This section identifies scenarios in which problems might be identified, offers pointers and hints as to what the problems might be, and demonstrates how to continue diagnosing the problem for other issues. The primary root causes of problems for existing customers and beta testers have historically been the following:
Certificate configuration, deployment, or enrollment errors
Missing or incorrect parameters (such as Subject Name [SN] or Subject Alternate Name [SAN]) that make it so remote machines can't validate the certificate as being the authority for the DNS name by which the server is recognized
Authentication failures due to intermediate or root Certificate Authority (CA) certificates that are missing on the validating user or server machine
Inability to configure or utilize a server certificate due to installation in a user store instead of the machine store (which leaves the private key inaccessible to the service)
Configuration inconsistencies
Mismatches between the configuration that was expected and the one that was actually configured
Mismatches between the global Active Directory and local server configuration
Domain Name Service (DNS) problems
Servers are unable to reach the DNS zone that publishes the necessary information
DNS and certificates don't match up explicitly in a way that allows authentication, client discovery, or the federation to work
Ports aren't properly mapped or enabled
Server shared and private IP addresses are mismatched with the load balancer
Unsupported configurations are attempted that fail only in certain cases
Migration or co-existence problems with Office Communications Server 2007 and Live Communications Server 2005
Quality of Experience (QoE) issues with conferencing over networks
Limited resources/bandwidth for necessary traffic
Data quality issues (echoing, microphone problems)
To simplify the scope and remove complexity during investigations, it is always advisable to look for event log errors and warnings that can quickly be checked in the administration Microsoft Management Console (MMC) snap-in for Office Communications Server 2007. These can also be filtered and searched directly from the MMC based on product categories such as Web Conferencing or Voice Applications.
To radically ease diagnostics, install the Office Communications Server 2007 Resource Kit Tools, which enables the use of Snooper inside of the Office Communications Server Logger (which can be launched from the Office Communications Server administration MMC snap-in). Additionally, installing the Archiving Server enables Snooper to use Analyze Errors, which can search for existing errors that have been logged by a specific user or for specific logged error codes. This functionality can radically simplify help desk support as well as determination of what errors are occurring on the network before users actually detect them. Exploring the full functionality available within the Office Communications Server Logger (including Snooper) and leveraging the Archiving Server to track problems that crop up in deployment are easy ways to keep things running smoothly.
This section details login and basic operation troubleshooting when using Office Communicator, Communicator Web Access (CWA), and Communicator Mobile. Specific examples of failures as well as the data or troubleshooting steps associated with them are presented and appropriate next steps are identified. Enabling Communicator event logs and using protocol trace logs on the client and server can make most problems readily apparent and even point out helpful next steps.
Chapter 4, "Basic IM and Presence Scenarios," explains the technical details behind Communicator's login, basic presence, and instant messaging scenarios. Reviewing this information will help to pinpoint problems simply by following along and identifying where the client response or network traffic (from the client trace logs) differs from the logs and technical walk-throughs that are shown.
This section of the chapter presents tips from experts for troubleshooting Office Communicator issues during login as well as information that can be discovered in client trace logs. Chapter 16 covers helpful tools such as ClientLogReader and Snooper and also provides examples of event log messages with appropriate next steps.
Client trace logs display errors and problems that can occur. Most of this knowledge is embedded within the ClientLogReader tool or Snooper tool in the Office Communications Server 2007 Resource Kit Tools. These useful tools can make the reading of client logs faster and easier when errors aren't clearly identified by the Communicator user interface (UI) or Communicator's event logs (if these have been enabled). With this data, you can more readily understand what to look for outside of protocol messages and thereby ease client troubleshooting. Each case that is described in the sections that follow shows part of an Office Communicator log file and also identifies typical next steps to take to resolve any identified problem.
Note
In the following log examples, the date, time, and thread columns have been removed to keep the data succinct and easy to read.
Resolving Issues That Involve DNS Service Record Locator Queries The following cases show the client doing DNS Service Record Locator (SRV) resolutions as part of automatic configuration in a remote access scenario once the client discovers (through use of the user's SIP URI) where to log in. An SRV query is made against the domain of the user's URI, and then the resolved server name is used to log in. Normally, both internal and external SRV queries are issued at the same time, and the internal result is prioritized if both are received.
