Lync client certificate error

How can I troubleshoot certificate issues on Lync internal usage?
We have CA in our domain environment. Lync server successfully requested and assigned 4 certificates from CA. (actually one certificate for own 4 needs).
All computers by default group policy achieved root CA certificate. And almost all sign in to lync without problems. But there are few computers which can't sign in followed with certificate problem.
So, at problem computer I opened certificate snap-in using MMC. Then I watched in trusted root certificate container for our root CA certificate. And it exists!
So, I manually exported Lync certificate from CA server, and manually imported it to problem computer to trusted root certificate authorities. - It haven't solved the issue.
I also tried to join lync by other accounts - no help.
I deleted all unused or self-signed certificates from problem computer, deleted all certificates from untrusted publisher container. - doesn't help
I reinstalled lync client, tried another versions. - doesn't help

What error did you get when you failed to sign in?
Have you error sign in on these computer successfully?
Check if you have Lync user certificate issued by Lync Server in user’s Personal certificate store.
Check if the same issue exists when sign in with different Lync accounts.
The following is a blog about Lync client authentication, it is useful for your further troubleshooting.
http://blogs.technet.com/b/nexthop/archive/2012/11/28/lync-2010-client-authentication.aspx
Lisa Zheng
TechNet Community Support

Similar Messages

Provide steps to send Root CA certificate to the Lync client, getting error" There was a problem verifying certificate from the server"

Hi,
I Build an Lync 2013 set up with FEpool, Director pool and Exchange server is integrated. I have windows 8 client machine, with Lync client installed. When I try to login to the lync client, I am getting error like"There was a problem verifying
certificate from the server".
When I installed ROOT CA cert manually on client machine I am able to login to the lync client. similarly if I add my client machine in my domain, I am able to login to the Lync client.
Now is there any other way to send the certificate automatically to the client machine (Which are NOT part of the DOMAIN) from the server, instead of manual installation process.
Please help me troubleshoot this problem

Agree with S Guna, there is no easy way to push a certificate automatically to a client that you don't control other than building an installer package and asking them to run it. In this situation, if there are a lot of non-domain joined machines
a third party certificate is the way you need to go.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications

Lync client Login error

Hi guys,
I'm facing with an error while logging in to lync client. I have a user called nima, I added this user to lync server accordng to the following link but when I try to login I get an error stating that credentials are incorrect. I can login to windows with
my credentials but lync client doesn't work at all.
link: http://www.orcsweb.com/blog/cory-granata/how-to-install-lync-server-2013-standard-edition-on-windows-server-2012/
any help would be so appreciated.
Thanks and regards,
Bahman

Hi,
Is that you used the Users Email ID address while creating the user in Lync?
Try Specify SIP URI In first Block nima in the drop down menu select your Lync server.
Check this way.
Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

Certificate error when Lync client login through VPN connection

Hello,
I am using the certificates from internal cert authority on Lync 2013 frontend servers and on edge server internal network. Edge external is using a third part certificate.
The users always use MS VPN connection when work remotely. We have multiple subnets in the company so "use default gateway on remote network" is enabled for routing.
When the users try to log in Lync client from non-domain joined computers while on VPN, they can't log in and get certificate error. It is hard to import the internal certificate on the computers.
What change do I need to do to the Lync certificates? Thanks

You have a few options:
1) You could attempt to hardcode the client so that it always connects through the edge. This can be done through tools->options->personal->advanced->manual configuration (but you may have to hardcode the FQDN in your hosts file so it doesn't
attempt to resolve via internal DNS). This may not work since your firewall may not be too happy with "internal" traffic leaving and coming back through the edge.
2) Write a script that helps automate the certificate installation and try to walk users through it.
3) Bite the bullet and use a third party certificate on the internal servers.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications

Iphone getting a certificate error logging into Lync 2013

Hello,
I am having a strange issue with Lync Mobility. Android seems to work just fine, but my IPhone clients are throwing certificate errors. Everything is showing up properly in the Lync Connectivity Analyzer. The LyncDiscover URL seems to work just fine.Any
Anyone run into issues specifically with certificates and IPhone?

Check the following KB about Lync Mobile users cannot sign in after they update to client version 5.4:
http://support.microsoft.com/kb/2965499/en-us
Lisa Zheng
TechNet Community Support

Lync is attempting to connect to certificate error

Lync Basic version prompt certificate error but Lync pro plus didn't have prompt certificate error.
It is different sip domain lync with error.
Certificate is ok.
srv record is add on two domain zone.
sipinternaltls._tcp._domainA.com 5061
lyncdiscover.domainA.com
lyncdiscoverinternal.domainA.com
sip.domainA.com
sipinternaltls._tcp._domainB.com 5061
lyncdiscover.domainB.com
lyncdiscoverinternal.domainB.com
sip.domainB.com
Any idea? Thanks.

Did you try the problem user account on the Lync pro plus system?
Did you try the working account on the Lync basic system?
Is the Issuing Root CA certificate trusted by the basic system?
Have you turned on and reviewed the client side logs (http://blogs.msdn.com/b/leoncon/archive/2013/05/15/where-are-all-the-troubleshooting-logs-in-lync-2013.aspx)?
Also go through this guide:
https://support.office.com/en-us/article/Troubleshooting-Lync-sign-in-errors-448b8ea7-5b33-444a-afd4-175fc9930d05, could be something as simple as wrong date/time.
Please mark posts as answers/helpful if it answers your question.
Blog
Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.
Yes,I using same accounts to test. All is new AD accounts , let me try to turn on the log file to trace.

