locked
Live Meeting access across subnet RRS feed

  • Question

  • We have OCS on one subnet and a client on another.  The user can use Communicator without problems but cannot connect to Live Meeting.  The Live Meeting 2007 client launches and the user is prompted for credentials.  They have set up the credentials correctly in User Accounts.  No format of credential entry (i.e. domain\login or login@domain.com) passes validation.  Clicking Test Connection in the User Account dialog fails with...

     

     "Cannot connect to Live Meeting Server because the information in the User Accounts dialog might be incorrect or improperly formatted.  Please verify that this information is correct, and then click Test Connection.  If you still can't connect, the server might not be available."

     

      This is all internal.  No Edge servers at this point.  Users on the same subnet as OCS can connect to and use Live Meeting no problems.

     

    It seems to me that the user is connecting to the conferencing server because he is being challenged for credentials.  So it does not appear to be a port problem.

     

    Any thoughts?

     

    Thanks.

    Friday, June 22, 2007 8:42 PM

Answers

  • UPDATE:  Setting authentication to NTLM did indeed fix the problem.  I needed to restart the services -- I had avoided doing that before a) because I didn't know I needed to, and b) because we'd been having problems where the services wouldn't restart!  ;-)

     

    Anyway, much obliged for your posts and input.

     

    Thanks,

    Mark

    Tuesday, July 24, 2007 3:50 PM

All replies

  • Hello,

     

    On a per user logon account basis the paramters for the LM console connection to the server hostoig LM have to be verified before you can logon to LM. When you open the LM console you will be at the MOLM dialog. In the upper left corner click on the Open User Accounts option and open the User Accounts dialog. Make sure the username is like myname@mydomain.com then click on the Advanced button. In the internal Server name or IP address entry enter the FQDN of your OCS 2007 Pool. Since you are not using a Access Edge sevrer config you can add the same value in the external Server name or IP address entry. Click on OK and then Test connection. If you receive positive results here you should be able to login to LM.

     

    Thanks

    Friday, June 22, 2007 10:24 PM
  • Hi Mike,

     

    Thanks for your reply.  Unfortunately, what you have described is exactly what we are doing, yet we are still not able to successfully authenticate.  Again, it's only when the client is on a different subnet from OCS.

     

    For example, OCS is at 172.20.35.238.  Clients on the 35 subnet (i.e. 172.20.35.69) can connect no problem using the setup you describe.  Clients on another subnet, however, such as 172.20.30.12, cannot authenticate and are experiencing the behaviour I descibed in my original post.

     

    What is different about LM that makes this not work while Communicator has no problems across the different subnets?

     

    Thanks,

    Mark

    Monday, June 25, 2007 2:10 PM
  • I should also mention that if we plug the user's laptop into a network drop on the OCS subnet, he authenticates successfully -- so I would think that rules out a configuration problem on his laptop.  I have data from the ConfAPI-uccp log if that would help -- for some reason the PWConsole.log file cannot be found anywhere.

     

    Thanks,

    Mark

    Monday, June 25, 2007 3:40 PM
  • Hi Mark,

    Can you let us know the status of your issue? Have you been able to do some troubleshooting on your own? Would you be share your results?

    Friday, July 13, 2007 9:38 PM
  • Mark

     

    Can you upload the confapi-uccp.log file?

     

    Louis H

    Saturday, July 14, 2007 12:08 AM
  • Hi Louis,

     

    Here's the contents of confapi-uccp.log file:

     

    Thanks,

    Mark

     

    ------------------------------------------------------------------------------------------

     