Case 1: Success INFO :: QueryDNSSrv - DNS Name[_sipinternaltls._tcp.contoso.com] ERROR :: QueryDNSSrv GetDnsResults query: _sipinternaltls._tcp.contoso.com failed 0 ERROR :: DNS_RESOLUTION_WORKITEM::ProcessWorkItem ResolveHostName failed8007232bINFO :: QueryDNSSrv - DNS Name[_sip._tls.contoso.com] INFO :: CUccDnsQuery::UpdateLookup - error code=80ee0066, index=0 INFO :: CUccDnsQuery::CompleteLookup - index=0 INFO :: CUccDnsQuery::UpdateLookup - error code=0, index=1 INFO :: CUccDnsQuery::CompleteLookup - index=1 ... TRACE :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete[012CAC60] Entered hostsip.contoso.com
In this example, the SIP URI [email protected] resulted in two DNS queries:
_sipinternaltls._tcp.contoso.com—Discovering access to the internal corporate network
Failed with the 0x8007232b error, which the LCSError.exe tool (from the Office Communications Server 2007 Resource Kit Tools) shows to be a system error with the description "DNS name does not exist"
Because the client is on an external network, it is not surprising that resolving the internal service record fails
_sip._tls.contoso.com—Discovering access through an external network
Note that it's easy to manually verify results shown in the client log by using nslookup.exe, as shown here:
C: >nslookup
Default Server: dns.contoso.com
Address: 7.7.7.1
> set type=srv
> _sip._tls.contoso.com Server: dns.contoso.com
Address: 7.7.7.1
Non-authoritative answer:
_sip._tls.contoso.com SRV service location:
priority = 0
weight = 0
port = 443
svr hostname = sip.contoso.comCase 2: Failure - Invalid DNS Response INFO :: QueryDNSSrv - DNS Name[_sipinternaltls._tcp.sip.test.contoso.com] ERROR :: QueryDNSSrv GetDnsResults query: _sipinternaltls._tcp.sip.test. contoso.com failed 0 ERROR :: DNS_RESOLUTION_WORKITEM::ProcessWorkItem ResolveHostName failed8007232bINFO :: QueryDNSSrv - DNS Name[_sip._tls.sip.test.contoso.com] INFO :: CUccDnsQuery::UpdateLookup - error code=80ee0066, index=0 INFO :: CUccDnsQuery::CompleteLookup - index=0 INFO :: CUccDnsQuery::UpdateLookup - error code=80004005, index=1 INFO :: CUccDnsQuery::CompleteLookup - index=1
In this case, [email protected] resulted in the preceding queries. The _sipinternaltls._tcp.sip.test.contoso.com record didn't exist (the client stack uses 0x80ee0066 to identify that no record existed), and lcsap.test.contoso.com was returned for the external lookup. However, the result lcsap.test.contoso.com isn't seen as valid (0x80004005 is the E_FAIL error used by the client stack to identify that this result isn't valid) because it doesn't have a strict suffix match with sip.test.contoso.com. It is important to make sure that all server names line up exactly with the domains over which they claim ownership. The server name should be equal to the domain name or directly rooted off of the domain name in question. Some examples are shown in Table 17-1.