Lync Connectivity Analyzer Certificate Error

The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server lyncedgesvr.redfoxtechnologies.net on port 443.
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 456 ms.
I got the following certificate error when trying to test remote connection from lync connectivity analyzer, But we have purchase a comodo PositiveSSL Multi-domain what do I need to do Please help I have contact the SSL provider but they don't even know
the problem.
Than Public Certificate is bind only on Lync Edge Server and there is not Public Certificate on Lync Federation Server.
The Lync Edge server is not using a NAT it is directly connected to the internet or the public ip address mounted on LAN.
I have used only one Public IP address.

Hi Everyone,
I am not using reversed proxy I only just used the following below:
Pfsense: Public IP
Lync Fe : Single internal IP
Lync Edge : External Public IP no NAT
Lync Edge : Internal IP
Based on the Lync Validator below it says that I should create a NAT of Lync Fe Server to the External ip 103.17.21.198 Then issues a public Certificate to Internal of Lync Fe. Just because I don't have a External for Lync Fe. And I only have one LAN. correct
me if this validator is wrong.
For the Certificate CAN I USE THE "Comodo PositiveSSL Multi-Domain"?
Internal DNS:
Internal DNS Records
Type
FQDN
IP
Service
Protocol
Domain
Host
PRI
Weight
Port
SRV
_sipinternaltls
_tcp
redfoxtechnologies.net
sip.redfoxtechnologies.net
0
0
5061
Automatic Login
A
dialin.redfoxtechnologies.net
10.10.10.11
Simple URL Dialin
A
lyncadmin.redfoxtechnologies.net
10.10.10.11
Simple URL Admin
A
lyncdiscoverinternal.redfoxtechnologies.net
10.10.10.11
Internal Lync client discovery.
A
lyncedgesvr.redfoxtechnologies.net
172.0.0.113
Edge Pool Name
A
lyncedgesvr.redfoxtechnologies.net
172.0.0.113
Edge Server #1
A
lyncfesvr.redfoxtechnologies.net
103.17.21.198
External Web Services
A
lyncfesvr.redfoxtechnologies.net
10.10.1.1
Front-End Server #1
A
lyncfesvr.redfoxtechnologies.net
10.10.10.11
Internal Web Services
A
lyncpool.redfoxtechnologies.net
10.10.1.1
Front-End Server #1
A
meet.redfoxtechnologies.net
10.10.10.11
Simple URL Meet
A
sip.redfoxtechnologies.net
10.10.1.1
Front-End Server #1
External DNS:
External DNS Records
Type
FQDN
IP
Service
Protocol
Domain
Host
PRI
Weight
Port
SRV
_sip
_tls
redfoxtechnologies.net
lyncedgesvr.redfoxtechnologies.net
0
0
443
Automatic Login
SRV
_sipfederationtls
_tcp
redfoxtechnologies.net
lyncedgesvr.redfoxtechnologies.net
0
0
5061
Lync Federation Discovery
A
dialin.redfoxtechnologies.net
103.17.21.198
Simple URL Dialin
A
lyncdiscover.redfoxtechnologies.net
103.17.21.198
Lync client discovery.
A
lyncedgesvr.redfoxtechnologies.net
103.17.21.196
Access Edge #1
A
lyncedgesvr.redfoxtechnologies.net
0.0.0.0
Web Conferencing #1
A
lyncedgesvr.redfoxtechnologies.net
0.0.0.0
AV #1
A
lyncfesvr.redfoxtechnologies.net
103.17.21.198
External Web Services
A
meet.redfoxtechnologies.net
103.17.21.198
Simple URL Meet
Internal Certificates
Type
Server
SN
SAN
EKU
Internal
Front-End
lyncpool.redfoxtechnologies.net
lyncpool.redfoxtechnologies.net
lyncfesvr.redfoxtechnologies.net
meet.redfoxtechnologies.net
dialin.redfoxtechnologies.net
lyncadmin.redfoxtechnologies.net
lyncdiscoverinternal.redfoxtechnologies.net
lyncdiscover.redfoxtechnologies.net
sip.redfoxtechnologies.net
lyncfesvr.redfoxtechnologies.net
lyncfesvr.redfoxtechnologies.net
Server
SAN/UCC Certificate for Front-End Pool
Internal
OAuth
redfoxtechnologies.net
Server
OAuth
Internal
Edge Server
lyncedgesvr.redfoxtechnologies.net
Server
Certificate for Internal Edge
External Certificates
Type
Server
SN
SAN
EKU
Public
Lync Edge
lyncedgesvr.redfoxtechnologies.net
lyncedgesvr.redfoxtechnologies.net
lyncedgesvr.redfoxtechnologies.net
Server Client
SAN/UCC Certificate for Edge Server
Public
Reverse Proxy
lyncfesvr.redfoxtechnologies.net
meet.redfoxtechnologies.net
dialin.redfoxtechnologies.net
lyncdiscover.redfoxtechnologies.net
lyncfesvr.redfoxtechnologies.net
Server
SAN/UCC Certificate for Reverse Proxy

HTTP Error 403.16 - Forbidden, Your client certificate is either not trusted or is invalid.

