locked
Help validating front end server configuration. (part 2) RRS feed

  • Question

  •  

    Hi all,

     

    I am still attempting to validate the server, though this time I'm getting a different error.

     

    When I try to run the 'validate front end server configuration' wizard, I select the following sub-tasks:

    Validate Local SErver Configuration

    Valida SIP Logon (1-Party) and IM (2-Party)

    Validate IM Conference (2-Party)

     

     

    I enter two accounts I created.

    Here's my first question: How do I ensure that they are SIP-enabled?

    I simply created accounts using Active Directory and enabled users for communications server.

     

    When I run the validation process, I enter the users as configured, and I Get the result:

     

     

    Authentication protocol is not enabled: Ntlm

     

    Followed by:

     

    Maximum hops: 2
    Failed to establish security association with the server: User ocs.user Domain ccl Protocol Kerberos Server sip/mocs.ccl.local Target Invalidated
    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.

     

    Maximum hops: 2
    Failed to establish security association with the server: User ocs.user Domain ccl Protocol NTLM Server mocs.ccl.local Target Invalidated
    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.

     

     

    Maximum hops: 2
    Failed to establish security association with the server: User mocs.user Domain ccl Protocol Kerberos Server sip/mocs.ccl.local Target Invalidated
    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.

     

     

    Maximum hops: 2
    Failed to establish security association with the server: User mocs.user Domain ccl Protocol NTLM Server mocs.ccl.local Target Invalidated
    Suggested Resolution: Check whether the typed password and sign-in name are correct. Check whether the user is present in the AD and enabled for SIP. Check whether the target server is part of the Windows AD domain in which this user account is present. If this is a Kerberos failure check whether the client machine has access to the KDC. In some cases, Kerberos SA negotiation failures may be expected and hence can this error can be ignored.

     

     

    Any ideas what this could mean?

     

     

    Also, I read that perhaps I might not have to test the 1-Party 2-Party logon connection.

    In fact, I untick this option, and I untick the IM Conference option, and only try to validate local server configuration.

     

    This is the result:

     

    Check Pool Archiving Setting:

    AD search filter for archiving enabled hosted user: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=MOCS,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=ccl,DC=local)(|(msRTCSIP-ArchivingEnabled:1.2.840.113556.1.4.803:=2)(msRTCSIP-ArchivingEnabled:1.2.840.113556.1.4.803:=4)))
    Archiving enabled hosted user exists: False
    Error: Pool level CDR setting isn't consistent with global CDR setting. Global level CDR is Enabled but pool level CDR is Disabled. Please enable or disable CDR at both locations.

     

    and

     

    Check Pool Hosted User Setting:

     

    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=MOCS,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=ccl,DC=local)(!(msRTCSIP-OptionFlags:1.2.840.113556.1.4.803:=256)))
    All users enabled for enhanced presence: False
    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=MOCS,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=ccl,DC=local)(msRTCSIP-OptionFlags:1.2.840.113556.1.4.803:=128))
    Any user enabled for voice routing: True
    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=MOCS,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=ccl,DC=local)(msRTCSIP-FederationEnabled=TRUE))
    Any user enabled for federation: True
    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=MOCS,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=ccl,DC=local)(msRTCSIP-InternetAccessEnabled=TRUE))
    Any user enabled for remote access: True
    AD search filter: (&(msRTCSIP-PrimaryHomeServer=CN=LC Services,CN=Microsoft,CN=MOCS,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=ccl,DC=local)(msRTCSIP-OptionFlags:1.2.840.113556.1.4.803:=1))
    Any user enabled for public IM connectivity: True
    Warning: One or more pool hosted users are enabled for telephony, federation or remote access, but no audio-video edge server is specified for the pool.
    Error: One or more pool hosted users are enabled for telephony, but default location profile hasn't been specified for the pool.
    Warning: One or more pool hosted users are enabled for federation or remote access, but no web conferencing edge server is specified for the pool.
    Error: One or more pool hosted users are enabled for federation, remote access or public IM connectivity, but global federation is disabled.

     

     

     

    Now, last of all, I attempted to Validate Connectivity.

    This error that I get I can somehow understand (at least the concept behind it, anyway).

     

    DNS Resolution failure: No such host is known
    Suggested Resolution: Make sure there are no typos in the Server name. Make sure that the Server name is published in the DNS (A or SRV record) or hosts file entry is configured correctly.

     

     

    I have updated the host file, but I'm not sure if anything in particular needs to be included in it.

    The server name is included in the DNS entries on my DNS server, thouh am not sure if OCS needs to be a DNS server also.... Is this the case?

     

    Please help. At one time I felt I was getting closer, but now seeing so much red I feel like I might not be.

     

     

    Thanks,

     

     

    Ivan.

    Thursday, September 18, 2008 10:14 PM

All replies

  • THe OCS Server doesn't need to host DNS.  You mentioned 'updating a hosts file'; on what system is that?  You really should be using DNS instread of static hosts for any resolution.

     

    And a 'SIP-enabled' account is one that you've set a SIP name and assigned to a front-end server/pool.

     

    Friday, September 19, 2008 5:41 PM
    Moderator
  • Hi,
    Thanks for your reply.
    Is there a chance you  might be able to point me toward getting some help on setting up a SIP name and assigning it to a front end server/pool?

    It'd really help me out.

    Thanks.
    Saturday, September 20, 2008 7:46 AM
  • Just open up Active Directory Users and Computers on the any computer with the OCS Management Console installed (typically an OCS server itself if you havent' deployed the admin console anywhere else).  There will be a Communications tab where you can set the SIP Sign-In Name, Server/Pool, and other OCS-related settings.

     

    Sunday, September 21, 2008 1:20 PM
    Moderator