Table 17-1. Validation of DNS SRV Query Results
Domain Queried | Published DNS Server Name (certificate must match this name) | Valid? |
|---|---|---|
contoso.com | sip.contoso.com, contoso.com, server7.contoso.com, ocs.contoso.com | VALID—All servers either match the domain or have a server name rooted off of the domain in question. |
contoso.com | sip.eng.contoso.com | INVALID—Server has possible ownership of only eng.contoso.com or sip.eng.contoso.com. |
eng.contoso.com | sipserver.eng.contoso.com, eng.contoso.com | VALID—All servers either match the domain or have a server name rooted off of the domain in question. |
eng.contoso.com | contoso.com, sipeng.contoso.com, sip.contoso.com, sip.woodgrovebank.com | INVALID—All servers do not have ownership of the eng.contoso.com domain because they are not either eng.contoso.com or some name directly rooted from it. |
Case 3: Failure - No DNS Service Records Exist INFO :: QueryDNSSrv - DNS Name[_sipinternaltls._tcp.contoso.com] ERROR :: QueryDNSSrv GetDnsResults query: _sipinternaltls._tcp.contoso.com failed 0 ERROR :: DNS_RESOLUTION_WORKITEM::ProcessWorkItem ResolveHostName failed8007232aINFO :: QueryDNSSrv - DNS Name[_sip._tls.contoso.com] INFO :: CUccDnsQuery::UpdateLookup - error code=80ee0066, index=0 INFO :: CUccDnsQuery::CompleteLookup - index=0 ERROR :: QueryDNSSrv GetDnsResults query: _sip._tls.contoso.com failed 0 ERROR :: DNS_RESOLUTION_WORKITEM::ProcessWorkItem ResolveHostName failed8007232aINFO :: CUccDnsQuery::UpdateLookup - error code=80ee0066, index=1 INFO :: CUccDnsQuery::CompleteLookup - index=1 ... ERROR ::gethostbyname failed for host sipinternal.contoso.com,error: 0x2afc ERROR :: DNS_RESOLUTION_WORKITEM::ProcessWorkItem ResolveHostName failed 80072afc TRACE :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete[012CAC60] Entered host sipinternal.contoso.com ERROR :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete - error : 80ee0066 ... ERROR ::gethostbyname failed for host sip.contoso.com,error: 0x2afc ERROR :: DNS_RESOLUTION_WORKITEM::ProcessWorkItem ResolveHostName failed 80072afc TRACE :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete[01D93130] Entered host sip.contoso.com ERROR :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete - error : 80ee0066 ... ERROR ::gethostbyname failed for host sipexternal.contoso.com,error: 0x2afc ERROR :: DNS_RESOLUTION_WORKITEM::ProcessWorkItem ResolveHostName failed 80072afc TRACE :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete[01D93130] Entered host sipexternal.contoso.com ERROR :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete - error : 80ee0066
In this case, the SIP URI [email protected] resulted in the preceding queries, but neither record is resolved (0x80ee0066 is used by the client stack to mean no record existed). In the absence of these records, Communicator attempts to resolve the hostnames sipinternal.contoso.com, then sip.contoso.com, and finally sipexternal.contoso.com; all of these records fail as well. In this scenario, it is likely that the infrastructure DNS cannot be reached or that the infrastructure is configured incorrectly. Start by using nslookup.exe to determine what DNS server is being used, and change the default server to the publishing point for the domain's DNS SRV records (the server <NewDnsServerName> command changes the default DNS server from the NSLookup command prompt). Failures to resolve the DNS entries directly from the server that should be hosting these service records means that either the DNS service isn't running on that machine or that the entries are configured incorrectly on the server. Failures to resolve the records from intermediate machines could be related to the machines' inability to see the publishing server as an authority or to existing DNS caches holding invalid entries.
Next Steps DNS resolution problems or errors that occur because the resolved records aren't acceptable to the client can be resolved by using the following steps. First, make sure that the necessary DNS SRV and A records exist for the user's domain. Communicator queries DNS SRV based on the domain portion of the user's SIP URI. Therefore, if you want automatic configuration to work, the SRV and A records need to exist for this domain. Secondly, make sure that all record domains match for the user's domain. The DNS SRV record needs to be published for the user's domain, and the server's hostname that the domain SRV record points to needs to have a name suffix that matches the user's domain as well. If either of these do not line up, Communicator does not accept the information that it gathers from DNS. In addition, when Transport Layer Security (TLS) is used, the certificate presented by the server must provide proof of ownership for the server's hostname (as discovered via DNS). Additional information about these problems is provided in the "Resolving Issues That Arise from Certificate Negotiation Failures" section that follows.
Resolving Issues That Arise from Certificate Negotiation Failures The following logs demonstrate cases in which certificate validation failed on the client, which can occur when Communicator uses TLS and isn't able to validate the server's certificate.
Case 1: Certificate Name Does Not Match DNS Name
TRACE :: SIP_MSG_PROCESSOR::OnDnsResolutionComplete[01D87BA0] Entered host
sipserver.contoso.com
...
ERROR :: SECURE_SOCKET: negotiation failed: 80090322In this case, Communicator received the SEC_E_WRONG_PRINCIPLE failure message (0x80090322), which means that the name to which the client connected isn't listed as a valid name in the server certificate. By looking back in the trace log, you can see the name of the server that the client was connected to (shown earlier). Make sure that this name is listed in the server certificate. This failure can also happen when an IP address is improperly used to identify the server when using TLS. The hostname needs to be used so that it can be matched against the name in the certificate.
