locked
OCSR2 federation with microsoft fails RRS feed

  • Question

  • Hi

    We are doing OCSR2 federation with microsoft but it fails and microsoft send us below result:

    "Testing connectivity for console input server Check machine accessedge.tetracom.com.lb on 193.227.173.131:5061 : tls : FAIL The supplied message is incomplete. The signature was not verified "


    Any ideas??
    Wednesday, July 1, 2009 12:02 PM

Answers

  • What certificate are you using on your Access Edge Server?  Have you confirmed that Microsoft has allowed federation with your organization and configured it on their end? (They don't use Open Federation).

    Take a look at this previous thread:
    http://social.microsoft.com/Forums/en-US/communicationsserversetup/thread/e8043f06-6313-4388-b222-29162ac8da9c

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, July 1, 2009 12:19 PM
    Moderator
  • Telnetting to Microsoft's Access Edge Federation port does not actually verify that you are allowed to communicate with them via Federation, only that the port is not filtered.  Their Access Edge server must be configured with your Access Edge FQDN in the Allow tab.  See if you can get confirmation from them that it is actually configured and not still in process of being completed.

    Also, there have been issues in the past with specific GoDaddy certificates and OCS, but they were usually related to PIC.
    See this article for more details: http://blogs.technet.com/toml/archive/2007/03/26/pic-godaddy-certs.aspx


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, July 1, 2009 1:01 PM
    Moderator

All replies

  • What certificate are you using on your Access Edge Server?  Have you confirmed that Microsoft has allowed federation with your organization and configured it on their end? (They don't use Open Federation).

    Take a look at this previous thread:
    http://social.microsoft.com/Forums/en-US/communicationsserversetup/thread/e8043f06-6313-4388-b222-29162ac8da9c

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, July 1, 2009 12:19 PM
    Moderator
  • Hi Jeff

    I tried to telnet sipfed.microsoft.com on 5061 and I can get response from Edge server.

    Yes, we requested federation from Microsoft.

    I have a consolidated edge server with two NIC cards one connected to the LAN and the the other connected to our external firewall,
    and we use NAT for public IPs on the external firewall.

    We are using GoDaddy public certificates? Could they be the issue?

    Thanks
    Wednesday, July 1, 2009 12:35 PM
  • Telnetting to Microsoft's Access Edge Federation port does not actually verify that you are allowed to communicate with them via Federation, only that the port is not filtered.  Their Access Edge server must be configured with your Access Edge FQDN in the Allow tab.  See if you can get confirmation from them that it is actually configured and not still in process of being completed.

    Also, there have been issues in the past with specific GoDaddy certificates and OCS, but they were usually related to PIC.
    See this article for more details: http://blogs.technet.com/toml/archive/2007/03/26/pic-godaddy-certs.aspx


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, July 1, 2009 1:01 PM
    Moderator
  • Hi Jeff

    As you suggested it was from microsoft side it was in process of being completed, they changed it and it works;

    Thanks you all for your support.

    Cheers
    Saturday, July 18, 2009 1:07 PM