locked
cannot start federation on ocs r2 running on server 2008 r2 RRS feed

  • Question

  • ocs front end server running on 2008 r2, access edge also running 2008 r2 and is in DMZ. no other server used.
    2 nics used on access edge, 1st connected to internal network and 2nd to external with 3 IP for av and web.

    ocs works fine for internal use but problem is we cannot federate with microsoft or login remotely.

    error on access edge -

    Federated partner sipfed.microsoft.com has sent a significant number of messages that have resulted in domain validation failures. There have been 14 such failures in the last 15 minutes.There have been 138 errors in total. This can happen when messages are sent to local users that don't exist, messages are sent from domains that the partner isn't allowed to send from, or when the partner sends messages destined to domains that this organization isn't responsible for.

    error on front end -

    TLS outgoing connection failures.

    Over the past 17 minutes Office Communications Server has experienced TLS outgoing connection failures 16 time(s). The error code of the last failure is 0x80004005 (Unspecified error) while trying to connect to the host "ocs.DOMAIN.co.uk".

    Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.

    Resolution:

    For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.

    OCS.DOMIN.CO.UK is fqdn of access edge.

    I thought its a certificate issue but CA is installed on front end and access edge got the certificate from front end so there is no way it does not trust the certificate.
    we are using public cert for access edge external interface.

    i checked the network packets and both front end and access edge are sending and receiving packets.
    we have  a srv for our access edge with our isp which resolves to fqdn of access edge...

    please help to resolve this issue :( 

    Monday, September 28, 2009 2:57 PM

Answers

  • Instalec,

    Are you running 2007 R2 on Server 2008 R2?  Although there may be other root causes, OCS 2007 RTM and R2 are not currently supported on the Server 2008 R2 OS, people have seen similar odd issues when running on 2008 R2.  I'd recommend starting with installing on a 2008 (Non-R2) machine.

    HTH

    -kp
    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    Monday, September 28, 2009 7:34 PM