OCS 2007 R2 & TMG Configuration Issues
-
sexta-feira, 6 de janeiro de 2012 22:43
I am hoping someone can review my configuration, and tell me what I am missing. The OCS client is not connecting. Where do I start to verify and validate!?
3-Leg Network Configuration
im.ocs.x.net >> 69.25.x.x0 << Watchguard >> TMG DMZ VLAN20 10.95.30.30 >> TMG Perimeter VLAN30 10.99.5.5 >> 10.99.5.10
webconf.ocs.x.net >> 69.25.x.x6 << Watchguard >> TMG DMZ VLAN20 10.95.30.31 >> TMG Perimeter VLAN30 10.99.5.5 >> 10.99.5.11
av.ocs.x.net >> 69.25.x.x4 << Watchguard >> TMG DMZ VLAN20 10.95.30.32 >> TMG Perimeter VLAN30 10.99.5.5 >> 10.99.5.12
Testing the Remote Connectivity to Microsoft Office Communications Server Access Edge Server im.ocs.x.net running on port number 443 to see if user user@x.com can connect remotely. Specified Remote Connectivity test(s) to the Microsoft Office Communications Server failed. Please examine below details of specific reason for failure. 
Test Steps 
Attempting to Resolve the host name im.ocs.x.net in DNS. Host successfully Resolved 
Additional Details IP(s) returned: 69.25.x.x0 Testing TCP Port 443 on host im.ocs.x.net to ensure it is listening/open. The port was opened successfully. Testing SSLCertificate for validity. The certificate passed all validation requirements.validation checks. Additional Details Subject: CN=x.x.net, OU=Domain Control Validated, O=x.x.net, Issuer SERIALNUMBER=x, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US Testing the Remote Connectivity to Microsoft Office Communications Server Access Edge Server im.ocs.x.net running on port number 443 to see if user user@x.com can connect remotely. Specified Remote Connectivity test(s) to the Microsoft Office Communications Server failed. Please examine below details of specific reason for failure. 
Tell me more about this issue and how to resolve it Additional Details Subscription for provisioning data did not return a valid MRAS URI. - Editado Virtual Anomaly segunda-feira, 9 de janeiro de 2012 14:36
Todas as Respostas
-
sexta-feira, 6 de janeiro de 2012 22:55
-
sexta-feira, 6 de janeiro de 2012 22:58
-
segunda-feira, 9 de janeiro de 2012 07:43Moderador
Hi,
Thank you for the post.
Please install the TMG client on the machine and see if it works.
Regards,
Nick Gu - MSFT -
segunda-feira, 9 de janeiro de 2012 14:35
Hi Nick -
The client does not work from the TMG server.
I can ping from TMG 10.99.5.5 to 10.99.5.10 however I cannot ping in reverse from OCS to TMG (5.10 to 5.5).
01/09/2012|09:27:24.628 880:D74 INFO :: module=uccapi flavor=fre version=3.5.6907.236
01/09/2012|09:27:24.628 880:D74 INFO :: CUccPlatform::EnableTracing: tracing enabled
01/09/2012|09:27:24.650 880:D74 INFO :: CUccPlatform::EnableTracing : media stack tracing enabled
01/09/2012|09:27:27.900 880:D74 INFO :: CUccServerEndpoint::Initialize - This endpoint is sharing presentity data.
