Certificate problems with OCS 2007 - part 1

Oftentimes when deploying OCS 2007 to complex environments something doesn't work as expected. Even more often the culprit is either a certificates issue or AD (and thus, often a DNS) issue.

One of my colleagues had problems when connecting Office Communicator to OCS 2007, using Access Edge. Thus the workstation was outside the company's LAN (and AD), and was running Windows Vista with Internet Explorer 7.0. Most companies choose to deploy OCS 2007 with private certificates, i.e. generating their own rather than shelling out the hard-earner dollars to companies like Verisign.

The problem here is that while the workstation is able to connect, you will see a problem with authentication. Debugging this through OCS 2007 Logging Tool (which, I might add, is excellent) it all boils down to certificate problems - the client doesn't have the CRL (Certificate Revocation List), and IE7 always enforces that by default.

Fix? Uncheck "Check for server certificate revocation" -option from IE7 > Tools > Internet Options > Advanced.