locked
Help! "Problem verifying the certificate from the server"

    Question

  • I"m in the middle of migrating our infrastructure from LCS 2005 to OCS 2007.  All traffic is going through the new OCS Edge server.  We have 1 LCS 2005 standard server and 1 OCS 2007 (front-end) standard server.  I'm in the process of moving pilot users from the 2005 server to the 2007 server.  Everything works except one particular scenario.

     

    If I launch Communicator 2005 from a stand-alone system that is connected to the network via VPN and login as a user thats been moved to the OCS 2007 pool, I get the following error:  "There was a problem verifying the certificate from the server.  Please contact your system administrator."  If I disconnect from the VPN and login to communicator directly over the internet, I'm able to connect without any issues.  Alternatively, if I move the user back to the 2005 pool, I'm able to login to communicator with a VPN connection.

     

     

    The event viewer just shows Event ID 36884:

     

    The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is ocsedge1.mydomain.com. The SSL connection request has failed. The attached data contains the server certificate.

     

    Thoughts?

     

    Is the issue that when I'm connected to the VPN, the client is attempting to bypass the edge server and authenticate directly with the front-end server?

     

    Tuesday, March 11, 2008 7:12 PM

All replies

  • According to the error you are receiving .. Your guess is right.

     

    The client is attempting to bypass the edge server and trying to get authenticate from FE. Where are you pointing to connect? Is it manual or automatic configuration? If Automatic then whicch DNS Server client is pointing to?

     

    Certainly the client is trying to connect with ocsedge1.domainName but its going to FE for cert verification...

     

     


    R. Kinker
    MCSE 2003 - Messaging, MCTS- (LCS 2005 & OCS 2007)
    http://www.OCSPedia.com
    http://www.ITCentrics.com

     

    Thursday, March 13, 2008 8:18 AM
  • Same question as kinker... You are directing ALL communications through your Edge regardless if the client is connected internally or externally?  Does your Internal DNS match, External DNS (mydomain.COM)? Can you provide some more info about how the client is configured (Auto or Manual) and some DNS record information?

     

     

     

    Rick

     

     

     

     

     

    Tuesday, March 25, 2008 9:35 PM