Office communication server 2007R2- Certificate error , Event id 5, Source - Communicator RRS feed

  • Question

  • hi all, I testing OCS R2 in test lab. i setup dialogic  device as voice gateway and setup the Active Directory,OCS Front end server,Ex-2007. I can do voice/viceo calling inside and Phone calls to outside, I can receive phones from outside to inside also.  But myproblem is we are going to use "office communicator mobile" for that i setup  the network like =  lan - firewall  - edgeserver - firewall  --- test pc.
    on Edge server i installed 4 lan cards - 1st is going to lan network, rest 3 are going towards switch from switch to firewall.
    the ip address are for A/v Server , - web confrencing , - Access edge server.
    This is test lab, that's why on edge A/v and Access edge server i have insalled the certificated from my LOCAL CA.

    Form test pc in the  office communicator - tools-options-sigin in- i type user@kin.com , advance - external ip address- -selected- TLS.

    i am getting certificate error message.

    Communicator could not connect securely to server sip.ocs.orange-labs.net because the certificate presented by the server was not trusted due to validation error 0x80ee0065.  The issuing certificate authority (CA) for the server's certificate may not be locally trusted by the client, the certificate may be revoked, or the certificate may have expired.
     A tool like winerror.exe from the Windows Resource Kit or lcserror.exe from the Office Communications Server Resource Kit can be used in order to interpret the error code listed above.  If you trust the server certificate, the issuing certificate authority (CA) certificate can be placed in the local trusted root certificate authorities certificate store.  If you have logged into the server before without issues the network administrator should carefully examine the certificate if no known configuration changes have been made.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    I facing this problem from 2 weeks. please help me, my email address is feroz1020@rediffmail.com

    Monday, September 21, 2009 1:28 PM

All replies

  • The error is explaining that the device running Communicator Mobile (are you using an emulator or actual mobile phone?) does not trust the issusing Certificate Authority of the certificates assigned to the Access Edge role.  If this is a lab and certs from an internal Windows Enterprise CA were used, you'll need to install the Root certificates(s) on the mobile device.

    Take a look at this links for more information:
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, September 21, 2009 2:18 PM
  • Dear Jeff, Thanks for your quick reply. with using above link i can sortout certificate issue. but still i can not able to login. now i am receving message like " cannot sing in because the server is temporarily unavilable. if the problem persists, contact your system administrator" Actually i setup like this.  

    A.D (dhcp,dns), EX, OCS r2, Pc1(xp) Connected switch1-- Edge server (router+ex DNS) -- Switch2 -- Test pc2 (xp).

     i have not coffigure ISA at the moment because I want test access edge server with communicator on Test pc2 no web access,. i have configured edgeserver as a Router + External DNS and all ports are open from inside and outside. = AD,Internal DNS,DHCP = ocs2007 R2 = Exchange 2007  = Test pc1  -        --- - ---- all these computes gateway is = Edge server NIC1

    Edge server has got 4 lan cards , those are : NIC1 =LAN, NIC2= A/V EDGE SERVER, NIC3=WEBCONFRENCE, NIC3 = ACCESS EDGE SERVER.
    IP ADDRESS DETAILS OF EDGE SERVER: = A/V Edge Server (nic2), = webconfrence (nic3) , access Edge Server(nic4)  --all connections are in switch 2 - Test pc2 (xp) + communicator intsalled.

    Inside the lan everything is working.  In the edge server (ex dns) i have created the entries like this.  
    sip.kin.com =, webconf.kin.com = , av.kin.com =

    tcp-sipfederationtls(5061) =sip.kin.com
    tls-sip (443) =sip.kin.com,  tls-sipfederationltls (5061)= sip.kin.com

    in the test pc2 -- inthe communicator -- tools -options- manual configuraiton- external server name = sip.kin.com -sleclted = tls. 

    i am not able to logon.. i have configured edgeserver + ocs 2007 properly , i do not have a director. i don't want to use proxy server bcz we have just wnat check with communicator + edgerserver = can we reach ocs and logon or not ? please let meknow .

    Tuesday, September 22, 2009 2:21 PM
  • Try connecting to the listening port via telnet from your client to the Access Edge IP address.  The default port for external login is 443 but if you've changed it anything else then use that port.  For example, "telnet 443".  You should get a blank screen, but if you see 'connection refused' then that is where the client error is coming from.

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, September 22, 2009 3:01 PM
  • Hi
    Jeff gave good suggestion.
    And, you can set the oc external name= sip.kin.com:443, and then try it again.
    Wait for you update regarding to your issue.

    Thursday, September 24, 2009 6:57 AM
  • hi Now unxptectely i have got a problem with voice mesaageing. i can leave the voice message but Exchange can not trasnfer the voice messages in out look.

    so now i stopeed to do edgeserver setup, nowi am concentrating on voice mail. i am using VMWARe and i took snapshots, i revert the snap shot when voice mail was working.
    i can able to send voice mail but it is not deliver to out look 2003, i have created a new connector also. but still some problem  with TLS  and Certificate.

    please help me and those erros are

    i setup the receive connector in exchange 2007 for voice mail with ocs.  

    errors description: 

    EVENT ID : 1032

    Receive connector requires Transport Layer Security (TLS) before the MailFrom command can be run, but the server can't achieve it. Check the authentication settings of this connector.

    i have created the receive connector nearly 4 times in exhcnage 2007 with

    new-receiveconnector -Name "UM Connector" -MaxRecipientsPerMessage 5000 -Fqdn exchange07.kin.com -Bindings  '' -RemoteIPRanges ''  -MaxInboundConnectionPerSource Unlimited -MaxInboundConnectionPercentagePerSource  100 -SizeEnabled EnabledWithoutValue 

    Is there any problem with my exchange server certificate which is issued by internal CA please let me know.

    i can't able to send voicemails..  I am getting error message like   EVENT ID  1082 , 1185

    EVENT ID 1082 -

    The Unified Messaging server was unable to submit messages to a Hub Transport server because there is no Hub Transport server available to process the request with UM header file "C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\voicemail\5c636bee-7b80-4d20-845f-6520c5f12959.txt". Make sure that there is a Hub Transport server located in the same Active Directory site as the UM server. In addition, make sure that the Microsoft Exchange Transport service is started on the Hub Transport server.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    EVENT ID 1185

    The Unified Messaging server was unable to submit a message to Hub Transport server "EXCHANGE07" because the following error occurred: Unexpected SMTP server response. Expected: 220, actual: 500, whole response: 500 5.3.3 Unrecognized command

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    AND when i type : C:\Documents and Settings\Administrator.OCS>telnet 25

    220 exchange07.KIN.net Microsoft ESMTP MAIL Service, Version: 6.0.3
    90.3959 ready at  Fri, 25 Sep 2009 18:13:36 +0100
    250-exchange07.KIN.net Hello []
    250-SIZE 2097152
    250 OK

    In this i can't see  evne -xanyonymus  ( which indicates tls support)

    This clearly indicates that there is some problem with TLS. but in the connector i have sleected TLS & basic authenticaiton (these by defalt slected when it was created with the "new recieve connection" command)

    Saturday, September 26, 2009 11:38 AM
  • I have reinstalled everthing from scrath with windows 2003 R2 now it is working. i have removed win 2008 server.
    Wednesday, October 28, 2009 10:34 AM