locked
Is my setup valid? RRS feed

  • Question

  • this is my setup for my lab environment

    Im using VMWARE

    1 Domain controller = LAN adapter
    1 OCS = LAN adapter and Bridge Adapter (192.168.1.7)

    in my host i installed office communicator 2007. and configured it's manual configuration Internal IP address and point it to 192.168.1.7.

    when I tried logging in, I'm gettign an error "there was a problem verifying the certificate from the server".

    I already installed the same certificate OCS have in my host machine, and on the DC Certficate authority, I've already click "install this CA certificate chain. ".

    Please help.

    Thank you!
    Saturday, May 16, 2009 12:42 PM

Answers

  • If you are using TLS (the default connection protocol fro OCS) then you can't enter the IP address in the client when using Manual Configuration.  The string used in the configuration must match exactly either the certificate's Subject Name or an entry in the SAN field.  If you check the Application log on your host computer you should see an error from Communicator that explains this name mis-match between the client configuration and the certificate name.

    What you should do is create an entry in your host computer's local HOSTSW file to resolve the FQDN to that IP, and then enter the FQDN in the client's configuration.

    For example:

    HOSTS file
    192.168.1.7   ocsserver.domain.com

    Communicator Manual Configuration
    Internal Servername or IP Address:   ocsserver.domain.com


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by vvatclor Sunday, May 17, 2009 3:29 PM
    Saturday, May 16, 2009 1:32 PM
    Moderator

All replies

  • If you are using TLS (the default connection protocol fro OCS) then you can't enter the IP address in the client when using Manual Configuration.  The string used in the configuration must match exactly either the certificate's Subject Name or an entry in the SAN field.  If you check the Application log on your host computer you should see an error from Communicator that explains this name mis-match between the client configuration and the certificate name.

    What you should do is create an entry in your host computer's local HOSTSW file to resolve the FQDN to that IP, and then enter the FQDN in the client's configuration.

    For example:

    HOSTS file
    192.168.1.7   ocsserver.domain.com

    Communicator Manual Configuration
    Internal Servername or IP Address:   ocsserver.domain.com


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by vvatclor Sunday, May 17, 2009 3:29 PM
    Saturday, May 16, 2009 1:32 PM
    Moderator
  • Hi Jeff,
    Thank you for your prompt reply.

    my host machine doesn't have access to domain controller. it can only see the OCS (192.168.1.7).  the host ip is 192.168.1.3

    what would then be my Communicator Manual Configuration's Internal Servername or IP Address?

    Have a good day.
    Saturday, May 16, 2009 2:17 PM
  • I'm not sure what you mean, but my previous post still applies.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Sunday, May 17, 2009 3:25 PM
    Moderator
  • If you are using TLS (the default connection protocol fro OCS) then you can't enter the IP address in the client when using Manual Configuration.  The string used in the configuration must match exactly either the certificate's Subject Name or an entry in the SAN field.  If you check the Application log on your host computer you should see an error from Communicator that explains this name mis-match between the client configuration and the certificate name.

    What you should do is create an entry in your host computer's local HOSTSW file to resolve the FQDN to that IP, and then enter the FQDN in the client's configuration.

    For example:

    HOSTS file
    192.168.1.7   ocsserver.domain.com

    Communicator Manual Configuration
    Internal Servername or IP Address:   ocsserver.domain.com


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS


    I was able to configure the setup that I want with the help of Jeff's reply and with this post http://social.microsoft.com/Forums/en-US/communicationsservercertificates/thread/4dfbf71e-867a-4cce-967b-a71c886d1ffe

    Thanks!
    Sunday, May 17, 2009 3:31 PM
  • I was able to configure the setup that I want with the help of Jeff's reply and with this post http://social.microsoft.com/Forums/en-US/communicationsservercertificates/thread/4dfbf71e-867a-4cce-967b-a71c886d1ffe


    Thanks!
    Sunday, May 17, 2009 3:31 PM