locked
Event Error 10060 on external communicator access RRS feed

  • Question

  • [EDIT]

    Got this working today. The problem was the external Checkpoint our provider uses. The Checkpoint a-spoofing kicked in and killed the OCS traffic. Once these were disabled everything is working.. well.. most things anyway.

     

    Just installed the RTM eval version. I'm using a standard edition on my internal network, an Edge server hanging off a DMZ leg on my ISA 2006 server on one NIC and the the other NIC going straight in to my OCS test environment. Because of the problems I'm allowing all traffic in and out to the Edge server. All IP's except the reverse proxy are routable.

     

    For the test environment I use a single internal certificate with SN of my internal server (servername.domain.com) and following SANs:

    edgeservername.domain.com

    sip.domain.com

    webconf.mabode.com

    av.domain.com

    meetings.mabode.com

     

    The Access server, Web conf server and AV server each have their own externally routable IPs. They have following port config:

     

    Access Edge

    Federation External: 5061

    Remote Access External: 443

    Internal IP Port: 5061

     

    Web Conf

    External IP: 443

    Internal IP: 8057

     

    AV Edge

    External IP: 443

    ext port range: 50000-59999

    Internal IP: 5063

    AV Auth port: 5062

     

    Inernally everything works fine. Communicator happily connects. When I try to connect externally using following manual address: TLS sip.mabode.com:443 I get following errors:

     

    Event log:

    Communicator failed to connect to server sip.mabode.com (202.x.x.124) on port 443 due to error 10060.  The server is not listening on the port in question, the service is not running on this machine, the service is not responsive, or network connectivity doesn't exist.
     
     Resolution:
     Please make sure that your workstation has network connectivity.  If you are using manual configuration, please double-check the configuration.  The network administrator should make sure that the service is running on port 443 on server sip.mabode.com (202.x.x.124).

    For more information, see Help and Support Center at

     

    I have checked the ISA logs and I see no denies and I can def. see the traffic going through on port 443 to the Edge server. Guess next thing to try is to run a network trace on the external NIC of the Edge server.

     

    This is my communicator trace log:

     

     

