Event ID/Source search
Keyword searchExample: Windows cannot unload your registry file
Event ID: 16405 Source: Live Communications Server
|Source: Live Communications Server|
Over the past <value> minutes Live Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090322 (The target principal name is incorrect.) while trying to connect to the host "<host>".
Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
Resolution: For untrusted root errors ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain then try rebooting the computer.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of ESENT?
From a newsgroup post: "This means that your certificate is not issued to the pool name. Please check the certificate on the front-end servers (belonging to the pool) and ensure that they match the pool FQDN.
In rare cases, this can also happen due to badly configured DNS. When the server tries to resolve the host, it gets an IP address of a server that does not belong to the pool".
From a newsgroup post: "The certificates used are directly linked to the FQDNs targeted. Therefore, if your AP targets FQDN lcsfe.contoso.com but gets a certificate for sip.contoso.com back, it is going to encounter connectivity issues.
There are other options available if you would like to use different FQDNs but make it so that employees do not need to configure their clients for a different server:
1. Internally you can deploy a policy to specify which server a client will target.
2. You can deploy SRV records which will direct clients to the correct FQDN. Read the Live Communications Server 2005 Document Planning Guide for details.
If you are concerned about the cost of public certifications, you can use your own internal CA for your front-end certificate and then deploy the certificate chain for your CA across your internal machines".
|Private comment: Subscribers only. See example of private comment|
|Links: Live Communications Server 2005 Document Planning Guide|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated