How to Troubleshoot AIM 6.X and higher Login Problems

Article:TECH89483  |  Created: 2008-01-08  |  Updated: 2011-07-15  |  Article URL http://www.symantec.com/docs/TECH89483
Article Type
Technical Solution

Product(s)

Subject

Issue



Using the steps below will help you to troubleshoot why the AIM IM client cannot login. Access to a machine with the AIM client is required. Access to the IM Manager server is required.
 
This article has 2 sections. The first section describes common troubleshooting steps that apply in any IM Manager deployment where AIM SSL clients cannont connect. The second section deals specifically with troubleshooting steps for customers that previously contacted Symantec to be provisioned on the AOL DCS servers.
 

Sections

1. Common Troubleshooting

2. Troubleshooting DCS Provisioning

 

 Common Troubleshooting

 
Check AIM Client Proxy Settings
 
The AIM client cannot be configured with a proxy and work with IM Manager. 
 
After enabling AOL AIM Client Logging (See KB How To Capture AIM Client Logging for AIM version 6.x and 7.x) if the following is returned in the log file:
 
00:14.41 ProxiedSocket 01838470 created
 
Then the AIM client is configured with a proxy. See the article How to Configure AIM 6.X IM Client When Web Proxy is Required for HTTPS Access  for how to configure the AIM client.
 
Check IM Manager Firewall Configuration
 
On the IM Manager server perform the following steps:
 
1.     Go to Start | Run type cmd and click Enter.
2.     In the command prompt type

telnet aimpro.premiumservices.aol.com 443
 
3.     If the following error is returned:
 
“Connecting To aimpro.premiumservices.aol.com...Could not open connection to the host, on port 443: Connect failed “
 
then your firewall has not been configured. See Solution section AOL Firewall Configuration.
 
 
Check If port 443 on IM Manager server is Listening for Connections
 
Perform the following steps on the end user workstation.     
 
1.     Go to Start | Run type cmd and click Enter.
2.     In the command prompt type
 
3.     telnet <IM Manager IP Address> 443
 
If the following error is returned:
 
“Connecting To <IM Manager IP Address>...Could not open connection to the host, on port 443: Connect failed”
 
then your IM Manager has not been enabled to accept SSL connections. See Solution section Enabled AIM SSL Access.
 
 
Check If IM Manager Is Listening for AIM connections on port 443
 
See article AIM 6.X IM Client Cannot Log in When IM Manager Cannot Listen on Port 443 for steps to test if IM Manager is listening on port 443.
 
When this issue occurs because IIS is listening on port 443 the following lines appear in the AIM client log:
 
After enabling AOL AIM Client Logging (See article How To Capture AIM Client Logging for AIM version 6.x and 7.x ) locate the following lines in the log file:
 
00:01.66  00: 3C 21 44 4F 43 54 59 50 45 20 48 54 4D 4C 20 50 |<!DOCTYPE HTML P|
00:01.66  10: 55 42 4C 49 43 20 22 2D 2F 2F 57 33 43 2F 2F 44 |UBLIC "-//W3C//D|
00:01.66  20: 54 44 20 48 54 4D 4C 20 34 2E 30 31 2F 2F 45 4E |TD HTML 4.01//EN|
00:01.66  30: 22 20 22 68 74 74 70 3A 2F 2F 77 77 77 2E 77 33 |" "http://www.w3|
00:01.66  40: 2E 6F 72 67 2F 54 52 2F 68 74 6D 6C 34 2F 73 74 |.org/TR/html4/st|
00:01.66  50: 72 69 63 74 2E 64 74 64 22 3E 0D 0A 3C 48 54 4D |rict.dtd">..<HTM|
00:01.66  60: 4C 3E 3C 48 45 41 44 3E 3C 54 49 54 4C 45 3E 54 |L><HEAD><TITLE>T|
00:01.66  70: 68 65 20 70 61 67 65 20 63 61 6E 6E 6F 74 20 62 |he page cannot b|
00:01.66  80: 65 20 64 69 73 70 6C 61 79 65 64 3C 2F 54 49 54 |e displayed</TIT|
00:01.66  90: 4C 45 3E 0D 0A 3C 4D 45 54 41 20 48 54 54 50 2D |LE>..<META HTTP-|
00:01.66  A0: 45 51 55 49 56 3D 22 43 6F 6E 74 65 6E 74 2D 54 |EQUIV="Content-T|
00:01.66  B0: 79 70 65 22 20 43 6F 6E 74 65 6E 74 3D 22 74 65 |ype" Content="te|
00:01.66  C0: 78 74 2F 68 74 6D 6C 3B 20 63 68 61 72 73 65 74 |xt/html; charset|
00:01.66  D0: 3D 57 69 6E 64 6F 77 73 2D 31 32 35 32 22 3E 0D |=Windows-1252">.|
00:01.66  E0: 0A 3C 53 54 59 4C 45 20 74 79 70 65 3D 22 74 65 |.<STYLE type="te|
00:01.66  F0: 78 74 2F 63 73 73 22 3E 0D 0A 20 20 42 4F 44 59 |xt/css">..  BODY|
00:01.66 100: 20 7B 20 66 6F 6E 74 3A 20 38 70 74 2F 31 32 70 | { font: 8pt/12p|
00:01.66 110: 74 20 76 65 72 64 61 6E 61 20 7D 0D 0A 20 20 48 |t verdana }..  H|
00:01.66 120: 31 20 7B 20 66 6F 6E 74 3A 20 31 33 70 74 2F 31 |1 { font: 13pt/1|
00:01.66 130: 35 70 74 20 76 65 72 64 61 6E 61 20 7D 0D 0A 20 |5pt verdana }.. |
00:01.66 140: 20 48 32 20 7B 20 66 6F 6E 74 3A 20 38 70 74 2F | H2 { font: 8pt/|
00:01.66 150: 31 32 70 74 20 76 65 72 64 61 6E 61 20 7D 0D 0A |12pt verdana }..|
00:01.66 160: 20 20 41 3A 6C 69 6E 6B 20 7B 20 63 6F 6C 6F 72 |  A:link { color|
00:01.66 170: 3A 20 72 65 64 20 7D 0D 0A 20 20 41 3A 76 69 73 |: red }..  A:vis|
00:01.66 180: 69 74 65 64 20 7B 20 63 6F 6C 6F 72 3A 20 6D 61 |ited { color: ma|
00:01.66 190: 72 6F 6F 6E 20 7D 0D 0A 3C 2F 53 54 59 4C 45 3E |roon }..</STYLE>|
00:01.66 1A0: 0D 0A 3C 2F 48 45 41 44 3E 3C 42 4F 44 59 3E 3C |..</HEAD><BODY><|
00:01.66 1B0: 54 41 42 4C 45 20 77 69 64 74 68 3D 35 30 30 20 |TABLE width=500 |
00:01.66 1C0: 62 6F 72 64 65 72 3D 30 20 63 65 6C 6C 73 70 61 |border=0 cellspa|
00:01.66 1D0: 63 69 6E 67 3D 31 30 3E 3C 54 52 3E 3C 54 44 3E |cing=10><TR><TD>|
00:01.66 1E0: 0D 0A 0D 0A 3C 68 31 3E 54 68 65 20 70 61 67 65 |....<h1>The page|
00:01.66 1F0: 20 63 61 6E 6E 6F 74 20 62 65 20 64 69 73 70 6C | cannot be displ|
00:01.66 200: 61 79 65 64 3C 2F 68 31 3E 0D 0A 54 68 65 20 70 |ayed</h1>..The p|
00:01.66 210: 61 67 65 20 79 6F 75 20 61 72 65 20 6C 6F 6F 6B |age you are look|
00:01.66 220: 69 6E 67 20 66 6F 72 20 63 61 6E 6E 6F 74 20 62 |ing for cannot b|
00:01.66 230: 65 20 64 69 73 70 6C 61 79 65 64 20 62 65 63 61 |e displayed beca|
00:01.66 240: 75 73 65 20 61 6E 20 69 6E 76 61 6C 69 64 20 6D |use an invalid m|
00:01.66 250: 65 74 68 6F 64 20 28 48 54 54 50 20 76 65 72 62 |ethod (HTTP verb|
00:01.66 260: 29 20 77 61 73 20 75 73 65 64 20 74 6F 20 61 74 |) was used to at|
00:01.66 270: 74 65 6D 70 74 20 61 63 63 65 73 73 2E 0D 0A 3C |tempt access...<|
00:01.66 280: 68 72 3E 0D 0A 3C 70 3E 50 6C 65 61 73 65 20 74 |hr>..<p>Please t|
00:01.66 290: 72 79 20 74 68 65 20 66 6F 6C 6C 6F 77 69 6E 67 |ry the following|
00:01.66 2A0: 3A 3C 2F 70 3E 0D 0A 3C 75 6C 3E 0D 0A 3C 6C 69 |:</p>..<ul>..<li|
00:01.66 2B0: 3E 43 6F 6E 74 61 63 74 20 74 68 65 20 57 65 62 |>Contact the Web|
00:01.66 2C0: 20 73 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 | site administra|
00:01.66 2D0: 74 6F 72 20 69 66 20 79 6F 75 20 62 65 6C 69 65 |tor if you belie|
00:01.66 2E0: 76 65 20 74 68 61 74 20 74 68 69 73 20 72 65 71 |ve that this req|
00:01.66 2F0: 75 65 73 74 20 73 68 6F 75 6C 64 20 62 65 20 61 |uest should be a|
00:01.66 300: 6C 6C 6F 77 65 64 2E 3C 2F 6C 69 3E 0D 0A 3C 6C |llowed.</li>..<l|
00:01.66 310: 69 3E 4D 61 6B 65 20 73 75 72 65 20 74 68 61 74 |i>Make sure that|
00:01.66 320: 20 74 68 65 20 57 65 62 20 73 69 74 65 20 61 64 | the Web site ad|
00:01.66 330: 64 72 65 73 73 20 64 69 73 70 6C 61 79 65 64 20 |dress displayed |
00:01.66 340: 69 6E 20 74 68 65 20 61 64 64 72 65 73 73 20 62 |in the address b|
00:01.66 350: 61 72 20 6F 66 20 79 6F 75 72 20 62 72 6F 77 73 |ar of your brows|
00:01.66 360: 65 72 20 69 73 20 73 70 65 6C 6C 65 64 20 61 6E |er is spelled an|
00:01.66 370: 64 20 66 6F 72 6D 61 74 74 65 64 20 63 6F 72 72 |d formatted corr|
00:01.66 380: 65 63 74 6C 79 2E 20 3C 2F 6C 69 3E 0D 0A 3C 2F |ectly. </li>..</|
00:01.66 390: 75 6C 3E 0D 0A 3C 68 32 3E 48 54 54 50 20 45 72 |ul>..<h2>HTTP Er|
00:01.66 3A0: 72 6F 72 20 34 30 35 20 2D 20 54 68 65 20 48 54 |ror 405 - The HT|
00:01.66 3B0: 54 50 20 76 65 72 62 20 75 73 65 64 20 74 6F 20 |TP verb used to |
00:01.66 3C0: 61 63 63 65 73 73 20 74 68 69 73 20 70 61 67 65 |access this page|
00:01.66 3D0: 20 69 73 20 6E 6F 74 20 61 6C 6C 6F 77 65 64 2E | is not allowed.|
00:01.66 3E0: 3C 62 72 3E 49 6E 74 65 72 6E 65 74 20 49 6E 66 |<br>Internet Inf|
00:01.66 3F0: 6F 72 6D 61 74 69 6F 6E 20 53 65 72 76 69 63 65 |ormation Service|