    08/10/2007|21:48:14.785 BC0:BC4 INFO  :: module=uccp flavor=fre version=2.0.6362.0
    08/10/2007|21:48:14.785 BC0:BC4 INFO  :: Initialization flags (200)
    08/10/2007|21:48:14.785 BC0:BC4 ERROR ::  Failed to init PANOVideo[000DEEFC], 80070002
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: SetDeviceDisabled[000DEE6C] 0->0
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT failed: 80ee002d = hr. FindDeviceByName
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: CRTCMediaController::LoadDeviceSettings Failed while loading device- 0 with 80ee002d.
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: SetDeviceDisabled[000DEEB4] 0->0
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT failed: 80ee002d = hr. FindDeviceByName
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: CRTCMediaController::LoadDeviceSettings Failed while loading device- 1 with 80ee002d.
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: SetDeviceDisabled[000DEEFC] 0->0
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT failed: 80ee002d = hr. FindDeviceByName
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: CRTCMediaController::LoadDeviceSettings Failed while loading device- 2 with 80ee002d.
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: SetDeviceDisabled[000DEE24] 0->0
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT API failed: 80070002 = hr. get_RegistryString
    08/10/2007|21:48:15.386 BC0:BC4 INFO  :: Function: DeviceManager::Initialize
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: HRESULT failed: 80ee002d = hr. FindDeviceByName
    08/10/2007|21:48:15.386 BC0:BC4 ERROR :: CRTCMediaController::LoadDeviceSettings Failed while loading device- 3 with 80ee002d.
    08/10/2007|21:48:15.476 BC0:BC4 INFO  :: Function: CUccMediaDeviceManager::GetBoolProperty
    08/10/2007|21:48:15.476 BC0:BC4 ERROR :: Condition failed with 80ee0058: 'spProperty.IsValid()'
    08/10/2007|21:48:15.476 BC0:BC4 INFO  :: Function: CUccMediaDeviceManager::GetBoolProperty
    08/10/2007|21:48:15.476 BC0:BC4 ERROR :: Condition failed with 80ee0058: 'spProperty.IsValid()'
    08/10/2007|21:48:15.476 BC0:BC4 INFO  :: Function: CUccMediaDeviceManager::GetBoolProperty
    08/10/2007|21:48:15.476 BC0:BC4 ERROR :: Condition failed with 80ee0058: 'spProperty.IsValid()'
    08/10/2007|21:48:15.476 BC0:BC4 INFO  :: Function: CUccMediaDeviceManager::GetBoolProperty
    08/10/2007|21:48:15.476 BC0:BC4 ERROR :: Condition failed with 80ee0058: 'spProperty.IsValid()'
    08/10/2007|21:48:15.476 BC0:BC4 TRACE :: client[00167880] new sipStack[01854860]
    08/10/2007|21:48:15.616 BC0:BC4 INFO  :: Outgoing 018A4060-<sipTongue Tiedtefan.schulz@mabode.com>, local=(null)
    08/10/2007|21:48:15.906 BC0:BC4 TRACE :: SIP_MSG_PROCESSOR:SurprisenDnsResolutionComplete[018A4060] Entered host sip.mabode.com
    08/10/2007|21:48:15.906 BC0:BC4 ERROR :: SIP_STACK::MapDestAddressToNatInternalAddress m_pDirectPlayNATHelp is NULL.  Setting *pIsDestExternalToNat to FALSE
    08/10/2007|21:48:15.906 BC0:BC4 INFO  :: CSIPCompressor::Initialize - Compression setting 2, threshold 128000, timeout 5000
    08/10/2007|21:48:36.847 BC0:BC4 ERROR :: ASYNC_SOCKET:SurprisenConnectReady - Error: 10060 dest: 202.174.7.124:443
    08/10/2007|21:48:36.847 BC0:BC4 ERROR :: ASYNC_SOCKET:SurprisenConnectError (0x80ee0067) - enter
    08/10/2007|21:48:36.847 BC0:BC4 ERROR :: SIP_MSG_PROCESSOR:SurprisenConnectComplete connect failed 80ee0067 retry connecting via HTTP tunnel
    08/10/2007|21:48:36.847 BC0:BC4 TRACE :: SIP_MSG_PROCESSOR::UseHttpProxy try resolve HttpProxy
    08/10/2007|21:48:36.927 BC0:BC4 TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback 3c
    08/10/2007|21:48:36.937 BC0:BC4 TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback 3c
    08/10/2007|21:48:36.947 BC0:C5C TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback 50
    08/10/2007|21:48:36.987 BC0:C5C TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback a
    08/10/2007|21:48:36.987 BC0:C5C TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback b
    08/10/2007|21:48:36.987 BC0:C5C TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback 14
    08/10/2007|21:48:57.987 BC0:C5C TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback 64
    08/10/2007|21:48:57.987 BC0:BC4 TRACE :: SIP_MSG_PROCESSOR::HttpProxyProcessWinProc receives WM_HttpProxy_PROCESS_FINAL_MESSAGE
    08/10/2007|21:48:57.987 BC0:BC4 ERROR :: HTTP_PROXY_RESOLVE_CONTEXT::~HTTP_PROXY_RESOLVE_CONTEXT HPContext handle 1 deleted, this 01865290
    08/10/2007|21:48:57.997 BC0:BC4 TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback 46
    08/10/2007|21:48:57.997 BC0:BC4 TRACE :: Entering callback SIP_MSG_PROCESSOR::HttpProxyCallback 46
    08/10/2007|21:48:57.997 BC0:BC4 TRACE :: SIP_MSG_PROCESSOR:SurprisenRequestSocketConnectComplete - Enter this: 018A4060, callid=(null), ErrorCode: 0x80ee001c
    08/10/2007|21:48:57.997 BC0:BC4 ERROR :: Releasing socket and notifying transactions
    08/10/2007|21:48:57.997 BC0:BC4 ERROR :: SIP_MSG_PROCESSOR::NotifyRequestSocketConnectComplete - Error: 80ee001c
    08/10/2007|21:48:57.997 BC0:BC4 ERROR :: OUTGOING_TRANSACTION:SurprisenRequestSocketConnectComplete - connection failed error 80ee001c
    08/10/2007|21:48:57.997 BC0:BC4 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 0. Status 80EE001C. Status text (null).
    08/10/2007|21:48:57.997 BC0:BC4 INFO  :: Function: CUccServiceOperationManager:Big SmileisableServManager
    08/10/2007|21:48:57.997 BC0:BC4 ERROR :: Condition failed with 80ee0061: 'm_fServMgrEnabled'
    08/10/2007|21:48:57.997 BC0:BC4 INFO  :: Function: CUccServerEndpoint::UpdateEndpointState
    08/10/2007|21:48:57.997 BC0:BC4 ERROR :: HRESULT API failed: 80ee0061 = hr. DisableServManager
    08/10/2007|21:48:57.997 BC0:BC4 INFO  :: Function: CUccOperationProgressEvent::get_StatusText
    08/10/2007|21:48:57.997 BC0:BC4 ERROR :: Condition failed with 00000001: 'm_swszText != 0'
    08/10/2007|21:48:58.057 BC0:BC4 TRACE :: SIP_STACK:Big SmileeleteProviderProfile freed profile at index 0