Dear Experts,
I have tried mutual authentication with sample website as per below link:
http://itq.nl/testing-with-client-certificate-authentication-in-a-development-environment-on-iis-8-5/#comment-19427
1. Created a Root certificate, client and server certificate based on this root certificate by using Makecert command as per below link:
2. Import these certificates in Trusted Root Certification authority of both the stores (Local and Current user)
3. Created a sample website with HTML page
4.Hosted this website in IIS with HTTPS binding and selected the above server certifcate
5. Enabled "Require SSL" and selected "Require" under SSL settings of website
6. Exported the client certificate in base64 format --> Edited in notepad --> made the key into single line
7. Placed the above key under Configuration editor --> system.webServer/security/authentication/iisClientCertificateMappingAuthentication --> one to one mapping with user credentials.
8. I tried to access the website
But, I ended with below error :(
HTTP Error 403.16 - Forbidden
Your client certificate is either not trusted or is invalid.
Detailed Error Information:
Module    IIS Web Core
Notification    BeginRequest
Handler    ExtensionlessUrlHandler-Integrated-4.0
Error Code    0x800b0109
Requested URL    https://localhost:443/
Physical Path    E:\SampleRoot
Logon Method    Not yet determined
Logon User    Not yet determined
Could you please let me know what I missed here.
Note:
I am using windows8, IIS8.0.
Thanks in advance.
Regards,
M. Prasad Reddy.

Hi Prasad,
As per this case, I have been shared the corresponding details below
1.First of all,make sure that you import the certificate whether it belongs to Trusted RootCertification or not .
    If that is the case ,Goto Microsoft Management Console (MMC), open the Certificates snap-in.
    For instance, the certificate store that WCF is configured to retrieve X.509 certificates from, select the Trusted RootCertification Authoritiesfolder. Under the Trusted Root Certification Authorities folder, right-click the Certificatesfolder,
point to All Tasks, and then click Import.
2.you configured the server certificate as well, But check the client certificate whether have root certificate or not by following command?
makecert -pe -n "CN=SSLClientAuthClient"
         -eku 1.3.6.1.5.5.7.3.2 -is root -ir localmachine -in WebSSLTestRoot
         -ss my -sr currentuser -len 2048
3. Also check the Service Certificate whether its configured on the WCF Service side
4.Make sure that you followed all the steps are done correctly from your given referred link below
http://itq.nl/testing-with-client-certificate-authentication-in-a-development-environment-on-iis-8-5/#comment-19427
5.Besides, please try to set the require SSL as ignore to see if you can access the website.
If the above details cannot able to resolve this issue, please post your config file here.