          Check If Access to File System Crypto Keys is Restricted

See article AIM 7.X and Higher IM Client Cannot Log in When Access To C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys Is Restricted.

When this issue occurs because permissions on C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder do not allow IM Manager service account to create certificate pair keys the following lines appear in the IM Manager log imlinkage.log:

[|] 0x5bc | 08/02/10 16:12:33 | Error | CACENetworkingService::GetWin32PrivateKey | PFXExportCertStore1, error 80090016[-]

[|] 0x5bc | 08/02/10 16:12:33 | Error | CACENetworkingService::InitializeWin32SslContext | Couldn't find private key for certificate(0466019d4e401d9e383dbfd56a70424eae3606c8), error 40001[-]

[|] 0x5bc | 08/02/10 16:12:33 | Error | AIMServerService::ProtocolSpecificStartService | Unable to Initialize SSL Security Context for AIM Protocol.
Possible causes of failures could be:
- Could not find a certificate in the certificate store matching the given thumbprint.
- Installed certificate does not have Private Key marked as exportable.
Please refer the log files for more details.[-]
[|] 0x5bc | 08/02/10 16:12:33 | Error | AIMServerService::ProtocolSpecificStartService | Unable to initialize SSL security context. InitializeSslContext returned:0x40001. SSL will be disabled.[-]

These messages appear immediately after IMLogRelayService service starts up.
 

Check if IM Manager Performing Incorrect AOL SSL Certificate Validation

See article AIM 6.8 IM Clients Cannot Log in Through IM Manager Starting February 24, 2009 for symptoms and details.

Check if IM Manager Responding to HTTPS POST

 
The AIM client performs an HTTPS POST to IM Manager. The client times out if IM Manager does not respond. 
 
The partial log below shows an HTTPS POST to the IM Manager server. The socket is created successfully at 12:41.90 time. The AIM client writes the data to the socket. Then waits for IM Manager to respond. IM Manager does not respond and the client reports a timeout at 13:41.87 time.
 
12:41.88 HttpRequest 01AC6D00: POST https://symantec.intranet/
12:41.88 00: 05 0C 00 02 00 00 00 00 00 00 00 00 3E 5F 00 00 |............>_..|
12:41.88 10: 00 00 00 00 00 05 00 00 00 02 18 00 00 00 00 05 |................|
12:41.88 20: 00 01 00 04 00 00 00 03 00 02 00 04 00 00 17 54 |...............T|
12:41.88 30: 00 05 00 04 43 4F 4F 4C 00 0A 00 02 00 01 00 0B |....COOL........|
12:41.88 40: 00 04 00 10 00 01 00 00 00 06 00 00 00 08 00 02 |................|
12:41.88 50: 55 53 00 02 65 6E 00 04 00 01 00 04 00 00 00 0E |US..en..........|
12:41.88 60: 00 02 00 04 00 00 00 06 00 05 00 05 69 6D 41 70 |............imAp|
12:41.88 70: 70 00 07 00 04 00 00 01 76 01 00 00 00 00 00 0A |p.......v.......|
12:41.88 80: 69 6E 64 61 76 65 64 75 61 6C 00 07 69 6D 2F 62 |johndoe..im/b|
12:41.88 90: 6F 73 73 00 00 00 00 00 00 00 01 00 21 00 0C 00 |oss.........!...|
12:41.88 A0: 01 10 03 00 06 00 01 00 AB 00 00                |...........     |
12:41.88 SocketCache 01AD8AE8: Processing request 00EDEC68 for symantec.intranet:443
12:41.88 SslSocket 00EDDE68 created
12:41.88 SslBoxNss 00EDDEF0 created
12:41.88 SocketCache 01AD8AE8: Created new socket 00EDDE68 info 00EDDFA8
12:41.88 Timer 01AD8C78: started, interval=75000
12:41.88 Socket 00EDE300 created
12:41.88 DnsResolver 00EDE398 created
12:41.88 DnsResolver 00EDE398: Resolving symantec.intranet
12:41.88 Timer 00EDE3E0 created
12:41.88 Timer 00EDE3E0: started, interval=30000
12:41.88 Timer 01AC5218: stopped
12:41.88 Timer 01AC5218 deleted
12:41.88 HttpRequest 01AC4C80 deleted
12:41.88 HttpHeader 01AB4AE0 deleted
12:41.88 HttpHeader 01AB3E38 deleted
12:41.88 HttpReceiver 00EFF5F8 deleted
12:41.88 SslBoxNss 01AC7978: OnDataAvailable
12:41.88 SslBoxNss 01AC7978: OnDataAvailable
12:41.90 Socket 00EDE300: Issued connect request to 10.85.209.183, port 443
12:41.90 DnsResolver 00EDE398 deleted
12:41.93 SslBoxNss 00EDDEF0: OnReadyForData
12:41.93 SslBoxNss 00EDDEF0: Continue handshake
12:41.93 SslBoxNss 00EDDEF0: OnSend, actual=54
12:43.75 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.75 SslBoxNss 00EDDEF0: Continue handshake
12:43.75 SslBoxNss 00EDDEF0: OnRecv, actual=3
12:43.75 SslBoxNss 00EDDEF0: OnRecv, actual=2
12:43.75 SslBoxNss 00EDDEF0: OnRecv, actual=74
12:43.75 SslBoxNss 00EDDEF0: OnRecv, actual=5
12:43.75 SslBoxNss 00EDDEF0: OnRecv, actual=2836
12:43.75 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.75 SslBoxNss 00EDDEF0: Continue handshake
12:43.75 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.75 SslBoxNss 00EDDEF0: Continue handshake
12:43.75 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.75 SslBoxNss 00EDDEF0: Continue handshake
12:43.75 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.75 SslBoxNss 00EDDEF0: Continue handshake
12:43.78 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.78 SslBoxNss 00EDDEF0: Continue handshake
12:43.78 SslBoxNss 00EDDEF0: OnRecv, actual=1736
12:43.78 SslBoxNss 00EDDEF0: OnRecv, actual=5
12:43.78 SslBoxNss 00EDDEF0: OnRecv, actual=4
12:43.79 SslBoxNss 00EDDEF0: OnSend, actual=310
12:43.79 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.79 SslBoxNss 00EDDEF0: Continue handshake
12:43.79 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.79 SslBoxNss 00EDDEF0: Continue handshake
12:43.87 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.87 SslBoxNss 00EDDEF0: Continue handshake
12:43.87 SslBoxNss 00EDDEF0: OnRecv, actual=5
12:43.87 SslBoxNss 00EDDEF0: OnRecv, actual=1
12:43.87 SslBoxNss 00EDDEF0: OnRecv, actual=5
12:43.87 SslBoxNss 00EDDEF0: OnRecv, actual=32
12:43.87 SslBoxNss 00EDDEF0: Handshake complete
12:43.87 BufferSpool 00EDD3F8 created
12:43.87 HttpReceiver 01AB1008 created
12:43.87 SslBoxNss 00EDDEF0: InternalWrite
12:43.87 SslBoxNss 00EDDEF0: OnSend, actual=372
12:43.87 SslBoxNss 00EDDEF0: InternalRead for 4096 bytes, read -1
12:43.87 HttpReceiver 01AB1008: received 0 bytes
12:43.87 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.87 SslBoxNss 00EDDEF0: InternalRead for 4096 bytes, read -1
12:43.87 HttpReceiver 01AB1008: received 0 bytes
12:43.87 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.87 SslBoxNss 00EDDEF0: InternalRead for 4096 bytes, read -1
12:43.87 HttpReceiver 01AB1008: received 0 bytes
12:43.88 SslBoxNss 00EDDEF0: OnDataAvailable
12:43.88 SslBoxNss 00EDDEF0: InternalRead for 4096 bytes, read -1
12:43.88 HttpReceiver 01AB1008: received 0 bytes
12:56.X6 SslBoxNss 01AC7978: OnDataAvailable
13:11.87 Timer 00EDE3E0: fires
13:41.87 Timer 00EDE3E0: fires
 
