When using online meeting unable to login due to secure connection issue.

    Will not connect internally or externally.


    "LiveMeeting could not connect securely to server sipexternal.pne.ca because the certificate presented by the server did not match the expected hostname (sipexternal.pne.ca)."


    Have configured DNS CName for server and sip to reflect both domain names.


    I believe ths issue is with the Certificate and naming convention. 

    Has anyone had experience with installation of communications server in parent/child domain envornment?

    Although not really a parent and child, not really sure why ancient oracles installed domain this way.







    Friday, October 24, 2008 12:08 AM

All replies

  • Hi,

    the external FQDN configured in your communicator and livemeeting client has to be on the certificate subject name or subject alternate name properties of the certificate. This FQDN has to be configured on the certificate located on the Access Edge server so you may want to check that certificate

    sipexternal.pne.ca should be on the access edge certificate for secure TLS connections to work properly in automatic configuration.
    As a temp workaround you can also configure your livemeeting client external FQDN to match that of the access edge certificate subject name. This way your TLS connection can be established and you can still logon with username@pne.ca.

    Tonino Bruno
    Friday, October 24, 2008 11:19 AM
  •  Lloyd_PNE wrote:

    Although not really a parent and child, not really sure why ancient oracles installed domain this way.


    This could be a factor; what do you mean by it's not 'really' a parent-child configuraiton?

    Friday, October 24, 2008 10:45 PM
  • Not Really a parent child - Our domain is PNE.BC.CA although a true parent/child domain would include the single domain BC.CA and the child PNE.bc.ca.  this is not the case, we only use the PNE.BC.CA, we have no accounts or access to the BC.CA domain, it does not exist. Not sure why it was set-up in this manner.

    All accounts existing within PNE.BC.CA

    Login accounts are usename@pne.ca, however computer accounts are loc computername.pne.bc.ca


    It does not really matter a this time as I beleive I have sufficently broken the install at this time that I am rebuilding the server from the start.  Currently the Office Communications Server Front-End service will no longer start even after an uninstall/re-install process.  Our attempts to correct the certificate, DNS, open ports, etc appear to have broken something else.




    Friday, October 24, 2008 11:44 PM