| Author |
Message |
Raja
Guest
|
 Posted:
Wed Dec 22, 2004 7:25 pm Post subject:
How to connect to LCS 2003 via Proxy Server ? |
|
|
Hai,
1. I just want to have IM and presence feature of Windows Messenger for all
outside users.
2. I have a FQDN - and TLS configured machine with LCS 2003 and Certificate
authority.
3. I have installed the certificates in the client machine by going to (
http:// certsrv) - install certificate chain.
4. Iam able to connect to the server and do IM's if my machine is directly
connected to a cable modem (Say my domain is sip.mydomain.com)
5. As i have a network of machines, i have installed Win proxy and mapped
the port 5061 to sip.mydomain.com
6. In my client machines, windows messenger, accounts --> i have given IP as
ProxyMachineIP:5061. [Note: This port is mapped to FQDNIP ]
7. When i try to connect , windows messenger popus the following error
"There was a problem in verifying the certificates from the server".
8. Should i neeed to install any certificates on the proxy server machine ?
9. I have installed the certificates as the same way i did before in all the
machines.
Here is my log file **********
43:04.590 840:804 INFO :: persistent=1, state=0, profile=01197CB4, scope=0
18:43:04.590 840:804 INFO :: CRTCWatcher::InternalSetState[01198F88]
state=0-->2
18:43:04.590 840:804 INFO :: WatcherEvent-- enType=0, statusCode=0,
watcher=01198F88
18:43:04.590 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.600 840:804 INFO :: CRTCClient::InternalEnableProfileEx -
pProfile=01197CB0, regFlag=0xf, roamingFlag=0xf, realm=<(null)>
18:43:04.610 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:0->1, statusCode=0, text=(null)
18:43:04.610 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=1, statusCode=0, text=(null)
18:43:04.761 840:804 ERROR :: SECURE_SOCKET: negotiation failed: 80090322
18:43:04.771 840:804 ERROR ::
OUTGOING_TRANSACTION::OnRequestSocketConnectComplete - connection failed
error 80ee0065
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:1->5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - register error, clear
postponed watchers
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197D60],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197DA4],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E00],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197DE8],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
***********************
Can anyone help on giving me a note of "How to configure windows messenger
via client proxy server." |
|
| Back to top |
|
 |
Bob Christian
Guest
|
| Posted:
Mon Dec 27, 2004 1:25 pm Post subject:
Re: How to connect to LCS 2003 via Proxy Server ? |
|
|
It sounds like you have done a lot of the footwork, but the external clients
do not trust the CA. This can be a pain. If you have an HTTPS site on your
LCS server, have the client PC connect to it and see if it gets a
certificate error. If it does, install the certificate, close out of the
browser, and try again. If it gets in without an error the second time,
then the certificate is trusted. You should now be able to utilize Windows
Messenger to connect to the server. If you do not have a web server, you
will have to export the certificate for the servers FQDN and provide it to
the client PCs and install it. The chain is good, but the server
certificate must be trusted as well, if I remember correctly.
You may want to read the document for LCS 2003 : Enabling Outside User
Scenarios. Towards the end there is a troubleshooting guide for
certificates. It is brief, but may help you.
http://www.microsoft.com/downloads/details.aspx?FamilyId=B714E88B-C2DB-4709-A3F9-6A9D49A48DB9&displaylang=en
Another option is to utilize an external certificate from a certification
authority, such as GeoTrust. You have to specify the certificate needed is
"Other" and enter the OID for the certificate as "OID:
1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2" (Note the comma...and the quotes are
not needed) This is a bit more expensive, but solves the problems of
external user connectivity with internal certificates that are not trusted
by the clients by default. You need to ensure that you utilize a trusted
root CA. The LCS 2005 Configuring Certificates guide is pretty good. From
what I have read on your post, you have probably already read the guide. It
does not provide much help regarding outside user scenarios and
certificates.
Bob
"Raja" <Raja@discussions.microsoft.com> wrote in message
news:7C8606D9-F177-46C6-9859-C52E6206ECBA@microsoft.com...
| Quote: | Hai,
1. I just want to have IM and presence feature of Windows Messenger for
all
outside users.