    06/25/2007|11:10:44.021 810:7E8 WARN  :: module=uccp flavor=fre version=2.0.6090.0
    06/25/2007|11:10:44.021 810:7E8 INFO  :: Initialization flags (1)
    06/25/2007|11:10:44.021 810:7E8 INFO  :: Function: CUccPlatform::InitializeMedia
    06/25/2007|11:10:44.021 810:7E8 ERROR :: Condition failed with 00000000: '(m_lFlags & 0x00000001) == 0'
    06/25/2007|11:10:44.021 810:7E8 TRACE :: client[001A05C0] new sipStack[001201C0]
    06/25/2007|11:10:44.068 810:7E8 INFO  :: No registry setting, using default: "Mode" = 2
    06/25/2007|11:10:44.068 810:7E8 INFO  :: No registry setting, using default: "NegotiateTimeout" = 5000
    06/25/2007|11:10:44.068 810:7E8 INFO  :: No registry setting, using default: "Threshold" = 128
    06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 2. Status 0. Status text (null).
    06/25/2007|11:10:44.084 810:7E8 INFO  :: CUccSubscriptionManager::CreateSubscription - Sub mgr 01DE41CC creating subscription 01E00C60
    06/25/2007|11:10:44.084 810:7E8 INFO  :: CUccSubscriptionManager::CreatePresentity - Sub mgr 01DE41CC successfully created presentity 'jrushton@ocsdemo.com' [001A29D0]
    06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::AddCategoryName add new category [serverconfiguration], this 01E00C60
    06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::AddPresentity adding presentity [sip:jrushton@ocsdemo.com] to 5 map, this 01E00C60
    06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccSubscription::Query - enter [0x01E00C60]
    06/25/2007|11:10:44.084 810:7E8 TRACE :: CUccAutoProvSubscription::GetCurrentSubscriptionBody - enter [0x01DEA280]
    06/25/2007|11:10:44.302 810:7E8 TRACE :: CUccAutoProvSubscription::GetCurrentSubscriptionBody - exit [01DEA280]
    06/25/2007|11:10:44.302 810:7E8 INFO  :: Outgoing 01E02C64-<sip:jrushton@ocsdemo.com>, local=sip:jrushton@ocsdemo.com
    06/25/2007|11:10:44.302 810:7E8 TRACE :: CUccSubscription::Query - exit [01E00C60]
    06/25/2007|11:10:44.302 810:7E8 TRACE :: SIP_MSG_PROCESSOR:SurprisenDnsResolutionComplete[01E02C64] Entered host ocsmain.ocsdemo.com
    06/25/2007|11:10:44.302 810:7E8 ERROR :: SIP_STACK::MapDestAddressToNatInternalAddress m_pDirectPlayNATHelp is NULL.  Setting *pIsDestExternalToNat to FALSE
    06/25/2007|11:10:44.302 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
    06/25/2007|11:10:44.364 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
    06/25/2007|11:10:44.364 810:7E8 TRACE :: ASYNC_SOCKET:Tongue TiedtartTlsNegotiationWorkitem TLS negotiation is in progress. Do not start another workitem, this 01DE86C0
    06/25/2007|11:10:44.364 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
    06/25/2007|11:10:44.832 810:7E8 TRACE :: Async work item posted for TLS negotiation: this 01DE86C0
    06/25/2007|11:10:45.798 810:F0C TRACE :: SECURE_SOCKET: stream sizes: header 5 trailer 16 max message 16384 buffers 4 block size 1
    06/25/2007|11:10:45.798 810:7E8 INFO  :: CSIPCompressor:Tongue TiedtartCompressionNegotiation - Link test not yet performed, checking registry for compression settings
    06/25/2007|11:10:45.798 810:7E8 INFO  :: CSIPCompressor:Tongue TiedtartLinkSpeedDetectionUsingWindows - Testing link bandwidth using adapter info.
    06/25/2007|11:10:45.798 810:7E8 INFO  :: Connection speed detected=100000000, Threshold=128000, returning fUseCompression=FALSE
    06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR:SurprisenRequestSocketConnectComplete - Enter this: 01E02C64, callid=(null), ErrorCode: 0x0
    06/25/2007|11:10:45.798 810:7E8 INFO  :: Sending Packet - 172.20.35.238:5061 (From Local Address: 172.20.2.77:1520) 934 bytes:
    06/25/2007|11:10:45.798 810:7E8 INFO  :: SUBSCRIBE sip:jrushton@ocsdemo.com SIP/2.0

