1. Common Troubleshooting
2. Troubleshooting DCS Provisioning
Check If Access to File System Crypto Keys is Restricted
When this issue occurs because permissions on C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder do not allow IM Manager service account to create certificate pair keys the following lines appear in the IM Manager log imlinkage.log:
[|] 0x5bc | 08/02/10 16:12:33 | Error | CACENetworkingService::GetWin32PrivateKey | PFXExportCertStore1, error 80090016[-]
[|] 0x5bc | 08/02/10 16:12:33 | Error | CACENetworkingService::InitializeWin32SslContext | Couldn't find private key for certificate(0466019d4e401d9e383dbfd56a70424eae3606c8), error 40001[-]
[|] 0x5bc | 08/02/10 16:12:33 | Error | AIMServerService::ProtocolSpecificStartService | Unable to Initialize SSL Security Context for AIM Protocol.
Possible causes of failures could be:
- Could not find a certificate in the certificate store matching the given thumbprint.
- Installed certificate does not have Private Key marked as exportable.
Please refer the log files for more details.[-]
[|] 0x5bc | 08/02/10 16:12:33 | Error | AIMServerService::ProtocolSpecificStartService | Unable to initialize SSL security context. InitializeSslContext returned:0x40001. SSL will be disabled.[-]
These messages appear immediately after IMLogRelayService service starts up.
Check if IM Manager Performing Incorrect AOL SSL Certificate Validation
See article AIM 6.8 IM Clients Cannot Log in Through IM Manager Starting February 24, 2009 for symptoms and details.
Check if IM Manager Responding to HTTPS POST
AIM Client Does not Trust Certificate due to Certificate Self-verification
After enabling AIM SSL Client logging (See KB: How To Capture AIM Client Logging for AIM version 6.x and 7.x) The following error is logged in the log file:
00:08.57 SslBoxNss 01ED8DE0: cert check failed: code=-8179 url=imm.blackops-simm.com cn=imm.blackops-simm.com
To verify this follow these steps:
1. Load the certificate into IIS using this Microsoft KB article: http://support.microsoft.com/kb/816794
2. Use Internet Explorer tp connect to a web page served by IIS using SSL
3. Couble-click the lock icon to view the certificate information.
4. An Invalid Certifcate error indicates this problem.
Perform the following steps to use OpenSSL to view the certificate chain passed to the AIM client:
Download and install the Open SSL client from here: http://www.openssl.org/docs/apps/s_client.html (download the Windows version).
Run the following from a command line:
openssl s_client –connect <host>:443
where <host> is the IP address or DNS name of the IM Manager server. Ensure that the correct IP address is used.
The results contain a self very error similar to the following:
Loading 'screen' into random state - done
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify error:num=19:self signed certificate in certificate chain
The chain of Trusted Certificate Authorities contain an entry that is using itself for a referring Trusted Authority.
AOL DNS Redirection
For Symantec IM Manager to work with 6.X client you must configure your internal DNS that IM clients use to point the hostname kdc.uas.aol.com to resolve 0.0.0.0. This prevents your AIM IM users from bypassing Symantec IM Manager and connecting directly to the AIM public IM network servers.
AIM HTTPS Connectivity
IM Manager Host Name Redirection
AOL Firewall Configuration
For Symantec IM Manager to work with 6.X client you must configure your internal Firewall to allow outbound access from the end user workstation to the IM Manager Server and from IM Manager Server to the Internet on port 443.
Enable AIM SSL Access
SSL Server Name/IP Address Configuration
IM Manager Standard Implementation
For IM Manager Pass-Through Implementation
AIM Client Cannot Obtain Primary DNS Suffix
IM Manager not Responding to HTTPS POST
How To Enable AIM SSL Client Logging
How To Troubleshoot AIM SSL Connectivity Issues Using getNameInfo Tool
AIM SSL Clients Cannot Login via VPN
How To Collect AIM SSL Client Network Trace
How to Test the AOL SSL/DCS Provisioning for AIM Clients
How to Troubleshoot AIM Client SSL Errors
How to use OpenSSL to view the Certificate Information Passed from IM Manager to the AIM client
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Set default language
Do you wish to save this as your future site?