The AIM log then contains a timeout message of:
 
13:41.87 HttpRequest 01AC6D00: Timeout
 
or
 
00:48.73 Error 00E8D978 created
00:48.73 Error set, cat=SignOnFlow, code=Timeout, subcode=0, url=
 
See Solution section IM Manager not Responding to HTTPS POST.
 
 
Check IM Manager Pass-Through Server MMC Snap In For AIM SSL Configurations
 
If the system is configured with a partner/pass-through architecture, perform these steps on the IM Manager pass-through server.
 
1.     Open IM Manager MMC Snap In.
2.     Right Click IM Manager.
3.     Go to AIM Agent tab.
4.     If the Enable SSL check box is not checked, see Solution section Enabled AIM SSL Access.
5.     If the Enable SSL check box is checked and SSL Server Name/IP Address: is not kdc.uas.aol.com, see Solution section SSL Server Name/IP Address Configuration.
 
Certificate Name Does Not Match hostname Returned by the AOL Domain Configuration Service (DCS)
 
After enabling AIM SSL Client logging (See article How To Capture AIM Client Logging for AIM version 6.x and 7.x) The following error is logged in the log file:
           
00:04.86 SslBoxNss 00ED72B8: cert check failed: code=-12276 url=imm.blackops-simm.com cn=imm.symims.com
 
The AIM SSL Certificate does not match the hostname returned by the AOL Domain Configuration Service
 
1.     Open IM Manager MMC Snap In.
2.     Right Click IM Manager.
3.     Go to AIM Agent tab.
4.     If the Issued To: certificate name does not match the hostname that was provisioned with AOL for your IM Manager setup, see Solution section Enable AIM SSL Access.
 
The following log entry in the AIM SSL Client log file identifies the hostname that is returned by the AOL DCS.
 
00:03.15 SocketCache 01A58D00: Processing request 00ED7160 for imm.blackops-simm.com:443
 
 
AIM Client Does not Trust Certificate Issuer Presented by IM Manager
 
After enabling AIM SSL Client logging (See KB: How To Capture AIM Client Logging for AIM version 6.x and 7.x) The following error is logged in the log file:
     
00:04.86 SslBoxNss 00ED72B8: cert check failed: code=-8172 url=imm.blackops-simm.com cn=imm.blackops-simm.com
 
The top-level issuer in the certification chain presented to the AIM client does not appear in the list of Trusted Certificate authorities by the AIM client. See table H-2 in the IM Manager Implementation Guide for details on the list of Trusted Certificate Authorities.
 
See Solution section Certificate Requirements.
 
 
 
 
AIM Client Does not Trust Certificate Authority due to Expired Issuer Certificate
 
After enabling AIM SSL Client logging (See KB: How To Capture AIM Client Logging for AIM version 6.x and 7.x) The following error is logged in the log file:
           
00:04.86 SslBoxNss 00ED72B8: cert check failed: code=-8162 url=imm.blackops-simm.com cn=imm.blackops-simm.com
 
The top-level issuer in the certification chain presented to the AIM client has had its certificate expired. To verify this follow these steps:
 
1.     Load the certificate into IIS using this Microsoft KB article: http://support.microsoft.com/business/support/816794
2.     Use Internet Explorer tp connect to a web page served by IIS using SSL
3.     Couble-click the lock icon to view the certificate information.
4.     A Certifcate Expired error indicates this problem.
 
Contact the Certificate Issuer to have them provide an updated certificate.
 
 
AIM Client Does not Trust Certificate due to Peer's Certificate Issuer is not Recognized
 
After enabling AIM SSL Client logging (See KB: How To Capture AIM Client Logging for AIM version 6.x and 7.x) The following error is logged in the log file:
           
00:08.57 SslBoxNss 01ED8DE0: cert check failed: code=-8179 url=imm.blackops-simm.com cn=imm.blackops-simm.com
 
To verify this follow these steps:
 
1.     Load the certificate into IIS using this Microsoft KB article: http://support.microsoft.com/business/support/816794
2.     Use Internet Explorer tp connect to a web page served by IIS using SSL
3.     Couble-click the lock icon to view the certificate information.
4.     An Invalid Certifcate error indicates this problem.
 
The top-level issuer in the certification chain presented to the AIM client does not appear in the list of Trusted Certificate authorities by the AIM client. See table H-2 in the IM Manager Implementation Guide for details on the list of Trusted Certificate Authorities.
 
Perform the following steps to use OpenSSL to view the certificate chain passed to the AIM client:
 
1.     Download and install the Open SSL client from here: http://www.openssl.org/docs/apps/s_client.html (download the Windows version).
2.     Run the following from a command line:
 
openssl s_client –connect <host>:443
 
where <host> is the IP address or DNS name of the IM Manager server. Ensure that the correct IP address is used.
 
The results contain the certificate chain and look like this:
 
Certificate chain
 
 0 s:/C=US/postalCode=10577/ST=NY/L=Purchase/streetAddress=One Symantec Road/O=SYMATNECC/OU=IT/OU=Secure Link SSL Wildcard/CN=*.symantec.com
 
   i:/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
 
 1 s:/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
 
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
 
 2 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
 
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 
The top-most root certificate is listed at the bottom of the certificate chain. This certificate must be listed in the IM Manager Implementation Guide in Appendix H.
 
See Solution section Certificate Requirements.
 

AIM Client Does not Trust Certificate due to Certificate Self-verification 

After enabling AIM SSL Client logging (See KB: How To Capture AIM Client Logging for AIM version 6.x and 7.x) The following error is logged in the log file:

00:08.57 SslBoxNss 01ED8DE0: cert check failed: code=-8179 url=imm.blackops-simm.com cn=imm.blackops-simm.com 

To verify this follow these steps:

 

1.     Load the certificate into IIS using this Microsoft KB article: http://support.microsoft.com/business/support/816794

2.     Use Internet Explorer tp connect to a web page served by IIS using SSL

3.     Couble-click the lock icon to view the certificate information.

4.     An Invalid Certifcate error indicates this problem. 

 

Perform the following steps to use OpenSSL to view the certificate chain passed to the AIM client:

    1. Download and install the Open SSL client from here: http://www.openssl.org/docs/apps/s_client.html (download the Windows version).

    2. Run the following from a command line: 

openssl s_client –connect <host>:443 

where <host> is the IP address or DNS name of the IM Manager server. Ensure that the correct IP address is used.  

The results contain a self very error similar to the following: 

Loading 'screen' into random state - done

CONNECTED(00000754)

depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5

verify error:num=19:self signed certificate in certificate chain

verify return:0

 

The chain of Trusted Certificate Authorities contain an entry that is using itself for a referring Trusted Authority.

 

Contact the Certificate Issuer to have them provide an updated certificate. 
 
Certificate Private Key is Not Installed
 
The following error message is shown in the Windows Application Event log:
 
“Unable to Initialize SSL Security Context for AIM Protocol.
Possible causes of failures could be:
- Could not find a certificate in the certificate store matching the given thumbprint.
- Installed certificate does not have Private Key marked as exportable.
Please refer the log files for more details.”
 
 
The SSL Certificate installed on the IM Manager Relay Server must have a private key installed on the IM Manager computer. Perform the following steps to check if the private key is installed:
 
1.     Go to Start | Run.
2.     Type mmc.
3.     A Console window will open.
4.     Go to File | Add/Remove Snap-in ...
5.     In the Add/Remove Snap-in window click on Standalone tab.
6.     Click Add.
7.     In the Add Standalone Snap-in window select Certificates and click Add.
8.     In the Certificates snap-in window select Computer account and click Next.
9.     In the Select Computer window select Local computer and click Finish.
10. In the Add Standalone Snap-in window click Close.
11. In the Add/Remove Snap-in window click OK.
12. Expand Certificates | Personal | Certificates.
13. Double click on the AIM SSL Certificate name that is installed on the IM Manager Server.
 
