Office Communicator 2007 "There was a problem verifying the certificate from the server" issue
Hello,
Last Friday is when this error first started. This is effecting all users. I am new to this position and am unfamiliar with how the Communicator server is setup. I am unsure as to where to look and where to start. We are using Office Communicator 2007 R2
running on a VM with Server 2003 R2. This is the only application being used on this host. Any ideas on where to start looking?
Thanks for the help
- Edited by
Jenebo
Monday, November 21, 2011 3:00 PM
November 21st, 2011 5:38pm
Hi,
this is due the the Client does not trust the server certificate or vice versa. Make sure the Certificate Authority that issue the certificate for the Lync FE server, is trusted in the client PC. check the clien PC's trusted toot CA container whether the
required CA is present. if not you can import it to the store. This will resolve your problem
Thamara.
November 22nd, 2011 12:21pm
Hi Jenebo,
Looks like you did not install the CA install your client PC.
Access you enterprise CA server, like
http://dc.server.com/certsrv, download the certificate chain and intall it.
If it still can not work, please check you use automatic configuration to login your ocs client and you can resolve the SRV record to correct srv hostname using Nslookup.
If you use manual configuration, please do not use IP address of of FE.
November 23rd, 2011 11:46am
Hi Jenebo,
Looks like you did not install the CA install your client PC.
Access you enterprise CA server, like
http://dc.server.com/certsrv, download the certificate chain and intall it.
If it still can not work, please check you use automatic configuration to login your ocs client and you can resolve the SRV record to correct srv hostname using Nslookup.
If you use manual configuration, please do not use IP address of
November 28th, 2011 5:34pm
Hi Jenebo,
Do you mean you deploy the CA on ocs 2007 server?
If yes, you just need to download the certificate chain and install it in the client PC. If you install the certificate chain in client, the clients can not be affected even if you renew the certificate of the server.
November 29th, 2011 5:21am
Yes, I issued/renewed the certificate through the OCS 2007. I have exported the certificate from OCS, installed/imported it in on the client's machine, and restarted but it still gives me the certificate error. I may be doing this wrong. We currently have
2 domain controllers (backup and primary replicating) that run authentication for the network. Would I download the CA chain from one fo thsoe servers?
November 29th, 2011 5:49pm
Hi,
Normally, we deploy enterprise root CA in the DC server. When the client PC join the domain, it will get the certificate chain automatically.
It seems you install the OCS certificate to client pc. You should install certificate chain not ocs certificate. For other servers which the lync client will access, you'd better install the certificate chain.
November 30th, 2011 5:02am
To download the chain, I have tried going to
http://dc.siouxfalls.com/certsrv (Primary DC is Siouxfalls) which gives me a 404 error. So I guess I am unsure of where to find the certificate chain on our DC.
November 30th, 2011 5:19pm
I renewed the certificate through the OCS under Certificate settings.It shows:
FQDN name: sfblackberry.gsdh.local
Issuer Name: GSDHCA
I found a certificate chain through one of my DC's (sfgsdh.gsdh.local/certsrv) and downloaded it and installed it on the client's PC (it was the only CA certificate available). The error still persisted. I uninstalled OC and reinstalled. Still nothing.A
couple restarts in there as well did nothing.
The certificate was a PKCS #7 Certificates (.p7b). Does that sound correct?
December 5th, 2011 5:58pm
I left the encoding method as DER and did not switch it Base 64 if that matters.
December 5th, 2011 6:02pm
From all of the answers that I found on this error subject, I feel that it needs to be said that the certificate held under IIS manager server certificates on the OCS server itself can cause this ("There was a problem verifying the certificate from
the server") if it has expired. It is worth looking at IIS certificates if you have this error.
- Edited by
technoJF
8 hours 15 minutes ago
- Proposed as answer by
technoJF
8 hours 15 minutes ago
November 12th, 2013 10:41pm
From all of the answers that I found on this error subject, I feel that it needs to be said that the certificate held under IIS manager server certificates on the OCS server itself can cause this ("There was a problem verifying the certificate from
the server") if it has expired. It is worth looking at IIS certificates if you have this error.
- Edited by
technoJF
Wednesday, November 13, 2013 3:35 AM
- Proposed as answer by
technoJF
Wednesday, November 13, 2013 3:35 AM
November 13th, 2013 6:34am
OMG . Could this be any more of a confusing complicated PITA. JESUS MS. openfire is SOOOOO much easier and just as secure if not more so. COULD YOU GUYS PLEASE make this just a bit more intelligently designed. SAF!
January 7th, 2014 7:37pm