OCS Response Group Service failed to start with Error event ID 31193
Posted by Mino on October 14, 2009
We have OCS 2007 R2 Pool with 2 front end servers enterprise edition, let us say that the FQDN of the servers are OCSFE01.contoso.com, OCSFE02.contoso.com and the Pool name is OCSPOOL.contoso.com.
I created the certificate request for the front end servers using the OCS wizard where I added the Pool name in the CN and in the SAN also , then I clicked the check box of add local machine name to the SAN certificate.
Then I try to enable the OCS Services and I found that the OCS Response Group Service failed to start with the below error:
Log Name: Office Communications Server
Source: OCS Response Group Service
Event ID: 31193
Task Category: (2001)
Level: Error
Keywords: Classic
User: N/A
Computer: OCSFE01.contoso.com
Description:
The provided certificate is not valid.
There was a problem validating certificate: Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘OCSPOOL.contoso.com’ but the remote endpoint provided DNS claim ‘OCSFE01.contoso.com’. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity ‘OCSFE01.contoso.com’ as the Identity property of EndpointAddress when creating channel proxy.
How to Resolve:
The problem is in SAN certificate for the frontend servers you need to make sure that the last DNS entry in the SAN list matches the certificate subject name, which should be your pool name.
And since I clicked the checkbox of add local machine name to the SAN , so it added the FQDN of the machine as the last entry in the SAN and this was the problem.
So make sure that the CN should be the pool name ocspool.contoso.com and the last name in the SAN should also be pool name ocspool.contoso.com
Update : this is a known issue that has been fixed with Hotfix in KB 969695
This entry was posted on October 14, 2009 at 11:50 AM and is filed under Certificates, Common Errors, Front End Server, OCS 2007 R2. Tagged: 31193, Error event ID 31193, Identity check failed for outgoing message, OCS 2007 R2, OCS Response Group Service failed, Office communications server 2007 R2 response group service, The provided certificate is not valid. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Leave a Reply