locked
OCS 2007 validation errors RRS feed

  • Question

  •  

    hey, I have LCS 2005 running on one server in my local network with no issues. There is no federation involved, it is just a single server setup for internal IM.

     

    I recently installed OCS 2007 on another local server. The installation seemed to go pretty clean. I followed the installation instructions as close as I could. I am not enabling any other services on this box besides internal IM, at this point...

     

    When I run my validation test on Front End Server, I receive the following.

     

    Failure


    [0xC3FC200D] One or more errors were detected 

     

     

     Maximum hops: 2
    Failed to establish security association with the server: User itsupport Domain mlsnet.com Protocol Kerberos Server sip/websrv1.techt.com Target Invalidated


    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.


    Failed to register user: User sip:itsupport@tech.com @ Server websrv1.mlsnet.com


    Failed to send SIP request: NegotiateSecurityAssociation failed, error: -2146893044


    Suggested Resolution: Make sure that the server is listening on the specified IP address/Port/Transport. If you have a firewall make sure that this port is open. Make sure that the server is running. If this is an Edge Server, ensure that remote user access has been enabled. This can be ignored if you have not enabled the transport on the target server.
      

    Attempting to login user using NTLM   Maximum hops: 2
    Failed to establish security association with the server: User itsupport Domain tech.com Protocol NTLM Server wevsrv1.tech.com Target Invalidated
    Authentication protocol is not enabled: Ntlm


    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.


       Failure
    [0xC3FC200D] One or more errors were detected 

    Check two-party IM    Check two-party IM: Skipped due to user registration failure
       Failure
    [0xC3FC200D] One or more errors were detected 

    There is really not that much being logged in the event viewer to help me further troubleshoot the issue.

     

    Does anyone have suggestions?

     

    Thanks,

     

     

    BF

    Wednesday, October 31, 2007 4:33 PM

All replies

  • Hi BF, did you make some progress on this? I am experiencing the exact same behaviour in one of my customer installations!!

     

    Regards,

     

    Rob

    Friday, December 7, 2007 1:07 PM
  • hi there,

    I have the exact same problem. Any one?

    Joris

     

    Monday, December 10, 2007 7:32 AM
  • Any solution?
    I´m having the same problem  :-(

    Thx
    Monday, January 19, 2009 9:38 AM
  • Hi,

    It seems you entered the UPN form as user account in the validation wizard, try the NTLM form "Domain\user", it should work this way.
    Monday, January 19, 2009 9:36 PM
  • I get the same error using any of both forms :-(
    Tuesday, January 20, 2009 10:34 AM