2. I have a FQDN - and TLS configured machine with LCS 2003 and
Certificate
authority.
3. I have installed the certificates in the client machine by going to (
http:// certsrv) - install certificate chain.
4. Iam able to connect to the server and do IM's if my machine is directly
connected to a cable modem (Say my domain is sip.mydomain.com)
5. As i have a network of machines, i have installed Win proxy and mapped
the port 5061 to sip.mydomain.com
6. In my client machines, windows messenger, accounts --> i have given IP
as
ProxyMachineIP:5061. [Note: This port is mapped to FQDNIP ]
7. When i try to connect , windows messenger popus the following error
"There was a problem in verifying the certificates from the server".
8. Should i neeed to install any certificates on the proxy server machine
?
9. I have installed the certificates as the same way i did before in all
the
machines.
Here is my log file **********
43:04.590 840:804 INFO :: persistent=1, state=0, profile=01197CB4,
scope=0
18:43:04.590 840:804 INFO :: CRTCWatcher::InternalSetState[01198F88]
state=0-->2
18:43:04.590 840:804 INFO :: WatcherEvent-- enType=0, statusCode=0,
watcher=01198F88
18:43:04.590 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.600 840:804 INFO :: CRTCClient::InternalEnableProfileEx -
pProfile=01197CB0, regFlag=0xf, roamingFlag=0xf, realm=<(null)
18:43:04.610 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:0->1, statusCode=0, text=(null)
18:43:04.610 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=1, statusCode=0, text=(null)
18:43:04.761 840:804 ERROR :: SECURE_SOCKET: negotiation failed: 80090322
18:43:04.771 840:804 ERROR ::
OUTGOING_TRANSACTION::OnRequestSocketConnectComplete - connection failed
error 80ee0065
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:1->5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - register error,
clear
postponed watchers
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197D60],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197DA4],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E00],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197DE8],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
***********************
Can anyone help on giving me a note of "How to configure windows
messenger
via client proxy server." |
|
|
| Back to top |
|
|
Raja
Guest
|
| Posted:
Wed Dec 29, 2004 5:03 pm Post subject:
Re: How to connect to LCS 2003 via Proxy Server ? |
|
|
Bob Christan,
Thanks for the reply. I tried the steps you have mentioned, but this time
i got a different error message. I have made another post "Connecting Via
Proxy..." . Please look into immediate next post.
regards
R.Raja
"Bob Christian" wrote:
| Quote: | It sounds like you have done a lot of the footwork, but the external clients
do not trust the CA. This can be a pain. If you have an HTTPS site on your
LCS server, have the client PC connect to it and see if it gets a
certificate error. If it does, install the certificate, close out of the
browser, and try again. If it gets in without an error the second time,
then the certificate is trusted. You should now be able to utilize Windows
Messenger to connect to the server. If you do not have a web server, you
will have to export the certificate for the servers FQDN and provide it to
the client PCs and install it. The chain is good, but the server
certificate must be trusted as well, if I remember correctly.
You may want to read the document for LCS 2003 : Enabling Outside User
Scenarios. Towards the end there is a troubleshooting guide for
certificates. It is brief, but may help you.
http://www.microsoft.com/downloads/details.aspx?FamilyId=B714E88B-C2DB-4709-A3F9-6A9D49A48DB9&displaylang=en
Another option is to utilize an external certificate from a certification
authority, such as GeoTrust. You have to specify the certificate needed is
"Other" and enter the OID for the certificate as "OID:
1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2" (Note the comma...and the quotes are
not needed) This is a bit more expensive, but solves the problems of
external user connectivity with internal certificates that are not trusted
by the clients by default. You need to ensure that you utilize a trusted
root CA. The LCS 2005 Configuring Certificates guide is pretty good. From
what I have read on your post, you have probably already read the guide. It
does not provide much help regarding outside user scenarios and
certificates.