Error 403.7 - Forbidden: SSL client certificate is required

Hi people!
I�m developing a java client to a WebService (developed in .NET). The communication protocol is HTTPS to the URL where the Web Service is located (something like https://10.200.140.117/dirNotes/serviceName.asmx.). I�ve been reading many posts but I could'nt find the solution to the problem wich has the following message: Error 403.7 - Forbidden: SSL client certificate is required".
I�m using JDK 1.5 and developing and testing on Windows Plataform. I'm able to access the URL specified above directly from the browser, I installed the client certificate (the same that �ve put into the ,jks keystore. I�ve also imported the whole certificate chain of the server to the cacerts.
I�ll paste the code and the console trace below. I�d be very grateful if you can help me. Thanks a lot.
_THE CODE_
package principal;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import entidade.Certificado;
public class SSLClient {
private static final int PORT_NUMBER = 443;
private static final String HTTPS_ADDRESS = "10.200.140.117";
private static String strCabecalhoMsg = "";
private static String strDadosMsg = "";
public static void main(String[] args) throws Exception {
System.setProperty("javax.net.ssl.keyStore", Certificado.getStrNomeArquivoJKSServidor());
System.setProperty("javax.net.ssl.keyStorePassword", "senha");
System.setProperty("javax.net.ssl.trustStore", "Certificados/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.debug","ssl,handshake,record");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(Certificado.getStrNomeArquivoJKSServidor()),
Certificado.getArranjoCharSenhaCertificadoServidor());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, Certificado.getArranjoCharSenhaCertificadoServidor());
KeyStore ksT = KeyStore.getInstance(KeyStore.getDefaultType());
ksT.load(new FileInputStream("C:/Arquivos de programas/Java/jre1.5.0_05/lib/security/cacerts"), "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksT);
SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
try{
// method to load the values of the strings strCabecalhoMsg and strDadosMsg
carregarXMLCabecalhoDados();
SSLSocket socket =(SSLSocket)factory.createSocket(HTTPS_ADDRESS, PORT_NUMBER);
socket.startHandshake();
String [] arr = socket.getEnabledProtocols();
URL url = new URL("https://10.200.140.117/dirNotes");
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
urlc.setDoInput(true);
urlc.setUseCaches(false);
Object[] params = {strCabecalhoMsg, strDadosMsg};
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(url);
call.setOperationName("serviceName");
String ret = (String) call.invoke(params);
System.out.println("Result: " + ret);
catch (UnknownHostException uhe) {
uhe.printStackTrace();
System.err.println(uhe);
catch (Exception uhe) {
uhe.printStackTrace();
System.err.println(uhe);
private static void carregarXMLCabecalhoDados()
try
BufferedReader input = new BufferedReader( new FileReader("notas/cabecalho.xml"));
String str;
while((str=input.readLine()) != null)
strCabecalhoMsg += str ;
System.out.println("Cabe�a: " + strCabecalhoMsg);
input = new BufferedReader( new FileReader("notas/nota.xml"));
while((str=input.readLine()) != null)
strDadosMsg += str ;
System.out.println("Nota: " + strDadosMsg);
catch (FileNotFoundException e)
// TODO Auto-generated catch block
e.printStackTrace();
catch (IOException e)
// TODO Auto-generated catch block
e.printStackTrace();
_THE TRACE_
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
*others trusted certs*
trigger seeding of SecureRandom
done seeding SecureRandom
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158630 bytes = { 48, 135, 53, 24, 112, 72, 104, 220, 27, 114, 37, 42, 25, 77, 224, 32, 12, 58, 90, 217, 232, 3, 104, 251, 93, 82, 40, 91 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158523 bytes = { 56, 166, 181, 215, 86, 245, 8, 55, 214, 108, 128, 50, 8, 11, 0, 209, 38, 62, 187, 185, 240, 231, 56, 161, 212, 111, 194, 79 }
Session ID: {222, 2, 0, 0, 147, 179, 182, 212, 18, 34, 199, 100, 168, 167, 48, 116, 140, 186, 151, 153, 226, 168, 163, 174, 24, 83, 208, 73, 179, 57, 86, 137}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
*many chains and related data*
Found trusted certificate:
Version: V3
Subject:
*many trusted certificates and related data*
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 117, 112, 233, 166, 240, 9, 226, 67, 53, 111, 194, 84, 124, 103, 197, 28, 17, 36, 32, 48, 145, 166, 161, 61, 30, 63, 153, 214, 137, 113, 222, 204, 138, 77, 212, 75, 65, 192, 159, 215, 69, 156, 47, 188, 179, 219 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 75 70 E9 A6 F0 09 E2 43 35 6F C2 54 7C 67 ..up.....C5o.T.g
0010: C5 1C 11 24 20 30 91 A6 A1 3D 1E 3F 99 D6 89 71 ...$ 0...=.?...q
0020: DE CC 8A 4D D4 4B 41 C0 9F D7 45 9C 2F BC B3 DB ...M.KA...E./...
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 26 30 87 35 18 70 48 68 DC 1B 72 25 2A Gjs&0.5.pHh..r%*
0010: 19 4D E0 20 0C 3A 5A D9 E8 03 68 FB 5D 52 28 5B .M. .:Z...h.]R([
Server Nonce:
0000: 47 6A 73 BB 38 A6 B5 D7 56 F5 08 37 D6 6C 80 32 Gjs.8...V..7.l.2
0010: 08 0B 00 D1 26 3E BB B9 F0 E7 38 A1 D4 6F C2 4F ....&>....8..o.O
Master Secret:
0000: 0B 3A 71 F8 BB 79 5E 07 78 C2 5F 13 4F 92 9D 87 .:q..y^.x._.O...
0010: CF 69 0D 07 78 D2 59 46 1E C3 C1 5B A2 DB 04 B9 .i..x.YF...[....
0020: 42 60 92 48 59 8E FD FD C3 5B BD 00 9C 54 7A 7E B`.HY....[...Tz.
Client MAC write Secret:
0000: 33 7C 19 C4 75 D2 CE 82 39 98 37 E5 7D 20 CB B1 3...u...9.7.. ..
Server MAC write Secret:
0000: 1E 1E 48 C7 D4 77 23 E4 22 26 8B 98 2E 92 5C 95 ..H..w#."&....\.
Client write key:
0000: EE 05 39 76 B2 85 63 6C F7 70 30 CB 6D 08 07 54 ..9v..cl.p0.m..T
Server write key:
0000: 5C 2E 3B 5E DC D9 EC C5 04 C4 D5 B5 12 11 B9 08 \.;^............
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 143, 115, 243, 131, 242, 244, 12, 44, 191, 172, 205, 122 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 231, 215, 37, 250, 177, 121, 111, 192, 11, 41, 1, 165 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : Certificados/certificadoSondaMonitor.jks
keyStore type is : JKS
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: Certificados\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
adding as trusted cert:
* many certificates*
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
export control - checking the cipher suites
export control - found legal entry in cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158632 bytes = { 93, 1, 41, 236, 165, 146, 251, 117, 129, 195, 129, 72, 245, 181, 43, 48, 80, 251, 244, 198, 223, 85, 82, 101, 20, 159, 17, 26 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158525 bytes = { 109, 114, 234, 1, 130, 97, 251, 9, 61, 105, 56, 246, 239, 222, 97, 143, 22, 254, 65, 213, 10, 204, 153, 67, 237, 133, 223, 48 }
Session ID: {23, 30, 0, 0, 26, 129, 168, 21, 252, 107, 124, 183, 171, 228, 138, 227, 94, 17, 195, 213, 216, 233, 205, 2, 117, 16, 21, 65, 123, 119, 171, 109}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
many chains again
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 116, 247, 155, 227, 25, 25, 231, 129, 199, 76, 134, 222, 98, 69, 149, 224, 75, 6, 60, 121, 115, 216, 244, 246, 102, 92, 188, 64, 113, 56, 190, 43, 32, 51, 90, 254, 141, 184, 71, 48, 41, 29, 173, 180, 46, 116 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 74 F7 9B E3 19 19 E7 81 C7 4C 86 DE 62 45 ..t........L..bE
0010: 95 E0 4B 06 3C 79 73 D8 F4 F6 66 5C BC 40 71 38 ..K.<ys...f\.@q8
0020: BE 2B 20 33 5A FE 8D B8 47 30 29 1D AD B4 2E 74 .+ 3Z...G0)....t
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 28 5D 01 29 EC A5 92 FB 75 81 C3 81 48 Gjs(].)....u...H
0010: F5 B5 2B 30 50 FB F4 C6 DF 55 52 65 14 9F 11 1A ..+0P....URe....
Server Nonce:
0000: 47 6A 73 BD 6D 72 EA 01 82 61 FB 09 3D 69 38 F6 Gjs.mr...a..=i8.
0010: EF DE 61 8F 16 FE 41 D5 0A CC 99 43 ED 85 DF 30 ..a...A....C...0
Master Secret:
0000: FC C9 75 A4 2B F1 8A D8 AD 16 27 70 B7 E4 64 6C ..u.+.....'p..dl
0010: 05 D7 33 4A 53 91 2F 51 1E 32 D3 3B 2E 18 2E BC ..3JS./Q.2.;....
0020: E4 16 EE 2F 01 A1 08 48 19 09 32 68 CE 69 8F B1 .../...H..2h.i..
Client MAC write Secret:
0000: F1 95 3B CE 06 5B 8A 9B EC DE 1C 8F B4 AB D9 36 ..;..[.........6
Server MAC write Secret:
0000: BF 52 36 48 63 24 FE 74 22 BE 00 99 BE F0 6E E5 .R6Hc$.t".....n.
Client write key:
0000: 9F 08 0A 6E 8F 54 A3 66 1C BC C7 6B AE 88 67 E0 ...n.T.f...k..g.
Server write key:
0000: 06 A1 0B 4F 69 DE 5F AF 0E 6B B5 04 ED E8 EA F5 ...Oi._..k......
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 148, 93, 105, 42, 110, 212, 55, 2, 150, 191, 13, 111 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 171, 150, 45, 10, 99, 35, 67, 174, 35, 52, 23, 192 }
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(600000) called
main, WRITE: TLSv1 Application Data, length = 282
main, WRITE: TLSv1 Application Data, length = 8208
main, WRITE: TLSv1 Application Data, length = 1102
main, READ: TLSv1 Application Data, length = 1830
main, received EOFException: ignored
main, called closeInternal(false)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true)
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (404)Not Found
faultActor:
faultNode:
faultDetail:
     {}:return code: 404
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
</TD></TR></TABLE></BODY></HTML>
     {http://xml.apache.org/axis/}HttpErrorCode:404
(404)Not Found
     at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
     at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
     at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
     at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
     at org.apache.axis.client.Call.invoke(Call.java:2767)
     at org.apache.axis.client.Call.invoke(Call.java:2443)
     at org.apache.axis.client.Call.invoke(Call.java:2366)
     at org.apache.axis.client.Call.invoke(Call.java:1812)
     at principal.SSLClient.main(SSLClient.java:86)
(404)Not Found
-----

