Cannot initiate 3-party IM Conference

jillmarkham
jillmarkham used Ask the Experts™
on
Cannot establish a 3 party IM conference/Chat with OCS 2007 R2.  

We were using OCS 2007 R2 Standard.  IM Conferencing was working up to a month ago but do not know what changed.  Since then, the server has been completely rebuilt and OCS R2 Enterprise has been installed and the same issue still occurs.

Client side gets the following error:
 The conferencing service did not respond. Wait and then try again. If you still cannot connect, contact your system administrator with this information. (ID: 3098)

When we run Front-End validation, we get this error:
Attempting to send a CCCP HTTP request https://poolname.domain.com:444/LiveServer/Focus   Received a failure HTTP response.: HTTP Response: 400
Connection:close
Content-Length:0
Date:Thu, 22 Oct 2009 13:26:20 GMT
Server:Microsoft-HTTPAPI/2.0
Received a failure HTTP response.: BadRequest
Suggested Resolution: Check whether the Web Server or Office Communications Server component is running and also listening on the specified url. If server is behind a load balancer, please make sure the loopback connection is allowed from load balancer FQDN.

All services start without error.  

We can telnet to servername.domain.com on port 444 without issue.

The Default meeting policy for the forest has the following settings:
Maximum meeting size: 10
Enable Web Conferencing
Use native format for PowerPoint files
Enable program and desktop sharing
Allow control of shared programs and desktop

The CN for the certificate is poolname.domain.com and is a GeoTrust QuickSSL Premium certificate.
The Key Usage is: Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment (f0)

We followed these steps for installing the cert in IIS:
To assign the certificate to the Web Components Server with IIS 7.0 and Windows Server 2008
Log on to the server running the Web Components Server as a member of the Administrators group.
Click Start, and then click Control Panel.
Click Classic View, double-click Administrative Tools, and then double-click Computer Management.
Expand the Services and Applications node, and then expand the Internet Information Services (IIS) Manager node.
In the Connections pane, expand the Web Components server.
Expand Sites, and then click Default Web Site.
In the Default Web Site Home, pane, under IIS, click Authentication.
 Note   If your internal Web farm FQDN is different from your pool FQDN, you must first request a certificate.
In the Actions pane, click Bindings.
In the Site Bindings dialog box, click Add.
In the Add Site Bindings dialog box, in the Type drop-down, click https.
In the SSL certificate drop-down, click the certificate that you want to use for the Web Components server.
 Note   Verify that IP address is set to its default setting of All Unassigned. Verify that Port is set to its default setting of 443.
Click OK.
Click Close.

We are stumped, help please
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If the certificate for the Pool includes Client Authentication in the Enhanced Key Usage field you need to verify that the Certificate chain Root/Intermediates allow all purposes and is not set to like Server auth, mail,  but not Client.

Author

Commented:
Enhanced Key usage for the cert is:
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)


The Root cert Enhanced Key usage is:
Secure Email
Server Authentication
Code Signing

I am confused by your comment - Is this correct or not?

In the Certficates Snap-in for local computer open the Root Certificate located in the Trusted Roots Certification store.  Click on the Details Tab and then click the Edit Properties.
Here you will see Certificate Purposes.  If Enable only the following purposes is checked you need to ensure Client Authentication is check here or Enable all purposes for this certificate since the certificate issue to the Pool from this CA chain includes Client Authentication in it's EKU.
 

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial