locked
validation services OCS problem RRS feed

  • Question

  • hi,


    I have separate (AD, SQL and OCS),


     Front End service: Running
     IM Conferencing service: Running
     Telephony Conferencing service: Running
     Web Conferencing service: Running
     A/V Conferencing service: Running



    when I go to  validate services I get a 0xC3FC200D error.  . The error log I have been receiving is below:







    Failure
    [0xC3FC200D] One or more errors were detected

    Check Pool Hosted User Setting   AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=Pool1,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=OCS,DC=TN)(!(msRTCSIP-OptionFlags:1.2.840.113556.1.4.803:=256)))
    All users enabled for enhanced presence: False
    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=Pool1,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=OCS,DC=TN)(msRTCSIP-OptionFlags:1.2.840.113556.1.4.803:=128))
    Any user enabled for voice routing: True
    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=Pool1,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=OCS,DC=TN)(msRTCSIP-FederationEnabled=TRUE))
    Any user enabled for federation: True
    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=Pool1,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=OCS,DC=TN)(msRTCSIP-InternetAccessEnabled=TRUE))
    Any user enabled for remote access: True
    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=Pool1,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=OCS,DC=TN)(msRTCSIP-OptionFlags:1.2.840.113556.1.4.803:=1))
    Any user enabled for public IM connectivity: True
    Warning: One or more pool hosted users are enabled for telephony, federation or remote access, but no audio-video edge server is specified for the pool.
    Error: One or more pool hosted users are enabled for telephony, but default location profile hasn't been specified for the pool.
    Warning: One or more pool hosted users are enabled for federation or remote access, but no web conferencing edge server is specified for the pool.
    Error: One or more pool hosted users are enabled for federation, remote access or public IM connectivity, but global federation is disabled.



    Check user logon       Failure
    [0xC3FC200D] One or more errors were detected 

    Attempting to login user using Kerberos   Maximum hops: 2
    Failed to establish security association with the server: User Administrator Domain Sip.OCS.TN Protocol Kerberos Server sip/SATECOCS.OCS.TN Target Invalidated
    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.
       Failure
    [0xC3FC200D] One or more errors were detected 

    Attempting to login user using NTLM   Maximum hops: 2
    Successfully established security association with the server: User Administrator Domain Sip.OCS.TN Protocol NTLM Target SATECOCS.OCS.TN
    User registration succeeded: User sip:administrator@sip.ocs.tn @ Server Pool1.OCS.TN
       Success
     

    Attempting to login user using Kerberos   Maximum hops: 2
    Failed to establish security association with the server: User borhen Domain Sip.OCS.TN Protocol Kerberos Server sip/SATECOCS.OCS.TN Target Invalidated
    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.
    Failed to register user: User sip:borhen@sip.ocs.tn @ Server Pool1.OCS.TN
    Failed to send SIP request: NegotiateSecurityAssociation failed, error: -2146893039
    Suggested Resolution: Make sure that the server is listening on the specified IP address/Port/Transport. If you have a firewall make sure that this port is open. Make sure that the server is running. If this is an Edge Server, ensure that remote user access has been enabled. This can be ignored if you have not enabled the transport on the target server.
       Failure
    [0xC3FC200D] One or more errors were detected 

    Attempting to login user using NTLM   Maximum hops: 2
    Authentication protocol is not enabled: Ntlm
    Failed to establish security association with the server: User borhen Domain Sip.OCS.TN Protocol NTLM Server SATECOCS.OCS.TN Target Invalidated
    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.





    pls i need help
    Thursday, July 24, 2008 8:27 AM

All replies

  • Looking through your errors the C3FC200D generally means, as it says, there are several errors.

     

    in the first section, your problem are not real errors but effectively warnings that you have enebaled users for federation but have not deployed/configured any edge services. If you have no edge services, simply disable federation and remote access for your users and that should go away.

     

    When you say you have a separate AD do you mean a resource forest or a child domain? It's possible that you have forgotten to run domainadd? (lcscmd.exe /domain:<ocs server domain FQDN> /actionBig Smileomainprep

     

    If it is a resource forest, make sure you have run through the multi-forest deployment guide (http://www.microsoft.com/downloadS/details.aspx?FamilyID=1d7cf1e6-6770-422f-b744-e1764f5666ae&displaylang=en)

     

    Anyhow - give us some more info and we should be able to help ;-)

     

    -dave

    Thursday, July 24, 2008 9:26 AM
  • Do you have the DNS SRV Records configured?

    _sipinternaltls

     

    Can you login from the communicator clients?

     

    Thursday, July 24, 2008 12:13 PM
  • HI
    about DNS SRV it's CONFIGURED

    but  i can't login  to communicator
    Thursday, July 24, 2008 12:31 PM
  •  

    Hi almestar,

     

    Using Communicator manual configuration (point to your server), you can connect without problems?

     

    when you use nslookup to query your SRV entry, you can see?

     

    Regards,

     

     

    Thursday, July 24, 2008 1:08 PM
  • And to solve some errors.. you don't have Mediation and Edge right?

     

    Select all your users and run configure tool.

     

    DISABLE remote access, federation and any Telephony or PBX integration....

     

     

     

    Thursday, July 24, 2008 1:10 PM