Bob
"Raja" <Raja@discussions.microsoft.com> wrote in message
news:7C8606D9-F177-46C6-9859-C52E6206ECBA@microsoft.com...
Hai,
1. I just want to have IM and presence feature of Windows Messenger for
all
outside users.
2. I have a FQDN - and TLS configured machine with LCS 2003 and
Certificate
authority.
3. I have installed the certificates in the client machine by going to (
http:// certsrv) - install certificate chain.
4. Iam able to connect to the server and do IM's if my machine is directly
connected to a cable modem (Say my domain is sip.mydomain.com)
5. As i have a network of machines, i have installed Win proxy and mapped
the port 5061 to sip.mydomain.com
6. In my client machines, windows messenger, accounts --> i have given IP
as
ProxyMachineIP:5061. [Note: This port is mapped to FQDNIP ]
7. When i try to connect , windows messenger popus the following error
"There was a problem in verifying the certificates from the server".
8. Should i neeed to install any certificates on the proxy server machine
?
9. I have installed the certificates as the same way i did before in all
the
machines.
Here is my log file **********
43:04.590 840:804 INFO :: persistent=1, state=0, profile=01197CB4,
scope=0
18:43:04.590 840:804 INFO :: CRTCWatcher::InternalSetState[01198F88]
state=0-->2
18:43:04.590 840:804 INFO :: WatcherEvent-- enType=0, statusCode=0,
watcher=01198F88
18:43:04.590 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.600 840:804 INFO :: CRTCClient::InternalEnableProfileEx -
pProfile=01197CB0, regFlag=0xf, roamingFlag=0xf, realm=<(null)
18:43:04.610 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:0->1, statusCode=0, text=(null)
18:43:04.610 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=1, statusCode=0, text=(null)
18:43:04.761 840:804 ERROR :: SECURE_SOCKET: negotiation failed: 80090322
18:43:04.771 840:804 ERROR ::
OUTGOING_TRANSACTION::OnRequestSocketConnectComplete - connection failed
error 80ee0065
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:1->5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - register error,
clear
postponed watchers
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197D60],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197DA4],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E00],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197DE8],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
***********************
Can anyone help on giving me a note of "How to configure windows
messenger
via client proxy server."
|
|
|
| Back to top |
|
|
Raja
Guest
|
| Posted:
Thu Jan 06, 2005 3:03 pm Post subject:
Re: How to connect to LCS 2003 via Proxy Server ? |
|
|
Hai Bob,
The problem has been solved. It is a silly configuration issue. Thanks for
all your support. Happy New Year 2005.
regards
R.Raja
"Raja" wrote:
| Quote: | Bob Christan,
Thanks for the reply. I tried the steps you have mentioned, but this time
i got a different error message. I have made another post "Connecting Via
Proxy..." . Please look into immediate next post.
regards
R.Raja
"Bob Christian" wrote:
It sounds like you have done a lot of the footwork, but the external clients
do not trust the CA. This can be a pain. If you have an HTTPS site on your
LCS server, have the client PC connect to it and see if it gets a
certificate error. If it does, install the certificate, close out of the
browser, and try again. If it gets in without an error the second time,
then the certificate is trusted. You should now be able to utilize Windows
Messenger to connect to the server. If you do not have a web server, you
will have to export the certificate for the servers FQDN and provide it to
the client PCs and install it. The chain is good, but the server
certificate must be trusted as well, if I remember correctly.
You may want to read the document for LCS 2003 : Enabling Outside User
Scenarios. Towards the end there is a troubleshooting guide for
certificates. It is brief, but may help you.
http://www.microsoft.com/downloads/details.aspx?FamilyId=B714E88B-C2DB-4709-A3F9-6A9D49A48DB9&displaylang=en
Another option is to utilize an external certificate from a certification
authority, such as GeoTrust. You have to specify the certificate needed is
"Other" and enter the OID for the certificate as "OID:
1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2" (Note the comma...and the quotes are
not needed) This is a bit more expensive, but solves the problems of
external user connectivity with internal certificates that are not trusted
by the clients by default. You need to ensure that you utilize a trusted
root CA. The LCS 2005 Configuring Certificates guide is pretty good. From
what I have read on your post, you have probably already read the guide. It
does not provide much help regarding outside user scenarios and
certificates.