    Via: SIP/2.0/TLS 172.20.2.77:1520

    Max-Forwards: 70

    From: <sip:jrushton@ocsdemo.com>;tag=f907d68060;epid=44cb0b8ede

    To: <sip:jrushton@ocsdemo.com>

    Call-ID: d1dfa82a5fbd470ebc49e1cac8c0d36f

    CSeq: 1 SUBSCRIBE

    Contact: <sip:jrushton@ocsdemo.com:1520;maddr=172.20.2.77;transport=tls>;proxy=replace;+sip.instance="<urn:uuid:2AC1EF93-3BBB-584F-8D25-265B9A4B8BBA>"

    User-Agent: UCCP/2.0.6090.0

    Event: vnd-microsoft-provisioning-v2

    Accept: application/vnd-microsoft-roaming-provisioning-v2+xml

    Supported: com.microsoft.autoextend

    Supported: ms-benotify

    Proxy-Require: ms-benotify

    Supported: ms-piggyback-first-notify

    Expires: 0

    Content-Type: application/vnd-microsoft-roaming-provisioning-v2+xml

    Content-Length: 165

     

    <provisioningGroupList xmlns="http://schemas.microsoft.com/2006/09/sip/provisioninggrouplist"><provisioningGroup name="ServerConfiguration"/></provisioningGroupList>
    06/25/2007|11:10:45.798 810:7E8 INFO  :: End of Sending Packet - 172.20.35.238:5061 (From Local Address: 172.20.2.77:1520) 934 bytes
    06/25/2007|11:10:45.798 810:7E8 TRACE :: - encrypted buffer length: 955 bytes.  First 8 bytes:
    06/25/2007|11:10:45.798 810:7E8 TRACE ::  17 03 01 03 B6 AA E2 21  :....¶ªâ!
    06/25/2007|11:10:45.798 810:7E8 TRACE :: SECURE_SOCKET: decrypting buffer size: 596 (first 8):
    06/25/2007|11:10:45.798 810:7E8 TRACE ::  17 03 01 02 4F 31 CB FF  :....O1Ëÿ
    06/25/2007|11:10:45.798 810:7E8 INFO  :: Data Received - 172.20.35.238:5061 (To Local Address: 172.20.2.77:1520) 575 bytes:
    06/25/2007|11:10:45.798 810:7E8 INFO  :: SIP/2.0 401 Unauthorized

    Date: Mon, 25 Jun 2007 15:10:16 GMT

    WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="ocsmain.ocsdemo.com", version=3

    WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/ocsmain.ocsdemo.com", version=3

    Via: SIP/2.0/TLS 172.20.2.77:1520;ms-received-port=1520;ms-received-cid=3FF00

    From: <sip:jrushton@ocsdemo.com>;tag=f907d68060;epid=44cb0b8ede

    To: <sip:jrushton@ocsdemo.com>;tag=3532B3F043112B49D1583C905FADCD2F

    Call-ID: d1dfa82a5fbd470ebc49e1cac8c0d36f

    CSeq: 1 SUBSCRIBE

    Content-Length: 0

     


