Monday, April 06, 2009

OCS 2007 - Failed to send SIP request: outgoing TLS negotiation failed; HRESULT=-2146893022

So now that I have my OCS server installed, a few troubleshooting tasks have to be done (in my case anyway).

First error I saw when running the Validate Front End Server Configuration wizard, is this:

Looking around online I see everywhere that the certificate is probably wrong. I configured the certificate with the FQDN of the OCS server, which looks to be correct, especially when I see the entries above the check user logon section, where it shows it succeeds in connecting to the OCS pool.

So anyway, I tried recreating a new certificate, this time with the FQDN of the OCS pool instead of the OCS server. After signing the new certificate with my CA and assigning it to the OCS server, it still Completes with failures. Only this is very interesting: now my login is successful but I can't connect to the OCS pool anymore. Complete opposite of what I had before!

What the f***??!! Before you start trying: assigning the certificate with the server FDQN to the OCS server and the OCS FQDN to the IIS (or visa versa) does not work either.

Instead, create a new certificate with these settings:
1. Subject name: FQDN of the OCS pool
2. Alternate name: not that important
3. Remember to check the Automatically add local machine name to Subject Alt Name, that way you create a multi-homed certificate

After assigning this certificate to your OCS server and in the IIS manager, you should be good:

Hope it can help...

No comments: