locked
OCS Protocol Stack RRS feed

  • Question

  • Good Morning Everyone,

     

    Last week I have setup our first instance of OCS07 on a test server.  We currently run LCS05 in our production environment.  The basic server info is as follows:

     

    LCS05

    Server:  K39LCS

    Pool:  LCSPOOL

     

    OCS07

    Server: OCS

    Pool: OCS07

     

    Certificates have been applied to both from our internal cert server.  We are only using the product currently for internal use.  So there is no extranet or edge connectivity required.

     

    There is an event being logged on OCS:

     

    Event Type: Error
    Event Source: OCS Protocol Stack
    Event Category: (1001)
    Event ID: 14428
    Date:  6/19/2007
    Time:  9:25:55 AM
    User:  N/A
    Computer: OCS
    Description:
    TLS outgoing connection failures.

    Over the past 9 minutes Office Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090322 (The target principal name is incorrect.) while trying to connect to the host "LCSPool.kenosha.r.int".
    Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
    Resolution:
    For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.


    I believe I have seen a thread or two with similar messages but no resolutions that seemed to fit the issue.

     

    Here are some other notes that may or may not relate involving Office Communicator(OC) users:

    -  OC07 with OCS07 pool will not communicate with LCSPool. 

    -  OC07 with OCS07 pool will not work unless user has enhanced presence enabled.

    -  OC07 with LCSPool doesn't work (I believe this in known)

    -  OC05 with LCSPool will not communicate with OCS07 pool.

    -  OC05 with OCS07 pool will communicate with OCS07 pool.

     

    Some of these may be known or maybe something is configured incorrectly but I thought they were good to mention.

     

    I appreciate any help on this.

     

    Thanks!

    Tuesday, June 19, 2007 3:11 PM

Answers

  • Good Morning,

     

    It was definately related to certificates. We have an environment that has a parent domain and a child domain.  The child domain is what we mainly use for production.  The parent was created to allow for multiple domains if needed.  After some trial and error with issuing certificates from an internal server we finally got it to take.  It basically came down to the way that certs were being issued.

     

    Thanks!

    Monday, July 9, 2007 1:15 PM

All replies

  • I think I may have resolved a portion of this.  It seems that the MTLS on the LCSPool was still using a bad cert.  I must have missed that when the proper cert was installed.  Will update when confirmed.
    Tuesday, June 19, 2007 6:52 PM
  • Hi,

    Can you let us know the status of your environment? Can you share any successes or configuration changes?

    Wednesday, June 27, 2007 8:04 PM
  • Please let us know the status of your issue? Did you finish your testing? Would you be able to share it with the forums? If not, please let us know of any changes to your environment or status. Thanks.

    Friday, July 6, 2007 9:31 PM
  • Good Morning,

     

    It was definately related to certificates. We have an environment that has a parent domain and a child domain.  The child domain is what we mainly use for production.  The parent was created to allow for multiple domains if needed.  After some trial and error with issuing certificates from an internal server we finally got it to take.  It basically came down to the way that certs were being issued.

     

    Thanks!

    Monday, July 9, 2007 1:15 PM