VPN users can't connect to a Site-To-Site branch office

I have an asa 5510 that allows people to VPN into it. they get a private IP address of 10.1.4.x when they connect.
All of my sites (subnets) that are on my MPLS network were always accessible from a vpn connection.
these include the subnets
192.168.0.x  (NY)
192.168.2.x  (Main Office)
192.168.3.x  (Main Office)
192.168.10.x (IN)
192.168.20.x (GA)
etc..
recently we converted our NY office from MPLS to a Cable Connection and added a ASA5505 for a site to site tunnel.
all of the networks in every site are able to connect to the new NY Configuration without issue.
the only issue I have is when someone VPN's into our network from home, they can no longer access the NY site.
if I try to ping anything in the NY office from a VPN connection I get this:
5
Mar 08 2013
16:22:49
192.168.0.4
Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src fiber:10.1.4.32(LOCAL\user) dst fiber:192.168.0.4 (type 8, code 0) denied due to NAT reverse path failure
I'm not sure what I need to do to get this working, so any help would be appreciated.
Thanks,
Lee

Hello Lee,
make sure you add a line in the crypto ACL of the 2 ASAs of the L2L tunnel to allow traffic between the VPN pool and the NY subnet.
make sure you add the NY subnet in the split tunnel ACL if you are using split tunneling for the VPN clients.
and make sure you have the correct NAT rules to allow communication between the 2 subnets.
also, make sure that you have the same-security-traffic command as Jay advised.
Regards,
Othman

Similar Messages

  • 10.5: VPN clients can't connect to each other

    Hey all,
    I've got a bit of an odd problem. Got my VPN server setup and working fine on 10.5.4. Clients can connect in, mount file shares, etc. However, if we have multiple clients connected in via VPN, they can't connect to each other. They can't ping each other or anything. I've checked firewalls, etc, on the client machines, and everything looks fine.
    Machines within the network can ping and connect to them both, it's just when they're trying to connect to one another that the problem occurs. Any ideas why this might be, and any possible solutions?
    Thanks in advance,
    Paul

    OS X Server / VPN /The L2TP-VPN server did not respond

  • WinXP AD users can't connect via SMB

    Server is an Intel Xserve, 10.5.8.
    Windows users get authentication errors when attempting to connect via SMB on the Mac server. The server is bound to Active Directory, and the Mac users are able to connect via AFP just fine. Macs also cannot connect via SMB. I get the error message "NTSTATUS_WRONGPASSWORD" when the user attempts to log in.
    Local users are able to connect via SMB, but I don't want to re-enter a dozen or so PC users on this server if I can avoid it.
    In the /var/db/smb.conf file there is an entry for a password server that may not be correct, but if I change it to the password server I've been instructed to use, the file flips back to the original setting when I stop and start the SMB service. I think if I make changes to the /etc/smb.conf file outside the END section, where the comments say to make changes, they will carry over to /var/db/smb.conf, but I'm not sure of the syntax.
    If you need me to post the testparm output I can do that.

    You're going to have to look into potential underlying issues.
    I don't know what's happened for you, but I have an identical type setup for a client done over a year ago and no such problems have occurred.
    What does the UNEDITED (please !) result of (using the Terminal) the following show:
    cat /Library/Preferences/edu.mit.Kerberos
    What happens when a user can't connect (error message, loginwindow shake) ? Are all client machines & the server using a common (eg internal) time-server ?
    Be sure to see http://docs.info.apple.com/article.html?artnum=300765
    And certainly read through Bombich' excellent PDF (click on the icon of it) at
    http://www.bombich.com/mactips/activedir.html - esp. the troubleshooting section
    for when a user is unable to login.
    Currently, I'm not able to check/verify the settings for any of the servers I've setup for clients in a "magic triangle" setting. I'm not certain about the "passwordserver" entry,
    on the one hand the actual passwordserver is actually part of

  • Users can only connect to RD farm website and cannot remote into terminal server , when connected via VPN

    Hello,
    I have a RD farm using 3 Win 2012 servers (1 broker and 2 session host), for internal use only, have not
    configured gateway for internet access.
    Users are able to connect to RD farm website and remote into terminal server, within office
    but can only connect to RD farm website and cannot remote into terminal server , when connected via VPN
    Its takes long time at securing connection and fails.
    Thanks