I'm having the same problem with the same URL. I try many configuration and nothing works. My code is:
public class NFeClient {
     static{
          Security.addProvider(new BouncyCastleProvider());
     public static void main(final String[] args) throws Exception {
          final String path = "https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx";
          final String keyStoreProvider = "BC";
          final String keyStoreType = "PKCS12";
          final String keyStore = "/home/mendes/certificados/cert.p12";
          final String keyStorePassword = "xxxx";
          System.setProperty("javax.net.ssl.keyStoreProvider",keyStoreProvider);
          System.setProperty("javax.net.ssl.keyStoreType",keyStoreType);
          System.setProperty("javax.net.ssl.keyStore",keyStore);
          System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
          System.setProperty("javax.net.ssl.trustStore","/home/mendes/workspace/NFE/jssecacerts");
          final SSLContext context = SSLContext.getInstance("TLS");
          final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
          final KeyStore ks = KeyStore.getInstance(keyStoreType);
          ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
          kmf.init(ks, keyStorePassword.toCharArray());
          context.init(kmf.getKeyManagers(), null, null);
          final URL url = new URL(path);
          final HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
          httpsConnection.setDoInput(true);
          httpsConnection.setRequestMethod("GET");
          httpsConnection.setRequestProperty("Host", "iis-server");
          httpsConnection.setRequestProperty("UserAgent", "Mozilla/4.0");
          httpsConnection.setSSLSocketFactory(context.getSocketFactory());
          try{
               final InputStream is = httpsConnection.getInputStream();
               final byte[] buff = new byte[1024];
               int readed;
               while((readed = is.read(buff)) > 0)
                    System.out.write(buff,0,readed);
          }catch(final IOException ioe){
               ioe.printStackTrace();
}and the response of the server is always the same:
java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1241)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
     at br.com.esales.nfe.signer.client.NFeClient.main(NFeClient.java:60)Edited by: mendes on Apr 25, 2008 9:56 AM

Receiver SOAP adapter SSL error - client certificate required?

