locked
Unable to login to CWA (2007 R2) RRS feed

  • Question

  • I'm getting  this error when I try to login to CWA:

    A problem occurred and the session was ended. Please sign in again. If the problem persists, contact your system administrator.(Error code: 0-0-18401-0-0)

    I'm running OCS 2007 R2 front end and CWA on the same server (I know it's not ideal, but that's what I have for now). I assigned 2 IP's to the server x.x.x.21 for cwa (mapped to cwa.domain.com) and x.x.x.27 for the frontend (comm.domain.com). I have created and assigned 2 separate certificates reflacting the 2 names.  The certs on IIS and CWA are the same. The "communicator server listen ports" is set to 5061.

    Any suggestions? Thanks.

    Thursday, July 16, 2009 6:59 PM

Answers

  • If I remember correctly this is not supported. you would have have some conflicts with the CWA trying to use the same ports as OCS along with some other issues.
    Mitchr |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT
    Friday, July 17, 2009 12:47 PM

All replies

  • If I remember correctly this is not supported. you would have have some conflicts with the CWA trying to use the same ports as OCS along with some other issues.
    Mitchr |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT
    Friday, July 17, 2009 12:47 PM
  • Thanks for the reply. The same setup was working fine on the 2007 RTM version. As far as I can tell there is no ports conflict since the CWA and Frontend components are listening on 2 separate IP adresses.
    Friday, July 17, 2009 1:07 PM
  • In R2 it is no longer supported they added a ton of functionality to the CWA server and according to what I am reading it is no longer supported. Search for OCS 2007 R2 Supportability.doc which may be able to help.


    Mitchr |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT
    Friday, July 17, 2009 1:25 PM
  • I have the same issue in the same situation. For a smaller company (40 users), it's just impossible to run a different server for every feature. And I'm sure there has to be a way to get this working, Microsoft just doesn't want to support this as it requires more testing.

    Is there a good way to sniff the used certificates in connections? I tried using SIPTrace with OCSlogger, as someone else said in another thread, but that doesn't show any certificate errors.
    Ruud van Strijp - Student, doing Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP.
    Friday, July 17, 2009 2:16 PM
  • I agree with you Ruud. I don't see why it's not possible if you run the two services on different IPs and all the DNS and certificates are in place. I also noticed that an error gets logged in the eventlog when the login fails:

    Event Type: Error
    Event Source: OCS Communicator Web Access Session Service
    Event Category: (1032)
    Event ID: 50102

    The Communicator Web Access session service encountered an internal failure.
    Virtual server name: Communicator Web Access Ext
    Error: E_SERVICE_INITIALIZATION
    Cause: This problem is usually caused by invalid configuration or missing
    modules.
    Resolution:
    Check the configuration in the management console. If the problem persists,
    run setup again to repair the server.

    I then found this post where the guy said it worked for him after changing the listening port to 1025. I tried that and it actually fixed the event log error, but the original issue is still present.

    I'll keep testing hoping to find a solution. Please let me know if you make any progress. Thanks.

    Friday, July 17, 2009 2:54 PM
  • I got it working, at least the basic IM functionality. All I did was stop and remove the virtual web server, unregister CWA, uninstall CWA, reboot and then reinstall CWA and start over. I used port 1025 as listening port as suggested in the link I posted above.

    Now CWA works. From outside only the regular IM works (no desktop sharing yet) which is bettern than nothing. From inside Desktop sharing works as well. I'll work on making Desktop Sharing functional from outside.
    Friday, July 17, 2009 4:58 PM
  • Ok cool! I've uninstalled my CWA, now just waiting until the lunchbreak to reboot the OCS server.

    Btw, full Desktop Sharing doesn't work for externals because you need an Edge server for that. Externals should be able to see your internal users' desktop though. Source: http://blogs.technet.com/greganth/archive/2009/05/06/communicator-web-access-2007-r2-and-desktop-sharing.aspx.
    Ruud van Strijp - Student, doing Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP.
    Monday, July 20, 2009 8:39 AM
  • I have rebooted my Front End, installed CWA and rebooted again, but I still am getting the same error.

    My server is configured like this:
    Adapter 1: 192.168.174.7 - servername.domain.local
    Adapter 2: 192.168.174.5 - uc.domain.nl
    Those domains are set in the local DNS server, and in the hosts file on the OCS server.
    As you can imagine, the .7 IP is bound to the Front End, the .5 is bound to CWA's IIS.

    In the CWA setup, I selected these settings:
    Listening port: 1025
    OCS certificate: Same certificate as the Front End uses, which contains sip.domain.local, servername (without FQDN) and servername.domain.local as the pool and the server use the same name.
    CWA certificate: Certificate with servername.domain.local and uc.domain.nl in the SAN.
    Server type: Internal
    Servernames published: uc.domain.nl for both internal and external.

    The Default Website for OCS is bound to 192.168.174.7 and the CWA website in IIS is bound to 192.168.174.5.

    I have also installed the Language Pack for CWA.
    Ruud van Strijp - Student, doing Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP.
    Monday, July 20, 2009 12:56 PM
  • Ruud, can you run some traces on the OCS server when attempting to signin to CWA and post the files for us?


    Randy Wintle | MCTS: UC Voice Specialization | WinXnet Inc
    Wednesday, July 22, 2009 12:02 AM
  • Which kind of traces would you like to see? The reason why I couldn't solve this problem, is that I didn't know which traces to use. I tried using Microsoft Network Monitor and Wireshark, but I couldn't see any communication. I tried using OCSLogger.exe, but I didn't know which items to trace for exactly.

    I'm running a temporary 3th OCS server now, with the CWA role on it. That works like a charm! So it's not the OCS environment which is broken, it really has something to do with the collocation of the roles. But I'd really like to get the CWA back to the Front End to save us server capacity.
    Ruud van Strijp - Student, doing Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP.
    Wednesday, July 22, 2009 7:07 AM
  • Does anyone have any more ideas on how to solve this problem? I'd really love to be able to collocate the Front End and the CWA roles.
    Ruud van Strijp - Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP.
    Thursday, July 23, 2009 7:58 AM