Case 2: Root CA Certificate Is Missing the Server EKU
ERROR :: SECURE_SOCKET: negotiation failed: 80090349In this case, Communicator received the SEC_E_CERT_WRONG_USAGE failure message (0x80090349), which means that the server certificate does not have rights to be used as a server certificate. The root CA certificate does not have the Server Authentication usage listed in its Enhanced Key Usage (EKU). This failure means that the right to be used as a server certificate cannot be inherited by the server's certificate, and therefore the client doesn't trust this certificate to act as a server. Make sure that the server certificate and all CA certificates have either no EKU field listed in them (meaning all rights are allowed) or each contain the Server Authentication EKU.
Case 3: Server Certificate Is Not Issued by a Trusted CA
ERROR :: SECURE_SOCKET: negotiation failed: 80090325In this case, the TLS negotiation failed because the server certificate isn't trusted. The SEC_E_UNTRUSTED_ROOT error code appears (0x80090325) because the root CA isn't trusted. This can happen if an enterprise CA is used to issue the certificate, but the client isn't part of the domain or has not yet added trust for this CA. The root CA certificate must be present in the list of Trusted Root Certification Authorities, preferably for the client workstation's machine store. However, simply putting the root CA certificate in the user's store as a Trusted Root Certificate Authority is sufficient.
Note
Please keep in mind that any intermediate CA certificates should be placed in the list of Intermediate Certification Authorities. By default, Windows servers are configured to hand out the root and intermediate CA certificates along with the server certificate to avoid certificate authentication problems. To date, not explicitly placing Intermediate Certificate Authorities in a trusted store has been an issue only during certificate authentication with the only Public IM Connectivity provider that has a non-Windows edge server and isn't configured to send intermediate CA certificates during TLS negotiation.
Next Steps If problems validating or negotiating certificates arise, validation of the client and/or server configuration is required. Problems validating the certificate name can come up when the client uses an IP address instead of the hostname to identify the server. The client might also be using a valid hostname that resolves to an IP address for a server, but that server doesn't have the original hostname listed in its certificate. The server certificate might not be issued properly, such as when it or one of its issuing CAs doesn't have a server EKU, although this is rare. If the server is issued by a private CA for the enterprise, non-domain clients can fail to validate the certificate because they don't trust it. This situation can be resolved by installing the issuing root certificate on the client machine. If certificates have expired, use lcserror.exe from the resource kit or winerror.exe from the Windows resource kit to interpret any error codes into strings for detailed information about any failure.
Resolving Issues Associated with Status Unknown The following logs demonstrate cases in which contacts have a presence of "status unknown" and the logs identify what has occurred.
Case 1: User Does Not Exist - 404 (Not Found) INFO :: SIP/2.0404 Not Found...ms-diagnostics: 1003;reason="User does notexist";source="srv.contoso.com";TargetUri=[email protected]... TRACE :: CUccSubscription::SavePresentityInFailedMap uri:[email protected],this 000AD580
In this case, the presence request received a 404 – Not Found response. The 404 – Not Found response in SIP is used by domain authority registrars to identify that contacts cannot be reached because they don't exist. Additional information can be found in the protocol message where the 404 response is returned by looking at the ms-diagnostics header because it displays a short reason description, the server that is the source of the message, and the user URI in question.
If the contact does exist, verify that no error exists in the contact address, validate the configuration in the owning domain, and ensure that connectivity between the domains exists. The source of the 404 response also provides a great deal of information. If the domain that owns the user is returning the 404 response, then their configuration should be checked; however, if the local domain is returning the 404 response for a remote domain, then routing on the local domain might not be enabled for remote domains.
Case 2: User Unreachable - 504 (Service Unavailable) INFO :: SIP/2.0504 Server time-out... ms-diagnostics: 1014;reason="Unable to resolve DNS Arecord";source="sip.contoso.com";LookupFQDN="sip.woodgrovebank.com"
In this case, the presence request received a 504 – Service Unavailable response. This response in SIP is used by servers to identify that the message is unable to be sent due to connectivity issues, lack of routing rules, or the DNS SRV records that are used to determine where the request should next be routed. Additional information can be found in the protocol message where the 504 response is returned by looking at the ms-diagnostics header, which shows a description of the reason for the failure, the server that identified the failure, and data related to the specific failure (in this case, the name of the remote server that needs to be resolved).