Bob
"Raja" <Raja@discussions.microsoft.com> wrote in message
news:7C8606D9-F177-46C6-9859-C52E6206ECBA@microsoft.com...
Hai,
1. I just want to have IM and presence feature of Windows Messenger for
all
outside users.
2. I have a FQDN - and TLS configured machine with LCS 2003 and
Certificate
authority.
3. I have installed the certificates in the client machine by going to (
http:// certsrv) - install certificate chain.
4. Iam able to connect to the server and do IM's if my machine is directly
connected to a cable modem (Say my domain is sip.mydomain.com)
5. As i have a network of machines, i have installed Win proxy and mapped
the port 5061 to sip.mydomain.com
6. In my client machines, windows messenger, accounts --> i have given IP
as
ProxyMachineIP:5061. [Note: This port is mapped to FQDNIP ]
7. When i try to connect , windows messenger popus the following error
"There was a problem in verifying the certificates from the server".
8. Should i neeed to install any certificates on the proxy server machine
?
9. I have installed the certificates as the same way i did before in all
the
machines.
Here is my log file **********
43:04.590 840:804 INFO :: persistent=1, state=0, profile=01197CB4,
scope=0
18:43:04.590 840:804 INFO :: CRTCWatcher::InternalSetState[01198F88]
state=0-->2
18:43:04.590 840:804 INFO :: WatcherEvent-- enType=0, statusCode=0,
watcher=01198F88
18:43:04.590 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.600 840:804 INFO :: CRTCClient::InternalEnableProfileEx -
pProfile=01197CB0, regFlag=0xf, roamingFlag=0xf, realm=<(null)
18:43:04.610 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:0->1, statusCode=0, text=(null)
18:43:04.610 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=1, statusCode=0, text=(null)
18:43:04.761 840:804 ERROR :: SECURE_SOCKET: negotiation failed: 80090322
18:43:04.771 840:804 ERROR ::
OUTGOING_TRANSACTION::OnRequestSocketConnectComplete - connection failed
error 80ee0065
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:1->5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - register error,
clear
postponed watchers
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197D60],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197DA4],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E00],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197DE8],0->0
18:43:04.771 840:804 INFO :: RoamingSession::SetDeltaNum[01197E18],0->0
***********************
Can anyone help on giving me a note of "How to configure windows
messenger
via client proxy server."
|
|
|
| Back to top |
|
|
Bob Christian
Guest
|
| Posted:
Fri Jan 07, 2005 9:40 am Post subject:
Re: How to connect to LCS 2003 via Proxy Server ? |
|
|
Thanks for the follow-up. Do you mind sharing the information in both
threads? This way the newsgroup archivers can pick it up and someone else
can benefit if they have the same problem.
BIG THANKS!,
Bob
"Raja" <Raja@discussions.microsoft.com> wrote in message
news:7028533A-E988-495A-A084-64CF96E3BD47@microsoft.com...
| Quote: | Hai Bob,
The problem has been solved. It is a silly configuration issue. Thanks
for
all your support. Happy New Year 2005.
regards
R.Raja
"Raja" wrote:
Bob Christan,
Thanks for the reply. I tried the steps you have mentioned, but this
time
i got a different error message. I have made another post "Connecting
Via
Proxy..." . Please look into immediate next post.
regards
R.Raja
"Bob Christian" wrote:
It sounds like you have done a lot of the footwork, but the external
clients
do not trust the CA. This can be a pain. If you have an HTTPS site
on your
LCS server, have the client PC connect to it and see if it gets a
certificate error. If it does, install the certificate, close out of
the
browser, and try again. If it gets in without an error the second
time,
then the certificate is trusted. You should now be able to utilize
Windows
Messenger to connect to the server. If you do not have a web server,
you
will have to export the certificate for the servers FQDN and provide
it to
the client PCs and install it. The chain is good, but the server
certificate must be trusted as well, if I remember correctly.