01/09/2012|09:27:27.900 880:D74 INFO :: Outgoing 037A4708-<sip:user@x.com>, local=(null)
01/09/2012|09:27:27.901 880:D74 TRACE :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete[037A4708] Entered host im.ocs.x.net
01/09/2012|09:27:27.901 880:D74 INFO :: CSIPCompressor::Initialize - Compression setting 2, threshold 128000, timeout 5000
01/09/2012|09:27:27.902 880:D74 INFO :: ASYNC_SOCKET::SetHttpProxyAddr HttpProxyAddr [0.0.0.0:0]
01/09/2012|09:27:27.902 880:D74 INFO :: ASYNC_SOCKET::Connect - Tunneling [no] - DestAddr [10.99.5.10:443] - Host [im.ocs.x.net:443] - RemotePrincipalName - [im.ocs.x.net], this 00676120
01/09/2012|09:27:27.904 880:D74 TRACE :: Async work item posted for TLS negotiation: this 00676120
01/09/2012|09:27:27.904 880:D74 TRACE :: ASYNC_SOCKET::SendOrQueueIfSendIsBlocking sending sendBuffer 0379A4C0, this 00676120, pSendBuffer->m_BufLen = 124
01/09/2012|09:27:27.904 880:D74 TRACE :: ASYNC_SOCKET::SendHelperFn sendBuffer 0379A4C0 sent, this 00676120, m_BytesSent = 124, pSendBuffer->m_BufLen = 124
01/09/2012|09:27:27.906 880:D74 TRACE :: Async work item posted for TLS negotiation: this 00676120
01/09/2012|09:27:27.907 880:D78 ERROR :: SECURE_SOCKET: InitializeSecurityContext returned SEC_E_INVALID_TOKEN, token contents:
01/09/2012|09:27:27.907 880:D78 ERROR :: SECURE_SOCKET: negotiation failed: 80090308, principal name: [im.ocs.x.net]
01/09/2012|09:27:27.907 880:D74 ERROR :: ASYNC_SOCKET::OnConnectError (0x80ee0069) - enter
01/09/2012|09:27:27.907 880:D74 TRACE :: SIP_MSG_PROCESSOR::OnRequestSocketConnectComplete - Enter this: 037A4708, callid=(null), ErrorCode: 0x80ee0069
01/09/2012|09:27:27.907 880:D74 ERROR :: Releasing socket and notifying transactions
01/09/2012|09:27:27.907 880:D74 ERROR :: SIP_MSG_PROCESSOR::NotifyRequestSocketConnectComplete - Error: 80ee0069
01/09/2012|09:27:27.908 880:D74 ERROR :: OUTGOING_TRANSACTION::OnRequestSocketConnectComplete - connection failed error 80ee0069
01/09/2012|09:27:27.908 880:D74 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 0. Status 80EE0069. Status text (null).
01/09/2012|09:27:27.908 880:D74 INFO :: Function: CUccServiceOperationManager::DisableServManager
01/09/2012|09:27:27.908 880:D74 TRACE :: Condition failed with 80ee0061: 'm_fServMgrEnabled'
01/09/2012|09:27:27.908 880:D74 INFO :: Function: CUccServerEndpoint::UpdateEndpointState
01/09/2012|09:27:27.908 880:D74 ERROR :: HRESULT API failed: 80ee0061 = hr. DisableServManager
01/09/2012|09:27:27.908 880:D74 INFO :: Function: CUccEndpoint::Disable
01/09/2012|09:27:27.908 880:D74 TRACE :: Condition failed with 80ee0092: 'GetState() != UCCES_IDLE'
01/09/2012|09:27:27.910 880:D74 TRACE :: SIP_STACK::DeleteProviderProfile freed profile at index 0
01/09/2012|09:27:41.175 880:D74 TRACE :: CRTCMediaController::FinalRelease - enter [0x00611FC8]
01/09/2012|09:27:41.176 880:D74 TRACE :: CRTCMediaController::FinalRelease - exit [00611FC8]- Editado Virtual Anomaly segunda-feira, 9 de janeiro de 2012 15:09
-
segunda-feira, 9 de janeiro de 2012 15:05
If I stop the Windows Firewall service on the TMG server I get a different result. The client reports a certificate error rather than no connection.
