Asked by:
remote users cannot connect via Edge Server

Question
-
Hi all.
I am configure Edge Server to permit remote users connect via Office Communicator 2007 a internal users, but i get this error.
"Async work item posted for TLS negotiation: this 012B3AB0"
below part of log file of Office communicator 2007
/-------------------------------------------------------------------------------------------------------/
02/22/2008|14:43:09.453 FC0:FC4 INFO :: Outgoing 012B5788-<sip:COS.mcaldas@intercorp.com.pe>, local=(null)
02/22/2008|14:43:09.453 FC0:FC4 TRACE :: SIP_STACK:eleteProviderProfile freed profile at index 0
02/22/2008|14:43:09.453 FC0:FC4 TRACE :: SIP_MSG_PROCESSOR:nDnsResolutionComplete[012B5788] Entered host sip.intercorp.com.pe
02/22/2008|14:43:09.453 FC0:FC4 ERROR :: SIP_STACK::MapDestAddressToNatInternalAddress m_pDirectPlayNATHelp is NULL. Setting *pIsDestExternalToNat to FALSE
02/22/2008|14:43:09.453 FC0:FC4 INFO :: CSIPCompressor::Initialize - Compression setting 2, threshold 128000, timeout 5000
02/22/2008|14:43:09.453 FC0:FC4 TRACE :: Async work item posted for TLS negotiation: this 012B3AB0
02/22/2008|14:43:09.453 FC0:FC4 TRACE :: ASYNC_SOCKET:endOrQueueIfSendIsBlocking sending sendBuffer 01CE9F90, this 012B3AB0
02/22/2008|14:43:09.453 FC0:FC4 TRACE :: ASYNC_SOCKET:endHelperFn sendBuffer 01CE9F90 sent, this 012B3AB0
02/22/2008|14:43:09.453 FC0:FC4 TRACE :: Async work item posted for TLS negotiation: this 012B3AB0
02/22/2008|14:43:09.453 FC0:FC4 TRACE :: ASYNC_SOCKET:endOrQueueIfSendIsBlocking sending sendBuffer 01CE9F90, this 012B3AB0
02/22/2008|14:43:09.453 FC0:FC4 TRACE :: ASYNC_SOCKET:endHelperFn sendBuffer 01CE9F90 sent, this 012B3AB0
02/22/2008|14:43:09.468 FC0:FC4 TRACE :: Async work item posted for TLS negotiation: this 012B3AB0
02/22/2008|14:44:09.453 FC0:FC4 ERROR :: ASYNC_SOCKET:nTimerExpire - SSL socket still not connected
02/22/2008|14:44:09.453 FC0:FC4 ERROR :: ASYNC_SOCKET:nConnectError (0x80ee0069) - enter
02/22/2008|14:44:09.453 FC0:FC4 TRACE :: SIP_MSG_PROCESSOR:nRequestSocketConnectComplete - Enter this: 012B5788, callid=(null), ErrorCode: 0x80ee0069
02/22/2008|14:44:09.453 FC0:FC4 ERROR :: Releasing socket and notifying transactions
02/22/2008|14:44:09.453 FC0:FC4 ERROR :: SIP_MSG_PROCESSOR::NotifyRequestSocketConnectComplete - Error: 80ee0069
02/22/2008|14:44:09.453 FC0:FC4 ERROR :: OUTGOING_TRANSACTION:nRequestSocketConnectComplete - connection failed error 80ee0069
02/22/2008|14:44:09.453 FC0:FC4 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 0. Status 80EE0069. Status text (null).
02/22/2008|14:44:09.453 FC0:FC4 INFO :: Function: CUccServiceOperationManager:isableServManager
02/22/2008|14:44:09.453 FC0:FC4 ERROR :: Condition failed with 80ee0061: 'm_fServMgrEnabled'
02/22/2008|14:44:09.453 FC0:FC4 INFO :: Function: CUccServerEndpoint::UpdateEndpointState
02/22/2008|14:44:09.453 FC0:FC4 ERROR :: HRESULT API failed: 80ee0061 = hr. DisableServManager
02/22/2008|14:44:09.453 FC0:FC4 INFO :: Function: CUccOperationProgressEvent::get_StatusText
02/22/2008|14:44:09.453 FC0:FC4 ERROR :: Condition failed with 00000001: 'm_swszText != 0'
02/22/2008|14:44:09.453 FC0:FC4 TRACE :: SIP_STACK:eleteProviderProfile freed profile at index 0
02/22/2008|14:44:09.531 FC0:A0 TRACE :: SECURE_SOCKET: stream sizes: header 5 trailer 16 max message 16384 buffers 4 block size 1/---------------------------------------------------------------------------------------------------------------------------------------------------/
Some help , Im not using Director and I using Consolidated Edge Topology.
Monday, February 25, 2008 10:24 PM
All replies
-
Make sure you do have right configuration for the edge server in place.
See how to deploy Access Edge server . http://www.ocspedia.com/Edge_Server/Deploy_AEP.htm
Certificate:
If you do have internal CA, get the certificate from internal CA for the internal interface of the edge server. If you dont want to send your root CA to external clients, get public certificates for the external interface of Access Edge
Certificate on Access Edge server : http://www.ocspedia.com/Certificates/AccessEdge/AccessEdge_Cert.htm
If you do have single Edge server configured as access edge and Web conferencing edge server, you need only one certificate for the internal interface but two public certificates for the external interface.
If the external domain name of Access Edge server and web conference edge server is same then you need to get only one public certificate and configure at both external interfaces (Access Edge and Web conf edge) on the Edge server.
If the configuration is right and still not working then do write back with the Edge server detail.
R. Kinker
MCSE 2003 - Messaging, MCTS- (LCS 2005 & OCS 2007)
http://www.OCSPedia.com
http://www.ITCentrics.comWednesday, February 27, 2008 9:54 AM -
Thks Kinker for your help.
One question. I want only enable remote user access (user with account in the AD), I have to enable federeration also?
Actually I have the following configurations:
Domain AD is: grupoib.local
My pool name is: ocs.grupoib.local
the user sign address with (Internal Domain):
user@proveedor.intercorp.com.pe (the same that your email)
user@intercorp.com.pe (the same that your email)
user@consultor.intercorp.com.pe (the same that your email)
the sip domain support internal is:
grupoib.local (default)
the configuration for communicator is manual to avoid create zones and resources SRV in my DNS server,
I want to enable remote users access for this domains SIP... Do I need to enable federations? or only I have enable remote users option.
thks again for any help.
Sunday, March 2, 2008 8:12 AM