Share via


Office Communicator clients cannot communicate with contacts homed on AOL

 

Summary:

If your organization leverages Public Internet Connectivity (aka: "PIC") in conjunction with their Live Communication Server 2005 and/or Office Communications Server 2007 servers, you may not be able to successfully communicate with (or see the presence status of) America Online Instant Messenger users.

Explanation:

America Online changed their root certificates on their SIP Access Gateway at approximately 12/2/2008, 4:00 AM EST.

Resolution:

The America Online Root CA 1 certificate, which can be obtained from https://pki-info.aol.com/AOL/, needs to be in the trust list of all Live Communication Server 2005 and/or Office Communications Server 2007 servers (that connect to sip.oscar.aol.com) by 12/2/2008, 4:00 AM EST.

More Information:

Microsoft Customer Support Services has created a Windows Media Video to walk our customers through the process of adding this certificate.

Comments

  • Anonymous
    December 02, 2008
    Scott Oseychik over on the MSDN blogs has a good post today about federation issues between OCS 2005/2007 and AOL. Apparently, American Online changed their root certificates on their SIP Access Gateway at approximately 12/2/2008, 4:00 AM EST.Via Scott's

  • Anonymous
    December 03, 2008
    Thanks very much for posting this info!

  • Anonymous
    December 03, 2008
    Thanks for posting this, we've been trying to fix this all day!

  • Anonymous
    December 03, 2008
    Scott Oseychik blogged about the AOL update for the root authority and where to get the update for your...

  • Anonymous
    December 04, 2008
    It would have been nice for AOL to have communicate d this to MSFT and in turn communicate it to its customer base.  A simple email would have caused us a lot less aggrevation

  • Anonymous
    December 05, 2008
    The comment has been removed

  • Anonymous
    December 06, 2008
    For those that subscribe to the Public Internet Connector (PIC) feature in Office Communication Server

  • Anonymous
    December 18, 2008
    Thanks Scott!  Very valuable information.  Nice you could do AOL's job for them...

  • Anonymous
    December 29, 2008
    I haven't run into this one personally but I noticed it linked off of LCSKid's site, pointing to an escalation engineer blog entry here. Long story short, AOL changed their certificate signer, and you'll need to grab/import the updated authority from

  • Anonymous
    February 20, 2009
    The comment has been removed

  • Anonymous
    March 06, 2009
    Thanks for the info. Do you of a similar solution for Yahoo?

  • Anonymous
    April 01, 2009
    The comment has been removed

  • Anonymous
    April 02, 2009
    Unfortunately, no. What you can do, however, is on the properties of the Edge server, select the "IM Provider" tab, click AOL, click Edit, and select "Allow communications only from users on recipient's contact list." Hope this helps, Scott Osecyhik

  • Anonymous
    March 25, 2011
    Looks like this is still the case with Lync.  Unfortunately, not only do you need to install the two certs but also change the cipher. Can't Microsoft make these changes as part of the Lync installation procedure?  Seems kind of silly that you need to remember those two things just to talk to AOL.

  • Anonymous
    October 29, 2012
    haveing problem loging on to alo.com not certificate