01/09/2012|09:59:14.602 F3C:DB0 INFO :: module=uccapi flavor=fre version=3.5.6907.236
01/09/2012|09:59:14.602 F3C:DB0 INFO :: Initialization flags (100)
01/09/2012|09:59:14.603 F3C:DB0 ERROR :: Failed to init PANOVideo[009BC1D4], 80070002
01/09/2012|09:59:14.603 F3C:DB0 TRACE :: CRTCMediaController::Initialize Start registering window class
01/09/2012|09:59:14.603 F3C:DB0 TRACE :: CRTCMediaController::Initialize End registering window class
01/09/2012|09:59:14.603 F3C:DB0 TRACE :: CRTCMediaController::Initialize Start CreateWindow(...)
01/09/2012|09:59:14.604 F3C:DB0 TRACE :: CRTCMediaController::Initialize End CreateWindow(...)
01/09/2012|09:59:14.604 F3C:DB0 TRACE :: CRTCMediaController::Initialize Start initializing registyr settings
01/09/2012|09:59:14.604 F3C:DB0 TRACE :: CRTCMediaController::Initialize End initializing registyr settings
01/09/2012|09:59:14.604 F3C:DB0 TRACE :: CRTCMediaController::Initialize Start LoadLibrary(MEDIAPLATFORMDLL)
01/09/2012|09:59:14.612 F3C:DB0 TRACE :: CRTCMediaController::Initialize End LoadLibrary(MEDIAPLATFORMDLL)
01/09/2012|09:59:14.612 F3C:DB0 TRACE :: CRTCMediaController::Initialize Start create rtp platform
01/09/2012|09:59:14.669 F3C:DB0 TRACE :: CRTCMediaController::Initialize End create rtp platform
01/09/2012|09:59:14.669 F3C:DB0 TRACE :: CRTCMediaController::Initialize Start setting ports for media
01/09/2012|09:59:14.669 F3C:DB0 TRACE :: CRTCMediaController::Initialize End setting ports for media
01/09/2012|09:59:14.669 F3C:DB0 TRACE :: CRTCMediaController::Initialize Start LoadDeviceSettings()
01/09/2012|09:59:14.669 F3C:DB0 INFO :: SetDeviceDisabled[009BC114] 0->0
01/09/2012|09:59:14.669 F3C:DB0 INFO :: Function: DeviceManager::Initialize
01/09/2012|09:59:14.669 F3C:DB0 ERROR :: HRESULT failed: 80ee002d = hr. FindDeviceByName
01/09/2012|09:59:14.669 F3C:DB0 ERROR :: CRTCMediaController::LoadDeviceSettings Failed while loading device- 0 with 80ee002d.
01/09/2012|09:59:14.669 F3C:DB0 INFO :: SetDeviceDisabled[009BC174] 0->0
01/09/2012|09:59:14.670 F3C:DB0 INFO :: Function: DeviceManager::Initialize
01/09/2012|09:59:14.670 F3C:DB0 ERROR :: HRESULT failed: 80ee002d = hr. FindDeviceByName
01/09/2012|09:59:14.670 F3C:DB0 ERROR :: CRTCMediaController::LoadDeviceSettings Failed while loading device- 1 with 80ee002d.
01/09/2012|09:59:14.670 F3C:DB0 INFO :: SetDeviceDisabled[009BC1D4] 0->0
01/09/2012|09:59:14.670 F3C:DB0 INFO :: Function: DeviceManager::Initialize
01/09/2012|09:59:14.670 F3C:DB0 ERROR :: HRESULT failed: 80ee002d = hr. FindDeviceByName
01/09/2012|09:59:14.670 F3C:DB0 ERROR :: CRTCMediaController::LoadDeviceSettings Failed while loading device- 2 with 80ee002d.
01/09/2012|09:59:14.670 F3C:DB0 INFO :: SetDeviceDisabled[009BC0B4] 0->0
01/09/2012|09:59:14.670 F3C:DB0 INFO :: Function: DeviceManager::Initialize
01/09/2012|09:59:14.670 F3C:DB0 ERROR :: HRESULT failed: 80ee002d = hr. FindDeviceByName
01/09/2012|09:59:14.670 F3C:DB0 ERROR :: CRTCMediaController::LoadDeviceSettings Failed while loading device- 3 with 80ee002d.
01/09/2012|09:59:14.711 F3C:DB0 TRACE :: CRTCMediaController::Initialize End LoadDeviceSettings()
01/09/2012|09:59:14.751 F3C:DB0 INFO :: CUccPlatform::InitializeMedia : media stack tracing enabled
01/09/2012|09:59:14.753 F3C:DB0 ERROR :: CHidManager::AddHidDevice - CreateFile(\\?\hid#vid_0627&pid_0001#6&1cfc9ec5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}) failed with -2147024891
01/09/2012|09:59:14.753 F3C:DB0 ERROR :: CHidManager::EnumerateHidDevices - AddHidDevice failed 0x80070005
01/09/2012|09:59:14.753 F3C:DB0 INFO :: Function: CUccMediaDeviceManager::GetBoolProperty
01/09/2012|09:59:14.753 F3C:DB0 TRACE :: Condition failed with 80ee0058: 'spProperty.IsValid()'
01/09/2012|09:59:14.753 F3C:DB0 INFO :: Function: CUccMediaDeviceManager::GetBoolProperty
01/09/2012|09:59:14.753 F3C:DB0 TRACE :: Condition failed with 80ee0058: 'spProperty.IsValid()'
01/09/2012|09:59:14.753 F3C:DB0 INFO :: Function: CUccMediaDeviceManager::GetBoolProperty
01/09/2012|09:59:14.753 F3C:DB0 TRACE :: Condition failed with 80ee0058: 'spProperty.IsValid()'
01/09/2012|09:59:14.754 F3C:DB0 INFO :: Function: CUccMediaDeviceManager::GetBoolProperty
01/09/2012|09:59:14.754 F3C:DB0 TRACE :: Condition failed with 80ee0058: 'spProperty.IsValid()'
01/09/2012|09:59:14.754 F3C:DB0 TRACE :: SipStackGlobalInit - Doing WSAStatusup(1,1)
01/09/2012|09:59:14.754 F3C:DB0 TRACE :: SipStackGlobalInit - WsaData fields: wsaVersion=1.1(0x101), wVersion=1.1(0x101), wHighVersion=2.2(0x202)
01/09/2012|09:59:14.754 F3C:DB0 TRACE :: client[009B6970] new sipStack[03740048]
01/09/2012|09:59:15.062 F3C:DB0 INFO :: CUccServerEndpoint::Initialize - This endpoint is sharing presentity data.
01/09/2012|09:59:15.064 F3C:DB0 INFO :: Outgoing 037F9790-<sip:user@x.com>, local=(null)
01/09/2012|09:59:15.071 F3C:DB0 TRACE :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete[037F9790] Entered host im.ocs.dynamixsi.net
01/09/2012|09:59:15.071 F3C:DB0 INFO :: CSIPCompressor::Initialize - Compression setting 2, threshold 128000, timeout 5000
01/09/2012|09:59:15.072 F3C:DB0 INFO :: ASYNC_SOCKET::SetHttpProxyAddr HttpProxyAddr [0.0.0.0:0]
01/09/2012|09:59:15.072 F3C:DB0 INFO :: ASYNC_SOCKET::Connect - Tunneling [no] - DestAddr [10.99.5.10:443] - Host [im.ocs.x.net:443] - RemotePrincipalName - [im.ocs.x.net], this 037F9108
01/09/2012|09:59:15.075 F3C:DB0 TRACE :: Async work item posted for TLS negotiation: this 037F9108
01/09/2012|09:59:15.075 F3C:DB0 TRACE :: ASYNC_SOCKET::SendOrQueueIfSendIsBlocking sending sendBuffer 037FB920, this 037F9108, pSendBuffer->m_BufLen = 124
01/09/2012|09:59:15.075 F3C:DB0 TRACE :: ASYNC_SOCKET::SendHelperFn sendBuffer 037FB920 sent, this 037F9108, m_BytesSent = 124, pSendBuffer->m_BufLen = 124
