Remove From My Forums

Live Meeting access across subnet

Question
0

Sign in to vote

We have OCS on one subnet and a client on another. The user can use Communicator without problems but cannot connect to Live Meeting. The Live Meeting 2007 client launches and the user is prompted for credentials. They have set up the credentials correctly in User Accounts. No format of credential entry (i.e. domain\login or login@domain.com) passes validation. Clicking Test Connection in the User Account dialog fails with...

"Cannot connect to Live Meeting Server because the information in the User Accounts dialog might be incorrect or improperly formatted. Please verify that this information is correct, and then click Test Connection. If you still can't connect, the server might not be available."

This is all internal. No Edge servers at this point. Users on the same subnet as OCS can connect to and use Live Meeting no problems.

It seems to me that the user is connecting to the conferencing server because he is being challenged for credentials. So it does not appear to be a port problem.

Any thoughts?

Thanks.

Friday, June 22, 2007 8:42 PM

Answers

0

Sign in to vote

UPDATE: Setting authentication to NTLM did indeed fix the problem. I needed to restart the services -- I had avoided doing that before a) because I didn't know I needed to, and b) because we'd been having problems where the services wouldn't restart! ;-)

Anyway, much obliged for your posts and input.

Thanks,

Mark

Tuesday, July 24, 2007 3:50 PM

All replies

0

Sign in to vote

Hello,

On a per user logon account basis the paramters for the LM console connection to the server hostoig LM have to be verified before you can logon to LM. When you open the LM console you will be at the MOLM dialog. In the upper left corner click on the Open User Accounts option and open the User Accounts dialog. Make sure the username is like myname@mydomain.com then click on the Advanced button. In the internal Server name or IP address entry enter the FQDN of your OCS 2007 Pool. Since you are not using a Access Edge sevrer config you can add the same value in the external Server name or IP address entry. Click on OK and then Test connection. If you receive positive results here you should be able to login to LM.

Thanks

Friday, June 22, 2007 10:24 PM
0

Sign in to vote

Hi Mike,

Thanks for your reply. Unfortunately, what you have described is exactly what we are doing, yet we are still not able to successfully authenticate. Again, it's only when the client is on a different subnet from OCS.

For example, OCS is at 172.20.35.238. Clients on the 35 subnet (i.e. 172.20.35.69) can connect no problem using the setup you describe. Clients on another subnet, however, such as 172.20.30.12, cannot authenticate and are experiencing the behaviour I descibed in my original post.

What is different about LM that makes this not work while Communicator has no problems across the different subnets?

Thanks,

Mark

Monday, June 25, 2007 2:10 PM
0

Sign in to vote

I should also mention that if we plug the user's laptop into a network drop on the OCS subnet, he authenticates successfully -- so I would think that rules out a configuration problem on his laptop. I have data from the ConfAPI-uccp log if that would help -- for some reason the PWConsole.log file cannot be found anywhere.

Thanks,

Mark

Monday, June 25, 2007 3:40 PM
0

Sign in to vote

Hi Mark,

Can you let us know the status of your issue? Have you been able to do some troubleshooting on your own? Would you be share your results?

Friday, July 13, 2007 9:38 PM
0

Sign in to vote

Mark

Can you upload the confapi-uccp.log file?

Louis H

Saturday, July 14, 2007 12:08 AM
0

Sign in to vote

Hi Louis,

Here's the contents of confapi-uccp.log file:

Thanks,

Mark

------------------------------------------------------------------------------------------

