Hi Guys,
I am installing Lync Group Chat, all is fine. however, I cannot logon Goup Chat admin tool with the error:“Cannot sign in because of a problem with the chat room service….” , Then I go to check the services, found I cannot start lookup service and channel service at the same time from Service.msc. moreover, Services on Group Chat Configuration tool always stopped automatically for a while. I found the error event in system events:7034,7023, also 36870.
I checking the configuration below:
1. Above service accounts must be part of RTCUniversalServerAdmins group and also Administrators group of the group chat server. Also add the user name (admin account) with which you are going to sign in to group chat.
2. Enable the admin account along with the above five service accounts for SIP communication on OCS 2007 server R2. Configure them for Federation,PIC,Remote User Access and Enhanced presence.
3. From SQL server management studio ->Security->Logins, Make sure all the above service accounts and admin account, are there. Then here Login properties, General-> default database for each of the account should be “GCDB”, Under user mapping->check db_owner for all the service accounts.
4. Under GC admin sign in console->Edit Accounts Settings->Automatic
Configuration->Uncheck “Use my Windows credentials to log in automatically” , then under Office communications Server leave Host “blank”, select encrypted radio button, under Group Chat Server Settings leave Use default server address
box
unchecked and server address as “OCSchat service account uri”
5. C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys re-add the Lookup Service account and the Channel Service account and give them full control to this folder and re-apply full control to all the files in it and try to restart the services.
But still the same problem. As i found below, 36870 related to SSL cert:
36870 | Error | A fatal error occurred when attempting to access the SSL [client| server] credential private key. The error code returned from the cryptographic module is error code. |
I haven't checked it, because I don't know how to verify the certificate have both Server and Client Authentication?
Verify the certificate assigned to the group chat server it should have both Server and Client Authentication. If you have only server authentication, sign in to admin console will fail with above error.
So my questions:
1) How to verify the certificate have both Server and Client Authentication?
2) Do the services have some problem? Why they can start but stop again? Is it relevant to the problem(Group chat admin tool logon)?
3) Any good idea?
Best regards,
Lester Chen