Answered by:
Live Meeting access across subnet

Question
-
We have OCS on one subnet and a client on another. The user can use Communicator without problems but cannot connect to Live Meeting. The Live Meeting 2007 client launches and the user is prompted for credentials. They have set up the credentials correctly in User Accounts. No format of credential entry (i.e. domain\login or login@domain.com) passes validation. Clicking Test Connection in the User Account dialog fails with...
"Cannot connect to Live Meeting Server because the information in the User Accounts dialog might be incorrect or improperly formatted. Please verify that this information is correct, and then click Test Connection. If you still can't connect, the server might not be available."
This is all internal. No Edge servers at this point. Users on the same subnet as OCS can connect to and use Live Meeting no problems.
It seems to me that the user is connecting to the conferencing server because he is being challenged for credentials. So it does not appear to be a port problem.
Any thoughts?
Thanks.
Friday, June 22, 2007 8:42 PM
Answers
-
UPDATE: Setting authentication to NTLM did indeed fix the problem. I needed to restart the services -- I had avoided doing that before a) because I didn't know I needed to, and b) because we'd been having problems where the services wouldn't restart! ;-)
Anyway, much obliged for your posts and input.
Thanks,
Mark
Tuesday, July 24, 2007 3:50 PM
All replies
-
Hello,
On a per user logon account basis the paramters for the LM console connection to the server hostoig LM have to be verified before you can logon to LM. When you open the LM console you will be at the MOLM dialog. In the upper left corner click on the Open User Accounts option and open the User Accounts dialog. Make sure the username is like myname@mydomain.com then click on the Advanced button. In the internal Server name or IP address entry enter the FQDN of your OCS 2007 Pool. Since you are not using a Access Edge sevrer config you can add the same value in the external Server name or IP address entry. Click on OK and then Test connection. If you receive positive results here you should be able to login to LM.
Thanks
Friday, June 22, 2007 10:24 PM -
Hi Mike,
Thanks for your reply. Unfortunately, what you have described is exactly what we are doing, yet we are still not able to successfully authenticate. Again, it's only when the client is on a different subnet from OCS.
For example, OCS is at 172.20.35.238. Clients on the 35 subnet (i.e. 172.20.35.69) can connect no problem using the setup you describe. Clients on another subnet, however, such as 172.20.30.12, cannot authenticate and are experiencing the behaviour I descibed in my original post.
What is different about LM that makes this not work while Communicator has no problems across the different subnets?
Thanks,
Mark
Monday, June 25, 2007 2:10 PM -
I should also mention that if we plug the user's laptop into a network drop on the OCS subnet, he authenticates successfully -- so I would think that rules out a configuration problem on his laptop. I have data from the ConfAPI-uccp log if that would help -- for some reason the PWConsole.log file cannot be found anywhere.
Thanks,
Mark
Monday, June 25, 2007 3:40 PM -
Hi Mark,
Can you let us know the status of your issue? Have you been able to do some troubleshooting on your own? Would you be share your results?
Friday, July 13, 2007 9:38 PM -
Mark
Can you upload the confapi-uccp.log file?
Louis H
Saturday, July 14, 2007 12:08 AM -
Hi Louis,
Here's the contents of confapi-uccp.log file:
Thanks,
Mark
------------------------------------------------------------------------------------------
06/25/2007|11:10:44.021 810:7E8 WARN :: module=uccp flavor=fre version=2.0.6090.0
06/25/2007|11:10:44.021 810:7E8 INFO :: Initialization flags (1)
06/25/2007|11:10:44.021 810:7E8 INFO :: Function: CUccPlatform::InitializeMedia
06/25/2007|11:10:44.021 810:7E8 ERROR :: Condition failed with 00000000: '(m_lFlags & 0x00000001) == 0'
06/25/2007|11:10:44.021 810:7E8 TRACE :: client[001A05C0] new sipStack[001201C0]
06/25/2007|11:10:44.068 810:7E8 INFO :: No registry setting, using default: "Mode" = 2
06/25/2007|11:10:44.068 810:7E8 INFO :: No registry setting, using default: "NegotiateTimeout" = 5000
06/25/2007|11:10:44.068 810:7E8 INFO :: No registry setting, using default: "Threshold" = 128
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 2. Status 0. Status text (null).