1.     Open IM Manager MMC Snap In.
2.     Right Click IM Manager.
3.     Go to AIM Agent tab.
4.     The AIM SSL Certificate that is installed on the IM Manager Server is listed in the Issued To: text box.
14. Click on the General tab.
 
If the message "You have a private key that corresponds to this certificate" is not present see Solution section Certificate Requirements.
 
 
Check that the Cached End User Credentials are corrupt
 
After enabling AIM Client Logging (See article How To Capture AIM Client Logging for AIM version 6.x and 7.x) locate the following lines in the log file:
 
00:04.20 HttpRequest 01EA9370: POST https://im.symantec.com/
00:04.20 00: 05 0C 00 06 00 00 00 00 00 00 00 00 59 FB 00 DE |............Y...|
00:04.20 10: 5D BC 00 00 00 01 00 08 6A 61 6D 79 31 39 37 35 |].......heys1433|
00:04.20 20: 00 00 00 00                                     |....            |
00:04.20 SocketCache 01EA9728: Processing request 01E9D170 for im.symantec.com:443
00:04.20 SocketCache 01EA9728: Using existing socket 01EA9C08
00:04.20 Timer 01EA98B8: stopped
00:04.20 Timer 01E830A0 created
00:04.20 Timer 01E830A0: started, interval=30000
00:04.20 Timer 01E84760: stopped
00:04.20 Timer 01E84760 deleted
00:04.20 HttpRequest 01E9AB60 deleted
00:04.20 HttpHeader 01530F08 deleted
00:04.20 HttpHeader 01EA1EB0 deleted
00:04.20 HttpReceiver 01E856E0 deleted
00:04.20 SslBoxNss 01EA9C90: OnDataAvailable
00:04.20 BufferSpool 01E856E0 created
00:04.20 HttpReceiver 01EA9BA0 created
00:04.20 SslBoxNss 01EA9C90: InternalWrite
00:04.20 SslBoxNss 01EA9C90: OnSend, actual=228
00:04.20 SslBoxNss 01EA9C90: InternalRead for 4096 bytes, read -1
00:04.21 HttpReceiver 01EA9BA0: received 0 bytes
00:04.29 SslBoxNss 01EA9C90: OnDataAvailable
00:04.29 SslBoxNss 01EA9C90: OnRecv, actual=5
00:04.29 SslBoxNss 01EA9C90: OnRecv, actual=562
00:04.29 SslBoxNss 01EA9C90: InternalRead for 4096 bytes, read 546
00:04.29 HttpReceiver 01EA9BA0: received 546 bytes
00:04.29 HttpHeader 01E858B8 created
00:04.29 HttpReceiver 01EA9BA0: Header received, status=200, length=262
00:04.29 HttpRequest 01EA9370: Header received, status 200
00:04.29 HttpReceiver 01EA9BA0: Payload received
00:04.29 HttpRequest 01EA9370: Payload received
00:04.29 00: 05 0C 00 04 00 00 00 00 00 00 00 00 59 FB 00 08 |............Y...|
00:04.29 10: 6A 61 6D 79 31 39 37 35 04 0B 00 1E 55 73 65 72 |heys1433....User|
00:04.29 20: 20 68 61 73 20 63 61 6E 63 65 6C 65 64 20 74 68 | has canceled th|
00:04.29 30: 65 20 72 65 71 75 65 73 74 2E 00 03 00 01 00 08 |e request.......|
00:04.29 40: 75 73 2D 61 73 63 69 69 00 02 00 02 65 6E 00 03 |us-ascii....en..|
00:04.29 50: 00 02 55 53 00 00 00 02 00 0D 00 5E 68 74 74 70 |..US.......^http|
00:04.29 60: 3A 2F 2F 61 69 6D 2E 61 6F 6C 2E 63 6F 6D 2F 72 |://aim.aol.com/r|
00:04.29 70: 65 64 69 72 65 63 74 73 2F 70 61 73 73 77 6F 72 |edirects/passwor|
00:04.29 80: 64 2F 63 68 61 6E 67 65 5F 70 61 73 73 77 6F 72 |d/change_passwor|
00:04.29 90: 64 2E 61 64 70 3F 53 63 72 65 65 6E 4E 61 6D 65 |d.adp?ScreenName|
00:04.29 A0: 3D 6A 61 6D 79 31 39 37 35 26 63 63 6F 64 65 3D |=heys1433&ccode=|
00:04.29 B0: 55 53 26 6C 61 6E 67 3D 65 6E 00 0E 00 48 68 74 |US&lang=en...Hht|
00:04.29 C0: 74 70 3A 2F 2F 77 77 77 2E 61 69 6D 2E 63 6F 6D |tp://www.aim.com|
00:04.29 D0: 2F 72 65 64 69 72 65 63 74 73 2F 69 6E 63 6C 69 |/redirects/incli|
00:04.29 E0: 65 6E 74 2F 72 65 73 65 74 70 61 73 73 77 6F 72 |ent/resetpasswor|
00:04.29 F0: 64 2E 61 64 70 3F 6C 6F 67 69 6E 49 64 3D 6A 61 |d.adp?loginId=he|
00:04.29 100: 6D 79 31 39 37 35                               |ys1433          |
00:04.30 BufferSpool 01E856E0 deleted
00:04.30 SocketCache 01EA9728: Reclaiming socket 01EA9C08
00:04.30 Timer 01EA98B8: started, interval=75000
00:04.30 TUasAuthorizer 01EA95D8: Rcvd TGP__FAILURE
00:04.30 TUasAuthorizer 01EA95D8: TGP__FAILURE code: 1035
00:04.30 TUasAuthorizer 01EA95D8: TGP__FAILURE message: User has canceled the request.
00:04.30 TUasAuthorizer 01EA95D8: TGP__FAIL_OPTS_CHANGE_PASSWORD_URL: http://aim.aol.com/redirects/password/change_password.adp?ScreenName=heys1433&ccode=US&lang=en
00:04.30 TUasAuthorizer 01EA95D8: TGP__FAIL_OPTS_FORGOT_PASSWORD_URL: http://www.aim.com/redirects/inclient/resetpassword.adp?loginId=heys1433
00:04.30 Error 01E9AD10 created
00:04.30 Error set, cat=20, code=1025, subcode=0, url=http://www.aim.com/redirects/inclient/resetpassword.adp?loginId=heys1433
 
When this issue occurs because the AIM client has corrupted the cached credentials of the end user.  See the KB article AIM 6.X and Higher Client Cannot Login with Cached Credentials: Connection failed.
 
Check for AIM 6.9 and IM Manager Login Issue
 
If the AIM client log shows a conection to IM Manager on port 5291 but no response back to IM Manager see KB article AIM 6.9 Does Not Log In When Configured to use kdc.uas.aol.com: Connection failed for details. The client log shows like this:
 