You may want to read the document for LCS 2003 : Enabling Outside User
Scenarios. Towards the end there is a troubleshooting guide for
certificates. It is brief, but may help you.
http://www.microsoft.com/downloads/details.aspx?FamilyId=B714E88B-C2DB-4709-A3F9-6A9D49A48DB9&displaylang=en
Another option is to utilize an external certificate from a
certification
authority, such as GeoTrust. You have to specify the certificate
needed is
"Other" and enter the OID for the certificate as "OID:
1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2" (Note the comma...and the quotes
are
not needed) This is a bit more expensive, but solves the problems of
external user connectivity with internal certificates that are not
trusted
by the clients by default. You need to ensure that you utilize a
trusted
root CA. The LCS 2005 Configuring Certificates guide is pretty good.
From
what I have read on your post, you have probably already read the
guide. It
does not provide much help regarding outside user scenarios and
certificates.
Bob
"Raja" <Raja@discussions.microsoft.com> wrote in message
news:7C8606D9-F177-46C6-9859-C52E6206ECBA@microsoft.com...
Hai,
1. I just want to have IM and presence feature of Windows Messenger
for
all
outside users.
2. I have a FQDN - and TLS configured machine with LCS 2003 and
Certificate
authority.
3. I have installed the certificates in the client machine by going
to (
http:// certsrv) - install certificate chain.
4. Iam able to connect to the server and do IM's if my machine is
directly
connected to a cable modem (Say my domain is sip.mydomain.com)
5. As i have a network of machines, i have installed Win proxy and
mapped
the port 5061 to sip.mydomain.com
6. In my client machines, windows messenger, accounts --> i have
given IP
as
ProxyMachineIP:5061. [Note: This port is mapped to FQDNIP ]
7. When i try to connect , windows messenger popus the following
error
"There was a problem in verifying the certificates from the server".
8. Should i neeed to install any certificates on the proxy server
machine
?
9. I have installed the certificates as the same way i did before in
all
the
machines.
Here is my log file **********
43:04.590 840:804 INFO :: persistent=1, state=0, profile=01197CB4,
scope=0
18:43:04.590 840:804 INFO ::
CRTCWatcher::InternalSetState[01198F88]
state=0-->2
18:43:04.590 840:804 INFO :: WatcherEvent-- enType=0, statusCode=0,
watcher=01198F88
18:43:04.590 840:804 INFO ::
RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.600 840:804 INFO :: CRTCClient::InternalEnableProfileEx -
pProfile=01197CB0, regFlag=0xf, roamingFlag=0xf, realm=<(null)
18:43:04.610 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:0->1, statusCode=0, text=(null)
18:43:04.610 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=1, statusCode=0, text=(null)
18:43:04.761 840:804 ERROR :: SECURE_SOCKET: negotiation failed:
80090322
18:43:04.771 840:804 ERROR ::
OUTGOING_TRANSACTION::OnRequestSocketConnectComplete - connection
failed
error 80ee0065
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - [01197CB0]
enState:1->5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: RegistrationStateChangeEvent-
profile=01197CB0, state=5, statusCode=80ee0065, text=(null)
18:43:04.771 840:804 INFO :: CRTCProfile::SetState - register
error,
clear
postponed watchers
18:43:04.771 840:804 INFO ::
RoamingSession::SetDeltaNum[01197D60],0->0
18:43:04.771 840:804 INFO ::
RoamingSession::SetDeltaNum[01197DA4],0->0
18:43:04.771 840:804 INFO ::
RoamingSession::SetDeltaNum[01197E18],0->0
18:43:04.771 840:804 INFO ::
RoamingSession::SetDeltaNum[01197E00],0->0
18:43:04.771 840:804 INFO ::
RoamingSession::SetDeltaNum[01197DE8],0->0
18:43:04.771 840:804 INFO ::
RoamingSession::SetDeltaNum[01197E18],0->0
***********************
Can anyone help on giving me a note of "How to configure windows
messenger
via client proxy server."
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in