06/25/2007|11:10:44.084 810:7E8 INFO :: CUccSubscriptionManager::CreateSubscription - Sub mgr 01DE41CC creating subscription 01E00C60
06/25/2007|11:10:44.084 810:7E8 INFO :: CUccSubscriptionManager::CreatePresentity - Sub mgr 01DE41CC successfully created presentity 'jrushton@ocsdemo.com' [001A29D0]
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::AddCategoryName add new category [serverconfiguration], this 01E00C60
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::AddPresentity adding presentity [sip:jrushton@ocsdemo.com] to 5 map, this 01E00C60
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::Query - enter [0x01E00C60]
06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccAutoProvSubscription::GetCurrentSubscriptionBody - enter [0x01DEA280]
06/25/2007|11:10:44.302 810:7E8 TRACE :: CUccAutoProvSubscription::GetCurrentSubscriptionBody - exit [01DEA280]
06/25/2007|11:10:44.302 810:7E8 INFO :: Outgoing 01E02C64-<sip:jrushton@ocsdemo.com>, local=sip:jrushton@ocsdemo.com
06/25/2007|11:10:44.302 810:7E8 TRACE :: CUccSubscription::Query - exit [01E00C60]
06/25/2007|11:10:44.302 810:7E8 TRACE :: SIP_MSG_PROCESSOR:nDnsResolutionComplete[01E02C64] Entered host ocsmain.ocsdemo.com
06/25/2007|11:10:44.302 810:7E8 ERROR :: SIP_STACK::MapDestAddressToNatInternalAddress m_pDirectPlayNATHelp is NULL. Setting *pIsDestExternalToNat to FALSE
06/25/2007|11:10:44.302 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
06/25/2007|11:10:44.364 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
06/25/2007|11:10:44.364 810:7E8 TRACE :: ASYNC_SOCKET:tartTlsNegotiationWorkitem TLS negotiation is in progress. Do not start another workitem, this 01DE86C0
06/25/2007|11:10:44.364 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
06/25/2007|11:10:44.832 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
06/25/2007|11:10:45.798 810:F0C TRACE :: SECURE_SOCKET: stream sizes: header 5 trailer 16 max message 16384 buffers 4 block size 1
06/25/2007|11:10:45.798 810:7E8 INFO :: CSIPCompressor:tartCompressionNegotiation - Link test not yet performed, checking registry for compression settings
06/25/2007|11:10:45.798 810:7E8 INFO :: CSIPCompressor:tartLinkSpeedDetectionUsingWindows - Testing link bandwidth using adapter info.
06/25/2007|11:10:45.798 810:7E8 INFO :: Connection speed detected=100000000, Threshold=128000, returning fUseCompression=FALSE
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR:nRequestSocketConnectComplete - Enter this: 01E02C64, callid=(null), ErrorCode: 0x0
06/25/2007|11:10:45.798 810:7E8 INFO :: Sending Packet - 172.20.35.238:5061 (From Local Address: 172.20.2.77:1520) 934 bytes:
06/25/2007|11:10:45.798 810:7E8 INFO :: SUBSCRIBE sip:jrushton@ocsdemo.com SIP/2.0Via: SIP/2.0/TLS 172.20.2.77:1520
Max-Forwards: 70
From: <sip:jrushton@ocsdemo.com>;tag=f907d68060;epid=44cb0b8ede
To: <sip:jrushton@ocsdemo.com>
Call-ID: d1dfa82a5fbd470ebc49e1cac8c0d36f
CSeq: 1 SUBSCRIBE
Contact: <sip:jrushton@ocsdemo.com:1520;maddr=172.20.2.77;transport=tls>;proxy=replace;+sip.instance="<urn:uuid:2AC1EF93-3BBB-584F-8D25-265B9A4B8BBA>"
User-Agent: UCCP/2.0.6090.0
Event: vnd-microsoft-provisioning-v2
Accept: application/vnd-microsoft-roaming-provisioning-v2+xml
Supported: com.microsoft.autoextend
Supported: ms-benotify
Proxy-Require: ms-benotify
Supported: ms-piggyback-first-notify
Expires: 0
Content-Type: application/vnd-microsoft-roaming-provisioning-v2+xml
Content-Length: 165
<provisioningGroupList xmlns="http://schemas.microsoft.com/2006/09/sip/provisioninggrouplist"><provisioningGroup name="ServerConfiguration"/></provisioningGroupList>
06/25/2007|11:10:45.798 810:7E8 INFO :: End of Sending Packet - 172.20.35.238:5061 (From Local Address: 172.20.2.77:1520) 934 bytes
06/25/2007|11:10:45.798 810:7E8 TRACE :: - encrypted buffer length: 955 bytes. First 8 bytes:
06/25/2007|11:10:45.798 810:7E8 TRACE :: 17 03 01 03 B6 AA E2 21 :....¶ªâ!