08:09.70 Socket 014E3E10: Issued connect request to 192.168.0.22, port 5291
08:09.70 UasAuthorizer 014F0510 deleted
08:09.70 Timer 014F0650 deleted
08:09.70 Timer 014F05F8 deleted
08:09.70 UasTicket 014E2CF0 deleted
08:09.70 Ticket 014E2CF0 deleted
08:09.70 HttpClient 014F06A8 deleted
08:09.70 Timer 014E4080: stopped
08:09.70 Timer 014E4080 deleted
08:09.70 HttpRequest 014E2C58 deleted
08:09.70 Timer 014F08C0: stopped
08:09.70 MessageQueue 014E8488 deleted
08:09.70 SocketCache 014F0730 deleted
08:09.70 ActivityMonitor 014F0828 deleted
08:09.70 Timer 014F08C0 deleted
08:09.70 HttpHeader 014D3760 deleted
08:09.70 HttpHeader 014D5C30 deleted
08:09.70 SslBoxNss 014E41E0: Close
08:09.70 SslBoxNss 014E41E0: OnSend, actual=23
08:09.70 SslSocket 014E4158 deleted
08:09.70 HttpReceiver 014D1F60 deleted
08:09.70 SslBoxNss 014E41E0 deleted
08:09.70 Socket 014E4470: Closed
08:09.70 Socket 014E4470 deleted
08:09.72 SslBoxNss 014E3CF0: OnReadyForData
08:09.72 SslBoxNss 014E3CF0: Continue handshake
08:09.72 SslBoxNss 014E3CF0: OnSend, actual=98
08:09.74 SslBoxNss 014E3CF0: OnDataAvailable
08:09.74 SslBoxNss 014E3CF0: Continue handshake
08:09.74 SslBoxNss 014E3CF0: OnRecv, actual=5
08:09.74 SslBoxNss 014E3CF0: OnRecv, actual=74
08:09.74 SslBoxNss 014E3CF0: OnRecv, actual=5
08:09.74 SslBoxNss 014E3CF0: OnRecv, actual=1
08:09.74 SslBoxNss 014E3CF0: OnRecv, actual=5
08:09.74 SslBoxNss 014E3CF0: OnRecv, actual=32
08:09.74 SslBoxNss 014E3CF0: OnSend, actual=43
08:09.74 SslBoxNss 014E3CF0: Handshake complete
08:09.74 SslBoxNss 014E3CF0: InternalRead for 512 bytes, read -1
08:09.74 SslBoxNss 014E3CF0: OnDataAvailable
08:09.74 SslBoxNss 014E3CF0: InternalRead for 512 bytes, read -1
08:09.74 SslBoxNss 014E3CF0: OnDataAvailable
08:09.74 SslBoxNss 014E3CF0: InternalRead for 512 bytes, read -1
08:09.74 SslBoxNss 014E3CF0: OnDataAvailable
08:09.74 SslBoxNss 014E3CF0: InternalRead for 512 bytes, read -1
08:09.74 SslBoxNss 014E3CF0: OnDataAvailable
08:09.74 SslBoxNss 014E3CF0: InternalRead for 512 bytes, read -1
08:09.75 SslBoxNss 014E3CF0: OnDataAvailable
08:09.75 SslBoxNss 014E3CF0: OnRecv, actual=5
08:09.75 SslBoxNss 014E3CF0: OnRecv, actual=30
08:09.75 SslBoxNss 014E3CF0: InternalRead for 512 bytes, read 14
08:09.75 FlapStream 014F16B0: rcvd SIGNON; l=8 s=24875; v=1
08:09.75 00: 00 02 00 00                                     |....            |
08:09.75 FlapStream 014F16B0: sent SIGNON; l=398 s=22007; v=1
08:09.75 00: 00 06 01 00 02 6F 6C 3B 8C AA 07 F5 BE 2A F0 AE |.....ol;.....*..|
08:09.75 10: D4 52 D5 27 2F 21 32 FB 1B 5C AD 4F 2C 08 2F DA |.R.'/!2..\.O,./.|
08:09.75 20: 19 35 4E 18 86 61 02 D8 C2 1C BE 09 11 9B 39 D8 |.5N..a........9.|
08:09.75 30: D2 8A CC AF 3B 5E 6B 8C E6 F4 15 21 D5 9D CA 52 |....;^k....!...R|
08:09.75 40: B4 02 99 DC 89 06 B8 E2 47 DC 45 3E 0B 75 FD 5D |........G.E>.u.]|
08:09.75 50: 59 02 F6 4D FD 1A 76 5D B0 7A 12 9A D1 EB BD F2 |Y..M..v].z......|
08:09.75 60: 04 56 14 30 92 80 82 69 3D D9 52 3C 05 0B 62 1A |.V.0...i=.R<..b.|
08:09.75 70: FF 1C EC 1E 76 00 A4 FF D2 CE 25 D0 5C C8 9B 5D |....v.....%.\..]|
08:09.75 80: D3 1E 4A 2C 8E 81 34 D5 71 2F C7 10 91 D1 D2 1B |..J,..4.q/......|
08:09.75 90: 59 24 36 9B 2B A1 4F 43 7B F7 46 C7 B0 0F F3 76 |Y$6.+.OC{.F....v|
08:09.75 A0: 94 48 5B B8 91 C4 83 53 64 7F A8 13 CB C1 19 ED |.H[....Sd.......|
08:09.75 B0: 7A 16 64 3B DB 6A AC 75 CB EB 4F F2 61 43 B3 F1 |z.d;.j.u..O.aC..|
08:09.75 C0: 08 E7 8E 4E C9 7D 67 16 77 75 28 D9 09 E9 BC 6C |...N.}g.wu(....l|
08:09.75 D0: 53 18 92 4A 48 BD 34 12 6B A2 F2 18 BF 1A 90 E3 |S..JH.4.k.......|
08:09.75 E0: F5 18 82 DB CA 37 C7 D4 46 27 8F 5F 27 60 FC 07 |.....7..F'._'`..|
08:09.75 F0: 14 89 DA 8E E8 9D 19 9A 41 A9 1A 13 70 CC C1 4D |........A...p..M|
08:09.75 100: 41 32 2B 33 00 A2 00 02 00 05 00 A3 00 02 00 07 |A2+3............|
08:09.75 110: 00 A4 00 02 00 01 00 A5 00 02 18 32 00 03 00 05 |...........2....|
08:09.75 120: 69 6D 41 70 70 00 17 00 02 00 06 00 18 00 02 00 |imApp...........|
08:09.75 130: 09 00 19 00 02 00 0F 00 1A 00 02 00 01 00 16 00 |................|
08:09.75 140: 02 01 26 00 14 00 04 00 00 01 80 00 0F 00 02 65 |..&............e|
08:09.75 150: 6E 00 0E 00 02 55 53 00 9E 00 02 00 01 00 9F 00 |n....US.........|
08:09.75 160: 02 00 08 00 A0 00 02 00 01 00 A1 00 02 08 8B 00 |................|
08:09.75 170: 94 00 01 00 00 4A 00 01 01 00 AB 00 00 00 AC 00 |.....J..........|
08:09.75 180: 01 00 80 03 00 04 00 10 00 00                   |..........      |
08:09.75 SslBoxNss 014E3CF0: InternalWrite
08:09.75 SslBoxNss 014E3CF0: OnSend, actual=425
08:09.75 Timer 014E3938: started, interval=238000
08:09.75 Service 014D2880 created
08:09.75 RequestMapper 014D1F60 created
08:09.75 SslBoxNss 014E3CF0: OnDataAvailable
08:09.75 SslBoxNss 014E3CF0: InternalRead for 512 bytes, read -1
08:23.04 SslBoxNss 014D52F0: OnDataAvailable
09:23.04 Timer 014D3030: fires
09:23.04 Timer 014D3030: started, interval=10
09:23.06 Timer 014D3030: fires
09:23.06 SslBoxNss 014D52F0: Close
09:23.06 SslBoxNss 014D52F0: OnSend, actual=23
09:23.06 Socket 014D5580: Closed
 
2. Troubleshooting DCS Provisioning
 
Check Client DNS redirection
 
Perform the following steps on the end user workstation.
 
1.     Go to Start | Run type cmd and click Enter.
2.     In the command prompt type
 
ping kdc.uas.aol.com
 
If you are able to ping this domain name then the DNS has not been configured. See Solution section AOL DNS Redirection.
 
 
Check AIM HTTPS Connectivity
 
Perform the following steps on the end user workstation.
 
1.     Go to Start | Run type cmd and click Enter.
2.     In the command prompt type
 
telnet aimpro.premiumservices.aol.com 443
 
 If you are not able to ping this domain name then the AIM client cannot contact AOL to look up IM Manager hostname. See article How to Test the AOL Provisioning for AIM 6.x and Higher IM Clients for more details. See Solution section AIM HTTPS Connectivity.
 
 
Check AIM Client Identifies CLDN and PLDN
 
1.     After enabling AOL AIM Client Logging (See KB "How To Enable AIM SSL Client Logging") find the following line in the log file:
 
00:01.35 HttpRequest 00E90200: POST https://aimpro.premiumservices.aol.com/dcs/?cldn=1%2Bsymantec.com%2BLocal+Area+Connection%2BSiS+900-Based+PCI+Fast+Ethernet+Adapter+-+Packet+Scheduler+Miniport&pldn=symantec.com&snd=&clientName=imApp&clientVersion=37.6.X.7.7.368
 
2.     Determine if AOL is provisioned to use the CLDN or PLDN by using the KB article How to Test the AOL Provisioning for AIM 6.x and Higher IM Clients.
3.     Ensure that the AIM client log is sending the value of CLDN or PLDN correctly. 
 
 
AIM client sends both PLDN and CLDN:
 
00:01.35 HttpRequest 00E90200: POST https://aimpro.premiumservices.aol.com/dcs/?cldn=1%2Bsymantec.com%2BLocal+Area+Connection%2BSiS+900-Based+PCI+Fast+Ethernet+Adapter+-+Packet+Scheduler+Miniport&pldn=symantec.com&snd=&clientName=imApp&clientVersion=37.6.X.7.7.368
 
AIM client sends only PLDN:
 
00:01.35 HttpRequest 00E90200: POST https://aimpro.premiumservices.aol.com/dcs/?cldn=1%2BNULL%2BLocal+Area+Connection%2BSiS+900-Based+PCI+Fast+Ethernet+Adapter+-+Packet+Scheduler+Miniport&pldn=symantec.com&snd=&clientName=imApp&clientVersion=37.6.X.7.7.368
 
AIM client sends only CLDN:
 
00:01.35 HttpRequest 00E90200: POST https://aimpro.premiumservices.aol.com/dcs/?cldn=1%2Bsymantec.com%2BLocal+Area+Connection%2BSiS+900-Based+PCI+Fast+Ethernet+Adapter+-+Packet+Scheduler+Miniport&pldn=NULL&snd=&clientName=imApp&clientVersion=37.6.X.7.7.368
 
Most customers are provisioned with AOL to use pldn
If AOL is provisioned to use pldn then ensure the AIM client is sending the correct PLDN. 
If AOL is provisioned to use the cldn then ensure the AIM client is sending the correct CLDN.
 
