locked
Federation Stopped working today RRS feed

  • Question

  • Last night Federation stopped with Microsoft and 3 of our customers that are federated with us. No changes were made. the error indicates that the certificate is presenting the wrong name for MTLS. However nothing has changed in the past 3 months and all had been working.  I was told Microsoft is having problems with this. But my customers that federate with us are having the same error.

    Over the past 0 minutes Office Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090308 (The token supplied to the function is invalid) while trying to connect to the host "federation.messenger.msn.com".
    Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
    Resolution:
    For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.
    mitch
    Tuesday, April 7, 2009 4:02 PM

All replies

  • Well So far no luck. This is really strange I am using a Digicert cert and it is giving me the following error A significant number of invalid Certificates have been provided by remote IP address x.x.x.x when attempting to establish an mtls peer. There have been 10 such failures in the last 1 minutes. Certificate Names associated with this peer were


    The Serial number of this certificate is: (this is blank no serial number)

    The issuer of this certificate is: (this is also blank)
    The specific Failure types and their counts are identified below
    instance count - failure Type
    10      80090321

    the interesting thing is both sites check out fine with www.digicert.com/help

    but if I import the digicert evrootca cert into trusted roots then I can connect and see federation but PIC federation fails.
    mitch
    Thursday, April 9, 2009 2:05 AM
  • I have completely uninstalled and re-installed the edge server and same results. it is interesting to note we are having problems with PIC no matter which way I have the CERT. Looking for help?
    mitch
    • Edited by Mitch Roberson Thursday, April 9, 2009 3:50 PM had the wrong phrase in there.
    Thursday, April 9, 2009 10:20 AM