The subscription request is not able to be delivered; therefore, these contacts do not show presence information because they cannot be reached. This generally occurs because of network infrastructure or because an e-mail address that is used as a presence contact does not yet support Office Communications Server 2007 federation.
Resolving Issues That Involve Connectivity Failure The following logs identify problems with connectivity to the server. They typically happen during login while the client is initially establishing its connectivity to the server. These problems can occur because of firewalls, because the server is not listening or not running, or because of temporary network or DNS failures.
Case 1: Connection Timed Out
ERROR :: ASYNC_SOCKET::OnConnectReady - Error: 10060 dest: 7.7.7.52:5061In this case, the client received a WSAETIMEDOUT (10060) error while trying to establish a connection to the server. This typically happens if the server isn't running on the specified IP address or if the port in question is being blocked by a firewall, proxy, or other network infrastructure (even local client firewall software).
Case 2: Server Name Does Not Exist INFO :: QueryDNSSrv - DNS Name[_sip._tls.contoso.com] ERROR :: QueryDNSSrv GetDnsResults query: _sip._tls.contoso.com failed 0 ERROR :: DNS_RESOLUTION_WORKITEM::ProcessWorkItem ResolveHostName failed8007232b
In this case, the client received the DNS_ERROR_RCODE_NAME_ERROR system error (0x8007232B or 0x232B), which means that there is no DNS record for the name being queried. The client fails to resolve the hostname to which it is trying to connect. This can happen if the server name is typed incorrectly or if, during automatic configuration, the SRV record exists and points to a hostname that doesn't have a corresponding DNS A record to resolve the hostname to an IP address.
Case 3: Failed to Authenticate INFO :: REGISTER sip:contoso.com SIP/2.0 ... INFO :: SIP/2.0 401 Unauthorized ... ERROR :: SIP_MSG_PROCESSOR::CompleteSAProcessingAndGetAuthHeader InitializeSecurityContext failed:0x8009030e... INFO :: REGISTER sip:contoso.com SIP/2.0 ... INFO :: SIP/2.0 401 Unauthorized ... ERROR :: SIP_MSG_PROCESSOR::CompleteSAProcessingAndGetAuthHeader InitializeSecurityContext failed:0x80090311...(more REGISTER and 401 handshaking)... ms-diagnostics: 1000;reason="Final handshake failed";source="OCSSE13.contoso.local";HRESULT="C3E93EC3 (SIP_E_AUTH_UNAUTHORIZED)" ... ERROR :: OUTGOING_TRANSACTION::ProcessAuthRequired-Too many 401/407s seen. Failing the session
The client received a few different errors during this sequence. The first is the SEC_E_NO_CREDENTIALS error (0x8009030E), which can be expected because the client initially tries to log in anonymously. The second is the SEC_E_NO_AUTHENTICATING_AUTHORITY error (0x80090311), which means that credentials are used from the desktop and that the Active Directory that is specified for the credentials isn't able to be reached or is unknown (also not a surprise for many environments). The final error (as shown in the ms-diagnostics header) is the SIP_E_AUTH_UNAUTHORIZED error, which is generated from the server when the user's credentials are invalid. This error can happen because the password, SIP URI, or account name is typed incorrectly, the account is disabled, the password has expired, or underlying Active Directory connectivity problems exist with the server.
Certificates are the most common problem for a CWA server/client connection. Customers using a single Standard Edition server for Office Communications Server could configure the server to listen only on TCP (not the default, as was the case with Live Communications Server 2005). However, CWA attempts to create a Mutual TLS (MTLS) connection to Office Communications Server that will fail due to the lack of a proper MTLS listener.
The other problem encountered with certificates and multiple servers is not using the computer FQDN of the server as the subject name for CWA. This specific use of the FQDN is required due to the necessary MTLS connection that will be established. To have clients use a simpler URL for connecting to the CWA server, you might issue a second certificate solely for the HTTPS listener or use a certificate with Subject Alternative Name. Remember that the subject name must be included in the Subject Alternative Name field and that it should also be the first one in the Subject Alternative List field.