Hi all,
Problem configuring SSL in XI 3.0 NW04 SP17....
I have followed the config steps from Rahul's excellent weblog at <a href="/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter">How to use Client Authentication with SOAP Adapter</a> (my Basis team have done the Visual Admin steps) and am going through his example as it closely matches my requirement. So, I have a test receiver SOAP adapter sending messages to a web service URL defined for a sender SOAP adapter. My test scenario is:
<b>Sender File -> <u><i>Receiver SOAP -> Sender SOAP</i></u> -> IDoc Receiver -> IDocs in R/3</b>
The problem components are in italic and underlined above. My Receiver SOAP Adapter has the web service URL, Certificate Keystore Entry and View entered. If, in the Sender SOAP Adapter, I have an HTTP Security Level of HTTPS Without Client Authentication, the interface works fine (note that Rahul suggests you untick the User Authentication in the Receiver but with this Security Level, it seems to work with or without it).
The problem is when I set HTTPS <b>With</b> Client Authentication in the Sender. I then get the following error in the message monitor:
SOAP: response message contains an error XIServer/UNKNOWN/ModuleUnknownException - com.sap.aii.af.mp.module.ModuleException: java.security.AccessControlException: <b>client certificate required caused by: java.security.AccessControlException</b>: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:1111) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl3.process(ModuleLocalLocalObjectImpl3.java:103) at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:250) at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103) at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:166) at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:421) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.Client.handle(Client.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java(Compiled Code)) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java(Compiled Code)) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java(Compiled Code)) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java(Compiled Code)) at java.security.AccessController.doPrivileged1(Native Method) at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java(Compiled Code)) Caused by: java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:843) ... 22 more
Has anyone got any idea what this could be caused by?
Many thanks,
Stuart Richards

Have you configured the https port with that keystore entry?
Check out these links:
http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/5c/15f73dd0408e5be10000000a114084/frameset.htm
Regards,
Henrique.

Certificate error on Outlook 2013 clients, Outlook 2007 clients do not get certificate error, Exchange 2010, dot local domain name

Hi
I'm looking for a solution that I can't seem to find. I have an Exchange 2010 server running in a dot local domain (domainname.local), so my SSL certificate is installed using the servers external email DNS name. email.mycompany.com
I have followed the instructions to resolve this on the Exchange server, implemented the changes so autodiscovery sees the server as email.mycompany.com. This works great for my Outlook 2007 users. The downside is that none of my Outlook 2013
clients can access their email without the certificate error server name mismatch.
I know Outlook 2013 has tighter security but I need to get rid of these cert errors, any thoughts out there?

Hi,
Since both your Outlook 2007 users and Outlook 2013 users are using Exchange 2010 with the same server configuration, it should be working in both Outlook client version.
Please restart your IIS service by running IISReset /noforce from a Command Prompt window in Exchange to have a try. In Outlook, please re-create a Outlook profile to check whether the issue persists.
Regards,
Winnie Liang
TechNet Community Support

LYNC Federation - Internal Error on Verify Message by Lync PC Client.

