Empty troubleshooting log: solution to OCs Error Log 14501

Troubleshooting for a customer today:

OCS protocol stack

14501

 

When you try to create an MTLS peer computer, the remote IP address 192.168.85.247 provides a large number of invalid certificates. 29 such errors occurred in the past 55 minutes.
The certificate name associated with this peer computer is
ADEX-01
Mail.teda.cn
The certificate serial number is
619910b50010800001a.
The Certificate Issuer is a teda-ADEX-01-CA
The specific error type and its count are identified below.
Instance count-Error Type
38 800b010f
1 c3e93d6a

For more information, see help and support in http://go.microsoft.com/fwlink/events.asp

 

OCS protocol stack

14366

 

Multiple invalid incoming certificates.

In the past 0 minutes, the server received an invalid incoming certificate. The last certificate is from host 192.168.85.247.
Cause: this situation occurs if the remote server provides invalid certificates due to configuration errors or attacks by attackers.
Solution:
No operation is required unless the number of failures is large. Contact the host administrator who sent the invalid certificate to solve the problem.

For more information, see help and support in http://go.microsoft.com/fwlink/events.asp

 

The following error occurs on the Exchange Server:

Msexchange uniied messaging

1088

The IP gateway or IP-PBX ocspool.teda.cn does not respond to the SIP options request from the Unified Messaging Server. The returned error code is "0" and the error text is ": this operation has timed out .".

 

Troubleshooting: Use lcserror In the OCS 2007 resource kit tool to view the command error:

The following content is displayed:

 

Microsoft Windows [version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C: \ Documents ents and Settings \ administrator. TEDA> Cd c: \ Program Files \ microsoft offic
E Communications Server 2007 \ reskit

C: \ Program Files \ Microsoft Office Communications Server 2007 \ reskit> lcserror
Usage: lcserror error-code (s)
Where error-code is either a hexidecimal number
Or a signed decimal number if it ends in a period
May specify more than one error code separated by Spaces

C: \ Program Files \ Microsoft Office Communications Server 2007 \ reskit> lcserror c3e
93d6a
0xc3e93d6a-> (sipproxy_e_routing_unknown_server) (C: \ Program Files \ microsoft o
Ffice Communications Server 2007 \ reskit \ rtceres. dll)
The FQDN in the Peer's certificate subject name is not a configured server.

C: \ Program Files \ Microsoft Office Communications Server 2007 \ reskit>

 

It can be seen from the above that the subject name item in the exchange or OCs certificate has a problem

Solution: The certificate configuration error of the OCS site was found later, and the SN name of the Certificate of Exchange 2007 was not the FQDN address of exchange. The problem can be solved by regenerate the exchange certificate and configuring the OCS certificate:

 

[PS] c: \ windows \ system32> New-exchangecertificate-generaterequest-subjectname "DC = TEDA, Dc = Cn, O = TEDA Corp, Cn = adex-01.teda.cn"-domainname adex-01.teda.cn, mail.teda.cn, autodiscover.teda.cn, mail, adex-01-path c: \ cer1012d.txt

[PS] c: \ windows \ system32> Import-exchangecertificate-path C: \ exchc. cer-friendlyname "teda.cn" | enable-exchangecertificate-services "IIS, Pop, IMAP, SMTP, um"