jillmarkham
asked on
Cannot initiate 3-party IM Conference
Cannot establish a 3 party IM conference/Chat with OCS 2007 R2.
We were using OCS 2007 R2 Standard. IM Conferencing was working up to a month ago but do not know what changed. Since then, the server has been completely rebuilt and OCS R2 Enterprise has been installed and the same issue still occurs.
Client side gets the following error:
The conferencing service did not respond. Wait and then try again. If you still cannot connect, contact your system administrator with this information. (ID: 3098)
When we run Front-End validation, we get this error:
Attempting to send a CCCP HTTP request https://poolname.domain.com:444/LiveServer/Focus Received a failure HTTP response.: HTTP Response: 400
Connection:close
Content-Length:0
Date:Thu, 22 Oct 2009 13:26:20 GMT
Server:Microsoft-HTTPAPI/2
Received a failure HTTP response.: BadRequest
Suggested Resolution: Check whether the Web Server or Office Communications Server component is running and also listening on the specified url. If server is behind a load balancer, please make sure the loopback connection is allowed from load balancer FQDN.
All services start without error.
We can telnet to servername.domain.com on port 444 without issue.
The Default meeting policy for the forest has the following settings:
Maximum meeting size: 10
Enable Web Conferencing
Use native format for PowerPoint files
Enable program and desktop sharing
Allow control of shared programs and desktop
The CN for the certificate is poolname.domain.com and is a GeoTrust QuickSSL Premium certificate.
The Key Usage is: Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment (f0)
We followed these steps for installing the cert in IIS:
To assign the certificate to the Web Components Server with IIS 7.0 and Windows Server 2008
Log on to the server running the Web Components Server as a member of the Administrators group.
Click Start, and then click Control Panel.
Click Classic View, double-click Administrative Tools, and then double-click Computer Management.
Expand the Services and Applications node, and then expand the Internet Information Services (IIS) Manager node.
In the Connections pane, expand the Web Components server.
Expand Sites, and then click Default Web Site.
In the Default Web Site Home, pane, under IIS, click Authentication.
Note If your internal Web farm FQDN is different from your pool FQDN, you must first request a certificate.
In the Actions pane, click Bindings.
In the Site Bindings dialog box, click Add.
In the Add Site Bindings dialog box, in the Type drop-down, click https.
In the SSL certificate drop-down, click the certificate that you want to use for the Web Components server.
Note Verify that IP address is set to its default setting of All Unassigned. Verify that Port is set to its default setting of 443.
Click OK.
Click Close.
We are stumped, help please
We were using OCS 2007 R2 Standard. IM Conferencing was working up to a month ago but do not know what changed. Since then, the server has been completely rebuilt and OCS R2 Enterprise has been installed and the same issue still occurs.
Client side gets the following error:
The conferencing service did not respond. Wait and then try again. If you still cannot connect, contact your system administrator with this information. (ID: 3098)
When we run Front-End validation, we get this error:
Attempting to send a CCCP HTTP request https://poolname.domain.com:444/LiveServer/Focus Received a failure HTTP response.: HTTP Response: 400
Connection:close
Content-Length:0
Date:Thu, 22 Oct 2009 13:26:20 GMT
Server:Microsoft-HTTPAPI/2
Received a failure HTTP response.: BadRequest
Suggested Resolution: Check whether the Web Server or Office Communications Server component is running and also listening on the specified url. If server is behind a load balancer, please make sure the loopback connection is allowed from load balancer FQDN.
All services start without error.
We can telnet to servername.domain.com on port 444 without issue.
The Default meeting policy for the forest has the following settings:
Maximum meeting size: 10
Enable Web Conferencing
Use native format for PowerPoint files
Enable program and desktop sharing
Allow control of shared programs and desktop
The CN for the certificate is poolname.domain.com and is a GeoTrust QuickSSL Premium certificate.
The Key Usage is: Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment (f0)
We followed these steps for installing the cert in IIS:
To assign the certificate to the Web Components Server with IIS 7.0 and Windows Server 2008
Log on to the server running the Web Components Server as a member of the Administrators group.
Click Start, and then click Control Panel.
Click Classic View, double-click Administrative Tools, and then double-click Computer Management.
Expand the Services and Applications node, and then expand the Internet Information Services (IIS) Manager node.
In the Connections pane, expand the Web Components server.
Expand Sites, and then click Default Web Site.
In the Default Web Site Home, pane, under IIS, click Authentication.
Note If your internal Web farm FQDN is different from your pool FQDN, you must first request a certificate.
In the Actions pane, click Bindings.
In the Site Bindings dialog box, click Add.
In the Add Site Bindings dialog box, in the Type drop-down, click https.
In the SSL certificate drop-down, click the certificate that you want to use for the Web Components server.
Note Verify that IP address is set to its default setting of All Unassigned. Verify that Port is set to its default setting of 443.
Click OK.
Click Close.
We are stumped, help please
gaanthony
If the certificate for the Pool includes Client Authentication in the Enhanced Key Usage field you need to verify that the Certificate chain Root/Intermediates allow all purposes and is not set to like Server auth, mail, but not Client.
ASKER
Enhanced Key usage for the cert is:
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)
The Root cert Enhanced Key usage is:
Secure Email
Server Authentication
Code Signing
I am confused by your comment - Is this correct or not?
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)
The Root cert Enhanced Key usage is:
Secure Email
Server Authentication
Code Signing
I am confused by your comment - Is this correct or not?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.