01/09/2012|09:59:15.077 F3C:DB0 TRACE :: Async work item posted for TLS negotiation: this 037F9108
01/09/2012|09:59:15.077 F3C:DB0 TRACE :: Async work item posted for TLS negotiation: this 037F9108
01/09/2012|09:59:15.078 F3C:E2C ERROR :: SECURE_SOCKET: negotiation failed: 80090322, principal name: [im.ocs.x.net]
01/09/2012|09:59:15.078 F3C:DB0 ERROR :: ASYNC_SOCKET::OnConnectError (0x80ee0065) - enter
01/09/2012|09:59:15.079 F3C:DB0 TRACE :: SIP_MSG_PROCESSOR::OnRequestSocketConnectComplete - Enter this: 037F9790, callid=(null), ErrorCode: 0x80ee0065
01/09/2012|09:59:15.079 F3C:DB0 ERROR :: Releasing socket and notifying transactions
01/09/2012|09:59:15.079 F3C:DB0 ERROR :: SIP_MSG_PROCESSOR::NotifyRequestSocketConnectComplete - Error: 80ee0065
01/09/2012|09:59:15.079 F3C:DB0 ERROR :: OUTGOING_TRANSACTION::OnRequestSocketConnectComplete - connection failed error 80ee0065
01/09/2012|09:59:15.079 F3C:DB0 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 0. Status 80EE0065. Status text (null).
01/09/2012|09:59:15.079 F3C:DB0 INFO :: Function: CUccServiceOperationManager::DisableServManager
01/09/2012|09:59:15.079 F3C:DB0 TRACE :: Condition failed with 80ee0061: 'm_fServMgrEnabled'
01/09/2012|09:59:15.079 F3C:DB0 INFO :: Function: CUccServerEndpoint::UpdateEndpointState
01/09/2012|09:59:15.079 F3C:DB0 ERROR :: HRESULT API failed: 80ee0061 = hr. DisableServManager
01/09/2012|09:59:15.080 F3C:DB0 INFO :: Function: CUccEndpoint::Disable
01/09/2012|09:59:15.080 F3C:DB0 TRACE :: Condition failed with 80ee0092: 'GetState() != UCCES_IDLE'
01/09/2012|09:59:15.081 F3C:DB0 TRACE :: SIP_STACK::DeleteProviderProfile freed profile at index 0
01/09/2012|09:59:23.914 F3C:DB0 INFO :: CUccServerEndpoint::Initialize - This endpoint is sharing presentity data.
01/09/2012|09:59:23.914 F3C:DB0 INFO :: Outgoing 037F7C58-<sip:user@x.com>, local=(null)
01/09/2012|09:59:23.915 F3C:DB0 TRACE :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete[037F7C58] Entered host im.ocs.dynamixsi.net
01/09/2012|09:59:23.915 F3C:DB0 INFO :: CSIPCompressor::Initialize - Compression setting 2, threshold 128000, timeout 5000
01/09/2012|09:59:23.916 F3C:DB0 INFO :: ASYNC_SOCKET::SetHttpProxyAddr HttpProxyAddr [0.0.0.0:0]
01/09/2012|09:59:23.916 F3C:DB0 INFO :: ASYNC_SOCKET::Connect - Tunneling [no] - DestAddr [10.99.5.10:443] - Host [im.ocs.x.net:443] - RemotePrincipalName - [im.ocs.x.net], this 00A07EB8
01/09/2012|09:59:23.917 F3C:DB0 TRACE :: Async work item posted for TLS negotiation: this 00A07EB8
01/09/2012|09:59:23.918 F3C:DB0 TRACE :: ASYNC_SOCKET::SendOrQueueIfSendIsBlocking sending sendBuffer 037FBCE0, this 00A07EB8, pSendBuffer->m_BufLen = 124
01/09/2012|09:59:23.918 F3C:DB0 TRACE :: ASYNC_SOCKET::SendHelperFn sendBuffer 037FBCE0 sent, this 00A07EB8, m_BytesSent = 124, pSendBuffer->m_BufLen = 124
01/09/2012|09:59:23.919 F3C:DB0 TRACE :: Async work item posted for TLS negotiation: this 00A07EB8
01/09/2012|09:59:23.919 F3C:DB0 TRACE :: Async work item posted for TLS negotiation: this 00A07EB8
01/09/2012|09:59:23.920 F3C:E2C ERROR :: SECURE_SOCKET: negotiation failed: 80090322, principal name: [im.ocs.x.net]
01/09/2012|09:59:23.920 F3C:DB0 ERROR :: ASYNC_SOCKET::OnConnectError (0x80ee0065) - enter
01/09/2012|09:59:23.920 F3C:DB0 TRACE :: SIP_MSG_PROCESSOR::OnRequestSocketConnectComplete - Enter this: 037F7C58, callid=(null), ErrorCode: 0x80ee0065
01/09/2012|09:59:23.920 F3C:DB0 ERROR :: Releasing socket and notifying transactions
01/09/2012|09:59:23.921 F3C:DB0 ERROR :: SIP_MSG_PROCESSOR::NotifyRequestSocketConnectComplete - Error: 80ee0065
01/09/2012|09:59:23.921 F3C:DB0 ERROR :: OUTGOING_TRANSACTION::OnRequestSocketConnectComplete - connection failed error 80ee0065
01/09/2012|09:59:23.921 F3C:DB0 TRACE :: CUccServerEndpoint::UpdateEndpointState - Update state from 1 to 0. Status 80EE0065. Status text (null).
01/09/2012|09:59:23.921 F3C:DB0 INFO :: Function: CUccServiceOperationManager::DisableServManager
01/09/2012|09:59:23.921 F3C:DB0 TRACE :: Condition failed with 80ee0061: 'm_fServMgrEnabled'
01/09/2012|09:59:23.921 F3C:DB0 INFO :: Function: CUccServerEndpoint::UpdateEndpointState
01/09/2012|09:59:23.921 F3C:DB0 ERROR :: HRESULT API failed: 80ee0061 = hr. DisableServManager
01/09/2012|09:59:23.921 F3C:DB0 INFO :: Function: CUccEndpoint::Disable
01/09/2012|09:59:23.921 F3C:DB0 TRACE :: Condition failed with 80ee0092: 'GetState() != UCCES_IDLE'
01/09/2012|09:59:23.923 F3C:DB0 TRACE :: SIP_STACK::DeleteProviderProfile freed profile at index 0
01/09/2012|09:59:33.556 F3C:DB0 TRACE :: CRTCMediaController::FinalRelease - enter [0x009BBFE8]
01/09/2012|09:59:33.558 F3C:DB0 TRACE :: CRTCMediaController::FinalRelease - exit [009BBFE8]- Editado Virtual Anomaly segunda-feira, 9 de janeiro de 2012 15:10
-
sexta-feira, 13 de janeiro de 2012 08:29Moderador
Hi,
Thank you for the update.
“I can ping from TMG 10.99.5.5 to 10.99.5.10 however I cannot ping in reverse from OCS to TMG (5.10 to 5.5).” - by default, TMG server can ping all networks from local host. However, if you want to ping TMG from OCS server, you should create access rule. to publish OCS 2007, please refer to the following links:
http://www.isaserver.org/tutorials/ocs-2007-isa-2006-firewall-design-architecture.html
Regards,
Nick Gu - MSFT- Sugerido como Resposta Nick Gu - MSFTMicrosoft Contingent Staff, Moderator segunda-feira, 16 de janeiro de 2012 00:54
- Marcado como Resposta Nick Gu - MSFTMicrosoft Contingent Staff, Moderator sexta-feira, 20 de janeiro de 2012 15:08
.png)