    Hi,
    Thank you for your posting in Windows Server Forum.
    First of all I would suggest you to configure RD gateway role on your server and pass all the connection through it because it’s a best practice to use RD Gateway in RDS Farm. 
    Apart from this, if you are not using RD Gateway then you must check that you have successfully forwarded port 3389 for RDS to access via VPN. Also check that you have made configuration under IIS Manager to enable Forms Authentication. Please check
    this link.
    In addition, please refer beneath article for additional details.
    1. How to Access Windows Remote Desktop Over the Internet
    2. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp
    (For reference)
    Hope it helps! 
    Thanks,
    Dharmesh

  • OneDrive for Business (on Premise) "we can't connect to the specified sharepoint site..."

    Hello
    We have SharePoint 2013 SP1 and CU Sept. 2014.
    Problem:
    When a User tries to sync with a sharepoint subsite, he gets the message above in the title until we give him at the minimum "read" permissions on the top level site collection.
    https://sitecollection/subsite <-- sync not working until read on sitecollection
    The subsite has its own permissions, it doesnt inherit anything.
    I tried to recreate this issue in our lab. What i got was this:
    http://sitecollection/subsite <-- sync doesnt work without read permission on sitecollection
    http://sitecollection/sitecollection/subsite <-- sync
    works fine even without read permission on any sitecollection (just edit on subsite)
    The question is:
    Why does it behave like this?
    I dont want to give everyone "read" permission on the root site collection. It must be an other way to sync on subsites!
    Thanks for any response! Any help appreciated!
    Regards
    SharePoint_Dude

    Hi,
    I tested the same scenario per your post in my environment, however the libraries in subsites can be synced with OneDrive for Business.
    I recommend to check the permission of the user in the subsite to see if the user has
    Use Remote Interfaces permission.
    If not, please select this and then check the results.
    More reference:
    https://nheylen.wordpress.com/2014/05/15/sync-error-we-cant-connect-to-the-specified-sharepoint-site/
    Best regards,
    Victoria Xia
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • ASA 5505 Anyconnect VPN Users can't access Internet

    Vpn user cannot access the internet but able to ping the lan network (192.168.1.0).. it seem like im missing a lan or nat rule.. Possibly allowing the vpn subnet 192.168.2.0 /24 to pass through to the internet.  Im looking to accomplish this without split tunneling.. Thanks

    on 8.2.5 version or lower:  Let say your inside hosts are accessing Internet by using dynamic nat index "1" and now you can use the same nat index "1" allow your vpn-pool range to be part of the same dynamic-nat index "1" to access the Internet.  Note I am natting source interface is be outside for vpn-client users because they (vpn-users) are physically coming off the outside interface.
    nat (outside) 1 192.168.2.0 255.255.255.0
    on 8.3 version or greater:  
    object network vpn-user-subnet
     subnet 192.168.2.0 255.255.255.0
     nat (outside,outside) dynamic interface
    Hope this helps.
    Thanks
    Rizwan Rafeek

  • After Upgrade to 7.6.100.0 User Can't Connect To Wireless

    We have an internal 5508 controller that has two SSID's on it.  A secure SSID which uses an ACS server to authenticate users through AD, and a guest SSID which tunnels out to a DMZ 5508 anchor controller.  The guest users have no issues at all.  We upgraded our controllers to 7.6.100.0 about 3 weeks ago.  Since then, we've had an issue with the data path, for the anchor controller was down, and would only come up after reboot of the internal controller.  That was the 1st issue.  Over the past few days, I've had users from all over the country tell me that they cannot get connected to our secure network.  All users have Win7 machines.  All they see is the yell yield sign, on their wireless connection.  In the Network and Sharing center, they see the wireless network listed as an unidentified network (public network).  In the ACS, the users are authenticating with no problem (I can see it in the ACS logs), and they do receive an IP address.  However, they have absolutely no connectivity.  I have them try to ping the default gateway, of the subnet that they're assigned, and it comes back with request timed out.  Of course they can't get to the internet, or do anything, since they have no connectivity back to their gateway.  I've restarted the internal controller (thinking that there must be a hang like with the data path anchor issue) which didn't work, I've blown away the SSID, and recreated it.  That didn't work.  I even restarted the ACS, although that wasn't an issue.  It seems like any users that were connected, prior to the issue, and have no shut down their pc, are ok.  Users that have shut down, or have removed the secure wireless network profile, from their computer, can no longer connect.  They just get that the network is unidentified.  I'm not sure if there was any sort of Win7 update, or some other push, but I want to make sure that from the WLC perspective, there's no issue.  Thanks for any help!

