Monday, July 12, 2010

Troubleshooting Exchange UM and OCS Integration's "Play On Phone" Feature – Event ID 1113

Spent a whole day trying to figure out why my play on phone feature wouldn’t work. Every time I use the play on phone feature entering either a:

1. SIP address

2. PSTN

I would get a very generic message indicating:

“The number cannot be dialed. Please try again later.”

After doing numerous research and finding forums about changing the UM IP gateway from FQDN to IP and then back which didn’t work…

image

… I noticed the following Event ID 1113 being logged in the application log on the UM server:

image

Even though I’ve verified the certificates (both trusted Root and computer) are valid and went ahead to reissue all the certs for the OCS front-end, UM and Mediation server, this warning message still persisted.

Tracing on Mediation showed that no traffic ever made it over but tracing on front-end showed some SIP communication error between UM and itself but did not give a clear indication of what the problem was.

image

I then proceeded to turn logging on the Exchange UM server from low to expert level (http://technet.microsoft.com/en-us/library/bb430783(EXCHG.80).aspx). Once expert logging was turned on, I noticed this error message:

image

Clicking on the link fired up IE and I had no trouble downloading or opening the file.

After remembering that CAS may be logging errors as well, I went ahead and logged on and found this warning:

image

After verifying all the settings on the UM server again, I figured it may be worth the while to issue a certificate from the Enterprise Root CA to this server as it’s currently using a “self-signed” certificate. Once I did this, “Play on Phone” started to work.

What looked like happened was that when the “Play on Phone” feature is used from OWA, a secure connection is made between the CAS and UM server and if the CAS server does not have a trusted certificate, the communication will terminate. This obviously wouldn’t have been a problem if OWA was published externally because an external certificate would have been installed and it would have been trusted internally.

Lesson learned.

No comments: