FSOCS troubleshooting
Applies to: Forefront Security for Office Communications Server
This section contains troubleshooting information for Microsoft Forefront Security for Office Communications Server (FSOCS).
Getting help
To obtain technical support, visit the Microsoft Web site at Microsoft Help and Support.
Forefront Server Security Administrator error messages
Some common errors from the Forefront Server Security Administrator include the following:
| Error | Description |
|---|---|
Unable to connect to service (Advise returned 0x8000ffff) |
This error message appears in the Forefront Server Security Administrator status bar when attempting to connect to a server that already has a Forefront Server Security Administrator connected to it. FSOCS is limited to one Administrator connection per server. |
Unable to connect to service (CoCreateInstance returned 0x80040154) |
This error message appears in the Forefront Server Security Administrator status bar when attempting to connect to a server where FSOCS is not properly installed. Make sure the following Registry key is set to 0x00000000 (0): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\File System\NtfsDisable8dot3NameCreation If it is not, change it to this value, restart the machine, and then try reinstalling FSOCS. Some of the product's components require 8 dot 3 naming. |
Forefront Notification Agent error messages
The error codes given below are generated by the Unified Communications Client Application Programming Interface (UCCAPI). Information about error codes not referenced below can be found in the MSDN Library at Error Messages and Error Codes of Unified Communications Client API.
| Error | Description or resolution |
|---|---|
The Notification Agent configuration is invalid |
Verify that the server name and user URI are correctly set. |
Empty SIP URI / SIP Server / Transport Type |
Verify that the following three registry keys are properly set:
|
ForefrontRTCProxy or the Office Communications Server Front-End Service failed to start |
Verify that the permissions of the user accounts for both services are valid. |
0x80EF0194 - UCC_E_SIP_STATUS_CLIENT_NOT_FOUND |
The specified SIP URI could not be found. Verify that the URI specified in the NotificationAgentSIPUri registry key is correct. |
0x80EE0066 - UCC_E_DNS_FAIL |
DNS lookup of the server failed. If the NotificationAgentSIPServer registry key is configured to use the fully qualified domain name (FQDN) of the OCS server or the name of an enterprise pool in order to connect, ensure that the name is entered correctly. If the FQDN is entered correctly, ensure that there are the appropriate entries in the forward lookup zone of the DNS server for the FQDN. If you do not have access to (or no administrative privileges for) the DNS server in question, then make an entry in the Windows HOSTS file in order to resolve the FQDN appropriately. If this works, contact the administrator of the DNS server in order to add the appropriate domain name to the forward lookup zone. See the Office Communications Server Deployment Guide for details on DNS configuration. |
0x80EE0065 - UCC_E_INVALID_CERTIFICATE |
Invalid certificate. When using Transport Layer Security (TLS) as the transport (as opposed to TCP), the OCS server is configured to authenticate TLS sessions by using a particular certificate that was issued to that particular server. Check the certificate configuration of the OCS server. Note the FQDN to which the certificate was issued (the FQDN of the server or the pool). The server name in the NotificationAgentSIPServer registry key should match that of the FQDN to which the certificate was issued. |
0x80EE0067 - UCC_E_SIP_TCP_FAIL |
Failed to make a TCP connection. This error can occur if the NotificationAgentTransportType registry key is configured to use TCP as the transport protocol and the OCS server is not configured to accept TCP connections. If the OCS server is configured to accept only TLS connections, update the registry key specifying TLS; otherwise, enable TCP connections on the OCS server. Note that TLS is recommended as the default transport type, but may not be available for environments with valid server certificates. See the Office Communications Server Deployment Guide for more details. |
0x80EE001C - UCC_E_SIP_SSL_TUNNEL_FAILED |
Failed to make a TLS connection. This error can occur if the NotificationAgentTransportType registry key is configured to use TLS as the transport protocol and the OCS server is not configured to accept TLS connections. Configure OCS to accept TLS connections (see the Office Communications Server Deployment Guide for details). If certificates are not available in the environment, verify that OCS can accept TCP connections and update the registry key specifying TCP as the transport type. |
Diagnostics
Diagnostic logging is helpful information that can be used by Microsoft support technicians in order to help troubleshoot any problems that are occurring while FSOCS is not working properly. Diagnostics can be set for the IM Scan Job by selecting Additional IM in the Diagnostics section of the General Options pane. This option is disabled by default. For more information about this setting, see "General Options" in FSOCS Forefront Server Security Administrator.
For information about collecting diagnostic information, see The FSC diagnostic tool for FSOCS.