    Hi Dan,
    You pay the price going for latest (does not mean greatest).
    Based on my experience, never jump into first release of a software code, unless you require those new features. Wait for a maintenance release to come & then go for it.
    Here are few critcal bugs of 7.6.100.0 which does not have a fix yet
    CSCum62305 : traffic stops for Mac OS, IOS devices. Other devices working fine
    CSCum49200 : Mac wireless clients in RUN state sometimes unable to ping gateway
    CSCuj17283 : WiFi clients dropping ARP  replies on TID 3 w/ ap3700
    I would suggest you to open a TAC case & work with them if you want to stay with this code (specially if you want to get 802.11ac ). Otherwise downgrade to 7.4.121.0 would be the option.
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Can see my machine through vpn, but can't connect...

    Hello all,
    On 10.8.1 with ARD 3.6.1 at home-Mac MIni Server.
    Connected through a VPN (Cisco IPSec) to my office.
    I can see my work station at work (10.8.1, ARD 3.6), but I CAN'T connect.
    Message I get is: Make sure remote management is enabled in sharing (it is) or that your network interface is working (it is).
    I can see my other stations at work with ARD 3.5.1 through 3.5.2 with 10.7 and I can connect to those with no problems.
    And I can connect from my laptop (10.8.1, ARD 3.6) at home to my this mac mini server and vice versa.
    Does anyone know why I can't connect to the one at work? something with the VPN, seems like the only variable here.
    Thanks,
    Brian

    problem solved.
    I couldn't reinstall it because I had an older version. After installing the old version and upon launch, it will say that an newer version is already installed... blah... blah...
    Apparently, ARD is a part of the mountain lion and it is not easily removed. So don't try, I followed apple tech support doc and it didn't work.
    What I had to do was to restore the newest version, cause I deleted it, but this time I aslo deleted all the system files related to the ARD and the pref, plist, etc.
    This time I launched 3.6 again, set the pref, and I was able to connect from my home computer to my work computer.
    Success!!
    Thank you for the assist.

  • Vista users can't connect to 10.5.6 Server

    Hello world...
    I have a problem connecting users running Vista to Mac OSX Server 10.5.6; I've done a search here but I didn't find anything useful.
    When Vista try to connect to the server with a valid username/password it is rejected, but if I try to connect from a XP client it connects without any problem.
    Anyone can help me?
    Thank you
    Stefano

    If you don't want extensive details around Microsoft Windows variants and offerings, please stop reading now.
    Microsoft Windows XP has (had?) Home, Professional, Media Center Edition, Tablet PC Edition, Professional x64 Edition, and the Windows Vista flavors include (included?) Starter, Home Basic, Home Premium, Business, Ultimate and Enterprise Edition, and the Windows Server 2003 variant has (had?) 32-bit, 64-bit x64, and 64-bit Intel Itanium variants, and has (had?) Web, Standard, Enterprise and Datacenter editions.
    Caveats: The Microsoft product offerings list has very likely changed since I researched this particular list of Windows offerings a year or two back. Some packages that I suspect are no longer offered include Windows XP 64-bit for Itanium, and probably some others. There are cases where the names of the various Windows editions have changed, as well. These Windows editions can and often do vary in capability and platform support, and in regional availability. And I haven't been looking at the MS-DOS-descended platforms; only at the NT descendants.
    Not all of these Windows variants have the secpol.msc tool. AFAIK, the Windows XP Home and Windows Vista Starter and the Home variants do not. I'm not sure about Windows XP 64-bit for Itanium as I wasn't running that for very long; that was probably the Professional variant, so it would have had the secpol.msc tool.
    When presented with the basic "I can't connect to CIFS/SMB/Samba share or a NAS device" problem report, I usually edit the registry key for the user. That tends to works on more of the variants than the secpol.msc tool. But both are valid approaches.
    Please check with Microsoft for the current Windows product offerings, features and related details. And for the correct means for adjusting NTLM authentication. In particular, do read the Microsoft knowledge base articles including [KB954387|http://support.microsoft.com/kb/954387], and various others.
    Now if y'all will excuse me, it is time to go debug some Cocoa code.

