locked
0xC3EC79E6 error while starting services - Active Directory and Certificate errors? RRS feed

  • Question

  • Hi Everyone!

    I'm new to Office Communications Server, and seem to be having a few problems getting it running.

    We're going to be replacing our phone system soon and want to try out OCS 2007 before we decide to purchase it or not.

    The problem:

    I'm trying to install the OCS 2007 Trail (Standard Edition). It's gone through most of the setup fine, apart from when I go to start the services I get this error:

    Code Snippet
    Action Action Information Execution Result
    Execute Action       Failure
    [0xC3EC79E6] Service failed to start as requested.
    Starting Service   Service Name: RTCSRV
    Descriptive Name: Office Communications Server Front-End
    Service Status: Error
      Failure
    [0xC3EC79E6] Service failed to start as requested.
    Starting Service   Service Name: RTCACPMCU
    Descriptive Name: Office Communications Server Telephony Conferencing
    Service Status: Error
      Failure
    [0xC3EC79E6] Service failed to start as requested.
    Starting Service   Service Name: RTCIMMCU
    Descriptive Name: Office Communications Server IM Conferencing
    Service Status: Error
      Failure
    [0xC3EC79E6] Service failed to start as requested.
    Starting Service   Service Name: RTCDATAMCU
    Descriptive Name: Office Communications Server Web Conferencing
    Service Status: Error
      Failure
    [0xC3EC79E6] Service failed to start as requested.
    Starting Service   Service Name: RTCAVMCU
    Descriptive Name: Office Communications Server Audio/Video Conferencing
    Service Status: Error
      Failure
    [0xC3EC79E6] Service failed to start as requested.


    I've been in the event log and I get one error and one warning message:

    Error - 41038

    Office Communications Server Web Conferencing Server could not be started

    Message: Certificate SN empty
       at Microsoft.Rtc.Server.DataMCU.ServiceWorker.StartServer(String[] args)

    Resolution:
    Look in previous event logs for more information about this error

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



    Warning - 41063

    Could not connect to Active Directory to read configurations settings. Will retry in 30 seconds.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



    Now, obviously it's got to be something to do with Active Directory or/and my certificate, but I have no idea what?

    I'm new to the certificate thing, so I don't know much about it and it's possible I've done something wrong. I've setup my own CA server (running on the same virtual machine as OCS 2007. There is nothing else on the server) and just went through the wizard to create and assign my certificate. I've also manually assigned the same certificate to IIS and installed the CA Chain certificate to make the server trust it.

    As for Active Directory, I have no idea what can be wrong that. Our domain works fine, and has done for years (2 domain controllers running Windows 2k3). The Virtual Machine is a member of the domain and logged in as a domain administrator. Everything else seems to work. I can access shares and all that stuff, so I don't know why OCS says it can't read it. Do I need to install any certificates on the domain controllers too?


    Setup Information:

    OCS 2007 trail - Standard Edition
    Installed on a virtual machine (VMWare Server 1.1.4) running Windows 2003 with all updates installed
    Clean install, apart from having CA installed
    Member of the domain, logged in as domain Administrator

    Any help would be greatly appreciated!

    Thanks,
    Drew
    Thursday, February 14, 2008 10:19 AM

All replies

  •  

    You could try these steps:

     

    Make sure that your Windows AD domain functional level is not 2000 native.

     

    Then try to run LCSDiscover.vbs script from OCS Resource Kit:

    cscript.exe LCSDiscover.vbs /Action iscoverLCSGlobalSettings /Provider:GC
    /File:Globalsettings.xml

    in my case it showed this error:

    ERROR: More than one global container found in the forest


    Then I found duplicate "Global Settings" object using Ldp.exe:

    1. Start Ldp.exe.
    2. Click Connection, and then click Connect.
    3. Type the server name of the domain controller that you want to connect
    to, and the port (389).
    4. Click Connection, and then click Bind.
    5. Click Browse, and then click Search.
    6. Type in Base DN: domain DN (example: DN=contoso,DN=com)
    7. Type in Filter: (cn=Global Settings)
    8. Select Scope: Subtree
    9. Click Run

    I have got something like:

    ***Searching...
    ldap_search_s(ld, "DC=contoso,DC=com", 2, "(cn=Global Settings)", attrList,
    0, &msg)
    Result <0>: (null)
    Matched DNs:
    Getting 2 entries:
    >> Dn: CN=Global Settings,CN=RTC Service,CN=Microsoft,CN=Machine,CN={...},CN=Policies,CN=System,DC=contoso,DC=com
    >> Dn: CN=Global Settings,CN=RTC Service,CN=Microsoft,CN=System,DC=contoso,DC=com


    The right one container is CN=Global Settings,CN=RTC
    Service,CN=Microsoft,CN=System,DC=contoso,DC=com, the second one is wrong

    RESOLUTION:
    Delete the additional "Global Settings" container with adsiedit.msc

     

    I tried this on my setup and this worked perfectly.

