cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2829
Views
0
Helpful
32
Replies

CUPS 6.0.3 Calendar Integration

maloyal
Level 1
Level 1

We have just upgraded CCM to 6.1.2.1000-13 and CUPS to 6.0.3.1000-12.

Previously, we had CUPS 6.0.2 and our OWA uses FBA so we had no Calendar integration in Unified Personal communicator. I understood this to be resolved in the latest version, so we upgraded.

We still have no Calendar integration with the Unified client and going thru the System Troubleshooter, it says our Presence Gateway is unreachable. I desparately need help configuring this...I think this comes down to certificates.

Our OWA certificate is issued by 3rd party, root CA is Equifax. I have downloaded the root CA from Equifax at http://www.geotrust.com/resources/root_certificates/index.asp and uploaded it to the Certs in CUPS OS Admin as .cer and .pem and it never shows up in the Certs list (which I've attached)

The initial install, we did upload our OWA cert as .pem and it appeared to take. On the initial CUPS 6.0.2 install, we briefly changed OWA to Windows Authentication and Calendaring worked. But we changed it back to FBA because we weren't ready to make that change.

The CN in the Cert is exactly the FQDN of our OWA so I'm really lost here. The deployment guide talks about using IIS to issue a cert request...I shouldn't need to do all that...especially since there is no IIS in CUPS.

thanks

32 Replies 32

Sent via email...thank you!

Here are some logs from me uploading/reloading my root ca with different names, as well as my OWA cert.

Whenever I load my root ca, no matter what name I give it, it NEVER shows up in the cert list.

i'm able to install your equifax root ca certificate but it does also not appear in the certificate list of our CUPS!

we are using thawte root ca which worked fine this way. maybe CUPS has some problem processing different root CA certificate details? e.g. thawte has no CRL entry. i'm afraid you have to open a TAC case...

do you habe rebooted the CUPS server and try again?

in the release notes of CUPS 6.03 i've found the following:

"If the certificate has no Subject CN, upload the certificate on the Presence Gateway Configuration page of the Cisco Unified Presence Administration GUI. Select Cisco Unified Presence > Presence Engine > Presence Gateways. You can upload any number of root CA certificates but you must upload five certificates at a time. Following a L2 upgrade, the Exchange certificates must be uploaded again on this page."

i don't believe that this also applies to root ca certificates, but maybe you can try this method too.

Could I see a pic of your Cert list to see how your Root CA shows up?

There was also something in the docs about having spaces in the cert filename.

FYI...tried mine both ways.

What is weird is my OWA cert would only show up in the list when I used the CN name as the filename...periods and everything. It wouldn't show up if I used underscores or spaces.

i have succesfully installed two root CA certificates (Thawte and Startcom). however, i did not named the root ca cer files specific.

please try whether you are able to install a thawte certificate?

yep...able to install it.

ok, then it seems that we have actually a bug with cups and root ca certificate details!

can you open a TAC case with these two examples of Equifax and Thawte?

I think I got it!!!

When I view my OWA cert in Firefox and look at the "Issue by" there is no CN.

"If the certificate has no Subject CN, upload the certificate on the Presence Gateway Configuration page of the Cisco Unified Presence Administration GUI."

I thought this was talking just about my OWA cert. But I went ahead and tried uploading my equifax.cer and it said not valid PEM file. I changed the file extension and uploaded it.

Restarted my PE and SIP, but the Cert still does NOT show up in the Cert list.

However I started my UC client and there was my status! I deleted my all day appt and I went to available. I created an all day Busy meeting, and my status changed.

There are no further Cert errors in RTMT either.

I think this is fixed. Thanks for all your help, it is TRULY appreciated!

glad it works now for you!

Hi,

Could you perhaps tell me which cert you used as your root certificate from Equifax. I'm having the exact same problem. I'm not getting any errors in the Troubleshooter, but I have a feeling that there might be a problem with my cert.

From this url: http://www.geotrust.com/resources/root_certificates/index.asp

I used Root 1 and uploaded it thru the Presence Gateway config page.

I have since had to open a ticket with TAC. This cert is not displayed in OS administration, but is located in the folder: /usr/local/thirdparty/

We have since deleted my OWA certificate since only the Root CA was needed.

My troubleshooter is still saying Presence Gateway unreachable, however Presence info works.

The RTMT will consistently register period errors about timeouts to the Exchange server, but it will register another event saying connection re-established with no elasped time.

Weird

Hi,

Thanks for the reply. My problems seem to be the complete opposite. I'm not getting errors about the Presence Gateway in the Troubleshooter, however, since I removed my OWA cert I am picking up errors about my Exchange cert in the troubleshooter.

My Presence info doesn't work at all. I'm also waiting to open a case with TAC, been working at this for almost two weeks.

What's your version of CUPS?

Are you using Forms Based Authentication for OWA?

Finally, who issued your OWA cert?

I'm using CUPS 6.0.4.1000-3.

I'm not using Forms Based Authentication for OWA.

The cert was issued by VeriSign.

I am getting similar issues, here is what I get in the RTMT log. I have uploaded a certificate, and the root for our certificate, and still have iussues.

8/11/2008 11:33:22.715 EPE|system.pe.pa.owa.backend 404906 ERROR ExchangeSession: 0xffffffff90b0bfe8 ssl problem(s): CERTIFICATE_AUTHORITY_SIGNATURE_NOT_TRUSTED - rejected

|<:STANDALONECLUSTER><:DGCUP1><:ERROR><:0800>

08/11/2008 11:33:22.715 EPE|system.pe.pa.owa.backend 404906 ERROR Exchange Server Transaction Failed: SUBSCRIBE sip:etruesda@sentinel.com@owa.sentinel.com:443 1 TLS error - check certificate; Server certificate verification failed: issuer is not trusted - rejected

|<:STANDALONECLUSTER><:DGCUP1><:ERROR><:0800>

Here are the certs, what can I be doing wrong?