Communicator 2007 Certificate Error
May 8th 2008webmasterLCS/OCS 2007 R2/ Communicator/ Speech Server/ Mobile & Windows Server 200x/ 2008/ Server Core/ R2 & Security
When you try to login to the system with the Office Communicator 2007 client, you may encounter the following error message:
—————————
Microsoft Office Communicator 2007
—————————
There was a problem verifying the certificate from the server. Please contact your system administrator.
—————————
OK
—————————
The result is that you will not be able to sign-in despite having supplied the correct credentials. This error can show up if the digital certificate deployed on the OCS 2007 server is not procured from a publicly trusted Certificate Authority such as Verisign.
If the issuing CA is trustworthy, such as from an internal PKI source, you can manually import the missing certificate as follows:
1. add the Certificates MMC snap-in for the local computer
2. navigate to Trusted Root Certification Authorities then Certificates
3. right mouse click on Certificates / All Tasks / Import
4. follow the on screen instructions to import the certificate
Consider using Active Directory Group Policy to centrally administer the distribution of digital certificates if you do not have a management platform such as Systems Center Management Server (formally Microsoft Systems Management Server).
Technorati tags: LCS/OCS , Unified Communications, Security, Windows Security
2 Comments »
2 Responses to “Communicator 2007 Certificate Error”
Leave a Reply
You must be logged in to post a comment.
iconoclast88 on 02 Jul 2009 at 9:06 pm #
Lee,
I’ve done this, and still I get the same message. I’m beginning to think something’s wrong with my cert. I’m,using a public trusted CA, godaddy normal, simple cert for internal OCS 2007 r2. I only have 1 enterprise server in my pool.
one sip. domain.com
domain is same internally and externally - domain.com
godaddy cert is for the fqdn of the pool.
The only thing that makes me think the cert won’t work is that during ocs cert setup it asks for a subject alternate name for the SIP. Can a normal cert do this? I don’t have a UCC for this, but i thought i didn’t need one for the internal.
I do not have an internal CA setup.
Josh
webmaster on 17 Aug 2009 at 3:16 pm #
iconoclast88,
Sorry for the late reply.
To make life easier, you should consider procuring Unified Communications certificates that are specifically certified (or designed) to work with Exchange 2007/2010 or OCS 2007 R2. As you have discovered, Subject Alternate Name (SAN) is one of those tricky fields that must be properly setup in addition to the normal Subject Name (CN).
How did you configure your digital certificate when you purchased it from your provider (godaddy)? The process should not be very different from a certificate request step (using the built-in OCS Wizard) if you have your own internal CA, such as Windows Server 2003 or 2008.