Mino – The UC Guy

Microsoft Unified Communications Blog

OCS Response Group Service failed to start with Error event ID 31193

Posted by Mino on October 14, 2009

We have OCS 2007 R2 Pool with 2 front end servers enterprise edition, let us say that the FQDN of the servers are OCSFE01.contoso.com, OCSFE02.contoso.com and the Pool name is OCSPOOL.contoso.com.

I created the certificate request for the front end servers using the OCS wizard where I added the Pool name in the CN and in the SAN also , then I clicked the check box of add local machine name to the SAN certificate.

Then I try to enable the OCS Services and I found that the OCS Response Group Service failed to start with the below error:

Log Name:      Office Communications Server
Source:        OCS Response Group Service
Event ID:      31193
Task Category: (2001)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      OCSFE01.contoso.com
Description:
The provided certificate is not valid.

There was a problem validating certificate: Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘OCSPOOL.contoso.com’ but the remote endpoint provided DNS claim ‘OCSFE01.contoso.com’. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity ‘OCSFE01.contoso.com’ as the Identity property of EndpointAddress when creating channel proxy.

 

How to Resolve:

The problem is in SAN certificate for the frontend servers you need to make sure that the last DNS entry in the SAN list matches the certificate subject name, which should be your pool name.

And since I clicked the checkbox of add local machine name to the SAN , so it added the FQDN of the machine as the last entry in the SAN and this was the problem.

So make sure that the CN should be the pool name ocspool.contoso.com and the last name in the SAN should also be pool name ocspool.contoso.com

 

Update : this is a known issue that  has been fixed with Hotfix in KB 969695

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: