In your organization you might be upgrading from Exchange 2010 UM to Exchange 2013 UM. Microsoft have a nice step by step guide on how to do this (link below). The upgrade itself is relatively easy, however the certificates can be a problem if not setup correctly and will result in Voice Mail not working.
In the event viewer on your Exchange 2013 you will see the following events logged:
Event ID: 1113
MSExchange Unified Messaging UMService N/A
The Client Access server failed to exchange the required certificates with an IP gateway to enable Transport Layer Security (TLS). Please check that the gateway is configured to operate in the correct security mode. If the gateway is required to operate in TLS mode, check that the certificates being used are correct. More information: ‘A TLS failure occurred because the remote server disconnected while TLS negotiation was in progress. The error code = 0x80131500 and the message = Unknown error (0x80131500).’. Remote certificate: (). Remote end point: [::1]:35702. Local end point: [::1]:5063.
3/24/2014 8:23:27 AM WarningEvent ID: 1649
MSExchange Unified Messaging UMCallRouter N/A
The Microsoft Exchange Unified Messaging Call Router service failed to exchange the required certificates with an IP gateway to enable Transport Layer Security (TLS). Please check that the gateway is configured to operate in the correct security mode. If the gateway is required to operate in TLS mode, check that the certificates being used are correct. More information: ‘A TLS failure occurred because the remote server disconnected while TLS negotiation was in progress. The error code = 0x80131500 and the message = Unknown error (0x80131500).’. Remote certificate: (). Remote end point: 127.0.0.1:37877. Local end point: 127.0.0.1:5061.
Lets go and look at the Lync 2013 Server:
Open up OCSLogger, this will be in the debugging folder.
- Double click OCSLogger application and wait for it to open.
- Once it has opened then complete the following:
- Step 1 -> Select ExumRouting.
- Step 2 -> Ensure both flags are checked.
- Step 3 -> Click on start logging.
At this point, try and call voice mail. Once it fails then you can stop logging and then click on View Log Files (Step 4).
Once you click on View Log Files Snooper will open.
- Scroll down to the one warning and click on it. You see here we are getting a 504 error.
- On the second warning you can see its complaining about the FQDN of the UM server.
If you go and open MMC on your Exchange 2013 that has the UM role enabled and you look at the properties of the cert, under the Subject Alternate Name you will most likely only have your domain name included and not the FQDN of your server that is running the UM role.
Solution:
Create a new certificate in Exchange 2013 for UM.
Open up the EMS (Exchange Management Shell) and run the following command to generate a new cert that will include the server name in the SAN.
- $Data = New-ExchangeCertificate -FriendlyName ‘CertUM’ -GenerateRequest -PrivateKeyExportable $true -KeySize ‘2048’ -DomainName ‘*.test.domain.com’ -SubjectName ‘C=US,S=Test,L=Test,O=Company,OU=servers,CN=Exchange.test.domain.com’ -Server ‘Exchange.test.domain.com’ -IncludeServerFQDN
- Set-Content -path “D:\UMCERT.req” -Value $Data
The second command will place the request in a place where you can submit it to your CA.
Once you have your cert returned from the CA you can now import the certificate.
Once complete you can now assign services to the certificate using the EAC or the EMS.
- Restart your Microsoft Exchange Unified Messaging Call Router Service.
- Restart your Microsoft Exchange Unified Messaging Service.
After a few minutes all voice mails and missed call emails started coming through.
Going back to the Lync 2013 server, it will now log an event to say that the UM server <ServerName> Succeeded and all problems have been resolved.
Hope it helps.