A couple of days ago we started to deploy our new Group Chat Server. After the installation of the Group Chat Server we discovered that the Lookup Service and the Channel Service didn't start up. After some investigation we saw that the certificate needed to exchange keys with the OCS2007 R2 home server didn't have a private key.
The process to get in touch with this error message is:
FIRST: setting the logging level to ERROR on the Channel Server (Group Chat Server Configuration):
SECOND: setting the logging level to ERROR on the Lookup Server (Group Chat Server Configuration):
After configuring the settings above we need to turn back to the initial logging folder, by default the logs directory is created in <SYSTEM>:\Program Files\Microsoft Office Communications Server 2007 R2\Group Chat Server\Logs
After some additional investigation we saw a couple of ERROR breakpoints in the TXT file.
ERROR |20090114-12:37:31.297| 6:|PeerTransport.Connect | unable to start WCF Service:
The certificate 'Efirstname.lastname@example.org, CN=ocs01.contoso.local, OU=IT, O=CONTOSO, L=Houten, S=Utrecht, C=NL' must have a private key that is capable of key exchange. The process must have access rights for the private key. at
at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
ERROR |20090114-12:37:31.297| 6: | MAServiceBase.LogUnhandledException | <System.ArgumentException: The certificate 'Eemail@example.com, CN=ocs01.contoso.local, OU=IT, O=CONTOSO, L=Houten, S=Utrecht, C=NL" must have a private key that is capable of key exchange. The process must have access rights for the private key.
while requesting your certificate please make sure you can export the private key and import the certificate including the PK in IIS7.0 to edit the Secure Bindings of the MGCWebService
After importing the right SSL certificate (including PK) check if you can reach the webservice on /MGCWebService/MGCWebService.asmx">https://<SERVERNAME>/MGCWebService/MGCWebService.asmx