Hello all,
Recently I set a static route for SIP "interdomain" Federation between Lync 2013 and other vendor PBX.
However I'm struggling with the Lync PC Client error message on validating the messages received by Lync FE. Lync Mobile Client or IPAD client don't have the same issue.
In the Lync FE logs I see that the Invite it's received by the FE and forward to the Lync PC Client. However the in the Lync PC Logs we see WARN message that verify message failed what result in abort of the incoming call on the Lync Client.
Lync PC Client Log:
08/05/2014|17:36:21.102 26F8:C4 TRACE ::
verified buffer: <TLS-DSK><D82A1226><26><SIP Communications Service><Lync2013-PC.innodemo.local><[email protected]><11892668><INVITE><sip:[email protected]><1641009297><sip:[email protected]><><><><>-length-220.
signature:1fa6a6801d168888125378d7ff858578f30b6bf2
08/05/2014|17:36:21.102 26F8:C4 WARN ::
VerifyMessage failed
x6 times
In the FE Logs I see:
TL_INFO(TF_PROTOCOL) [0]12E4.1EEC::08/05/2014-15:32:40.429.000000c6 (InboundRouting,InboundRoutingClientTransaction.SendImpl:inboundroutingcontext.cs(2308))[2344625192]
SendImpl() to sip:172.16.93.12:60561;transport=tls;ms-opaque=0e66ad0711;ms-received-cid=A600
TL_INFO(TF_DIAG) [0]10CC.1314::08/05/2014-15:32:40.430.000000c8 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(778))[2344625192]
$$begin_record
Severity: information
Text: Routed a request on behalf of an application
SIP-Start-Line: INVITE sip:172.16.93.12:60561;transport=tls;ms-opaque=0e66ad0711;ms-received-cid=A600 SIP/2.0
SIP-Call-ID: [email protected]
SIP-CSeq: 11892668 INVITE
Peer: 172.16.93.12:60561
Data: destination="[email protected]";application="http://www.microsoft.com/LCS/DefaultRouting"
$$end_record
TL_INFO(TF_PROTOCOL) [0]10CC.1314::08/05/2014-15:32:40.430.000000c9 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(196))[2344625192]
$$begin_record
Trace-Correlation-Id: 2344625192
Instance-Id: 32C
Direction: outgoing
Peer: 172.16.93.12:60561
Message-Type: request
INVITE sip:172.16.93.12:60561;transport=tls;ms-opaque=0e66ad0711;ms-received-cid=A600 SIP/2.0
Start-Line: INVITE sip:172.16.93.12:60561;transport=tls;ms-opaque=0e66ad0711;ms-received-cid=A600 SIP/2.0
From: <sip:[email protected]>;tag=1641009297
To: <sip:[email protected]>;epid=5acfd7e726
Call-ID: [email protected]
CSeq: 11892668 INVITE
Contact: <sip:[email protected]:5061;transport=TLS>
Via: SIP/2.0/TLS 172.16.93.3:5061;branch=z9hG4bK32626C7B.D608D12EF622D7A8;branched=FALSE;ms-internal-info="ca-uvj7g7cd2YxUxssjsnQep4sdcBc90oFo27_60ZBaigu0QjWk5N33QAA"
Via: SIP/2.0/TLS 172.16.93.11:5061;branch=z9hG4bK-2B43DB32;rport;alias;received=172.16.93.11;ms-received-port=60028;ms-received-cid=AD00
Record-Route: <sip:Lync2013-PC.innodemo.local:5061;transport=tls;opaque=state:F:Ci.Ra600;lr;ms-route-sig=aam67Qa-S2QyV9XEtcYaQRQjPC9PgzSs05BJukjXBgjxMu0QjWLwDDRgAA>;tag=45D3B960B6E2B498388A5465B5BFF35F
Max-Forwards: 58
Content-Length: 427
Content-Type: application/sdp
Message-Body: v=0\no=- 34 1 IN IP4 172.16.93.11\ns=-\nt=0 0\nm=audio 16422 RTP/AVP 18 4 8 0 101 13\nc=IN IP4 172.16.93.19\na=rtpmap:101 telephone-event/8000\na=fmtp:18 annexa=yes\na=fmtp:18 annexb=no\na=fmtp:101 0-15\na=ptime:60\na=silenceSupp:off - - - -\na=sendrecv\na=ice-ufrag:Xgox\na=ice-pwd:v8uT6XAZFNHQeDNrOtUWni\na=candidate:1
1 UDP 2130706431 172.16.93.19 16422 typ host\na=candidate:1 2 UDP 2130706430 172.16.93.19 16423 typ host
$$end_record
TL_INFO(TF_DIAG) [0]10CC.1314::08/05/2014-15:32:40.430.000000ca (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(778))[2344625192]
$$begin_record
Severity: information
Text: Routed a locally generated response
SIP-Start-Line: SIP/2.0 100 Trying
SIP-Call-ID: [email protected]
SIP-CSeq: 11892668 INVITE
Peer: ipva.innodemo.local:60028
$$end_record
ERROR message:
TL_ERROR(TF_COMPONENT) [0]10CC.1644::08/05/2014-15:32:43.159.000000d4 (SIPStack,CSIPRequest::ProcessVia:SIPRequest.cpp(685))
( 00000016ABEDAD40 ) Exit - the via header contains unexpected received-cid attribute. Returned 0xC3E93F04(SIPPROXY_E_REQUEST_NO_CORRECT_VIA)
TL_ERROR(TF_COMPONENT) [0]10CC.1644::08/05/2014-15:32:43.159.000000d5 (SIPStack,CSIPRequest::ValidateInboundHeaders:SIPRequest.cpp(1495))
( 00000016ABEDAD40 ) Exit - failed to ProcessVia(). Returned 0xC3E93F04(SIPPROXY_E_REQUEST_NO_CORRECT_VIA)
TL_WARN(TF_DIAG) [0]10CC.1644::08/05/2014-15:32:43.159.000000d6 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(781))[2344625192]
$$begin_record
Severity: warning
Text: Routing error occurred; check Result-Code field for more information
Result-Code: 0xc3e93f04 SIPPROXY_E_REQUEST_NO_CORRECT_VIA
SIP-Start-Line: ACK sip:[email protected] SIP/2.0
SIP-Call-ID: [email protected]
SIP-CSeq: 11892668 ACK
Peer: ipva.innodemo.local:60028
$$end_record
So they are two different errors here, in the Lync client PC failed to verify the message, and in the FE it fail to validate the ms-received-cid in the via header.
What indeed looks to exist a mismatch between "A600" to "AD00", looks the 6 was replaced by 6.I believe this headers are generated internally by Lync FE, not sure what is going wrong here for this mismatch.
Any expert could give a look and have an hint why this weird behavior of Lync FE.
Thanks in advance,
Regards,
Claudio

Hi,
From your description, it happened after the setting of static route. Please double check the route setting. Then publish Topology again, and run Step 2 Setup or Remove Lync Server Components on Lync Server Deployment Wizard.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

SAP Fiori Client on Mobile gives a certificate error

Hi ,
When i try to open the SAP Fiori Client App on my android mobile it gives a Certificate Error as seen in the below screenshot. To use the app I connect to the VPN so that the app is connected to the appopriate server.My android version is 4.2.2.
What may be the possible solution to the issue being faced?
Thanks and Regards,
Benita