    06/25/2007|11:10:45.798 810:7E8 INFO  :: End of Data Received - 172.20.35.238:5061 (To Local Address: 172.20.2.77:1520) 575 bytes
    06/25/2007|11:10:45.798 810:7E8 INFO  :: SIP_MSG_PROCESSOR::GetChallengeListForPlatform ProtocolsFromPlatform=0xf
    06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::UpdateProviderSAContextAndSetAuthProtocol adding SA with TargetName: sip/ocsmain.ocsdemo.com Auth: 8 to provider at index 0
    06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::AddSAToProvider SA addedTongue Tiedip/ocsmain.ocsdemo.com-02454E90 list entry 02467D08, this 001201C0
    06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::FindProviderSAContext SA_CONTEXT foundTongue Tiedip/ocsmain.ocsdemo.com- 02454E90, SA list entry 02467D08, this 001201C0
    06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR::GetSAListEntry- SA not found for TargetName: sip/ocsmain.ocsdemo.com Auth: 8, this 01E02C64
    06/25/2007|11:10:45.798 810:7E8 WARN  :: SIP_MSG_PROCESSOR::AddSAToList cannot find SA [02454E90] in list, inserting list entry [02467CC0] into list, TargetName sip/ocsmain.ocsdemo.com, Auth: 8, this 01E02C64
    06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_MSG_PROCESSOR::GetSAListEntry SA [02454E90] targetname sip/ocsmain.ocsdemo.com, auth 8, this 01E02C64
    06/25/2007|11:10:45.798 810:7E8 TRACE :: SIP_STACK::FindProviderSAContext SA_CONTEXT foundTongue Tiedip/ocsmain.ocsdemo.com- 02454E90, SA list entry 02467D08, this 001201C0
    06/25/2007|11:10:45.829 810:7E8 TRACE :: Async work item posted for Init-SA: 0
    06/25/2007|11:10:48.089 810:7E8 ERROR :: SIP_MSG_PROCESSOR::CompleteSAProcessingAndGetAuthHeader InitializeSecurityContext failed: 0x80090311

    06/25/2007|11:10:48.120 810:7E8 ERROR :: SIP_MSG_PROCESSOR:SurprisenSAInitComplete - CompleteSAProcessingAndGetAuthHeader failed 80ee00a6
    06/25/2007|11:10:48.120 810:7E8 TRACE :: CSipSubscription::InitiateSessionTerminationOnError - enter, status 80ee00a6
    06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionBase::NotifySubscriptionStateChange - enter [0x01DEA280]
    06/25/2007|11:10:48.120 810:7E8 WARN  :: CSipSubscription::CreateOutgoingUnsub already in termianted state, this 01E02C60
    06/25/2007|11:10:48.120 810:7E8 ERROR :: CSipSubscription:Tongue TiedubscriptionStateChange already changed to state 4, input state 3
    06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionBase::NotifySubscriptionStateChange - exit [01DEA280]
    06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionEventInfo::GetOperationInfo - enter [0x02470500]
    06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccSubscriptionEventInfo::GetOperationInfo - exit [02470500]
    06/25/2007|11:10:48.120 810:7E8 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 3 to 4. Status 0. Status text (null).
    06/25/2007|11:10:48.120 810:7E8 TRACE :: SIP_STACK::FreeProviderSAList deleting SA list entry [02467D08] with SA [02454E90] from provider
    06/25/2007|11:10:48.120 810:7E8 TRACE :: SIP_STACK:Big SmileeleteProviderProfile freed profile at index 0

    Monday, July 16, 2007 1:55 PM
  • Hello,

     

    try to set only NTLM as the authenticaion protocol.

     

    Kind regards

    Wednesday, July 18, 2007 12:18 PM
  • Where can this be set in OCS 2007?  I found an article on setting this for LCS 2005 (http://office.microsoft.com/en-us/communicationsserver/HP011316431033.aspx), but can't find the same thing in 2007.

     

    Thanks,

    Mark

    Thursday, July 19, 2007 12:41 PM
  • Pool -> Properties -> Front End Properties -> Authentication:
    switch Authentication protocol to NTLM
    Friday, July 20, 2007 5:07 PM
  • Thanks for that, I found it.  Unfortunately this did not help.  Can you elaborate as to why you think that should/might help?

     

    Thanks,

    Mark

    Friday, July 20, 2007 7:58 PM
  • UPDATE:  Setting authentication to NTLM did indeed fix the problem.  I needed to restart the services -- I had avoided doing that before a) because I didn't know I needed to, and b) because we'd been having problems where the services wouldn't restart!  ;-)

     

    Anyway, much obliged for your posts and input.

     

    Thanks,

    Mark

    Tuesday, July 24, 2007 3:50 PM