Share via

Events Related to DNS, TLS, Federation, Validation, and Client Authentication

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

The following table lists general Office Communications Server events that are related to DNS, TLS, federation, validation, and client authentication.

Event ID Description Cause and Resolution


TLS outgoing connection failures

CAUSE: A certificate issue, such as the following:

  • Certificate root not trusted. The peer certificate was issued by a remote CA that is not trusted by the local computer.

  • Wrong principal. The peer presents a certificate that has a subject name that does not match the peer name.

RESOLUTION: Verify that the remote CA certificate chain is installed locally. Verify that the peer server to which the server is connecting has a certificate with the correct subject name or subject alternate name (SAN). See Configuring Certificates for Servers in the Administering Office Communications Server 2007 R2 documentation.


Multiple authentication or authorization failures from unknown IP address

CAUSE: A malicious user may be trying to guess the account password in order to break into the network.

RESOLUTION: Examine the IP address where the attempts originate, and determine whether it should be blocked at the firewall.


Multiple user domain validation failures from federated partner

CAUSE: Messages are sent to local users that do not exist, or messages are sent from domains that the partner is not allowed to send from, or messages are sent to domains that your organization does not support.

RESOLUTION: Verify that messages received are for valid users or for SIP domains that are listed on the Supported Domains list on the Access Edge Server.


Multiple user domain validation failures originating in your network

CAUSE: Users within your organization have sent messages to domains that are not supported or are using a route that is incorrectly configured


Multiple invalid certificates provided by a remote IP address

CAUSE: A significant number of invalid certificates have been provided by specified remote IP address when attempting to establish an mutual TLS (MTLS) peer. This event includes the certificate names associated with this peer, the serial number and issuer of the peer certificate and specific failure codes.

RESOLUTION: If the remote server is within your organization, update the certificate. See Configuring Certificates for Servers in the Administering Office Communications Server 2007 R2 documentation. If the remote server belongs to a valid federated partner, contact that organization’s Office Communications Server administrator.


Connection failure with remote server

CAUSE: Credentials were not valid or could not be authenticated, or there are issues with DNS, firewalls or proxies. The specific event message typically provides additional information about the issue.

RESOLUTION: Identify and correct the issue based on the specific failure type.


Multiple DNS queries are not resolved.

CAUSE: For DNS SRV queries, users are trying to communicate with users in an unidentified domain. For DNS A queries, a specific IP address cannot be resolved.

RESOLUTION: For DNS SRV failures, review the external domain that users are trying to contact. If it is a valid domain with which you want your organization to federate, contact the Office Communications Server administrator for that domain to establish a federated partnership or, if the federated partnership was previously set up, to verify the federation settings (including domains and Access Edge service FQDNs).

For DNS A failures, if the server is in one of your administered domains, correct this issue.

See Also

Other Resources

VoIP Components