06/25/2007|11:10:45.798 810:7E8 TRACE :: SECURE_SOCKET: decrypting buffer size: 596 (first 8):
06/25/2007|11:10:45.798 810:7E8 TRACE :: 17 03 01 02 4F 31 CB FF :....O1Ëÿ
06/25/2007|11:10:45.798 810:7E8 INFO :: Data Received - 172.20.35.238:5061 (To Local Address: 172.20.2.77:1520) 575 bytes:
06/25/2007|11:10:45.798 810:7E8 INFO :: SIP/2.0 401 UnauthorizedDate: Mon, 25 Jun 2007 15:10:16 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="ocsmain.ocsdemo.com", version=3
WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/ocsmain.ocsdemo.com", version=3
Via: SIP/2.0/TLS 172.20.2.77:1520;ms-received-port=1520;ms-received-cid=3FF00
From: <sip:jrushton@ocsdemo.com>;tag=f907d68060;epid=44cb0b8ede
To: <sip:jrushton@ocsdemo.com>;tag=3532B3F043112B49D1583C905FADCD2F
Call-ID: d1dfa82a5fbd470ebc49e1cac8c0d36f
CSeq: 1 SUBSCRIBE
Content-Length: 0
06/25/2007|11:10:45.798 810:7E8 INFO :: End of Data Received - 172.20.35.238:5061 (To Local Address: 172.20.2.77:1520) 575 bytes
06/25/2007|11:10:45.798 810:7E8 INFO :: SIP_MSG_PROCESSOR::GetChallengeListForPlatform ProtocolsFromPlatform=0xf
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::UpdateProviderSAContextAndSetAuthProtocol adding SA with TargetName: sip/ocsmain.ocsdemo.com Auth: 8 to provider at index 0
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::AddSAToProvider SA addedip/ocsmain.ocsdemo.com-02454E90 list entry 02467D08, this 001201C0
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::FindProviderSAContext SA_CONTEXT foundip/ocsmain.ocsdemo.com- 02454E90, SA list entry 02467D08, this 001201C0
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR::GetSAListEntry- SA not found for TargetName: sip/ocsmain.ocsdemo.com Auth: 8, this 01E02C64
06/25/2007|11:10:45.798 810:7E8 WARN :: SIP_MSG_PROCESSOR::AddSAToList cannot find SA [02454E90] in list, inserting list entry [02467CC0] into list, TargetName sip/ocsmain.ocsdemo.com, Auth: 8, this 01E02C64
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR::GetSAListEntry SA [02454E90] targetname sip/ocsmain.ocsdemo.com, auth 8, this 01E02C64
06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::FindProviderSAContext SA_CONTEXT foundip/ocsmain.ocsdemo.com- 02454E90, SA list entry 02467D08, this 001201C0
06/25/2007|11:10:45.829 810:7E8 TRACE :: Async work item posted for Init-SA: 0
06/25/2007|11:10:48.089 810:7E8 ERROR :: SIP_MSG_PROCESSOR::CompleteSAProcessingAndGetAuthHeader InitializeSecurityContext failed: 0x8009031106/25/2007|11:10:48.120 810:7E8 ERROR :: SIP_MSG_PROCESSOR:
nSAInitComplete - CompleteSAProcessingAndGetAuthHeader failed 80ee00a6
06/25/2007|11:10:48.120 810:7E8 TRACE :: CSipSubscription::InitiateSessionTerminationOnError - enter, status 80ee00a6
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionBase::NotifySubscriptionStateChange - enter [0x01DEA280]
06/25/2007|11:10:48.120 810:7E8 WARN :: CSipSubscription::CreateOutgoingUnsub already in termianted state, this 01E02C60
06/25/2007|11:10:48.120 810:7E8 ERROR :: CSipSubscription:ubscriptionStateChange already changed to state 4, input state 3
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionBase::NotifySubscriptionStateChange - exit [01DEA280]
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionEventInfo::GetOperationInfo - enter [0x02470500]
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionEventInfo::GetOperationInfo - exit [02470500]
06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 3 to 4. Status 0. Status text (null).
06/25/2007|11:10:48.120 810:7E8 TRACE :: SIP_STACK::FreeProviderSAList deleting SA list entry [02467D08] with SA [02454E90] from provider
06/25/2007|11:10:48.120 810:7E8 TRACE :: SIP_STACK:eleteProviderProfile freed profile at index 0
Monday, July 16, 2007 1:55 PM -
Hello,
try to set only NTLM as the authenticaion protocol.
Kind regards
Wednesday, July 18, 2007 12:18 PM -
Where can this be set in OCS 2007? I found an article on setting this for LCS 2005 (http://office.microsoft.com/en-us/communicationsserver/HP011316431033.aspx), but can't find the same thing in 2007.
Thanks,
Mark
Thursday, July 19, 2007 12:41 PM -
Pool -> Properties -> Front End Properties -> Authentication:
switch Authentication protocol to NTLMFriday, July 20, 2007 5:07 PM -
Thanks for that, I found it. Unfortunately this did not help. Can you elaborate as to why you think that should/might help?
Thanks,
Mark
Friday, July 20, 2007 7:58 PM -
UPDATE: Setting authentication to NTLM did indeed fix the problem. I needed to restart the services -- I had avoided doing that before a) because I didn't know I needed to, and b) because we'd been having problems where the services wouldn't restart! ;-)
Anyway, much obliged for your posts and input.
Thanks,
Mark
Tuesday, July 24, 2007 3:50 PM