The trial certificates are valid for some days. Now you must have tried using the trial certificates, & after being satisfied that they work, unchecked the MTLS 5061 from the “General” tab for the server. Additionally you must also delete the certificate from the “Security” tab.
If you do not delete the certificate from the “security” tab, after the trial expires so does your LCS server. You can’t even get to the “security” tab & delete the old certificate as it dissapears. When you click on “security” you get a prompt about invalid certificates.
A workaround is “GET” another trial certificate, assign it, check MTLS 5061 and then remove it. Uncheck MTLS 5061 and delete the certificate from the “security” tab.
Some errors I had in the event log were:
The service is shutting down due to an internal error.
Unable to initialize the protocol stack. The service has to stop.
Server could not retrieve its initial configuration for a class from the WMI Provider.
Cause: This can occur if the connection to Active Directory or SQL back-end database is down or if permissions to the service account are altered. Retrieval can also fail if an invalid entry is entered in the class using the UI or WMI or if corruption occurs in local WMI repository.
Make sure the account the service is running under has proper privileges and that connection to Active Directory or SQL back-end database is functional. Verify an identical entry does not exist as a direct federation partner and an IM service provider.
A configured certificate could not be loaded from store. The serial number is attached for reference.
Extended Error Code: 0x800B0101.
Cause: This could happen if the certificate is not found. This could also happen if the server has insufficient privileges to read the certificate or to access the store containing the certificate.
Click on “Admin Tool”. Expand the selection. Then right click on “Live Communications Server” and choose to “Author”.
One of the common requests on the newsgroup is about – you guessed it right – Certificates, DNS and Firewall Ports. I will try to make this simple by explaining in as few words as possible – but providing as many details as I can.
First of all – When are certificates needed? – If you deploy only a Standard Edition you don’t need certificates. If you deploy Enterprise Edition with only one front end – you don’t need certificates. Certificates are needed on the following common scenarios (if you deploy these you need certificates)
- Enterprise Edition with 2 or more Front End servers
- Access Proxy
- Standard Edition – if deploying Access Proxy and Director, all will need certificates.
You have realised now that certificates are needed only when there is a server to server communication (except SQL server). If you want the traffic from the LCS servers to the SQL servers encrypted/secure, you can. That is however beyond the current context scope.
Secondly – You don’t need a public certificate for all these servers. Only the Access Proxy’s external edge needs a public certificate. All others can have a certificate issued by an internal Certificate Authority. Install the Internal CA chain on all servers.
The Microsoft documentation assumes you have internal and external Domain Name Servers under “your” control. Well mostly that’s true but in cases where your external Domain Name Servers are hosted services you need to provide your hosting provider details on creating SRV records. A breakdown is provided in the image below.
Another common request is – which ports do I need to open up on the firewall. A breakdown is provided in the image.
For a detailed explaination on protocols/ports see http://support.microsoft.com/default.aspx?scid=KB;EN-US;903056
Follow the path from the “Remote Users” to the LCS pool and you will know (1) what DNS entries are required (2) what certificates are needed and (3) what ports need to be open. Print the following linked image on a legal sized paper.
The above images are in a Draft Format.
Link to COMO on Microsoft site is here.
Setup is as follows (1) LCS Enterprise Edition – only one front end server (2) SQL Server (3) Access Proxy (4) Director.
Installed Office Communicator Mobile Edition (COMO) on my PocketPC. Pictures are worth more than me rambling about this. Click on a thumbnail to view larger image. Of course, the conversation, the people and the context is fictitious in these images. Listed in order of progression.
1. Add Root cer
2. Sign In
3. Sign In
4. Today Screen
5. Incoming Message
6. Contact List
7. Find Contacts
Find a contact (#7) and
Start conversation (#8)
8. Conversation Menu Options
9. COMO Conversation
Compare how the conversation looks like in
COMO (#9) v/s
Office Communicator (#10)
10. Communicator Conversation
I have not written a single post about my experiences with LCS 2005. Please wait as I am going to write one shortly. Something by the middle of Septemeber.
Passed the 74-138 exam. Planning and Building a Messaging and Collaboration Environment Using Microsoft Office System and Microsoft Windows Server 2003