locked
Problem verifying the certificate from the server.

    Question

  •  

    When users try to Sign In using Office Communicator, they would get a pop up screen:"There was a problem verifying the certificate from the server. Please contact your system administrator."  I am using Office Communications Server 2007 STD.  I thought this would be a easy setup since it is a standard version but I guess not.  I am using a local cert with FQDN as sip.waterinc.com.  I look at the user application event log and this is what I get.

    Event Type: Warning
    Event Source: Communicator
    Event Category: None
    Event ID: 1
    Date:  8/20/2008
    Time:  8:34:23 AM
    User:  N/A
    Computer: JLOWSACOLL
    Description:
    Communicator was unable to locate the login server.  No DNS SRV records exist for domain waterinc.com, so Communicator was unable to login.
     
     Resolution:
     Please double-check the server name to make sure that it is typed correctly.  If it is correct, the network administrator will either need to use manual configuration to specify the login server's fully-qualified domain name (FQDN), or add DNS SRV records for the waterinc.com domain in order to allow automatic client configuration.  The DNS SRV records _sipinternaltls._tcp.waterinc.com, _sipinternal._tcp.waterinc.com and/or _sip._tls.waterinc.com may need to be configured if automatic configuration is desired.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    Event Type: Error
    Event Source: Communicator
    Event Category: None
    Event ID: 4
    Date:  8/20/2008
    Time:  9:17:00 AM
    User:  N/A
    Computer: JLOWSACOLL
    Description:
    Communicator could not connect securely to server sipinternal.stswater.com because the certificate presented by the server did not match the expected hostname (sipinternal.waterinc.com).
     
     Resolution:
     If you are using manual configuration with an IP address or a NetBIOS shortened server name, a fully-qualified server name will be required.  If you are using automatic configuration, the network administrator will need to make sure that the published server name in DNS is supported by the server certificate.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    sipinternal.waterinc.com is in DNS so I am not sure what I am doing wrong.

     

    Any help would be appreciated.

     

    Thanks

    Wednesday, August 20, 2008 12:59 PM

All replies

  • The Subject Name of the certificate applied to your Front-End server needs to have the same name that the client resolves for connection.

     

    Ideally you should create an SRV record which points to the A record for your Stanard Editoin front-end server's FQDN.  What is the actual hostname of that server?

     

    Example:

     

    1. Deploy internal Standard Edition OCS server named: ocsfe1.waterinc.com
    2. Verify DNS A record is created for ocsfe1.waterinc.com
    3. Create SRV record for TLS traffic on 5061: _sipinternaltls._tcp.waterinc.com and point that record to the exsiting A record for ocsfe1.waterinc.com.
    4. Deploy certifcate to the front-end server using ocsfe1.waterinc.com as the Subject Name.
    Wednesday, August 20, 2008 1:43 PM
  • The actual server name is COLOS1.waterinc.com.  Since it is in teh dev environmnet, I will blow away the imgae and redo it again.  I will follow your instruction.  So the sert in my ase should say colocs1.stswater.com but what about the subject alternate name?

     

    Thanks

     

    Wednesday, August 20, 2008 4:08 PM