Hello,

Last Friday is when this error first started. This is effecting all users. I am new to this position and am unfamiliar with how the Communicator server is setup. I am unsure as to where to look and where to start. We are using Office Communicator 2007 R2 running on a VM with Server 2003 R2. This is the only application being used on this host. Any ideas on where to start looking?

Thanks for the help

• Edited by Jenebo Monday, November 21, 2011 3:00 PM

Hi,

this is due the the Client does not trust the server certificate or vice versa. Make sure the Certificate Authority that issue the certificate for the Lync FE server, is trusted in the client PC. check the clien PC's trusted toot CA container whether the required CA is present. if not you can import it to the store. This will resolve your problem

Thamara.

Hi Jenebo,

Looks like you did not install the CA install your client PC.

Access you enterprise CA server, like http://dc.server.com/certsrv, download the certificate chain and intall it.

If it still can not work, please check you use automatic configuration to login your ocs client and you can resolve the SRV record to correct srv hostname using Nslookup.

If you use manual configuration, please do not use IP address of of FE.

Hi Jenebo,

Looks like you did not install the CA install your client PC.

Access you enterprise CA server, like http://dc.server.com/certsrv, download the certificate chain and intall it.

If it still can not work, please check you use automatic configuration to login your ocs client and you can resolve the SRV record to correct srv hostname using Nslookup.

If you use manual configuration, please do not use IP address of

Hi Jenebo,

Do you mean you deploy the CA on ocs 2007 server?

If yes, you just need to download the certificate chain and install it in the client PC. If you install the certificate chain in client, the clients can not be affected even if you renew the certificate of the server.

Hi,

Normally, we deploy enterprise root CA in the DC server. When the client PC join the domain, it will get the certificate chain automatically.

It seems you install the OCS certificate to client pc. You should install certificate chain not ocs certificate. For other servers which the lync client will access, you'd better install the certificate chain.

Hi Jenebo,

You said you deploy you CA on your OCS server. So you need to go to http://ocsserverFQDN.domain.com/certsrv to download the chain.

I need to verify something again with you:

Are you sure you deploy your ocs 2007 with enterprise root CA not public CA?

Do you deploy the CA server on your ocs server?

About how to install an enterprise root Certiifcate Authority, please read the following document:

http://technet.microsoft.com/en-us/library/cc776709(WS.10).aspx

I renewed the certificate through the OCS under Certificate settings.It shows:

FQDN name: sfblackberry.gsdh.local

Issuer Name: GSDHCA

I found a certificate chain through one of my DC's (sfgsdh.gsdh.local/certsrv) and downloaded it and installed it on the client's PC (it was the only CA certificate available). The error still persisted. I uninstalled OC and reinstalled. Still nothing.A couple restarts in there as well did nothing.

The certificate was a PKCS #7 Certificates (.p7b). Does that sound correct?

• Edited by technoJF 8 hours 15 minutes ago
• Proposed as answer by technoJF 8 hours 15 minutes ago

• Edited by technoJF Wednesday, November 13, 2013 3:35 AM
• Proposed as answer by technoJF Wednesday, November 13, 2013 3:35 AM

OMG . Could this be any more of a confusing complicated PITA. JESUS MS. openfire is SOOOOO much easier and just as secure if not more so. COULD YOU GUYS PLEASE make this just a bit more intelligently designed. SAF!