locked
Event ID: 41061 - Failed to connect external users because the list of proxies is empty. Source: OCS Data MCU RRS feed

  • Question

  • External or anonymous users are not able to connect to live meeting conferences.  I have a consolidated FE server, a Director, a combined Access Edge and Web Conf Edge server in the DMZ, as well as a separate A/V server in the DMZ.  I am using ISA 2006 for reverse proxy. 

     

    Conferences work fine for internal usage.  For anonymous, I did remember to allow anonymous in the Access button when creating the invite in Outlook.  Anyone experienced this problem before?  Really need to get this working; on a tight timeline for a client.

    Friday, November 30, 2007 6:52 PM

Answers

  • Tom, I fixed mine and got it to allow inviting anonymous users to meetings by doing the following:

     

    - changed the certs on my internal Edge servers.  Originally used the same cert for my Director pool, with the Edge server FQDNs listed as SANs.  Apparently this is good enough to pass validation, but not for communication.  I noticed when I looked at the configuration on the Edge servers that the internal FQDN kept coming up as the FQDN of my Director server.  I assume this is because the FQDN of my Director was listed in the subject line.  After applying a web cert with the Edge server FQDN on the subject line, the FQDN listed on the internal interface in Edge configuration was finally correct.

    - deactivated, uninstalled, reinstalled the director.  Then reconfigured all servers to use the director after reinstalling.  I'm also using the director pool for internal authentication.

     

    Now everything works like a champ.  I realy think it was the certs on the internal Edge interfaces that made the difference.  Now, if only I can get file transfers to work from MOC when in a chat... 

    Wednesday, December 5, 2007 3:38 PM

All replies

  • Ironically, I was just coming here to post the same error and saw this was at the top of the list.

     

    My setup is a little smaller. Single Stanard Edition FE server behind a router and 1 Edge server with Access Edge, Web Conferencing and AV setup in the DMZ. I've turned off any firewalling/NAT-ing completely to isolate this issue.

     

    Internal conferences work fine, external and internal IM works fine. The SIP logs on the client, Edge, and OCS server have no errors. Validation tests all pass. External pool URLs are configured correctly. Certificates are in order as far as I can tell.  I've gotten to the same point both with and without ISA in place. What gives?

     

    Annoyingly, this error doesn't appear each time you fail to connect. It has a counter built in and seems to report at random intervals how many times external users failed to connect.

     

     

     

     

    Friday, November 30, 2007 7:03 PM
  • Tom, I fixed mine and got it to allow inviting anonymous users to meetings by doing the following:

     

    - changed the certs on my internal Edge servers.  Originally used the same cert for my Director pool, with the Edge server FQDNs listed as SANs.  Apparently this is good enough to pass validation, but not for communication.  I noticed when I looked at the configuration on the Edge servers that the internal FQDN kept coming up as the FQDN of my Director server.  I assume this is because the FQDN of my Director was listed in the subject line.  After applying a web cert with the Edge server FQDN on the subject line, the FQDN listed on the internal interface in Edge configuration was finally correct.

    - deactivated, uninstalled, reinstalled the director.  Then reconfigured all servers to use the director after reinstalling.  I'm also using the director pool for internal authentication.

     

    Now everything works like a champ.  I realy think it was the certs on the internal Edge interfaces that made the difference.  Now, if only I can get file transfers to work from MOC when in a chat... 

    Wednesday, December 5, 2007 3:38 PM
  • Thanks, I managed to get mine worked out too.I had my internal edge cert configured correctly so my problem was actually the external one.

     

    What did the trick was including the local machine name in the SAN list. So yes, you need the NetBIOS name of the Edge box on the external certificate. I guess this escaped me, but digging through the documentation I still don't see this tidbit. Oh well, hopes it helps someone else out.

     

    My external cert ended up being:

    SN: sip.portland.com
    SAN: sip.portland.com

    SAN: tap-ocs-edge

     

    Internal cert:

    SN: tap-ocs-edge.ptown.com

    SAN: tap-ocs-edge.ptown.com

     

    All appears happy now.

    Wednesday, December 5, 2007 11:00 PM
  • I know this is an old post, but I wanted to follow up with a similar issue that I just experienced.  I was actually migrating from an OCS 2007 SE pool to OCS 2007 R2 pool.


    Internal Live Meeting connections would work fine. 

    External Live Meeting connections would result in the error:  "Live meeting cannot connect to the meeting. Wait a few monments, and then try to join meeting again"

    When the external client connection failed, the internal error on the OCS 2007 R2 SE server was "Failed to connect external users because the list of proxies is empty. "

    -------------------------------------------------------------------------------------------

    Resolution

    Navigate to the pool properties of OCS 2007 R2.  Select the Web Conferencing Option.  Once the dialog box appears, select the web conferencing edge server tab.  Ensure that the correct web conferencing edge FQDN is entered (both for internal and external).  Once this is set, test external connectivity again.  In my case, the entry was referencing the old R1 edge.

    Hope this helps,
    Keenan

    Wednesday, July 29, 2009 7:52 PM