Thursday, July 22, 2010

OCS Certificate Error

I was out at a client who had issues with their OCS Server.

Errors Received on Workstations

Users started receiving the following error on workstations when opening OCS.

There was a problem verifying the certificate from the server. Please contact your system administrator.



The client rebooted the server. After rebooting they started receiving the following error when opening OCS.

Cannot sign in because the server is temporarily unavailable. If the problem persists, contact the system administrator.



In the system event log on the client workstations the following error was received.

Event Type: Error
Event Source: Communicator
Event Category: None
Event ID: 7
Date: 23/07/2010
Time: 9:27:39 AM
User: N/A
Computer: KTM-10
Description:
Communicator failed to connect to server banara.rmaust.com.au (172.25.129.25) on port 5061 due to error 10061. The server is not listening on the port in question, the service is not running on this machine, the service is not responsive, or network connectivity doesn't exist.

Resolution:
Please make sure that your workstation has network connectivity. If you are using manual configuration, please double-check the configuration. The network administrator should make sure that the service is running on port 5061 on server banara.rmaust.com.au (172.25.129.25).




Errors Received on OCS Server

The following errors were received on the OCS server itself.

In the System log the following error appeared:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 23/07/2010
Time: 9:36:06 AM
User: N/A
Computer: BANARA
Description:
The Office Communications Server Front-End service terminated with service-specific error 2148204801 (0x800B0101).




The following errors were seen in the Office Communications Server logs:

Event Type: Error
Event Source: OCS MCU Infrastructure
Event Category: (1022)
Event ID: 61002
Date: 23/07/2010
Time: 9:41:10 AM
User: N/A
Computer: BANARA
Description:
No certificate has been configured for secure transport.

The certificate assigned to process DataMCUSvc(3996) was not found.
Certificate serial number: 61796F2800000000000A
Certificate issuer name: CN=RMA8, DC=rmaust, DC=com, DC=au.
Resolution:
Verify that a valid certificate has been configured.




Event Type: Error
Event Source: OCS Data MCU
Event Category: (1018)
Event ID: 41009
Date: 23/07/2010
Time: 9:41:10 AM
User: N/A
Computer: BANARA
Description:
Failed to initialize the focus adapter.

Cause: Failed to initialize focus adapter
Resolution:
Check previous event log entries and resolve them.




Event Type: Error
Event Source: OCS Data MCU
Event Category: (1018)
Event ID: 41038
Date: 23/07/2010
Time: 9:41:10 AM
User: N/A
Computer: BANARA
Description:
Office Communications Server Web Conferencing Server could not be started

Message: Operation is not valid due to the current state of the object.
at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport.LoadCertificate(CertificateInfo certificate)
at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport.LoadCertificate()
at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport..ctor(String listeningUrl, ICccpConfigurationProvider config, XmlWriterSettings writerSettings)
at Microsoft.Rtc.Server.McuInfrastructure.CccpAdapter..ctor(String listenerUri, ICccpConfigurationProvider config)
at Microsoft.Rtc.Server.McuInfrastructure.McuCccpAdapter..ctor(String listenerUri, ICccpConfigurationProvider config)
at Microsoft.Rtc.Server.DataMCU.Hosting.Runtime.ApplicationController..ctor(IDictionary`2 appConfig, String appClassName, String cccpListenerUri, Byte[] httpsCertificateIssuer, Byte[] httpsCertificateSN, String mcuType, String mcuVendor, IServiceWorker serviceWorker)
at Microsoft.Rtc.Server.DataMCU.ServiceWorker.StartServer(String[] args)

Resolution:
Look in previous event logs for more information about this error




Event Type: Warning
Event Source: OCS Data MCU
Event Category: (1018)
Event ID: 41063
Date: 23/07/2010
Time: 9:41:10 AM
User: N/A
Computer: BANARA
Description:
Could not connect to Active Directory to read configurations settings. Will retry in 30 seconds.




Issue

The reason why all these errors started spawning stems from the Digital Certificate issued to the OCS Server expiring. If you fire up MMC, add in the certificate console, go to local computer certificates and open up the certificate used for OCS it will say the certificate is expired.



Resolution

To resolve the issue generate assign a new certificate from the internal certificate authority (or from a public certificate authority) depending on how your OCS organisation is setup. In this instance we will be issuing a certificate from an internal certificate authority. The certificate request needs to be renewed on a number of OCS services. For each OCS component follow these guides from the OCSPEDIA website:

Certificate on Standard/Enterprise Edition Front End Server:
http://www.ocspedia.com/Certificates/SE/CreateAssign_SE.htm

Certificate on an Access Edge Server:
http://www.ocspedia.com/Certificates/AccessEdge/InternalCA/CreateAssign_AccessEdge.htm

Certificate on a Web Conference Edge Server:
http://www.ocspedia.com/Certificates/AccessEdge/InternalCA/CreateAssign_AccessEdge.htm

Certificate on an Audio/Video Conference Edge Server:
http://www.ocspedia.com/Certificates/AccessEdge/InternalCA/CreateAssign_AccessEdge.htm

Users will continue to receive "There was a problem verifying the certificate from the server. Please contact your system administrator" until they reboot their workstation after changing the certificate on the server.

3 comments:

  1. Error Number 0x800CCC0E happens when there is a problem with Microsoft Outlook, Outlook Express or Windows Mail.

    sql server error 10061

    ReplyDelete
  2. Thank you for this information! You made my life a bit easier. All works well after a reboot.

    ReplyDelete
  3. Thank you. I just wanted to know where to ship it since I know now to keep producing it

    Modular Office Workstations

    ReplyDelete