Please help! Problems configuring OCS server 2007 (Front-end server Standard Ed)Cannot sign in because the server is unavailable RRS feed

  • Question

  • Hi everyone! This is my first attempt to install and configure OCS 2007 and I'm having all sorts of problems. I used to use LCS 2005 on a completely different network and had no problems setting it up initially. I'm installing Standard Edition Front-end server. My intention is to use it for internal networks only with no phone, or video conferencing for now.


    I ran the same steps here: http://www.ocspedia.com/FE/OCS_Install.htm


    > Run AD prep

    > Run Deploy OCS Server (no error)

         Internal Web farm FQDN: server.imsecure.com

         External FQDN: blank

    > Run Configure Server (no error)

         Pool name: server.imsecure.com

         Global SIP domains: imsecure.com

         Clients manually configured for log on

         No external users access

    > Configured certificate using Internal Cert Authority on IIS (no error)

    > Started the OCS server


    Other details:

    Using MTLS protocol

    Configured users on Active Directory for OCS communications

    Office Communicator configuration:

    * manual configuration: Internal Server: Tried IP address and server.imsecure.com:5061 (port used by MTLS) 

    * Connect using:TLS


    Everything seems to be okay but when I tried validating the Front-End server, it gave me errors that I didn't think have anything to do with me not connecting to the OCS server, or I may be wrong. The errors I got when validating Local Server Configuration:


    Federation: disabled

    One or more phone usages are not assigned to any route or VoIP policy


    Error when connecting using Communicator: Cannot sign in because the server is temporarily unavailable.


    Please help. Thanks everyone!

    Friday, August 29, 2008 2:08 AM

All replies


    I think this is the problem. When I tried running Validation SIP Logon (1 Party) and IM (2-Party), I got:


    Maximum hops: 2
    Received a failure SIP response: User sip:iamuser1@iamsecure.com @ Server imuser.iamsecure.com
    Received a failure SIP response: [
    SIP/2.0 500 Internal Server Error
    FROM: "iamuser1"<sip:iamuser1@iamsecure.com>;tag=4f76d86acf20273e70e0;epid=epid01
    TO: <sip:iamuser1@iamsecure.com>;epid=epid01
    CALL-ID: da059b445121415d8393cdf4fb2ace2e
    VIA: SIP/2.0/TLS;branch=z9hG4bK7aa0f679;ms-received-port=2674;ms-received-cid=100
    AUTHENTICATION-INFO: NTLM rspauth="0100000000000000468930F212099188", srand="AE28D8DB", snum="13", opaque="238440CD", qop="auth", targetname="imuser.iamsecure.com", realm="SIP Communications Service"
    ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="imuser.iamsecure.com



    Suggested Resolution: Use the maximum hop count to determine the server that generated this error. For example, if the maximum hop value is 2, then it is likely that this error was generated by a server that is 1 (immediate target) or 2 hops away. Check whether the target user is a valid user and that the target user domain is trusted by the source user's pool. Check the connectivity between the source and target pools.


    What does this mean??

    Friday, August 29, 2008 2:39 AM

    Outside of the Validation Checks, what issues are you experiencing?  Client Connection Issues?  If so, how are they configured "manually" with the IP or FQDN of the FE  If you are using TLS you will not be able to use the IP.  How is your Certification configured on the FE?  (SubjectName, Subject Alternative Name)?



    Rick Skalitzky


    Friday, August 29, 2008 5:53 AM

    Hi Rick, thanks for replying.


    My main problem was none of my user accounts were able to login to Office Communicator. It said something like the server was temporarily unavailable. Now after I reinstalled the whole setup, I got one of the users authenticated to NTLM and Kerberos (based from the validation error when I run Validation for SIP logon (1-party) and IM (2-party)) and I'm now able to log in to the Communicator. The only new thing I did was I created a DNS SRV record. I did not think of doing this because I was choosing to configure the users manually. My bad.


    Thanks very much!!

    Friday, August 29, 2008 6:52 AM
  • You should be able to connect Communicator to the server manually just as you tried. Do you get any error messages in the event logs that would provide more insight into this?


    Friday, August 29, 2008 2:52 PM