locked
Conferencing and Internal CA Issue RRS feed

  • Question

  • Hi, My problem is about Conferencing and internal CA.
    The problem is conferencing doesn't work, but two party conversation works fine. When i try to join one another person to two IM conversation, get this error:

     The conferencing service did not respond. Wait and then try again. If you still cannot connect, contact your system administrator with this information. (ID: 3098)
     The following message was not delivered to all participants. More details (ID:3098)

    And these errors report on event viewer on OCS server too:


    Event Type:    Error
    Event Source:    OCS User Services
    Event Category:    (1006)
    Event ID:    32065
    Date:        10/4/2009
    Time:        8:09:12 AM
    User:        N/A
    Computer:    OCS
    Description:
    Failed to send Http application request to service. Requests for this service will be retried but if this error continues to occur functionality will be affected.

    Url: https://pool.nli.org:444/LiveServer/MCUFactory/
    Cause: Network related error or destination service being non-functional.
    Resolution:
    Ensure that the service is provisioned and functioning correctly. If any network related errors are reported by the service ensure that they are resolved.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    ------------------------------------------------------------------
    Event Type:    Error
    Event Source:    OCS User Services
    Event Category:    (1006)
    Event ID:    30988
    Date:        10/4/2009
    Time:        8:09:12 AM
    User:        N/A
    Computer:    OCS
    Description:
    Sending C3P request failed. Conferencing functionality will be affected if C3P messages are failing consistently.

    Sending the message to https://pool.nli.org:444/LiveServer/MCUFactory/ failed. Error code is 2EFE.
    Cause: Network connectivity issues or an incorrectly configured certificate on the destination server. Check the eventlog description for more information.
    Resolution:
    Check the destination server to see that it is listening on the same URI and it has certificate configured for MTLS. Other reasons might be network connectivity issues between the two servers.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



    Even more these errors reported repeatedly:

    Event Type:    Error
    Event Source:    OCS MCU Infrastructure
    Event Category:    (1022)
    Event ID:    61013
    Date:        10/4/2009
    Time:        7:35:44 AM
    User:        N/A
    Computer:    OCS
    Description:
    The process DataMCUSvc(2796) failed to send health notifications to the MCU factory at https://pool.nli.org:444/LiveServer/MCUFactory/.
    Failure occurrences: 15022, since 10/1/2009 5:00:27 PM.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    ------------------------------------------------------------------

    Event Type:    Error
    Event Source:    OCS MCU Infrastructure
    Event Category:    (1022)
    Event ID:    61013
    Date:        10/4/2009
    Time:        7:35:18 AM
    User:        N/A
    Computer:    OCS
    Description:
    The process IMMcuSvc(1304) failed to send health notifications to the MCU factory at https://pool.nli.org:444/LiveServer/MCUFactory/.
    Failure occurrences: 15021, since 10/1/2009 5:00:15 PM.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    ------------------------------------------------------------------

    Event Type:    Error
    Event Source:    OCS MCU Infrastructure
    Event Category:    (1022)
    Event ID:    61013
    Date:        10/4/2009
    Time:        7:29:58 AM
    User:        N/A
    Computer:    OCS
    Description:
    The process AVMCUSvc(4456) failed to send health notifications to the MCU factory at https://pool.nli.org:444/LiveServer/MCUFactory/.
    Failure occurrences: 15005, since 10/1/2009 4:58:40 PM.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    ------------------------------------------------------------------

    Event Type:    Error
    Event Source:    OCS MCU Infrastructure
    Event Category:    (1022)
    Event ID:    61013
    Date:        10/4/2009
    Time:        7:23:09 AM
    User:        N/A
    Computer:    OCS
    Description:
    The process ASMCUSvc(804) failed to send health notifications to the MCU factory at https://pool.nli.org:444/LiveServer/MCUFactory/.
    Failure occurrences: 15021, since 10/1/2009 4:48:02 PM.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    ------------------------------------------------------------------

    Event Type:    Error
    Event Source:    OCS MCU Infrastructure
    Event Category:    (1022)
    Event ID:    61013
    Date:        10/4/2009
    Time:        7:22:59 AM
    User:        N/A
    Computer:    OCS
    Description:
    The process AcpMcuSvc(2012) failed to send health notifications to the MCU factory at https://pool.nli.org:444/LiveServer/MCUFactory/.
    Failure occurrences: 15021, since 10/1/2009 4:47:53 PM.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    ------------------------------------------------------------------


    My OCS installation is Enterprise Edition 2007 R2 on Windows 2003 Enterprise x64. We used internal CA and followed technet instruction for installation.

    I searched alot and examine lots of solution but nothing changed
    .

    Only one thing interested me and was certificate purpose. OCS uses a Certificate Template named WebServer to request certificate by default. this template only support Server Authentication and cannot be changed to support Client Authentication too. I think OCS certificate might be need for both purpose, but the certificates this template issues is just for Server Authentication. I duplicated this template and named new template WebServer2 , configured for both Server & Client Authentication and tried to generate a Certificate for OCS through the OCS Certification Wizard , but this wizard only take certificate from WebServer Template by default and don't let me to change the template name. Then tried through Offline Certificate request and used web interface of our CA:

    First of all generate certificate request text file with OCS Certificate Wizard as usual but in 3rd page of wizard select Prepare the request now, but send it later (Offline certificate request) , then:
    1. went to http://<CA_Server>/certsrv
    2. select Request Certificate
    3. then clicked on advanced certificate
    4. on the next page select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
    5.
    Browse for text request file and pointed to it.
    6. In Certificate Template section  selected WebServer2 from the list which I've created before and clicked on Submit.
    But on the next page I've got this error message:

    Your certificate request was denied.

    Your Request Id is 5594. The disposition message is "Denied by Policy Module 0x80094802, The request specifies conflicting certificate templates: WebServer/WebServer2. ".

    Contact your administrator for further information.


    I deactivated and uninstalled conferencing components and installed and activated again, but problem exist yet.

    I really confused and don't know what to do. Is possible Microsoft doesn't support conferencing with internal CA? Please help me to get rid of this.
    How can i generate certificate for OCS with template other than default WebServer template or change default template from WebServer to another one and force OCS to get certificate from it? because as said before OCS only point to WebServer template in CA.
    I know my conferencing problem is related to certificate which mentioned above which isn't for Server and Client Authentication purpose. but don't know how to resolve this issue. My OCS is internal and don't want to use external CA, we need to use internal CA.
    Any useful ideas?



    Hossein Tavakkoli
    Sunday, October 4, 2009 5:52 AM

Answers

All replies