This section presents a few conferencing tips and provides information and pointers for recognizing common problems that administrators encounter with conferencing. Figure 17-3 shows a detailed view of a Standard Edition server with everything on the same box. This image is based on a graphic provided by Kiran Kulkarni from the Office Communications Server product team and displays the steps that Microsoft Office Outlook and the Meeting Console must work through as part of scheduling and joining a meeting. Relationships are spelled out between Communicator and the server technology as well as how various servers and technology interact with each other. This diagram can be very useful when trying to determine all of the interactions and connections that must be in place when troubleshooting conferencing.
The most commonly encountered server-side problem is that content download does not work in Web conferences, which is caused by IIS not having a server certificate configured that enables HTTPS. A manual certificate configuration step is required after installation for content download to work properly.
If client configuration is not as expected, then other problems can arise:
Failure to schedule meetings
Inability to see the Meet Now button in the Live Meeting console
Failure to join meetings
The majority of the remaining conferencing errors are simply related to users' attempts to do things that their meeting policy does not allow:
Inability to schedule a Web conference (Enable Web Conferencing)
Inability to schedule a conference call (Enable IP Audio)
Inability to start application sharing (Enable Program And Desktop Sharing)
Inability for anonymous users to join
The Organize Meetings With Anonymous Participants Right is not allowed
The default meeting type in the Office Outlook conferencing add-in is set to Open Authenticated
This section contains several quotations from contacts in and around the product team on how to resolve setup, installation, management, and configuration issues. Common problems are also identified and discussed.
Various services can sometimes fail to start, and this problem can be difficult to understand or resolve. The interface for starting and stopping services usually provides no more information about the failure than that it failed to start, but the event log is the first place to look for more information.
This section contains a tip on exporting dial plans as well as a list of the major problems encountered with Microsoft Office Communicator Phone Edition and how to resolve them. Office Communicator Phone Edition is a business-use Voice over Internet Protocol (VoIP) phone containing new voice communication capabilities that are not available with traditional desktop phones. For example, with Communicator Phone Edition you can:
Make outbound audio calls to phone users, answer inbound phone calls, and make VoIP calls. In short, you can do everything you can do today with your regular phone, and then some.
Set call-handling options to forward calls to another number or contact so that you can receive calls on your mobile phone when you're not in the office.
Keep a record of all phone conversations in Outlook.
Move seamlessly from the same familiar Communicator-like context to the Communicator Phone Edition interface.
Make calls from wherever you are, regardless of whether you are inside or outside a firewall.
The following sections identify the most commonly encountered telephony problems and offer tips on how to resolve them.
Communicator Phone Edition Log-in I cannot sign in with the Communicator Phone Edition. I receive the "Cannot connect to server or server name is incorrect" error message.
Validate that your domain name is correct.
Ensure that Dynamic Host Configuration Protocol (DHCP) is configured to provide the DNS server address as part of the DHCP response.
Ensure that the DNS has SRV records for SIP service.
Ensure that the SIP server is reachable from the Communicator Phone Edition LAN.
None of the above solutions work? Refer to the "Communicator Phone Edition Unexpected Behavior" section later in this chapter.
I cannot sign in to the Communicator Phone Edition. I receive the "Cannot validate server certificate" error message.
Ensure that either time.windows.com is accessible or that Network Time Protocol (NTP) is configured with appropriate SRV records created in the DNS.
Ensure that PKIenrollment objects are created on Active Directory to point to CA or CA delegate.
If PKI enrollment is not enabled, ensure that caAttribute for the CA container has appropriate root certificates.
None of the above solutions work? Go to Generic Behavior – Communicator Phone Edition is behaving erratically.
I cannot sign in to the Communicator Phone Edition. I receive the "User name or password is invalid" error message.
Make sure that your username and password are correct.
If you change your password on the device before the server attempts to re-authenticate, the device cannot sign in to the server and is therefore left on the sign-in screen. Enter your old password in the Password field, and press Sign in.
If your domain password has changed and the server attempts to re-authenticate, the device returns to the sign-in screen. Enter your new password in the Password field, and press Sign in.
Make sure that the time on your phone is correct if Kerberos is enabled in your system.