Hi,
The methods mentioned in the other thread is not a solution, at best a workaround. It stops the automatic redirect from port 80 to 443 or stop forcing SSL for the authentication page, which is a bad idea. No network admin will allow that.
The problem you are facing is most probably due to self signed certificate used in the GW server for SSL purpose. SAP Fiori Client does not support self-signed certificate.
Please ask the admin to use a certificate from a public CA which should solve the problem.
Cheers,
Subhra

Lync client to Lync Mobility IM Session errors

We've had a few cases where:
User A PC locked, User A can IM User B from his mobile phone through Lync Mobility, and it sends to User B. If User B IM's User A back, User B gets an error (504). But from what I can tell, this error is a generic timed-out error.
With User A PC unlocked, he has to exit Lync on his mobile phone in order for User B to be able to successfully send IMs to User A.
We are on Lync 2010 server, using Lync 2013 client, using Lync Mobility 2010. This doesn't happen to everyone, (we have over 13k employees, but just a handful are experiencing issues).
It appears that Lync client and Lync Mobility are somehow conflicting with each other. I was able to replicate the issue one week, but the next my sessions worked out fine. My original thoughts were that there is some sort of setting on the mobile device,
but considering I had the issue one week, and the following week I was fine, I am doubting that to be the case. Also this is happening on both iOS and Android mobile devices. Anyone else having this issue?

Hi,
As the issue only happen for several users, please update to the latest version for the issued Lync clients and then test again.
Please also update to the latest version for Lync Server 2010 from Microsoft Website:
http://technet.microsoft.com/en-us/lync/dn146015
Also you can refer to the link of “Technical Requirements for Mobility” in the link below:
http://technet.microsoft.com/en-us/library/hh690030(v=ocs.14).aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

Error while enabling two way authentication :Client certificate missing

Hi,I am getting the following error while enabling the two way authentication.The weblogic server 5.1 has accepted both the client ca and server certificates and is listening for SSL on the specified port.But when I try to access thru the secured connection thru my IE it asks for Client Authentication dialog asking for valid Client certificate but I am not able to view any of the client certificate even though I have one which is the trusted root store.and there by giving the error page cannot be displayed .On the server side I get the following error.Thu Mar 08 10:54:35 GMT 05:30 2001:<D> <SSLListenThread> Problem accepting connectionjava.io.IOException: required client certificate missing at weblogic.security.SSL.SSLSocket.serverInit2(SSLSocket.java:711) at weblogic.security.SSL.SSLSocket.serverInit(SSLSocket.java:529) at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:219) at weblogic.security.SSL.SSLSocket.performAcceptHandshake(SSLSocket.java:192) at weblogic.security.SSL.SSLSocket.getInputStream(SSLSocket.java:1001) at weblogic.socket.ResettableSocket.<init>(ResettableSocket.java:30) at weblogic.socket.JVMSocketManager.accept(JVMSocketManager.java:377) at weblogic.t3.srvr.ListenThread$RJVMListenRequest.execute(ListenThread.java:506) at weblogic.kernel.ExecuteThread.run(ExecuteThread.java, Compiled Code)can anybody please guide me what could be wrong.Do I need to change the browser settings.I have enabled SSL 3.0 and SSL 2.0 and all other settings are defaultIt is urgent.pls give some suggestions.Regards,Bhavani

I think you have to specify the client root in your weblogic.properties
file.
here are my settings:
weblogic.security.enforceClientCert=true
weblogic.security.certificate.server=democert.pem
weblogic.security.key.server=demokey.pem
weblogic.security.certificate.authority=ca.pem
weblogic.security.clientRootCA=VeriSignClass1CA.der
Regards,
-Arthur
Bhavani <[email protected]> wrote:
Hi,I am getting the following error while enabling the
two way authentication for Weblogic Server 5.1Thu Mar
08 16:10:54 GMT 05:30 2001:<I> <ListenThread> Listening
on port: 7001Thu Mar 08 16:10:54 GMT 05:30 2001:<I> <SSLListenThread>
Listening on port: 7002<NT Performance Pack> NATIVE:
created IoCompletionPort successfully. IoPort=0x000002a4Thu
Mar 08 16:10:56 GMT 05:30 2001:<I> <WebLogicServer> WebLogic
Server startedThu Mar 08 16:11:20 GMT 05:30 2001:<D>
<SSLListenThread> Problem accepting connectionjava.io.IOException:
required client certificate missing at weblogic.security.SSL.SSLSocket.serverInit2(SSLSocket.java:711)
at weblogic.security.SSL.SSLSocket.serverInit(SSLSocket.java:529)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:219)
at weblogic.security.SSL.SSLSocket.performAcceptHandshake(SSLSocket.java:192)
at weblogic.security.SSL.SSLSocket.getInputStream(SSLSocket.java:1001)
at weblogic.socket.ResettableSocket.<init>(ResettableSocket.java:30)
at weblogic.socket.JVMSocketManager.accept(JVMSocketManager.java:377)
at weblogic.t3.srvr.ListenThread$RJVMListenRequest.execute(ListenThread.java:506)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java,
Compiled Code)Thu Mar 08 16:12:07 GMT 05:30 2001:<D>
<SSLListenThread> Problem accepting connectionCan anybody
suggest why this error is coming?Regards,Bhavani

Lync client certificate error

Similar Messages

Maybe you are looking for