locked
Services wont't start on Edge Server RRS feed

  • Question

  • Hello,

     

    I could install the Standard Server just fine, users can connect and everybody is happy...

     

    but wehn I tried to install the Edg Server (all 3 Roles) I could install, configure, add Certificats without any problem... but when I try to start the Services none of them starts and I get these errors:

     

    Ereignistyp:      Fehler

    Ereignisquelle:  Service Control Manager

    Ereigniskategorie:         Keine

    Ereigniskennung:          7024

    Datum:             28.03.2007

    Zeit:                 17:05:43

    Benutzer:                      Nicht zutreffend

    Computer:        MEXICO

    Beschreibung:

    Der Dienst "Office Communications Server Access Edge" wurde mit folgendem dienstspezifischem Fehler beendet: 2147943755 (0x8007054B).

     

    Ereignistyp:      Fehler

    Ereignisquelle:  Service Control Manager

    Ereigniskategorie:         Keine

    Ereigniskennung:          7024

    Datum:             28.03.2007

    Zeit:                 17:05:56

    Benutzer:                      Nicht zutreffend

    Computer:        MEXICO

    Beschreibung:

    Der Dienst "Office Communications Server Web Conferencing Edge" wurde mit folgendem dienstspezifischem Fehler beendet: 2148074253 (0x8009030D).

     

    this basically says: Service terminated with service specific error code: 2147943755 (0x8007054B) and 2148074253 (0x8009030D).

     

    Machine running Edge Server is running on Win2k3 R2 and has ISA 2006 installed (could this be the problem?)

     

    any ideas?

     

    I could nof find out more, so I have no Idea in which direction to look... I did Monitor the traffic in order to find out if the services tried to talk to my Domain controllers, but there was no traffic. So I would guess the problem occurs before the services are contacting the AD. I taks quite  a while (like 30 sec) until the services fail...

     

    any hints are very welcome!

     

    thanks in advance!

     

    Martin

     

    Thursday, March 29, 2007 7:27 AM

Answers

  • Hello again,

     

    I found the error: the network account was unable to access the AD, so i created a service account and made sure that this account was able to access the certificate store.

     

    after that the services started.

     

    I am still configuring the ISA server....

     

    regards,

     

    Martin

     

     

    Thursday, March 29, 2007 11:15 AM

All replies

  • This may be of some use: I came across a similar issue with the access edge server and found this article/post.

    The solution (which worked for me) was in the original posters solution:

    "I managed to figure out what the problem was. In the Component Services, the
    "default authentication level" was set to NONE and the "default impersonation
    level" was set to "IMPERSONATE". If I change them to (I believe) the default
    values of "CONNECT" and "IDENTIFY" the service starts up OK."

    The link for the entire post is here:

    http://groups.google.co.uk/group/microsoft.public.livecomm.general/browse_thread/thread/69676fb2b4b62f06/8a581e4a7ca61bf7?lnk=st&q=Access+Proxy+Service+fails+to+Start&rnum=1#8a581e4a7ca61bf7

    Hope this helps
    Eoin

    Thursday, March 29, 2007 7:53 AM
  • Hello again,

     

    I found the error: the network account was unable to access the AD, so i created a service account and made sure that this account was able to access the certificate store.

     

    after that the services started.

     

    I am still configuring the ISA server....

     

    regards,

     

    Martin

     

     

    Thursday, March 29, 2007 11:15 AM
  • Hi Martin - so you are aware, the Edge server is not supported on a box running ISA and it should not be a member of your domain either. It sounds like from your description that this is the case so be aware that many many more issues may arise in this setup.
    Thursday, March 29, 2007 7:02 PM
  • Hello Brian,

     

    yes I am well aware that this config is not supported (which is very unfortunate). Still I have to try this way since I have no other machine available at the moment (and its only testing...).

     

    I already got the external IM connectivity up and running, A/V and WebConferencing are still refusing to cooperate... but I am working on that.

     

    The main problem now seems to be that my edge server presents a wrong certificate to my Standard OCServer.

    (Over the past 0 minutes Office Communications Server has experienced TLS outgoing connection failures 1 time(s).

    The error code of the last failure is 0x80090322 (Der Zielprinzipalname ist falsch.) while trying to connect to the host "sipgw.mydomain.at".)

     

    then I changed the cert on the gateway to *.mydomain.at, now I get a different error, which made me smile:

     

    A significant number of invalid certificates have been provided by remote IP address 192.168.200.90 when attempting to establish an MTLS peer. There have been 50 such failures in the last 61 minutes.

    Certificate Names associated with this peer were

     

    The serial number of this certificate is

    .

    The issuer of this certificate is

    The specific failure types and their counts are identified below.

    Instance count - Failure Type

    259 80090322

     

    Any hint which cert the OCS would expect from the Edge server would help a lot (probably this could be included in the RTM version)

     

    I know that I am trying to set up an unsopprted configuration, but still any help is very welcome.

     

    regards Martin

     

    Where would I get any documentation, like the Admin guide or so?


     

    Friday, March 30, 2007 9:43 AM
  • The certificate the internal OCS server is expecting to receive from the Edge is one with the DNS name you have associated to it. So, if your federation is set to send all messages to intedge.domain.com and the DNS is setup to resolve the IP of the Internal interface, the certificate for the Internal would be intedge.domain.com. However, using the certificate wizard most of these decisions and information will be configured for you. Smile
    Monday, April 2, 2007 6:30 PM
  • Hi Martin,

    Can you let us know the status of your issue? Did you figure out a solution? Would you share it with the forum? If not, please let us know ASAP.

    Thanks!

    Friday, April 13, 2007 5:54 AM
  • Hello,

     

    well I did install alle certificates with the wizard, but still i get the same error...

     

    strange

     

    regards Martin

    Thursday, April 19, 2007 7:11 AM