If the value of Primary DNS Suffix is empty see section AIM Client Cannot Obtain Primary DNS Suffix in the Solution section.
 
 
Check End User Workstation DNS Resolution for aimpro.premiumservices.aol.com
 
1.     After enabling AOL AIM Client Logging (See KB "How To Enable AIM SSL Client Logging") locate the following lines in the log file:
 
00:06.02 DnsResolver 01E093A8: Resolving aimpro.premiumservices.aol.com
00:06.02 Timer 01E093F0 created
00:06.02 Timer 01E093F0: started, interval=30000
00:06.02 Timer 01DFA560 deleted
00:06.02 HttpRequest 01DF96C8 deleted
00:06.02 HttpHeader 01DF8E88 deleted
00:06.02 Timer 01DF85F8: stopped
00:06.02 SslBoxNss 01DF9D30: Close
00:06.02 SslSocket 01DF9C40 deleted
00:06.02 SslBoxNss 01DF9D30 deleted
00:06.03 Socket 01DFA388: Closed
00:06.03 Socket 01DFA388 deleted
00:06.03 Socket 01E09310: Issued connect request to 10.85.209.100, port 443
 
2.     On the End User Workstation:
 
1.     Go to Start | Run type cmd and click Enter.
2.     In the command prompt type
 
ping aimpro.premiumservices.aol.com
 
3.     The IP address resolved for aimpro.premiumservices.aol.com is an internal IP address.
4.     The DNS used by end users is incorrectly redirecting aimpro.premiumservices.aol.com to an internal IP address. 
 
It is a requirement for AIM 6.x and higher deployments that end users can correctly resolve the IP actual address of aimpro.premiumservices.aol.com
 
See section Configuring your DNS Servers in the IM Manager Implementation Guide on how to correctly configure DNS for end users.
 
 
Check Connectivity to AOL Provisioning Servers
 
After enabling AOL AIM Client Logging (See KB "How To Enable AIM SSL Client Logging") find the following line in the log file:
 
00:01.35 HttpRequest 00E90200: POST https://aimpro.premiumservices.aol.com/dcs/?cldn=1%2Bsymantec.com%2BLocal+Area+Connection%2BSiS+900-Based+PCI+Fast+Ethernet+Adapter+-+Packet+Scheduler+Miniport&pldn=symantec.com&snd=&clientName=imApp&clientVersion=37.6.X.7.7.368
 
Immediately after that the AIM client attempts to connect to the IP address for aimpro.premiumservices.aol.com:
 
00:01.50 Socket 01B6D6B8: Issued connect request to 64.12.201.177, port 443
 
Then the client expects to receive an XML response. If no XML response is received there is typically a connection error on the socket like this:
 
00:14.02 Error 01102AC0 created
00:14.02 Error set, cat=Socket, code=Error, subcode=0, url=
00:14.02 Error 01104FB8 created
00:14.02 Error set, cat=Dcs, code=Http, subcode=0, url=
 
Failures to connect and receive a response from aimpro.premiumservices.aol.com are typically caused by firewalls and other web content filtering devices. Please work with the vendors of those products to allow connections to aimpro.premiumservices.aol.com
 
See the following article for details on how to test the AIM provisioning outside of the AIM client: How to Test the AOL Provisioning for AIM 6.X and Higher IM Clients.
 
 
Check AOL Provisioning Returning Correct Hostname
 
After enabling AOL AIM Client Logging (See KB "How To Enable AIM SSL Client Logging") find the following lines in the log file:
 
04:16.57 00: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 |<?xml version="1|
04:16.57 10: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 |.0" encoding="UT|
04:16.57 20: 46 2D 38 22 3F 3E 0A 3C 72 65 73 70 6F 6E 73 65 |F-8"?>.<response|
04:16.57 30: 3E 3C 73 74 61 74 75 73 43 6F 64 65 3E 32 30 30 |><statusCode>200|
04:16.57 40: 3C 2F 73 74 61 74 75 73 43 6F 64 65 3E 3C 73 74 |</statusCode><st|
04:16.57 50: 61 74 75 73 54 65 78 74 3E 4F 6B 3C 2F 73 74 61 |atusText>Ok</sta|
04:16.57 60: 74 75 73 54 65 78 74 3E 3C 64 61 74 61 20 6E 61 |tusText><data na|
04:16.57 70: 6D 65 3D 22 63 6F 6E 6E 2E 73 65 74 74 69 6E 67 |me="conn.setting|
04:16.57 80: 73 22 20 70 72 69 6F 72 69 74 79 3D 22 30 22 3E |s" priority="0">|
04:16.57 90: 3C 70 72 6F 78 79 2E 75 73 65 5F 70 72 6F 78 79 |<proxy.use_proxy|
04:16.57 A0: 3E 66 61 6C 73 65 3C 2F 70 72 6F 78 79 2E 75 73 |>false</proxy.us|
04:16.57 B0: 65 5F 70 72 6F 78 79 3E 3C 65 6E 64 2D 70 6F 69 |e_proxy><end-poi|
04:16.57 C0: 6E 74 2E 70 6F 72 74 3E 34 34 33 3C 2F 65 6E 64 |nt.port>443</end|
04:16.57 D0: 2D 70 6F 69 6E 74 2E 70 6F 72 74 3E 3C 65 6E 64 |-point.port><end|
04:16.57 E0: 2D 70 6F 69 6E 74 2E 63 6F 6E 6E 74 79 70 65 3E |-point.conntype>|
04:16.57 F0: 73 73 6C 3C 2F 65 6E 64 2D 70 6F 69 6E 74 2E 63 |ssl</end-point.c|
04:16.57 100: 6F 6E 6E 74 79 70 65 3E 3C 63 63 2E 75 72 6C 3E |onntype><cc.url>|
04:16.57 110: 68 74 74 70 73 3A 2F 2F 61 69 6D 70 72 6F 2E 70 |https://aimpro.p|
04:16.57 120: 72 65 6D 69 75 6D 73 65 72 76 69 63 65 73 2E 61 |remiumservices.a|
04:16.57 130: 6F 6C 2E 63 6F 6D 2F 63 63 2F 43 6C 69 65 6E 74 |ol.com/cc/Client|
04:16.57 140: 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 57 53 2E |ConfigurationWS.|
04:16.57 150: 6A 77 73 3F 57 53 44 4C 20 3C 2F 63 63 2E 75 72 |jws?WSDL </cc.ur|
04:16.57 160: 6C 3E 3C 65 6E 64 2D 70 6F 69 6E 74 2E 68 6F 73 |l><end-point.hos|
04:16.57 170: 74 74 79 70 65 3E 75 61 73 3C 2F 65 6E 64 2D 70 |ttype>uas</end-p|
04:16.57 180: 6F 69 6E 74 2E 68 6F 73 74 74 79 70 65 3E 3C 65 |oint.hosttype><e|
04:16.57 190: 6E 64 2D 70 6F 69 6E 74 2E 63 6F 6E 6E 74 69 6D |nd-point.conntim|
04:16.57 1A0: 65 6F 75 74 3E 31 30 3C 2F 65 6E 64 2D 70 6F 69 |eout>10</end-poi|
04:16.57 1B0: 6E 74 2E 63 6F 6E 6E 74 69 6D 65 6F 75 74 3E 3C |nt.conntimeout><|
04:16.57 1C0: 65 6E 64 2D 70 6F 69 6E 74 2E 68 6F 73 74 3E 69 |end-point.host>i|
04:16.57 1D0: 6D 6D 2E 62 6C 61 63 6B 6F 70 73 2D 73 69 6D 6D |mm.blackops-simm|
04:16.57 1E0: 2E 63 6F 6D 3C 2F 65 6E 64 2D 70 6F 69 6E 74 2E |.com</end-point.|
04:16.57 1F0: 68 6F 73 74 3E 3C 2F 64 61 74 61 3E 3C 64 61 74 |host></data><dat|
04:16.57 200: 61 20 6E 61 6D 65 3D 22 63 6C 69 65 6E 74 2E 75 |a name="client.u|
04:16.57 210: 72 6C 73 22 20 70 72 69 6F 72 69 74 79 3D 22 30 |rls" priority="0|
04:16.57 220: 22 3E 3C 63 68 61 6E 67 65 5F 70 61 73 73 77 6F |"><change_passwo|
04:16.57 230: 72 64 2F 3E 3C 2F 64 61 74 61 3E 3C 2F 72 65 73 |rd/></data></res|
04:16.57 240: 70 6F 6E 73 65 3E                               |ponse>          |
 
Find value of the <end-point.host>hostname</end-point.host> variable. This value must be the name of the provisioned hostname for IM Manager. Or a virtual hostname.
 