     

    Any ideas what is going wrong here? Appreciate any input or some more guidance on how to troubleshoot this.

     

    Thanks!

     

    /S

    Friday, August 10, 2007 10:00 AM

Answers

  • Hi Thomas,

     

    Thanks for your reply.. maybe you missed extra info I added to the top of my post once I figured out the problem:

    [EDIT]

    Got this working today. The problem was the external Checkpoint our provider uses. The Checkpoint a-spoofing kicked in and killed the OCS traffic. Once these were disabled everything is working.. well.. most things anyway.

     

     

    Interesting issue. My provider told me that everything was open in their checkpoint but the spoofing rules kicked in because of the routable addresses etc.

     

    /S

    Wednesday, August 15, 2007 9:56 AM

All replies

  • Hi,

     

    How have you implemented your certificates on the Edge machines?

     

    Are the external interfaces configured with a certificate with the FQDN of your (public) server address in the Subject field?

     

    Are the internal interfaces configured with a certificate with the FQDN of your Internal server address in the Subject field?

     

    Is your Edge private interface configured with a certificate with the FQDN of your Internal server address in the Subject field?

     

    Are there any firewall blocking requests over certain ports?

     

    Use the certifcate wizard in the Edge Setup (start the OCS setup and choose deploy other server role) to create your certificates and reasign them to the Edge server services.

     

    Please run the logging tool in OCS and the Edge server and check you SIP stack logs to see how the routing works and if you get requests from outside to the OCS server.

     

    /Thomas

     

     

    Tuesday, August 14, 2007 8:04 PM
  • Hi Thomas,

     

    Thanks for your reply.. maybe you missed extra info I added to the top of my post once I figured out the problem:

    [EDIT]

    Got this working today. The problem was the external Checkpoint our provider uses. The Checkpoint a-spoofing kicked in and killed the OCS traffic. Once these were disabled everything is working.. well.. most things anyway.

     

     

    Interesting issue. My provider told me that everything was open in their checkpoint but the spoofing rules kicked in because of the routable addresses etc.

     

    /S

    Wednesday, August 15, 2007 9:56 AM
  • By the way, who is the Internet provider that you have? I cannot fixed this problem to save my life. Need Help!!!

    Thursday, October 9, 2008 11:24 PM
  • There is no need to post this question 5 times in 5 different threads.  See the responses posted in this other discussion:
    http://social.microsoft.com/Forums/en-US/communicationsserveredgeservers/thread/124cf304-662a-4d1a-abac-33d5f3fc46e2
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, September 24, 2009 12:49 PM
    Moderator