  • Lion Server: new user can't connect

    This is a local ethernet network, Mac Mini running Lion Server 10.7.4.
    I created 2 new users with Server app, same specs as already existing users, but can't connect to the server with the new id's. I just don't undrestand what I'm missing. The old id's all work perfectly when I try to connect.

    Check your Services' ACL with Server Admin. It may happen that the new users are included in groups which are allowed for some services, but the new users are not included automatically in this group.

  • Iphone user can't connect to Exchange 2013

    Hi there,
    i have Exchange 2013 on Windows 2012, PKI and certificate installed.
    I have 4 users that can (must) connect to the server through iPhone. It works for all, except for ONE (the boss :-X)
    I deactivate the mailbox, recreate it without import old mails. It still don't work.
    Any idea?
    Thanks.

    Yes it's the first time on Exchange 2013.
    Yes they have different OS.
    The server just been installed so it never worked.
    BUT I SOLVED MY PROBLEM with this article:
    http://technet.microsoft.com/en-us/library/dd439375(v=exchg.80).aspx It concerne Exchange 2003 and 2010 but it worked for my configuration: Windows 2012 and Exchange 2013 and no error HTTP 500.
    Actually my user is member of Administrators group and the inheritance is deactivate. I activate it and it's work!
    Thanks to me and thanks to you for your answers!

  • User can't connect to iChat (ACL failure)

    On a 10.6(.0) server upgraded from 10.5 I've got a user who spontaneously stopped being able to connect to iChat this morning. His account was fine yesterday. User is trying to connect from a 10.5.8 machine and a different 10.6.1 machine, same problem from both, so I'm pretty sure it's server-side.
    system.log shows:
    Sep 11 07:34:15 server jabberd/c2s[56751]: odauth_check_servicemembership: checking user "luser" access for service "chat"
    Sep 11 07:34:15 server jabberd/c2s[56751]: odauth_check_servicemembership: mbruser_name_touuid returns No such file or directory
    Googling turned up two archived threads from 10.5 where people reported the same problem and no resolution:
    http://discussions.apple.com/thread.jspa?messageID=7335329
    http://discussions.apple.com/thread.jspa?threadID=1373399
    The user in question was able to connect to Jabber yesterday and is definitely in a group with the chat acl. "No such file or directory" is an odd error to see as well. Anyone have any idea what file or directory it might be trying to pull. Is there any more information that's meaningful or logging that might be relevant?

    "Local users" can log in but not users with other short domain names. [email protected] will logg in (can be any FQDN if it has a CNAME in DNS). But [email protected] will have a authentication failure. I have no solution for this yet. Tried to make a * domain name in DNS but it did not seem to work either.

  • User can't connect to an External Lync conference

    When an outside company hosts a Lync conference, we have one user (at a different office) that can't connect to the conference.  Other users at our main office can connect without any issues.
    The message she gets is "Call was not completed or has ended".  "When contacting your support team, reference error ID 19 (source ID 241)."
    The other office uses a different Internet connection.  This is the only thing I can think of that could be an issue.
    Does anyone know what "reference error ID 19 (source ID 241" means?
    This user can host a Lync conference and users from the outside company can attend the meetings that she hosts. 
    I have tons of logs from this user...too many.  I'm not sure what I am looking for.
    Any help would be appreciated.