If the <statusCode> value is not 200 then there may be an issue with the AIM provisioning. The lines may look like this:
 
03:05.26 00: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 |<?xml version="1|
03:05.26 10: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 |.0" encoding="UT|
03:05.26 20: 46 2D 38 22 3F 3E 3C 72 65 73 70 6F 6E 73 65 3E |F-8"?><response>|
03:05.26 30: 3C 73 74 61 74 75 73 43 6F 64 65 3E 34 35 30 3C |<statusCode>450<|
03:05.26  40: 2F 73 74 61 74 75 73 43 6F 64 65 3E 3C 73 74 61 |/statusCode><sta|
03:05.26 50: 74 75 73 54 65 78 74 3E 4E 6F 20 63 6F 6E 66 69 |tusText>No confi|
03:05.26 60: 67 75 72 61 74 69 6F 6E 20 66 6F 75 6E 64 3C 2F |guration found</|
03:05.26 70: 73 74 61 74 75 73 54 65 78 74 3E 3C 2F 72 65 73 |statusText></res|
03:05.26 80: 70 6F 6E 73 65 3E                               |ponse>          |
 
If the status code is 200 and the wrong hostname is returned issue the HTTPS post to AOL using both the Primary Domain Suffix
 
Please contact Symantec support on this issue.
 
Check IM Manager Host Name Redirection
 
After enabling AOL AIM Client Logging (See KB "How To Enable AIM SSL Client Logging") locate the following lines in the log file:
 
04:16.57 00: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 |<?xml version="1|
04:16.57 10: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 |.0" encoding="UT|
04:16.57 20: 46 2D 38 22 3F 3E 0A 3C 72 65 73 70 6F 6E 73 65 |F-8"?>.<response|
04:16.57 30: 3E 3C 73 74 61 74 75 73 43 6F 64 65 3E 32 30 30 |><statusCode>200|
04:16.57 40: 3C 2F 73 74 61 74 75 73 43 6F 64 65 3E 3C 73 74 |</statusCode><st|
04:16.57 50: 61 74 75 73 54 65 78 74 3E 4F 6B 3C 2F 73 74 61 |atusText>Ok</sta|
04:16.57 60: 74 75 73 54 65 78 74 3E 3C 64 61 74 61 20 6E 61 |tusText><data na|
04:16.57 70: 6D 65 3D 22 63 6F 6E 6E 2E 73 65 74 74 69 6E 67 |me="conn.setting|
04:16.57 80: 73 22 20 70 72 69 6F 72 69 74 79 3D 22 30 22 3E |s" priority="0">|
04:16.57 90: 3C 70 72 6F 78 79 2E 75 73 65 5F 70 72 6F 78 79 |<proxy.use_proxy|
04:16.57 A0: 3E 66 61 6C 73 65 3C 2F 70 72 6F 78 79 2E 75 73 |>false</proxy.us|
04:16.57 B0: 65 5F 70 72 6F 78 79 3E 3C 65 6E 64 2D 70 6F 69 |e_proxy><end-poi|
04:16.57 C0: 6E 74 2E 70 6F 72 74 3E 34 34 33 3C 2F 65 6E 64 |nt.port>443</end|
04:16.57 D0: 2D 70 6F 69 6E 74 2E 70 6F 72 74 3E 3C 65 6E 64 |-point.port><end|
04:16.57 E0: 2D 70 6F 69 6E 74 2E 63 6F 6E 6E 74 79 70 65 3E |-point.conntype>|
04:16.57 F0: 73 73 6C 3C 2F 65 6E 64 2D 70 6F 69 6E 74 2E 63 |ssl</end-point.c|
04:16.57 100: 6F 6E 6E 74 79 70 65 3E 3C 63 63 2E 75 72 6C 3E |onntype><cc.url>|
04:16.57 110: 68 74 74 70 73 3A 2F 2F 61 69 6D 70 72 6F 2E 70 |https://aimpro.p|
04:16.57 120: 72 65 6D 69 75 6D 73 65 72 76 69 63 65 73 2E 61 |remiumservices.a|
04:16.57 130: 6F 6C 2E 63 6F 6D 2F 63 63 2F 43 6C 69 65 6E 74 |ol.com/cc/Client|
04:16.57 140: 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 57 53 2E |ConfigurationWS.|
04:16.57 150: 6A 77 73 3F 57 53 44 4C 20 3C 2F 63 63 2E 75 72 |jws?WSDL </cc.ur|
04:16.57 160: 6C 3E 3C 65 6E 64 2D 70 6F 69 6E 74 2E 68 6F 73 |l><end-point.hos|
04:16.57 170: 74 74 79 70 65 3E 75 61 73 3C 2F 65 6E 64 2D 70 |ttype>uas</end-p|
04:16.57 180: 6F 69 6E 74 2E 68 6F 73 74 74 79 70 65 3E 3C 65 |oint.hosttype><e|
04:16.57 190: 6E 64 2D 70 6F 69 6E 74 2E 63 6F 6E 6E 74 69 6D |nd-point.conntim|
04:16.57 1A0: 65 6F 75 74 3E 31 30 3C 2F 65 6E 64 2D 70 6F 69 |eout>10</end-poi|
04:16.57 1B0: 6E 74 2E 63 6F 6E 6E 74 69 6D 65 6F 75 74 3E 3C |nt.conntimeout><|
04:16.57 1C0: 65 6E 64 2D 70 6F 69 6E 74 2E 68 6F 73 74 3E 69 |end-point.host>i|
04:16.57 1D0: 6D 6D 2E 62 6C 61 63 6B 6F 70 73 2D 73 69 6D 6D |mm.blackops-simm|
04:16.57 1E0: 2E 63 6F 6D 3C 2F 65 6E 64 2D 70 6F 69 6E 74 2E |.com</end-point.|
04:16.57 1F0: 68 6F 73 74 3E 3C 2F 64 61 74 61 3E 3C 64 61 74 |host></data><dat|
04:16.57 200: 61 20 6E 61 6D 65 3D 22 63 6C 69 65 6E 74 2E 75 |a name="client.u|
04:16.57 210: 72 6C 73 22 20 70 72 69 6F 72 69 74 79 3D 22 30 |rls" priority="0|
04:16.57 220: 22 3E 3C 63 68 61 6E 67 65 5F 70 61 73 73 77 6F |"><change_passwo|
04:16.57 230: 72 64 2F 3E 3C 2F 64 61 74 61 3E 3C 2F 72 65 73 |rd/></data></res|
04:16.57 240: 70 6F 6E 73 65 3E                               |ponse>          |
 
1.     Find value of the <end-point.host>hostname</end-point.host> variable.
2.     On the End User Workstation:
 
1.     Go to Start | Run type cmd and click Enter.
2.     In the command prompt type
 
ping hostname
 
where hostname is the value of the <end-point.host> variable located in the AIM Client log file.
 
3.     If ping does not return IP address of the IM Manager Server, see Solution section IM Manager Host Name Redirection.
 
 
 
 

 

 


Solution




AOL DNS Redirection

For Symantec IM Manager to work with 6.X client you must configure your internal DNS that IM clients use to point the hostname kdc.uas.aol.com to resolve 0.0.0.0. This prevents your AIM IM users from bypassing Symantec IM Manager and connecting directly to the AIM public IM network servers.

      • See the IM Manager Implementation Guide section "Creating forward look-up zones on your internal DNS" for more details on the internal DNS configuration.

AIM HTTPS Connectivity

    The AIM IM client cannot connect to aimpro.premiumservices.aol.com for an HTTPS POST request.
      • Configure the network to allow HTTPS POST requests to aimpro.premiumservices.aol.com.


IM Manager Host Name Redirection

      You must configure your DNS to resolve the host name that is returned from AOL to either the appropriate Symantec IM Manager relay server or the virtual IP address of a load balancer.
      • See the IM Manager Implementation Guide Appendix H "Configuring Symantec IM Manager for AIM SSL" for more details.

AOL Firewall Configuration

For Symantec IM Manager to work with 6.X client you must configure your internal Firewall to allow outbound access from the end user workstation to the IM Manager Server and from IM Manager Server to the Internet on port 443.

      • See the IM Manager Implementation Guide section "Configuring your firewall" for more details on the Firewall configuration.


Enable AIM SSL Access

      • To use AIM 6.X or higher client you must configure Symantec IM Manager so that your AIM IM users can use SSL.

      Configure IM Manager for AIM SSL.
        1. From the Symantec IM Manager MMC Snap-in, select the AIM Agent tab.
        2. Under AIM SSL, check Enable SSL.
        3. Click Select Certificate.
        4. From the Select Certificate screen, select the certificate that matches the hostname that resolves to the Symantec IM Manager Relay server. For details about how to obtain Certificate see IM Manager Implementation Guide Appendix H.
        5. Click OK. The certificate that you select appears automatically in the Issued To box.
        6. Click OK to apply changes.
    These settings take effect when the IM Manager Relay service is restarted.

    If Symantec IM Manager is installed in Partner Pass-Through mode, perform the obove steps on all Partner and Pass-Through Relay Servers.


