locked
Meet Now Live Meeting Error RRS feed

  • Question

  • I am getting the following two errors when tried to create a new livemeeting using Meet Now
    Event Type:    Error
    Event Source:    OCS User Services
    Event Category:    (1006)
    Event ID:    30988
    Date:        9/11/2007
    Time:        3:37:38 PM
    User:        N/A
    Computer:    UCVM1
    Description:
    Sending C3P request failed. Conferencing functionality will be affected if C3P messages are failing consistently.

    Sending the message to https://pool.ucf.com:444/LiveServer/MCUFactory/ failed. Error code is 2EE7.
    Resolution:
    Check the destination server to see that it is listening on the same URI and it has certificate configured for MTLS. Other reasons might be network connectivity issues between the two servers.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



    Event Type:    Error
    Event Source:    OCS User Services
    Event Category:    (1006)
    Event ID:    32065
    Date:        9/11/2007
    Time:        3:37:38 PM
    User:        N/A
    Computer:    UCVM1
    Description:
    Failed to send C3P request to Mcu. Conferencing requests for this Mcu type will be retried but if this error continues to occur conferencing functionality will be affected.

    Mcu Url: https://pool.ucf.com:444/LiveServer/MCUFactory/
    Resolution:
    Ensure that the Mcu is provisioned and functioning correctly. If any network related errors are reported by the Mcu ensure that they are resolved.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Any idea on these?

    TIA
    Paritosh
    Tuesday, September 11, 2007 2:50 PM

Answers

  • Hi Paritosh,

    Do you have a front end and an Edge Server, or just a front-end?

     

    If you have all those services installed on the same front end, just having one cert with the pool name is all you need.

     

    On the edge, however, it gets tricky. You can install all those services on the same box, but they all listen on port 443 (ssl). So you need to add IP addresses to the external NIC so that you can have each IP listen on port 443. And now since you have 3 different IP addresses on the NIC, you need 3 different FQDNs. And with 3 different FQDNs, you need a cert for each.

     

    I don't know of a good way to totally reset the entire OCS config. You can reset most of the config by running the "configure pool" wizard in the ocs setup.exe app. You can reconfigure the edge by running the "configure edge" wizard in the setup as well.

     

    Regards,

    Matt

     

     

     

    Thursday, September 13, 2007 4:05 PM

All replies

  • First, have you run the Validation Wizard to confirm or deny whether this is a certificate configuration error?

    Second,  have you applied the recommended QFEs captured in the Release Notes:

     

    http://support.microsoft.com/kb/918462

    http://support.microsoft.com/kb/923028

    http://support.microsoft.com/kb/917949

    http://support.microsoft.com/kb/920606

    http://support.microsoft.com/kb/894070 (This fix is included in Windows 2003 SP2 and later.)

     

     

    Wednesday, September 12, 2007 7:22 PM
  • hi Sean,
    you are absolutely correct. I do have a few errors on the certificate configuration. Although using the same certificates the Office communicator is working fine. So am not sure what i have screwed up in the certificate.
    The errors i have in the log are as follows

    Check MCU Connectivity
    URL: https://UCVM1.ucf.com:444/LiveServer/DataMCU/
    HTTP Connectivity Error : TrustFailure
    HTTP Connectivity Error : Trust failure can happen if the remote server presented a certificate
    that was not recognized as valid. This can also happen if the remote server certificate subject name
    is not recognized as a trusted server.

    HTTP Connectivity Error : Ensure that the certificate of the local server and remote server are both
    valid, have not expired, and contain valid subject name. In addition, ensure that the certificate chain
    of both Server(s) are valid. Ensure that the certificate chain of the local server is installed
    on the remote server and vice-versa. The most up-to date certificate chain that was used to issue
    the server certificate must be present.

    Check MCU Factory Connectivity

    MCU Type: meeting
    URL: https://pool.ucf.com:444/LiveServer/MCUFactory/
    HTTP Connectivity Error : NameResolutionFailure
    HTTP Connectivity Error : Ensure that the certificate of the local server and remote server are both
    valid, have not expired, and contain valid subject name. In addition, ensure that the certificate chain
    of both Server(s) are valid. Ensure that the certificate chain of the local server is installed
    on the remote server and vice-versa. The most up-to date certificate chain that was used to issue
    the server certificate must be present.



    Attempting to send a CCCP HTTP request https://pool.ucf.com:444/LiveServer/Focus

    HTTP Connectivity Error : NameResolutionFailure
    HTTP Connectivity Error : Ensure that the certificate of the local server and remote server are both
    valid, have not expired, and contain valid subject name. In addition, ensure that the certificate chain
    of both Server(s) are valid. Ensure that the certificate chain of the local server is installed
    on the remote server and vice-versa. The most up-to date certificate chain that was used to issue
    the server certificate must be present.


    Can you suggest me how do i go about setting up the certificates here. i am totally confused from the documentation.
    Thanks
    Paritosh


    Thursday, September 13, 2007 9:13 AM
  • Hi Paritosh,

    You need to have 3 certs on your external Edge interface. Each cert has to be unique and applied to the three different roles. for example, if you have an edge server w/ the Access Edge, A/V edge, and Web Conferencing edge, you'd need 3 different certs:

     

    access.company.com - IP address #1

    avedge.company.com - IP address #2

    webconf.company.com - IP address #3

     

    You also need a cert bound to the inside interface of the edge

     

    edge.company.local - internal IP address

     

    On your front-end pool, you need to have a cert with the pool name (not the server name)

     

    pool.company.com - Internal IP address

     

    In DNS you need A records for all the servers listed above, plus on for the actual front-end server name.

    Note that the pool must have an A record for "pool.company.com" and an IP address that is DIFFERENT than the front-end server itself (ocsserver.company.com)

     

    Lots of certs to deal with!

     

    Regards,

    Matt

     

    Thursday, September 13, 2007 1:21 PM
  • HI Matt,
    Thanks for that. Heres the next hurdle. The current installation i have all the AV,Wbcof, front end and web components installed on the same server so am not very sure if i still need all these bunch of certificates or a single would suffice.
    Is there a way to reset the entire OCS configuration and start afresh with requiring to uninstall or better still a repair mode?

    Thnx
    Paritosh

    Thursday, September 13, 2007 2:23 PM
  • Hi Paritosh,

    Do you have a front end and an Edge Server, or just a front-end?

     

    If you have all those services installed on the same front end, just having one cert with the pool name is all you need.

     

    On the edge, however, it gets tricky. You can install all those services on the same box, but they all listen on port 443 (ssl). So you need to add IP addresses to the external NIC so that you can have each IP listen on port 443. And now since you have 3 different IP addresses on the NIC, you need 3 different FQDNs. And with 3 different FQDNs, you need a cert for each.

     

    I don't know of a good way to totally reset the entire OCS config. You can reset most of the config by running the "configure pool" wizard in the ocs setup.exe app. You can reconfigure the edge by running the "configure edge" wizard in the setup as well.

     

    Regards,

    Matt

     

     

     

    Thursday, September 13, 2007 4:05 PM
  • Thanks Matt for the help. I dont think i try to repair the thing any longer. I am going uninstall and recreate the entire thing again. By Gods mercy i hope i succeed. :-)
    regards
    paritosh
    Friday, September 14, 2007 8:23 PM