     


     

    Wednesday, March 12, 2008 6:16 AM
  • Same issue with OCS...

    Unfortunately, there is only one Global Settings entry, but we have the same issue

    ***Searching...
    ldap_search_s(ld, "DC=mspl,DC=lab", 2, "(cn=Global Settings)", attrList,  0, &msg)
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn: CN=Global Settings,CN=RTC Service,CN=Microsoft,CN=System,DC=mspl,DC=lab
     3> objectClass: top; container; msRTCSIP-GlobalContainer;
     1> cn: Global Settings;
     1> distinguishedName: CN=Global Settings,CN=RTC Service,CN=Microsoft,CN=System,DC=mspl,DC=lab;
     1> name: Global Settings;
     1> canonicalName: mspl.lab/System/Microsoft/RTC Service/Global Settings;

     

    Any other solutions?

     

    Thanks,

    VK

    Friday, April 11, 2008 3:21 PM
  • make sure your service accounts (RTC accounts) that you created don't have spaces, quotes, commas etc. The services won't start if you have such a password.

     

    Everything had been working fine until the service start, which continued to fail and caused other errors. Once I changed the PW to something more standard, it was resolved.

     

     

    Regards,

    Matt

    Friday, April 11, 2008 4:14 PM
  •  

    Check if your certificate' subject name matches Servers FQDN as it is. They must be same.
    Saturday, April 12, 2008 6:10 PM
  • I am a bit confused by that statement.

    Are you saying the machine domain name must match its public DNS name?

    As in:

    machine name: server.mydomain.local

    registered cert name: meetings.mydomain.com (server.mydomain.local as secondary name on cert)

    public DNS for meetings.mydomain.com points to the outside IP of my firewall that maps to server.mydomain.local private IP.

     

    surly I can be the only one who runs in a similar IP environment?

     

    Monday, August 4, 2008 4:28 PM
  • Your OCS Standard Front-End server cannot have a public name

    You must set the cert to the internal FQDN of you server

     

    If you want users to connect from the internet then you must configure an EDGE Server in you environment

     

     

    Tuesday, August 5, 2008 8:39 PM
  • Hi, Thanks for taking the time to reply to my original post. So what you are saying is that in order to allow external people to join a web meeting you must have an edge server? Which implies you must use the enterprise version of OCS, correct? Hum, std server = single site (at lease without an intranet VPN). Seems like going down the hall might be a better solution than doing a web meeting. I figured any version of OCS should be able to work with customers or other people outside of your own organization...

     

    So basically I can switch to enterprise version, use internal self certs for the front end server, etc. And then use my third party cert in my new edge server?

     

    cheers,

    Keith

    Tuesday, August 5, 2008 9:27 PM
  • Hi,

    That's right: for external people to join a web meeting you must have an edge server.

     

    However, you don't need OCS Enterprise for the Edge. You can use a Standard Server as your Front End (with all internal roles co-located) then also install the standard server as the edge. When you are installing the edge, make sure to select "Install other Roles" from the install wizard, and pick "Edge Server" on the next screen. But the short answer is that you can use the standard edition server binaries to install both. No need at all for enterprise edition.

     

    Lastly, I agree that you can use internal certs for your internal communication, then use public certs on the public interfaces of your edge server. That's defintitely the right way to go.

     

    Regards,

    Matt

     

     

    Wednesday, August 6, 2008 3:02 AM
  • Excellent. Matt, thanks for the vector.

     

    Keith

     

    Wednesday, August 6, 2008 1:54 PM
  • Hi Anuj,

    I also have similar issue, can you please help?

    I setup a test envt of windows 2003 AD and two DCs on two different Virtual PCs. And third one as a member server windows 2003 R2 (MS virtual Envt.)where I have installed OCS 2007 SE with Enterprise Admin credentials.

    I used our active certificate in our test OCS envt. which is SSL 1024bit. So far all good, not showing any error but when I try to Start the services I got this error "[0xC3EC79E6] Service failed to start as requested." for all the components.

    I checked the OCS MMC and noticed in Event log "Verify that Subject name of the certificate presented by the remote peer is configured in the trusted server list" I don't what that means is..?

    I also applied the certification on default website in IIS.

    I only need IM in our envt.

     
    I checked AD replicated, don't know where and what to do next. Please help.

    Saturday, February 7, 2009 10:35 PM