In this scenario the CLS Logging can not set a scenario on the Edge Server in the DMZ

The following error is reported:

PS > Start-CsClsLogging -Scenario “CLS” -Pools “con01.contoso.local”
Warning: Failed on 1 agents
Agent – con01.contoso, Reason – Error code – 20000, Message – Unknown error – Error calling agent con01.contoso.local; An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.. Please refer CLS logs for details.

=> MachineFqdn: con01.contoso.local
=> PoolFqdn: con01.contoso.local
=> AlwaysOn:
=> ScenarioName:
=> RemainingMins: 0
=> ProductVersion: 6.0.9319.0
=> ResponseMessage:
=> Success: True

Where to start first, there where no report of Users for degraded Services via the Edge.

To find out if this is a Firewall issue, I started the Microsoft Message Analyzer (MSA) and tried to set a Scenario again.

MSA trace

Figure 1

In this trace you see that the TCP three way handshake on port 50001 is working fine. So at this point it does not appears to be a Firewall issue. So it time to look on the Edge server itself. Although remote users do not complain that something is not working when they are remote working, its always good to check the Certificates on the Edge by using the Deploymenttool and proceed with step 3.

 

Deployment Wizard

Figure 2

Click on Run Again and check the Expiration Date.

Certificate Wizard

Figure 3

As suspected the Certificates just look fine. The following step is to check the Event Viewer log files to see if there are Errors and Warnings reported on the Edge Server.

And there is a Time Service warning present. A good time synchronization is key when you are working with certificates.

Figure 4

Could this be my problem? The answer is yes, the time difference between the Frond-End Server (CLSController) and the Edge Server (CLS Agent) was about 7 minutes and that result in this case with a Error code – 20000, Message – Unknown error.

After configuring the time source to the same NTP server as Windows Domain where the Front-End  is part of there was no problem left anymore. The command Start-CsClsLogging -Scenario “CLS” executed without any error.

(You should change the time source with the following article: Windows Time Service Tools.)

I have chosen for the easiest way in this demonstration. Remind that the firewall should allow UDP/123 (NTP).

Figure 5

 

Final Result:

PS > Start-CsClsLogging -Scenario “CLS” -Computers “fe01.contoso.local,con01.contoso.local”
=> MachineFqdn: lab-con01.contoso.local
=> PoolFqdn: con01.contoso.local
=> AlwaysOn: True
=> ScenarioName: CLS
=> RemainingMins: 239
=> ProductVersion: 6.0.9319.0
=> ResponseMessage:
=> Success: True

=> MachineFqdn: fe01.contoso.local
=> PoolFqdn: fe01.contoso.local
=> AlwaysOn: True
=> ScenarioName: CLS
=> RemainingMins: 239
=> ProductVersion: 6.0.9319.0
=> ResponseMessage:
=> Success: True

 

Categories: How-To-Do

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.