    I found this info in the logs.  Not sure if it is meaningful or not.
    09/15/2014|15:45:04.329 222C:1730 INFO  :: CUccConfSession::ValidateNotifyMsg - Received the first full conference doc, version set to 21
    09/15/2014|15:45:04.329 222C:1730 INFO  :: Function: CRTCCccpDecoder::GetSubject
    09/15/2014|15:45:04.329 222C:1730 TRACE :: Condition failed with 80070057: 'm_bstrSubject != 0'
    09/15/2014|15:45:04.329 222C:1730 INFO  :: Function: CRTCCccpDecoder::GetDisclaimerTitle
    09/15/2014|15:45:04.329 222C:1730 TRACE :: Condition failed with 80070057: 'm_bstrDisclaimerTitle != 0'
    09/15/2014|15:45:04.329 222C:1730 INFO  :: Function: CRTCCccpDecoder::GetDisclaimer
    09/15/2014|15:45:04.329 222C:1730 TRACE :: Condition failed with 80070057: 'm_bstrDisclaimer != 0'
    09/15/2014|15:45:04.329 222C:1730 INFO  :: Function: CRTCCccpDecoder::GetNotificationData
    09/15/2014|15:45:04.329 222C:1730 TRACE :: Condition failed with 00000001: 'm_spNotificationData != 0'
    09/15/2014|15:45:04.329 222C:1730 INFO  :: no video presentation mode capable property
    09/15/2014|15:45:04.330 222C:1730 INFO  :: Fake IM presentation mode capable property
    09/15/2014|15:45:04.330 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:applicationsharing:id:CR3TTHNY vs. app:conf:focus:id:CR3TTHNY)
    09/15/2014|15:45:04.330 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:applicationsharing:id:CR3TTHNY vs. app:conf:audio-video:id:CR3TTHNY)
    09/15/2014|15:45:04.330 222C:1730 ERROR :: SIP_URL::InternalInitialize Didn't find host while parsing SIP URL []
    09/15/2014|15:45:04.330 222C:1730 ERROR :: SIP_URL::InternalInitialize Didn't find host while parsing SIP URL []
    09/15/2014|15:45:04.330 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:applicationsharing:id:CR3TTHNY vs. app:conf:data-conf:id:CR3TTHNY)
    09/15/2014|15:45:04.330 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:applicationsharing:id:CR3TTHNY vs. app:conf:chat:id:CR3TTHNY)
    09/15/2014|15:45:04.330 222C:1730 INFO  :: no video presentation mode capable property
    09/15/2014|15:45:04.330 222C:1730 INFO  :: Fake IM presentation mode capable property
    09/15/2014|15:45:04.331 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:audio-video:id:CR3TTHNY vs. app:conf:focus:id:CR3TTHNY)
    09/15/2014|15:45:04.331 222C:1730 INFO  :: Function: CRTCCccpDecoder::GetEntityStateMediaFiltersRules
    09/15/2014|15:45:04.331 222C:1730 TRACE :: Condition failed with 80070057: '(enMediaType == UCCCMT_AUDIO) || (enMediaType == UCCCMT_VIDEO) || (enMediaType == UCCCMT_MESSAGE)'
    09/15/2014|15:45:04.331 222C:1730 INFO  :: video presentation mode capable: true
    09/15/2014|15:45:04.331 222C:1730 INFO  :: Fake IM presentation mode capable property
    09/15/2014|15:45:04.331 222C:1730 INFO  :: multi-view-capable: true
    09/15/2014|15:45:04.331 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:chat:id:CR3TTHNY vs. app:conf:focus:id:CR3TTHNY)
    09/15/2014|15:45:04.332 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:chat:id:CR3TTHNY vs. app:conf:audio-video:id:CR3TTHNY)
    09/15/2014|15:45:04.332 222C:1730 ERROR :: SIP_URL::InternalInitialize Didn't find host while parsing SIP URL []
    09/15/2014|15:45:04.332 222C:1730 ERROR :: SIP_URL::InternalInitialize Didn't find host while parsing SIP URL []
    09/15/2014|15:45:04.332 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:chat:id:CR3TTHNY vs. app:conf:data-conf:id:CR3TTHNY)
    09/15/2014|15:45:04.332 222C:1730 INFO  :: no video presentation mode capable property
    09/15/2014|15:45:04.332 222C:1730 INFO  :: Fake IM presentation mode capable property
    09/15/2014|15:45:04.332 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:data-conf:id:CR3TTHNY vs. app:conf:focus:id:CR3TTHNY)
    09/15/2014|15:45:04.332 222C:1730 TRACE :: SIP_URL::IsBaseListContainedInCompareList - m_ParamValue for SIP_URL_PARAM m_ParamName opaque do not match (app:conf:data-conf:id:CR3TTHNY vs. app:conf:audio-video:id:CR3TTHNY)
    09/15/2014|15:45:04.332 222C:1730 ERROR :: SIP_URL::InternalInitialize Didn't find host while parsing SIP URL []
    09/15/2014|15:45:04.332 222C:1730 ERROR :: SIP_URL::InternalInitialize Didn't find host while parsing SIP URL []

