AOL PIC Users Fail / Presence Unknown

As all are aware Office Communication Server 2007 R2 was recently released and with it the ability to run the various code on Windows Server 2008 64bit. Everything appears to run/work correctly with the exception of AOL users via the PIC.

Symptoms:

  • AOL Users' Presence is Inaccurate; it may show on-line, unavailable, or presence unknown
  • A message invite may be received from an AOL user but no information is ever received
  • Attempting to respond to an AOL user or start a conversation with an AOL user will fail

The fix was discovered by Microsoft Senior Escalation Engineer Scott Oseychik among others and is documented at:

http://blogs.msdn.com/scottos/archive/2009/04/03/resolved-ocs-2007-r2-pic-fails-against-aol.aspx

The fix: in short you must modify the local security policy on the 2008 Edge server rearranging the TLS authentication methods. It is important to note that this fix and the issue do not apply if you have the OCS 2007 R2 bits installed on a Windows Server 2003 64-bit.

AOL Root Certificate Update causing Presence Unknown in PIC

or those that subscribe to the Public Internet Connector (PIC) feature in Office Communication Server, a recent change at AOL may impact you. As with all communication to and from OCS, certificates are used to encrypt and authenticate traffic. The PKI infrastructure AOL utilized in the past has changed and they have moved to their new AOL root certificates. Because of this, the OCS Edge/Access Proxy servers will not be able to validate any AOL traffic without a root certificate update.

The official notice may be found here:http://blogs.msdn.com/scottos/archive/2008/12/02/office-communicator-clients-cannot-communicate-with-contacts-homed-on-aol.aspx

A link to the AOL certificates may be found directly here: https://pki-info.aol.com/AOL/

Remember. only the edge servers (those authenticating traffic) require the updates - not your clients - and a restart/reboot is not required