06/25/2007|11:10:44.021 810:7E8 WARN :: module=uccp flavor=fre version=2.0.6090.0
06/25/2007|11:10:44.021 810:7E8 INFO :: Initialization flags (1)
06/25/2007|11:10:44.021 810:7E8 INFO :: Function: CUccPlatform::InitializeMedia
06/25/2007|11:10:44.021 810:7E8 ERROR :: Condition failed with 00000000: '(m_lFlags & 0x00000001) == 0'
06/25/2007|11:10:44.021 810:7E8 TRACE :: client[001A05C0] new sipStack[001201C0]
06/25/2007|11:10:44.068 810:7E8 INFO :: No registry setting, using default: "Mode" = 2
06/25/2007|11:10:44.068 810:7E8 INFO :: No registry setting, using default: "NegotiateTimeout" = 5000
06/25/2007|11:10:44.068 810:7E8 INFO :: No registry setting, using default: "Threshold" = 128
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 2. Status 0. Status text (null).
06/25/2007|11:10:44.084 810:7E8 INFO :: CUccSubscriptionManager::CreateSubscription - Sub mgr 01DE41CC creating subscription 01E00C60
06/25/2007|11:10:44.084 810:7E8 INFO :: CUccSubscriptionManager::CreatePresentity - Sub mgr 01DE41CC successfully created presentity 'jrushton@ocsdemo.com' [001A29D0]
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::AddCategoryName add new category [serverconfiguration], this 01E00C60
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::AddPresentity adding presentity [sip:jrushton@ocsdemo.com] to 5 map, this 01E00C60
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::Query - enter [0x01E00C60]
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccAutoProvSubscription::GetCurrentSubscriptionBody - enter [0x01DEA280]
06/25/2007|11:10:44.302 810:7E8 TRACE :: CUccAutoProvSubscription::GetCurrentSubscriptionBody - exit [01DEA280]
06/25/2007|11:10:44.302 810:7E8 INFO :: Outgoing 01E02C64-<sip:jrushton@ocsdemo.com>, local=sip:jrushton@ocsdemo.com
06/25/2007|11:10:44.302 810:7E8 TRACE :: CUccSubscription::Query - exit [01E00C60]
06/25/2007|11:10:44.302 810:7E8 TRACE :: SIP_MSG_PROCESSOR:nDnsResolutionComplete[01E02C64] Entered host ocsmain.ocsdemo.com
06/25/2007|11:10:44.302 810:7E8 ERROR :: SIP_STACK::MapDestAddressToNatInternalAddress m_pDirectPlayNATHelp is NULL. Setting *pIsDestExternalToNat to FALSE
06/25/2007|11:10:44.302 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
06/25/2007|11:10:44.364 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
06/25/2007|11:10:44.364 810:7E8 TRACE :: ASYNC_SOCKET:tartTlsNegotiationWorkitem TLS negotiation is in progress. Do not start another workitem, this 01DE86C0
06/25/2007|11:10:44.364 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
06/25/2007|11:10:44.832 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
06/25/2007|11:10:45.798 810:F0C TRACE :: SECURE_SOCKET: stream sizes: header 5 trailer 16 max message 16384 buffers 4 block size 1
06/25/2007|11:10:45.798 810:7E8 INFO :: CSIPCompressor:tartCompressionNegotiation - Link test not yet performed, checking registry for compression settings
06/25/2007|11:10:45.798 810:7E8 INFO :: CSIPCompressor:tartLinkSpeedDetectionUsingWindows - Testing link bandwidth using adapter info.
06/25/2007|11:10:45.798 810:7E8 INFO :: Connection speed detected=100000000, Threshold=128000, returning fUseCompression=FALSE
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR:nRequestSocketConnectComplete - Enter this: 01E02C64, callid=(null), ErrorCode: 0x0
06/25/2007|11:10:45.798 810:7E8 INFO :: Sending Packet - 172.20.35.238:5061 (From Local Address: 172.20.2.77:1520) 934 bytes:
06/25/2007|11:10:45.798 810:7E8 INFO :: SUBSCRIBE sip:jrushton@ocsdemo.com SIP/2.0

Via: SIP/2.0/TLS 172.20.2.77:1520

Max-Forwards: 70

From: <sip:jrushton@ocsdemo.com>;tag=f907d68060;epid=44cb0b8ede

To: <sip:jrushton@ocsdemo.com>

Call-ID: d1dfa82a5fbd470ebc49e1cac8c0d36f

CSeq: 1 SUBSCRIBE

Contact: <sip:jrushton@ocsdemo.com:1520;maddr=172.20.2.77;transport=tls>;proxy=replace;+sip.instance="<urn:uuid:2AC1EF93-3BBB-584F-8D25-265B9A4B8BBA>"

User-Agent: UCCP/2.0.6090.0

Event: vnd-microsoft-provisioning-v2

Accept: application/vnd-microsoft-roaming-provisioning-v2+xml

Supported: com.microsoft.autoextend

Supported: ms-benotify

Proxy-Require: ms-benotify

Supported: ms-piggyback-first-notify

Expires: 0

Content-Type: application/vnd-microsoft-roaming-provisioning-v2+xml

Content-Length: 165

<provisioningGroupList xmlns="http://schemas.microsoft.com/2006/09/sip/provisioninggrouplist"><provisioningGroup name="ServerConfiguration"/></provisioningGroupList>
06/25/2007|11:10:45.798 810:7E8 INFO :: End of Sending Packet - 172.20.35.238:5061 (From Local Address: 172.20.2.77:1520) 934 bytes
06/25/2007|11:10:45.798 810:7E8 TRACE :: - encrypted buffer length: 955 bytes. First 8 bytes:
06/25/2007|11:10:45.798 810:7E8 TRACE :: 17 03 01 03 B6 AA E2 21 :....¶ªâ!
06/25/2007|11:10:45.798 810:7E8 TRACE :: SECURE_SOCKET: decrypting buffer size: 596 (first 8):
06/25/2007|11:10:45.798 810:7E8 TRACE :: 17 03 01 02 4F 31 CB FF :....O1Ëÿ
06/25/2007|11:10:45.798 810:7E8 INFO :: Data Received - 172.20.35.238:5061 (To Local Address: 172.20.2.77:1520) 575 bytes:
06/25/2007|11:10:45.798 810:7E8 INFO :: SIP/2.0 401 Unauthorized

Date: Mon, 25 Jun 2007 15:10:16 GMT

WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="ocsmain.ocsdemo.com", version=3

WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/ocsmain.ocsdemo.com", version=3

Via: SIP/2.0/TLS 172.20.2.77:1520;ms-received-port=1520;ms-received-cid=3FF00

From: <sip:jrushton@ocsdemo.com>;tag=f907d68060;epid=44cb0b8ede

To: <sip:jrushton@ocsdemo.com>;tag=3532B3F043112B49D1583C905FADCD2F

Call-ID: d1dfa82a5fbd470ebc49e1cac8c0d36f

CSeq: 1 SUBSCRIBE

Content-Length: 0

06/25/2007|11:10:45.798 810:7E8 INFO :: End of Data Received - 172.20.35.238:5061 (To Local Address: 172.20.2.77:1520) 575 bytes
06/25/2007|11:10:45.798 810:7E8 INFO :: SIP_MSG_PROCESSOR::GetChallengeListForPlatform ProtocolsFromPlatform=0xf
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::UpdateProviderSAContextAndSetAuthProtocol adding SA with TargetName: sip/ocsmain.ocsdemo.com Auth: 8 to provider at index 0
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::AddSAToProvider SA addedip/ocsmain.ocsdemo.com-02454E90 list entry 02467D08, this 001201C0
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::FindProviderSAContext SA_CONTEXT foundip/ocsmain.ocsdemo.com- 02454E90, SA list entry 02467D08, this 001201C0
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR::GetSAListEntry- SA not found for TargetName: sip/ocsmain.ocsdemo.com Auth: 8, this 01E02C64
06/25/2007|11:10:45.798 810:7E8 WARN :: SIP_MSG_PROCESSOR::AddSAToList cannot find SA [02454E90] in list, inserting list entry [02467CC0] into list, TargetName sip/ocsmain.ocsdemo.com, Auth: 8, this 01E02C64
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR::GetSAListEntry SA [02454E90] targetname sip/ocsmain.ocsdemo.com, auth 8, this 01E02C64
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::FindProviderSAContext SA_CONTEXT foundip/ocsmain.ocsdemo.com- 02454E90, SA list entry 02467D08, this 001201C0
06/25/2007|11:10:45.829 810:7E8 TRACE :: Async work item posted for Init-SA: 0
06/25/2007|11:10:48.089 810:7E8 ERROR :: SIP_MSG_PROCESSOR::CompleteSAProcessingAndGetAuthHeader InitializeSecurityContext failed: 0x80090311

06/25/2007|11:10:48.120 810:7E8 ERROR :: SIP_MSG_PROCESSOR:nSAInitComplete - CompleteSAProcessingAndGetAuthHeader failed 80ee00a6
06/25/2007|11:10:48.120 810:7E8 TRACE :: CSipSubscription::InitiateSessionTerminationOnError - enter, status 80ee00a6
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionBase::NotifySubscriptionStateChange - enter [0x01DEA280]
06/25/2007|11:10:48.120 810:7E8 WARN :: CSipSubscription::CreateOutgoingUnsub already in termianted state, this 01E02C60
06/25/2007|11:10:48.120 810:7E8 ERROR :: CSipSubscription:ubscriptionStateChange already changed to state 4, input state 3
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionBase::NotifySubscriptionStateChange - exit [01DEA280]
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionEventInfo::GetOperationInfo - enter [0x02470500]
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionEventInfo::GetOperationInfo - exit [02470500]
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 3 to 4. Status 0. Status text (null).
06/25/2007|11:10:48.120 810:7E8 TRACE :: SIP_STACK::FreeProviderSAList deleting SA list entry [02467D08] with SA [02454E90] from provider
06/25/2007|11:10:48.120 810:7E8 TRACE :: SIP_STACK:eleteProviderProfile freed profile at index 0

Monday, July 16, 2007 1:55 PM
0

Sign in to vote

Hello,

try to set only NTLM as the authenticaion protocol.

Kind regards

Wednesday, July 18, 2007 12:18 PM
0

Sign in to vote

Where can this be set in OCS 2007? I found an article on setting this for LCS 2005 (http://office.microsoft.com/en-us/communicationsserver/HP011316431033.aspx), but can't find the same thing in 2007.

Thanks,

Mark

Thursday, July 19, 2007 12:41 PM
0

Sign in to vote

Pool -> Properties -> Front End Properties -> Authentication:
switch Authentication protocol to NTLM

Friday, July 20, 2007 5:07 PM
0

Sign in to vote

Thanks for that, I found it. Unfortunately this did not help. Can you elaborate as to why you think that should/might help?

Thanks,

Mark

Friday, July 20, 2007 7:58 PM
0

Sign in to vote

UPDATE: Setting authentication to NTLM did indeed fix the problem. I needed to restart the services -- I had avoided doing that before a) because I didn't know I needed to, and b) because we'd been having problems where the services wouldn't restart! ;-)

Anyway, much obliged for your posts and input.

Thanks,

Mark

Tuesday, July 24, 2007 3:50 PM

Answered by:

Live Meeting access across subnet

Question

Answers

All replies