Forefront for OCS error on the Access Edge (Event ID: 10161 & 10162)

October 5, 2009

in 2007R2, Microsoft, OCS, Security

Symptoms

The IM Notification Agent on the Access Edge is failing with the following Application Log events:

Event ID: 10162
Type: Error
Source: ForefrontNotificationAgent
Description:
“ERROR: Microsoft.FSO.IMClient.dll.IMClient.RaiseLoginDone(“”) – Error occured logging in to server: 80072746: .”

AND

Event ID: 10161
Type: Error
Source: ForefrontNotificationAgent
Description:
“ERROR: ForefrontNotificationAgent.exe.NotificationAgent.imClient_LoginDone(“”) – Failed to login.”

More information

You have correctly setup the IM Notification Agent account per the instructions found here on TechNet for an Access Edge server.  You have verified the notification account id and password are accurate by logging in with the notification account from a remote client. Your IM Notification Agent settings look as follows:

IM Notification Agent settings

Use ForefrontRTCProxy Service Credentials: Unchecked
Transport: TLS
Username: domain\userid
Password: *****
SIP URI: sip:userid@company.com
Home or Pool Server: Director FQDN

SIP Logging on the director server shows a “SIP/2.0 301 Redirect request to Home Server” message with no response from the home pool.  This tells us that the Director server is treating the Forefront Notification Agent as an inside client and thus is trying to redirect the “client” to the notification account’s home pool.  The Director server should proxy the request, not redirect.  Remote user connections cannot be redirected.  Read here for more information on how a director behaves with internal vs. external clients. Changing the Home or Pool server settings to point to the notification account’s home pool FQDN does not solve the problem.

Resolution

Option 1

In the Home or Pool Server field add the FQDN entry for Access Edge external interface (sip.company.com).  However just changing the entry is not enough, you’ll also want to specify the port as follows “sip.company.com:443”.  This is of course assuming that your AE external interface FQDN is sip.company.com.  Make sure the Access Edge server correctly identifies the external FQDN to the correct IP address.  Changing to the AE FQDN will route the Forefront Notification Agent login request through the Access Edge service and then to the next hop server (Director).  The Director will then properly process the login request as a remote client.

Further SIP logging on the Director reveals a successful “Routed a request on behalf of an application” followed by a successful response from the account’s home pool.

IM Notification Agent settings

Use ForefrontRTCProxy Service Credentials: Unchecked
Transport: TLS
Username: domain\userid
Password: *****
SIP URI: sip:userid@company.com
Home or Pool Server: sip.company.com:443

Option 2

Another recent fix that was brought to my attention was to enter the SIP URI without the “sip:” prefix.  Your settings would be as follows:

IM Notification Agent settings

Use ForefrontRTCProxy Service Credentials: Unchecked
Transport: TLS
Username: domain\userid
Password: *****
SIP URI: userid@company.com (without sip: prefix)
Home or Pool Server: sip.company.com:443

Cause

As for the cause, I cannot speak to what is specifically causing this issue as I feel this is either a bug in the Forefront notification agent OR an error in the documentation.

913 views
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...