The Communicator Web Access Server is not trusted by the Live Communications Server RRS feed

  • Question

  • I'm trying to setup an external CWA server with LCS 2005 SP1 Enterprise. I have an existing pool of LCS servers also running CWA for internal use. One on port 443 and one on port 446 for Blackberry Enterprise Server. All of those work fine. The two servers in the Pool are behind an F5 Load Balancer.

    The issue I'm having is this third server that only has CWA installed isn't able to log users on successfully. I followed the deployment guide, which stated this was supported, obtained a certificate on the same internal CA the pool obtained it's certificates from using the FQDN of the  new CWA server, installed CWA, activated CWA, added a Virtual Server, all stated it was successful.

    I can telnet to the pool on port 5061 successfully. That is where the successful part ends. The issues start when I open a web browser and go to the CWA. I enter all the information and get the following error on the web client:

    The session was ended. Communicator Web Access Server cannot log the user on to the Live Communications Server. (Error Code: 1)

    On the CWA server, the error message is:


    Event Type:        Error

    Event Source:        Communicator Web Access Session Service

    Event Category:        (2101)

    Event ID:        50104

    Date:                12/17/2009

    Time:                8:30:02 AM

    User:                N/A

    Computer:        COMSVR101


    The Communicator Web Access Server is not trusted by the Live Communications Server.


    Virtual server name: Communicator Web Access


    Live Communications Server: [pool name redacted]


    Response code: 0x00000190


    Cause: This problem is usually caused by a wrong MTLS certificate configured on the Communicator Web Access Server.


    Review certificate related sections in Microsoft Office Communicator Web Access Planning and Deployment Guide. Ensure the MTLS certificate configured on the Communicator Web Access Server is valid. If the problem persists, run Communicator Web Access activation again to repair the server.

    At this point, I'm stuck. The certificate I used is the FQDN of the CWA server. This is the same way the CWA cert is used on the other 2 servers that are in the pool that also have LCS installed on them that work correctly.

    Thursday, December 17, 2009 4:52 PM


  • Hi Strausy,
    Per your description, I want to verify something about your scenario.
    1. have you install a cwa server collaboration with OCS fe server for the internal user? does it work well?
    2. now, you install another cwa server for the external user? what about he cwa server name, and what is the url about the external user login to the cwa?
    In my opinion, it is a issue related with incorrect CERT, ppossible cause:
    1, Incorrect SSL Certificate configured for CWA Virtual Directory on IIS Server
    2, Incorrect Template used to request certificate for CWA Server
    You can do below:
    1, Configured SSL Certificate for CWA Virtual Directory with the URL used by clients
    to access CWA
    2, Configured MTLS Certificate on CWA Server with the FQDN of the CWA Server

    Some related information for you:

    • Marked as answer by Gavin-Zhang Monday, January 11, 2010 5:09 AM
    Thursday, December 24, 2009 6:21 AM