AXISHK
asked on
Lync and unified Messaging server
I have received the following on my Exchange server 2010. Any idea ?
10.0.x.81 is the Exchange
10.0.x.41 is the Lync server
The Unified Messaging server failed to exchange the required certificates with an IP gateway to enable Transport layer Security (TLS) for an incoming call. Please check that this is a configured TLS peer and that the certificates being used are correct. More information: A TLS failure occurred because the remote server disconnected while TLS negotiation was in progress. The error code = 0x80131500 and the message = Unknown error (0x080131500). Remote certificate: (). Remote end point: 10.0.x.81:5061. Local end point: 10.0.x.41:55181.
10.0.x.81 is the Exchange
10.0.x.41 is the Lync server
The Unified Messaging server failed to exchange the required certificates with an IP gateway to enable Transport layer Security (TLS) for an incoming call. Please check that this is a configured TLS peer and that the certificates being used are correct. More information: A TLS failure occurred because the remote server disconnected while TLS negotiation was in progress. The error code = 0x80131500 and the message = Unknown error (0x080131500). Remote certificate: (). Remote end point: 10.0.x.81:5061. Local end point: 10.0.x.41:55181.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can use the Get-ExchangeCertificate cmdlet in the Exchange Management Shell:
http://technet.microsoft.com/en-us/library/bb124950(v=exchg.150).aspx
Look for th certificate which is enabled for the 'UM' service than look at its configuration to verify that the CN/SAN setup is correct for Lync or not.
See this article and the posted comments for similar discussions:
http://blog.schertz.name/2010/11/lync-and-exchange-um-integration
http://technet.microsoft.com/en-us/library/bb124950(v=exchg.150).aspx
Look for th certificate which is enabled for the 'UM' service than look at its configuration to verify that the CN/SAN setup is correct for Lync or not.
See this article and the posted comments for similar discussions:
http://blog.schertz.name/2010/11/lync-and-exchange-um-integration
ASKER
Tks
Quite often a single certificate is used on the Exchange server with something like 'mail.domain.com' as the CN yet the server FQDN (e.g. exchange.domain.com) is included in the SAN field. For all other usages this is fine, but not for Lync+EUM.
To resolve either request a new certificate with exchange.domain.com as the CN and then move the mail.domain.com or whatever the CN was into the SAN field. Or you can request a second certificate to bind to ONLY the UM service and simply put the Exchange FQDN in the CN field and do not use any SAN field at all.
The problem is that Lync Server only looks at the CN and ignore the SAN field os the certificate bound to the Exchange UM service, and the CN must match the Exchange Um server FQDN as it was resolved by the Lync Server.