Live Meeting remote access problems RRS feed

  • Question

  • Hi,

    I'm having a problem accessing Live Meeting from outside of the network.

    I have OCS 2007 with an edge server. The edge server has public IP addresses and can communicate with the internal OCS 2007 server. I have enabled remote access on the Edge server and on the users, also I've enabled anonymous access.

    The error I'm getting is: Live Meeting cannot connect to the meeting. Wait a few moments, and then try to join the meeting again. If you still cannot connect, contact your administrator or technical support.

    The only 2 errors I can see in the logs are Event ID 42000 on the edge server and Event ID 14507 on the OCS 2007 server:

    Event ID 14507

    Failed to find Web Conferencing Server specified by client

    Over the past 0 minutes Office Communications Server has disconnected client(s) 1 times because it could not find connections to <LOCAL OCS SERVER> The last such disconnected client is
    Cause: Client connection was disconnected because the Web Conferencing Server specified by client was not found
    Check to make sure there are valid connections from Web Conferencing Server specified by client

    Event ID 14507

    At least one attempt to reference stale (non-existent or deleted) security association was detected.

    There were 1 messages with signature that referenced stale (non-existent or deleted) security association in the last 0 minutes. The last one was this SIP message:

    Instance-Id: 00027B57
    Direction: no-direction-info
    Source: <OCS SERVER>
    Message-Type: request
    Start-Line: SERVICE sip:<EMAIL ADDRESS>;gruu;opaque=app:conf:focusfactory SIP/2.0
    From: <sip:<EMAIL ADDRESS>;tag=5f7210c4e1;epid=7dd2c10751
    To: <sip:<EMAIL ADDRESS>;gruu;opaque=app:conf:focusfactory>
    CSeq: 1 SERVICE
    Call-ID: 34f110e1870a44e58fb5a84fadf0ad6f
    Via: SIP/2.0/TLS;branch=z9hG4bK3D47C6C2.E215AAA7;branched=FALSE;ms-received-port=1178;ms-received-cid=DC100
    Record-Route: <sip:<OCS SERVER>:1178;transport=tls;maddr=;lr>;tag=5230D2B39E0B8F2E10E2F9B9448A5910
    Max-Forwards: 69
    ms-edge-proxy-message-trust: ms-source-type=InternetUser;ms-ep-fqdn=ocsbrsedg.brs.local;ms-source-verified-user=verified
    Contact: <sip:<EMAIL ADDRESS>:2615;maddr=;transport=tls;ms-received-cid=2E00>;+sip.instance="<urn:uuid:0DA33F6F-E35A-556F-8907-7D96A1DD28B2>"
    Via: SIP/2.0/TLS;ms-received-port=2615;ms-received-cid=2E00
    User-Agent: UCCP/2.0.6362.70
    Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="D1113CD9", targetname="<OCS SERVER>", crand="12114fd2", cnum="8", response="01000000736d6f721213662e72dda3d2"
    Content-Type: application/cccp+xml
    Content-Length: 2306

    Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.
    None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.


    I can connect to Live Meeting from inside the network or over VPN.
    I can connect to IM/Presence, Federation, Audio/Video calls externally and internally
    I can telnet to 443 (the live meeting port) on the live meeting IP.
    When I do a test of the connection from the Live Meeting Options it says the connection it OK.
    All SSL certificates report OK

    Any ideas?



    Tuesday, September 30, 2008 4:28 AM

All replies

  • Please check the FQDN of the external Web conferencing EDGE on the EDGE Server configuration

    Verify that the record is available on the internet


    Please open a new debug session on your EDGE and Conferencing Server

    (Click on the pool in the Management console and select logging tool and then New Debug Session)

    Look at the output with the snooper tool from the resource kit



    Tuesday, September 30, 2008 8:49 AM
  • Try this KB article:


    I've had a similar issue before.

    Jamie Schwinn

    Tuesday, September 30, 2008 12:46 PM
  • Hi,


    I can access the FQDN of the external web conferencing edge server from the internet. I can see the traffic going through the Edge server and to the OCS server in the debug logs.


