locked
remote users cannot connect via Edge Server RRS feed

  • Question

  • Hi all. 

     

    I am configure Edge Server to permit remote users connect via Office Communicator 2007 a internal users, but i get this error.

     

    "Async work item posted for TLS negotiation: this 012B3AB0"

     

    below part of log file of Office communicator 2007

     

    /-------------------------------------------------------------------------------------------------------/

    02/22/2008|14:43:09.453 FC0:FC4 INFO  :: Outgoing 012B5788-<sip:COS.mcaldas@intercorp.com.pe>, local=(null)
    02/22/2008|14:43:09.453 FC0:FC4 TRACE :: SIP_STACK:Big SmileeleteProviderProfile freed profile at index 0
    02/22/2008|14:43:09.453 FC0:FC4 TRACE :: SIP_MSG_PROCESSOR:SurprisenDnsResolutionComplete[012B5788] Entered host sip.intercorp.com.pe
    02/22/2008|14:43:09.453 FC0:FC4 ERROR :: SIP_STACK::MapDestAddressToNatInternalAddress m_pDirectPlayNATHelp is NULL.  Setting *pIsDestExternalToNat to FALSE
    02/22/2008|14:43:09.453 FC0:FC4 INFO  :: CSIPCompressor::Initialize - Compression setting 2, threshold 128000, timeout 5000
    02/22/2008|14:43:09.453 FC0:FC4 TRACE :: Async work item posted for TLS negotiation: this 012B3AB0
    02/22/2008|14:43:09.453 FC0:FC4 TRACE :: ASYNC_SOCKET:Tongue TiedendOrQueueIfSendIsBlocking sending sendBuffer 01CE9F90, this 012B3AB0
    02/22/2008|14:43:09.453 FC0:FC4 TRACE :: ASYNC_SOCKET:Tongue TiedendHelperFn sendBuffer 01CE9F90 sent, this 012B3AB0
    02/22/2008|14:43:09.453 FC0:FC4 TRACE :: Async work item posted for TLS negotiation: this 012B3AB0
    02/22/2008|14:43:09.453 FC0:FC4 TRACE :: ASYNC_SOCKET:Tongue TiedendOrQueueIfSendIsBlocking sending sendBuffer 01CE9F90, this 012B3AB0
    02/22/2008|14:43:09.453 FC0:FC4 TRACE :: ASYNC_SOCKET:Tongue TiedendHelperFn sendBuffer 01CE9F90 sent, this 012B3AB0
    02/22/2008|14:43:09.468 FC0:FC4 TRACE :: Async work item posted for TLS negotiation: this 012B3AB0
    02/22/2008|14:44:09.453 FC0:FC4 ERROR :: ASYNC_SOCKET:SurprisenTimerExpire - SSL socket still not connected
    02/22/2008|14:44:09.453 FC0:FC4 ERROR :: ASYNC_SOCKET:SurprisenConnectError (0x80ee0069) - enter
    02/22/2008|14:44:09.453 FC0:FC4 TRACE :: SIP_MSG_PROCESSOR:SurprisenRequestSocketConnectComplete - Enter this: 012B5788, callid=(null), ErrorCode: 0x80ee0069
    02/22/2008|14:44:09.453 FC0:FC4 ERROR :: Releasing socket and notifying transactions
    02/22/2008|14:44:09.453 FC0:FC4 ERROR :: SIP_MSG_PROCESSOR::NotifyRequestSocketConnectComplete - Error: 80ee0069
    02/22/2008|14:44:09.453 FC0:FC4 ERROR :: OUTGOING_TRANSACTION:SurprisenRequestSocketConnectComplete - connection failed error 80ee0069
    02/22/2008|14:44:09.453 FC0:FC4 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 0. Status 80EE0069. Status text (null).
    02/22/2008|14:44:09.453 FC0:FC4 INFO  :: Function: CUccServiceOperationManager:Big SmileisableServManager
    02/22/2008|14:44:09.453 FC0:FC4 ERROR :: Condition failed with 80ee0061: 'm_fServMgrEnabled'
    02/22/2008|14:44:09.453 FC0:FC4 INFO  :: Function: CUccServerEndpoint::UpdateEndpointState
    02/22/2008|14:44:09.453 FC0:FC4 ERROR :: HRESULT API failed: 80ee0061 = hr. DisableServManager
    02/22/2008|14:44:09.453 FC0:FC4 INFO  :: Function: CUccOperationProgressEvent::get_StatusText
    02/22/2008|14:44:09.453 FC0:FC4 ERROR :: Condition failed with 00000001: 'm_swszText != 0'
    02/22/2008|14:44:09.453 FC0:FC4 TRACE :: SIP_STACK:Big SmileeleteProviderProfile freed profile at index 0
    02/22/2008|14:44:09.531 FC0:A0 TRACE :: SECURE_SOCKET: stream sizes: header 5 trailer 16 max message 16384 buffers 4 block size 1

    /---------------------------------------------------------------------------------------------------------------------------------------------------/

     

     

    Some help , Im not using Director and I using Consolidated Edge Topology.

     

    Monday, February 25, 2008 10:24 PM

All replies

  • Make sure you do have right configuration for the edge server in place.

     

    See how to deploy Access Edge server . http://www.ocspedia.com/Edge_Server/Deploy_AEP.htm

     

     

    Certificate:

     

    If you do have internal CA, get the certificate from internal CA for the internal interface of the edge server. If you dont want to send your root CA to external clients, get public certificates for the external interface of Access Edge

     

    Certificate on Access Edge server : http://www.ocspedia.com/Certificates/AccessEdge/AccessEdge_Cert.htm

     

    If you do have single Edge server configured as access edge and Web conferencing edge server, you need only one certificate for the internal interface but two public certificates for the external interface.

     

    If the external domain name of Access Edge server and web conference edge server is same then you need to get only one public certificate and configure at both external interfaces (Access Edge and Web conf edge) on the Edge server.

     

     

    If the configuration is right and still not working then do write back with the Edge server detail.

     

     

    R. Kinker
    MCSE 2003 - Messaging, MCTS- (LCS 2005 & OCS 2007)
    http://www.OCSPedia.com
    http://www.ITCentrics.com

    Wednesday, February 27, 2008 9:54 AM
  • Thks Kinker for your help.

     

    One question.  I want only enable remote user access (user with account in the AD), I have to enable federeration also? 

     

    Actually I have the following configurations:

     

    Domain AD is:  grupoib.local

    My pool name is:  ocs.grupoib.local

     

    the user sign address with (Internal Domain):

     

    user@proveedor.intercorp.com.pe  (the same that your email)

    user@intercorp.com.pe  (the same that your email)

    user@consultor.intercorp.com.pe  (the same that your email)

     

    the sip domain support internal is:

     

    grupoib.local (default)

    proveedor.intercorp.com.pe 

    intercorp.com.pe  

    consultor.intercorp.com.pe 

     

    the configuration for communicator is manual to avoid create zones and resources SRV in my DNS server,

     

    I want to enable remote users access for this domains SIP...  Do I need to enable federations? or only I have enable remote users option.

     

    thks again for any help.

     

     

     

    Sunday, March 2, 2008 8:12 AM