Symptoms:

LCS 2005, OCS 2007, and/or OCS 2007 R2 fail to establish PIC connectivity to MSN after changes were made to the MSN infrastructure on May 9, 2009

Data:

In the logs, you'll see the following data:

TL_ERROR(TF_CONNECTION) [1]08B4.146C::05/12/2009-15:32:27.115.00004bcf (SIPStack,SIPAdminLog::TraceConnectionRecord:1224.idx(157))$$begin_record

LogType: connection

Severity: error

Text: Receive operation on the connection failed

Local-IP: 167.207.100.260:2540

Peer-IP: 65.54.227.249:5061

Peer-FQDN: federation.messenger.msn.com

Connection-ID: 0x375D101

Transport: TLS

Result-Code: 0x80072746 WSAECONNRESET

$$end_record

TL_ERROR(TF_CONNECTION) [1]08B4.146C::05/12/2009-15:32:27.115.00004bde (SIPStack,SIPAdminLog::TraceConnectionRecord:1224.idx(157))$$begin_record

LogType: connection

Severity: error

Text: The connection was closed before TLS negotiation completed. Did the remote peer accept our certificate?

Local-IP: 167.207.100.260:2540

Peer-IP: 65.54.227.249:5061

Peer-FQDN: federation.messenger.msn.com

Connection-ID: 0x375D101

Transport: TLS

$$end_record

Cause:

The old VIP is being cached in your environment somewhere.   If you look at the logs, connections are still trying to be made against 65.54.227.249, yet this VIP has been turned off on the MSN side.

Federation.messenger.msn.com is currently being directed to 64.4.9.181, though per Microsoft KB 897567, there are 5 possible IP addresses.  At this time the 64.4.9.181 IP address is the only one in service (and the other IP addresses listed in the article will be brought online as load/capacity deems necessary).

Resolution:

Clear the DNS cache (or HOSTS file), as they are resolving to the wrong IP address.

Credit:

Nathan Novak (in MSN; he rocks!)