    The error I am getting in the debug logs (of the OCS server) is this:


    TL_INFO(TF_PROTOCOL) [2]079C.0194::10/01/2008-02:21:12.546.00099f4c (SIPStack,SIPAdminLog::TraceProtocolRecord:1224.idx(122))$$begin_record

    Instance-Id: 00035F4C

    Direction: outgoing;source="local"


    Message-Type: response

    Start-Line: SIP/2.0 401 Unauthorized

    From: <sip:<EMAIL ADDRESS>>;tag=63092af178;epid=ae185fbed2

    To: <sip:<EMAIL ADDRESS>;gruu;opaque=app:conf:focus:id:0d28afc392a341e5933f1dfe5a128eeb>;tag=4C534E018680C41BE2F8164C83FDDB4D

    CSeq: 1 INVITE

    Call-ID: 516b7ee594914b1598dfaf214523798b

    Date: Wed, 01 Oct 2008 02:21:12 GMT

    WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="OCS SERVER FQDN", version=3

    Via: SIP/2.0/TLS;branch=z9hG4bK15447D9C.0835B565;branched=FALSE;ms-received-port=2862;ms-received-cid=F1B00

    Via: SIP/2.0/TLS;received=;ms-received-port=50553;ms-received-cid=48A00

    Content-Length: 0



    Wednesday, October 1, 2008 3:01 AM
  • Hi Jamie,


    Thank for the responce.


    I've checked and the server is set to use an external FQDN for the live meeting URL.


    Wednesday, October 1, 2008 3:02 AM
  • Start-Line: SIP/2.0 401 Unauthorized


    That seems to be the problem so lets dig deeper on this

    - Do you login into Live Meeting with your company userid?

    - Do you login as anonymous user?

    You can check this on the accounts tab on the Live Meeting Client, open the User Accounts Menu and verify if you have a Sign-in name filled in


    If the name is empty then you need to enable anonymous access to live meetings on the EDGE and OCS server policies


    Wednesday, October 1, 2008 10:37 PM
  • I use my company user ID.


    The strange thing it that when I click on test in Live meeting it comes back saying that Authentication was successful...


    The same settings also work for internal access.


    Wednesday, October 1, 2008 10:52 PM
  • Are you trying to join a Live meeting as a participant or are you trying to create a new meeting


    Thursday, October 2, 2008 10:22 PM
  • Both. However most of my tests have been on creating a new meeting.

    Thursday, October 2, 2008 11:00 PM
  • Wait, are you saying that you are trying to create a new meeting using an anonymous user?  Anonymous users can only join meetings that are scheduled or started by an authenticated user, they can't create their own.
    Friday, October 3, 2008 1:08 PM
  • Hi, no that's not what I'm trying to do.


    I have tried the following:


    - To invite an anonymous user to a meeting

    - To create a meeting using an OCS user account

    - To invite an OCS user to a meeting
    Tuesday, October 7, 2008 9:59 PM
  • So you are saying that none of these scenarios are working?


    Wednesday, October 8, 2008 11:16 PM
  • That's correct, none of these are working.


    The common factor here seems to be, if you are outside on the LAN you can't connect to Live meeting. It doesnt matter if you are an OCS user or not.



    Wednesday, October 8, 2008 11:49 PM



    We have the same EXACT issue. Did you ever find a solution? This is really getting on my nerves here.


    The weird thing is, I have PIC working on the same EDGE server, so I know our certificate is good. For some reason though, meetings do not work outside the LAN.




    Thursday, November 6, 2008 11:15 PM
  • Hi,


    Yes, we managed to find the problem.


    First - there was an update which changed the time from Australian Eastern time to Australian Eastern summer time. Even thought the times were the same on both servers (the edge and the FE) we were getting a time issue on the cert.


    Second - On the Web Conferencing properties of the OCS server we had the internal FQDN of the OCS box instead of the EDGE internal FQDN.


    Hope this helps


    Thursday, November 6, 2008 11:42 PM
  • great news Ben - we ran into EXACTLY the same problem and ours turned out to be (NULL) external URLS
    Hence - http://support.microsoft.com/kb/938288 (as above) resolution 1 (after a restart of the services) fixed our issue.

    One thing is for sure folks - the 'SIP/2.0 401 Unauthorized' error message is pretty misleading.

    Be good to use something like 'scriptomatic' to bundle all the WMI changes into a script to simply execute.

    I wonder if OCS BPA catches the issues described above (Urls, and wrongly referenced EDGE/Server FQDNs)??

    Keep smiling,

    Friday, November 28, 2008 11:51 PM