This was a question coming from an education customer in Minnesota deploying OCS R2 Group Chat Server:
Their Group Chat client was working but the Group Chat administrator console was not. It was getting this error:
“Cannot sign in because of a problem with the chat room service….”
Server 2 received error while subscribing to peer 1, <1> <net.tcp://ocsgroupchat.campus.xxx.edu:8011/MGC/PeerService> <ChannelServer>. Details: Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'ocsgroupchat.campus.xxx.edu' but the remote endpoint provided DNS claim 'ocscontent.xxx.edu'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'ocscontent.xxx.edu' as the Identity property of EndpointAddress when creating channel proxy.
Here are some support steps I found to check on your Group Chat Server installation that can relate to this error:
1. Verify the certificate assigned to the group chat server it should have both Server and Client Authentication. If you have only server authentication, sign in to admin console will fail with above error.
2. Above service accounts must be part of RTCUniversalServerAdmins group and also Administrators group of the group chat server. Also add the user name (admin account) with which you are going to sign in to group chat.
3. Enable the admin account along with the above five service accounts for SIP communication on OCS 2007 server R2. Configure them for Federation,PIC,Remote User Access and Enhanced presence.
4. From SQL server management studio ->Security->Logins, Make sure all the above service accounts and admin account, are there. Then here Login properties, General-> default database for each of the account should be "GCDB", Under user mapping->check db_owner for all the service accounts.
5. Under GC admin sign in console->Edit Accounts Settings->Automatic Configuration->Uncheck "Use my Windows credentials to log in automatically" , then under Office communications Server leave Host "blank", select encrypted radio button, under Group Chat Server Settings leave Use default server address box unchecked and server address as "OCSchat service account uri"
6. C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys re-add the Lookup Service account and the Channel Service account and give them full control to this folder and re-apply full control to all the files in it and try to restart the services.
In their case, Step 6 resolved the Group Chat Admin Console error above.
For more on what is OCS R2 Group Chat Server read my other post here.
This was a question coming from an education customer in Minnesota deploying OCS R2 Group Chat Server
someone who is invalid host in chat v 2009 is preventing me from connecting
If your certificate uses Subject Alternate Names it is necessary to make sure the last DNS alternate name listed is the hostname of the Group Chat Server.
Thank you so much for your tip! I was searching for _hours_ on how to make this work trying to add a second group chat server to the pool!
I am having the exact same problem deplyong GC in my production environment, and the first thing that raises my attention in your post is the reference to the EKU of the certificate. In fact I also have a certificate with the EKU only with server authentication, which lead me to think that is the reason for my problem. Although no reference is made for the EKU in Microsoft documentation. But still, I must say that I have already deployed GC in a test environment where I used the exact same type of certificate ( No Client Authentication in EKU) and all works fine... This is not conclusive. Any new thoughts?