Make sure that either the Windows Internet Naming Service (WINS) server is enabled or that DHCP option 119 provides the DNS suffix search list if Kerberos authentication is being used on the server.
None of the above solutions work? Refer to the "Communicator Phone Edition Unexpected Behavior" section later in this chapter.
I cannot sign in to the Communicator Phone Edition. I continue to see the "Device does not have a valid IP address" error message.
Make sure that the Ethernet cable is connected to the first port on the back of the device (shown as a LAN picture).
Check that your device is properly connected to a switch or router.
Make sure the switch outlet has proper connectivity to your network and DHCP server.
Make sure that DHCP is enabled in your system.
Go to the About page on the sign-in screen, and check whether the virtual local area network (VLAN) has been misconfigured.
Try connecting the Ethernet wire directly to the wall port.
None of the above solutions work? Refer to the "Communicator Phone Edition Unexpected Behavior" section later in this chapter.
I configured my device and left for the day. This morning, the device is showing a login prompt.
Your software upgrade might have occurred last night, which caused the phone to reset.
Your password might have expired.
None of the above solutions work? Refer to the "Communicator Phone Edition Unexpected Behavior" section later in this chapter.
I am trying to log in for the first time on Communicator Phone Edition, and I do not see a Personal Identification Number (PIN) option.
Ensure that the PIN is enabled on the Office Communications Server (pool level->FrontEnd Properties->VoIP tab).
I am trying to register my fingerprint, but the Communicator Phone Edition does not seem to recognize my swipes.
Try to swipe your finger slowly (do not press hard) with just one slow swipe.
Click Use Pin Configuration on the menu bar, and then click Use Finger Print Configuration on the menu bar. Try the finger swipe again.
If it still does not work after repeated attempts, refer to the "Communicator Phone Edition Unexpected Behavior" section later in this chapter.
I used my fingerprint as an unlock mechanism, but my finger swipe is not being recognized on each attempt. My phone is locked, and I am stuck.
Try to do a full-length, clean fingerprint swipe very slowly and easily.
Repeat the previous step a few times. If your finger swipe still goes unrecognized, then use a small pin or toothpick to press the small pinhole button on the back of your phone between the universal serial bus (USB) and headset connectors. This procedure returns you to the factory defaults.
How should I restore my device to factory defaults?
Use the small PIN to press the small pinhole button on the back of your phone between the USB and headset connectors. This returns you to the factory defaults.
My screen calibration seems incorrect, and I cannot click anything on the screen.
Placing Calls with Communicator Phone Edition I entered digits, but I do not see the dialed digits.
Make sure that you are in call view or contacts view.
Touch the screen input once to make sure that the text box is in focus.
I am pressing the Help button, but nothing is happening.
Are you signed into the Office Communications Server service?
As soon as I call <xyz>, the call is shown as active and on hold.
"Hold" is merely a button and not a state. If you want to put the call on hold you can use the Hold button that is displayed during the call.
Before I complete dialing, the call is becoming initiated with an invalid number
Your dialing plan probably has overlapping rules that cause one rule to override another. Remove any overlap rules, or reconfigure the dial plan to remove any conflicts.
None of the above solutions work? Refer to the "Communicator Phone Edition Unexpected Behavior" section later in this chapter.
I called someone, but there is no speech path.
Are you traversing a firewall? If so, make sure that the Media Relay Access Server (MRAS) is configured correctly.
Do you have an internal firewall? If so, make sure that the User Datagram Protocol (UDP) ports on the internal firewall are open for communication.
Press Hold and then press Restore to determine whether the speech path is re-created.
None of the above solutions work? Refer to the "Communicator Phone Edition Unexpected Behavior" section later in this chapter.
Voice Mail/Missed Calls/Call Logs on Communicator Phone Edition My device does not show Call Logs, Missed Calls, or Voice Mails.
Make sure that Exchange Client Access Server (CAS) servers are installed.
Make sure that the Exchange autodiscover service is configured.
Make sure that appropriate DNS entries are created for the autodiscover service.
Make sure that a SAN is added to the certificate on Exchange for appropriate validation.
Conference Call with Communicator Phone Edition I am trying to add a participant to an existing voice call, but I continue to see the word "Connecting" on display.
Communicator Phone Edition Unexpected Behavior
Power-cycle your device.
From the Settings menu, click About, and then click Send Logs.