SSL Server Name/IP Address Configuration

IM Manager Standard Implementation
 

      IM Manager must be able to redirect AIM SSL client connections after they connected to the Relay Server. Configure IM Manager to redirect AIM SSL Clients to the Internet.
      1. Open IM Manager MMC Snap In.
      2. Right Click IM Manager.
      3. Go to AIM Agent tab.
      4. If the Enable SSL check box is not checked, see Solution section Enabled AIM SSL Access.
      5. In the SSL Server Name/IP Address: text box type kdc.uas.aol.com.
      6. Click OK to apply changes.
    These settings take effect when the IM Manager Relay service is restarted.


For IM Manager Pass-Through Implementation

      If Symantec IM Manager is installed in Partner Pass-Through mode:

      Partner Relay Server SSL Server Name/IP Address: text box configuration should be grayed out and contains the FQDN of the Pass-Through Relay Server

      Pass-Through Relay Server must be able to redirect AIM SSL client connections after they connected to the Pass-Through Relay Server. Configure IM Manager Pass-Through Relay to redirect AIM SSL Clients to the Internet.
      1. Open IM Manager MMC Snap In.
      2. Right Click IM Manager.
      3. Go to AIM Agent tab.
      4. If the Enable SSL check box is not checked, see Solution section Enabled AIM SSL Access.
      5. In the SSL Server Name/IP Address: text box type kdc.uas.aol.com.
      6. Click OK to apply changes.
    These settings take effect when the IM Manager Relay service is restarted.

AIM Client Cannot Obtain Primary DNS Suffix

    The AIM client was unable to obtain the primary DNS suffix from the computer. If the computer is not part of a domain AIM 6.X will not be able to perform zero-client configuration.

    In this situation configure the AIM 6.X IM client to point directly to the IM Manager server:
      1. Start the AIM IM client.
      2. Enter a screen name and password.
      3. Click the Settings hyperlink on the AIM client.
      4. Click the Connection tab.
      5. In the Host textbox enter the hostname specified by the SSL certificate installed into IM Manager.
      6. Click the Save button.

IM Manager not Responding to HTTPS POST

Certificate Requirements

    AIM SSL IM clients require a certificate from a trusted certificate authority (CA) to encrypt and decrypt IM traffic. For Symantec IM Manager to work with AIM SSL, you must obtain a certificate from one of these authorities and then install it on each Symantec IM Manager relay server in your IM network. See IM Manager Implementation Guide Appendix H for details.
    • The certificate that you obtain from the CA must have the same name as the host name that you provided to Symantec Support.
    • The certificate must have the private key installed on the computer.

    See the KB How to Install an SSL Certificate for Use with IM Manager and AIM 6.X to check on the certification chain for the SSL certificate.




References
How To Enable AIM SSL Client Logging

http://service1.symantec.com/support/ent-gate.nsf/docid/2008051810443654

How To Troubleshoot AIM SSL Connectivity Issues Using getNameInfo Tool
http://service1.symantec.com/support/ent-gate.nsf/docid/2008051810262754

AIM SSL Clients Cannot Login via VPN
http://service1.symantec.com/support/ent-gate.nsf/docid/2008050614125054

How To Collect AIM SSL Client Network Trace
http://service1.symantec.com/support/ent-gate.nsf/docid/2008051518544554

How to Test the AOL SSL/DCS Provisioning for AIM Clients



Technical Information
How to Troubleshoot AIM Client SSL Errors

 

    There are scenarios where the AIM client reports SSL errors in the AIM client log. The following is an example:
      00:01.86 SslBoxNss 01E91BF8: cert check failed: code=-8162 url=imm.foo.com cn=imm.foo.com

    The error code listed corresponds to the error codes listed in the article NSS and SSL Error Codes from the Mozilla project. In this case the error code means "The certificate issuer's certificate has expired.".

How to use OpenSSL to view the Certificate Information Passed from IM Manager to the AIM client

    There may be situations where the AIM client reports a certificate check failure like this:
        00:01.86 SslBoxNss 01E91BF8: cert check failed: code=-8162 url=imm.foo.com cn=imm.foo.com

    If one of the solutions listed above does not help, and if the error code listing for certificate errors above does not help, it may be useful to look at the certificate information being passed from IM Manager to the AIM client.

    1. Download and install the Open SSL client from here: http://www.openssl.org/docs/apps/s_client.html.
    2. Run the following from a command line:
    3. The results will be something like this:
      CONNECTED(00000004)
      depth=2 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
      verify error:num=20:unable to get local issuer certificate
      verify return:0

      ---

      Certificate chain

      0 s:/C=US/postalCode=10577/ST=NY/L=Purchase/streetAddress=One Symantec Road/O=SYMATNECC/OU=IT/OU=Secure Link SSL Wildcard/CN=*.symantec.com

      i:/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority

      1 s:/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority

      i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware

      2 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware

      i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

      ---

      Server certificate

      -----BEGIN CERTIFICATE-----

      MIIE9jCCA96gAwIBAgIRAM+2UG2aWNxdeAMPtOuNTTQwDQYJKoZIhvcNAQEFBQAw

      YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D

      YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D

      aXR5MB4XDTA4MDMyMDAwMDAwMFoXDTExMDUxOTIzNTk1OVowgb8xCzAJBgNVBAYT

      AlVTMQ4wDAYDVQQREwUxMDU3NzELMAkGA1UECBMCTlkxETAPBgNVBAcTCFB1cmNo

      YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D

      T1RBIE1hbmFnZW1lbnQgTExDMQswCQYDVQQLEwJJVDEhMB8GA1UECxMYU2VjdXJl

      IExpbmsgU1NMIFdpbGRjYXJkMREwDwYDVQQDFAgqLm94LmNvbTCBnzANBgkqhkiG

      9w0BAQEFAAOBjQAwgYkCgYEAq3+i16OaS/W2fUL68qUQ3QuSN8c3hOImqcYBoVYA

      69tWkTy9kM7gWl1EeTu3US0yHTBads/Cvar6Din/Gr0+VcuT2i1P6eyeJXC0rd7K

      j9+1aKF3O3ZDt9w53r6iQzlUQlR3mHNDMz36c4qQcYlLoX/hkZIJ4AUf6YWQECm7

      PXsCAwEAAaOCAcswggHHMB8GA1UdIwQYMBaAFDxB4o8ICKlMJYmNbcU40PyFjGIX

      MB0GA1UdDgQWBBQhE0M8ALDfzL9k8VfVg6we21TblDAOBgNVHQ8BAf8EBAMCBaAw

      DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYJ

      YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D

      KwYBBQUHAgEWQmh0dHA6Ly93d3cubmV0d29ya3NvbHV0aW9ucy5jb20vbGVnYWwv

      U1NMLWxlZ2FsLXJlcG9zaXRvcnktY3BzLmpzcDB6BgNVHR8EczBxMDagNKAyhjBo

      dHRwOi8vY3JsLm5ldHNvbHNzbC5jb20vTmV0d29ya1NvbHV0aW9uc19DQS5jcmww

      YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D

      c19DQS5jcmwwTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzAChjBodHRwOi8vd3d3

      Lm5ldHNvbHNzbC5jb20vTmV0d29ya1NvbHV0aW9uc19DQS5jcnQwDQYJKoZIhvcN

      YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D

      dkAotZEbXWuH//Yb8DkvBp/CesyS/vMRlDuJlElESImEvp++959TpxXpBUwQ1wwm

      j+nonjHVRKe4QxOA3NY/kA8qVCYOgEsxu9uK/M3s6Chylok0nNyrWksqKSFPmMB7

      xEUp5u/uwP/Q3OUn6MSYt4/HagdgsPlsEBuE2ddYNYhLSIDQlRMtLylattIgxI51

      ZW6GK7UJ52X8JMj8rU49RmSRHiVx8ts7gy4GTK/GBL47I6x3jILc1BEveHduEfSM

      /LHrzHDvvI9XHaWI/4PEp9ypy33qNZ1vEUU=

      -----END CERTIFICATE-----

      subject=/C=US/postalCode=10577/ST=NY/L=Purchase/streetAddress=One Symantec Road/O=SYMATNECC/OU=IT/OU=Secure Link SSL Wildcard/CN=*.symantec.com

      issuer=/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority

      ---

      No client certificate CA names sent

      ---

      SSL handshake has read 3698 bytes and written 306 bytes

      ---

      New, TLSv1/SSLv3, Cipher is RC4-MD5

      Server public key is 1024 bit

      Compression: NONE

      Expansion: NONE

      SSL-Session:

      Protocol : TLSv1

      Cipher : RC4-MD5

      Session-ID: C11E0000FC1C77BE3BCB1865F22CD844668E92BE25E2941C513C6A1D2C03E71D

      Session-ID-ctx:

      Master-Key: 03BE13E0841B6061B20465B7BAC99B35444C731689E6381855B20465B7BAFF0CF6958B3ADD48DE9B20465B7BA

      Key-Arg : None

      Start Time: 1212592045

      Timeout : 300 (sec)

      Verify return code: 20 (unable to get local issuer certificate)
    Use this information to verify the expected results.

 



Legacy ID



2008050821234654


Article URL http://www.symantec.com/docs/TECH89483


Terms of use for this information are found in Legal Notices