  • Firefox keeps saying can't connect to server for every site but internet explorer can

    I was using firefox before and it worked fine. But then yesterday firefox updated itself and since then it wouldn't work. its not the firwall, not a proxey problem, I had uninstalled it and reinstalled it but that didn't work either. Internet explorer still works and so does the wireless for the laptop but just for my desktop firefox doesn't work. Now everytime I open firefox or try any other site it says "can't connect to the server at ..." what do I do.

    Did you check your security software (firewall)?
    A possible cause is security software (firewall) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
    Remove all rules for Firefox from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process.
    See:
    * [[Server not found]]
    * [[Firewalls]]

  • Exteral Users can't connect to the EDGE server

    HI All for about a week and half now I've been seeing this error a lot on my event logs. All my external users are no longer able to connect to the DMZ EDGE server with 3 external IP's. They can only use LYNC if they access out VPN. Any suggestions on what
    may be the issue???
    Log Name:      Lync Server
    Source:        LS Protocol Stack
    Date:          4/24/2014 9:07:14 AM
    Event ID:      14428
    Task Category: (1001)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      LyncEdge.*********.net
    Description:
    TLS outgoing connection failures.
    Over the past 16 minutes, Lync Server has experienced TLS outgoing connection failures 176 time(s). The error code of the last failure is 0x80090330(SEC_E_DECRYPT_FAILURE) while trying to connect to the server "**********.osis.is.local" at address
    [10.111.111.8:5061], and the display name in the peer certificate is "Unavailable".
    Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate
    root not trusted error means that the peer certificate was issued by a remote CA that is not trusted by the local machine.
    Resolution:
    Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses returned by DNS refer to
    a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.
    Thanks Dave Wolf

    Verify root certs exist in the Trusted Root Certification Store.
    Also you can refer below links
    http://www.shudnow.net/2011/02/01/lync-2010-edge-utilizing-windows-server-2008-r2-federation-tls-issues/
    http://theucguru.blogspot.com/2012/03/lync-edge-ls-protocol-stack-14428.html
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
    Mai Ali | My blog: Technical

Maybe you are looking for

  • SSD Performance Questions

    I've just ordered a MBP 2.4Ghz with 7200rpm 750GB drive, I will be adding either a single 8GB memory stick (total of 10GB) or a 16GB kit.  I'm looking for my first SSD use as a boot drive for OSX and potentially Win 7 in BootCamp and hope I can get s

  • New to Authorware

    HI I have recently started looking at Authorware 7. I am completely new to Authorware but not to macromedia products and have used Dreamweaver , Flash and Fireworks before. I am creating a virtual enviroment where the user can interact with things an

  • =?iso-8859-1?Q?FW=3A_Making_an_Install_Program_in_Fort=E9?=

    Hi, > How about placing all non-ServiceObject Classes in a compiled library and all > Service Objects in a project(s). > This way your code is hidden and you can still use Service Objects in your > production. This may not be the best thing to do dep

  • Different appearance of Nikon D600 RAW in Aperture 3.4.5 vs Nikon View NX2

    Hi all, here's a question/statement of an issue with Aperture 3.4.5 processing of Nikon D600 RAW images, appears the same with both Raw Camera 4.08 and 4.07 support versions. I'm stating that something is incorrect in Aperture's Calibration of Nikon

  • NEW ITOUCH USER... HOW DO I TRANSFER CD TO MY ITOUCH

    new itouch user...  how do i transfer a music CD to my itouch??