Coffeehouse Thread

13 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Office Communicator 2005 Problems

Back to Forum: Coffeehouse
  • User profile image
    Travis H

    Okay, I have Office Communicator 2005 installed on my computer, and I recently installed Office Live Communications Server 2005 on the server.

    I created a new certificate with the FQDN of pool01.headquarters.elwoh.com, which is the fqdn of the pool, as you see.

    I then set the TLS protocol to use that certificate, and communicate on port 5061.  When I try to connect to the server (via TLS) from office communicator I get an error:

    Error Message:
    ---------------------------
    Microsoft Office Communicator
    ---------------------------
    There was a problem verifying the certificate from the server. Please contact your system administrator.
    ---------------------------
    OK  
    ---------------------------


    I've also got the server set to use TCP, on port 5060.  If I try to connect to the server using TCP I get an error message as well:

    Error Message:
    ---------------------------
    Microsoft Office Communicator
    ---------------------------
    Cannot sign in, possibly because the authentication server is unavailable to verify your sign-in information. Please sign in again. If the problem persists, contact your system administrator.
    ---------------------------
    Retry   Cancel  
    ---------------------------


    I've tried to sign-in using the FQDN, IP Address; Username types of user@elwoh.com, user@headquarters.elwoh.com, elwoh\user, user and it doesn't work.

    I have ports 5060, and port 5061 open on the server.

  • User profile image
    Travis H

    Do I need to install the Live Communications Server Proxy?

  • User profile image
    Travis H

    Is it because I'm not assigning the certificate right or what?  Someone has to know.

  • User profile image
    Travis H

    when I run the diag tools for the client, and I use TCP it says kerbros failed.  Because the SPN was registered incorrectly...



    Microsoft (R) Windows Script Host Version 5.6
    Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

    ERRROR: The SPN for pool01.headquarters.elwoh.comis registered incorrectly

  • User profile image
    Travis H

    still nothing

  • User profile image
    AndyC

    What are you using for DNS?

  • User profile image
    Travis H

    MSDNS.  Set to pool01.headquarters.elwoh.com

     

    If I use TCP connection it connects but cant authenticate because of kerbros failure like I said above.  Not sure how to fix that.

  • User profile image
    Travis H

    I ran the LCS diag tool in the resource kit, and tried to connect via TCP.

    It establishes the connections, but cannot authenticate with kerbros because the SPN is registered incorrectly.

    How do I fix that?


    Also, if I try to connect via TLS, it won't verify the certificate.  More than likely because I made it wrong.  I just entered the pool DNS (pool01.headquarters.elwoh.com) for the subject so it's issued to that address.

    Help is appreciated.

  • User profile image
    Travis H

    Anyone have an idea of what the (I need to watch my language) is going on?

  • User profile image
    Seldon_21

    I am having a similar issue. 

    NOTE: PC is not apart of the AD.  Signon locally and use AD syntax to connect to AD resources.  "DirectoryName\Username"

    - When connected on the lan at the office I can connect and access everything normally.

    - When I am remote via VPN (Aventail) I can't connect to Office Communicator.

    Any ideas?

  • User profile image
    goldman313

    ok, it's almost 2 years after this last post, I think, but I'm having the same problem, almost.

     

    Setup LCS 2005 SP1

    Setup Access Proxy

    trying to use LCS across Internet to get to Access Proxy

    I have an external address on the firewall NAT'ed to my internal address, with ports 5061, 5060, and 443 open.

    Communicator is setup on a test client machine back at my house

    I can connect with TCP to the LCS server (10.10.1.8) but I can't use TLS to connect to the Access Proxy (10.10.1.6) as of now.

    "There was a problem verifying the certificate from the server. Please contact your System Administrator."

    I exported a public key off the Access Proxy, I purchased a SSL cert from entrust.com.  I exported from Access Proxy server / imported a .pfx key w/out the private key to the client user machine (my XP machine at home) and exported/imported a key WITH the Private

  • User profile image
    lalas

    I am having the same problem with a smaller company we purchase that is not part of my domain.  All the Domain computers have no problem.  Even my home computer does not have a problem.  We use entrust.com for our certificates too.

  • User profile image
    cpcahil

    I experienced this same problem.  When locally connected to the corporate network, Communicator worked fine.  When remote and connected via the VPN, I wasn unable to get to the LCS.

    Through experimentation I tracked down my problem to a DNS problem on the client.  It appears that Communicator only uses the first DNS server in the list of DNS servers available  via the systems network configuration.

    On my system this meant  that the DNS server on the local connection (the hotel, or my home DNS server) was the one used (the VPNs DNS server ended up being second). 

    So communicator either got the public information for the LCS server, which our company blocks, or it had a DNS lookup failure.

    I fixed this by going into the TCP/IP settings on the local network connection and manually adding the IP address of our internal DNS server (which may cause problems when I don't have the VPN running, but that's very rare for me).

    With this change, Communicator started and connected without a problem.

    Note that I also tried manuallly setting the sip configuration, but was unable to connect with a manual install.   I don't know why that didn't work since I used the data registered in the internal DNS server so it should have worked.  Oh well.

    Conor

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.