Using LcsCmd.exe with CreateLcsOuPermissions In a locked down

LCS Certificate Troubleshooting This section will help you troubleshoot LCS certificate problems. There was a problem verifying the certificate from the server. This error message is usually shown when there is a conflict with a certificate on a specific LCS server. To resolve this problem, ensure that the following settings are correctly configured: . Friendly Name/Common Name of the Certificate: If you are deploying an LCS Standard Edition server, make sure that the certificate applied to the TLS connection in the LCS properties of the server has the following settings: . The name of the certificate should match the FQDN (fully qualified domain name) of the server. For example, if the server name is Server1.Domain.Company.com, the certificate name should be the same. If the name does not match, the connection will not work. If you are deploying an LCS Enterprise Edition server and it is the only server in the pool, make sure that the certificate applied to the TLS connection in the LCS properties of the server has the following settings: . The name of the certificate must match the FQDN (fully qualified domain name) of the server. For example, if the server name is Server1.Domain.Company.com, the certificate name should be the same. If the name does not match, the connection will not work. It is best practice, however, to use the FQDN of the pool in preparation for the addition of other pool servers in the environment. For example, if the pool name is Pool1.Domain.Company.com, the certificate name should be the same. If the name does not match, the connection will not work. If you are deploying an LCS Enterprise Edition pool, make sure that the certificate applied to the TLS connection in the LCS properties of each pool server has the following settings: . The name of the certificate should match the FQDN (fully qualified domain name) of the pool. For example, if the pool name is Pool1.Domain.Company.com, the certificate name should be the same. If the name does not match, the connection will not work. . EKU (Enhanced Key Usage): The EKU requirement for an LCS server or pool server certificate is a Server Authentication EKU. You can use a Server and Client Authentication EKU type as well, but this is not required. If your certificate EKU type is not a Server Authentication EKU type or a Server and Client Authentication EKU type, the certificate will be unusable. . Validity Period: Ensure that your certificate has not expired. If it is expired, follow the steps provided in Chapter 4 to request and configure a new certificate for your LCS server or pool server. . Certificate Chain: Another reason why you would not be able to connect is because your client machine does not trust against the root certificate authority. If your client machine and LCS server or pool server certificate do not all match the same CA chain, the certificates used are invalid and the connection will not work. 201 Troubleshooting

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Bookmark the permalink.

One Response to Using LcsCmd.exe with CreateLcsOuPermissions In a locked down