http://blogs.msdn.com/jro/archive/2007/09/04/certificate-problems-with-ocs-2007-part-1.aspxOftentimes when deploying OCS 2007 to complex environments something doesn't work as expected. Even more often the culprit is either a certificates issue or AD (and thus, often a DNS) issue. One of my colleagues had problems when connecting Office Communicatoren-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/jro/archive/2007/09/04/certificate-problems-with-ocs-2007-part-1.aspx#4741857Tue, 04 Sep 2007 16:53:25 GMT91d46819-8472-40ad-a661-2c78acb4018c:4741857MichaelGiagnocavo<p>Uh, wouldn't the correct fix be to make sure the CRL is in an accessible location rather than downgrade security for the entire workstation?</p> http://blogs.msdn.com/jro/archive/2007/09/04/certificate-problems-with-ocs-2007-part-1.aspx#4759100Wed, 05 Sep 2007 12:58:38 GMT91d46819-8472-40ad-a661-2c78acb4018c:4759100jro<p>Michael,</p> <p>Absolutely, that's the optimal solution. In certain situations it simply is not possible, though - this fix is towards those situations. </p> http://blogs.msdn.com/jro/archive/2007/09/04/certificate-problems-with-ocs-2007-part-1.aspx#4905493Fri, 14 Sep 2007 08:23:47 GMT91d46819-8472-40ad-a661-2c78acb4018c:4905493MikaelLonnroth<p>Here seems to be a good place to point out that security usually (always?) contrasts ease of use. Implementing sufficient security should always include evaluating usability of the stuff that is secured.</p> <p>In this respect, I think Microsoft went wrong in more than a couple of places when introducing the new security features in Vista and IE7. It's good that they responded to general mentality of 'IE is buggy and insecure for browsing the internet', but it's really really bad that they, in the process, made surfing the web significantly more difficult, and in some places even impossible. I mean, come on (!), in what universe do I have to start Firefox just to be able to get in to some MSDN or passport protected site that refuses to load because of some IE (default!) security settings that I don't know how to find? At least, when every other windows app also uses the IE module as a proxy, at the very least they could have added some new informative error messages (&quot;To disable the fingerprint scan for accessing www.google.com, open Tools &gt; Internet Options ... or &lt;click here&gt;&quot;). </p> <p>Obviously, all of this will make people flee towards Firefox, ironically, because it's less secure and more usable.</p>http://blogs.msdn.com/jro/archive/2007/09/04/certificate-problems-with-ocs-2007-part-1.aspx#4907009Fri, 14 Sep 2007 11:23:51 GMT91d46819-8472-40ad-a661-2c78acb4018c:4907009jro<p>Whoa, what a comment, Mikael - thanks for that! </p> <p>I agree to certain extent, that IE7 + Vista with default settings (read: Protected Mode) is sometimes painful to use. During the past few years I've been using heavily Firefox, because it's lightweight, fast and no-nonse. It just works, and if it doesn't you can probably configure it fairly easily. </p> <p>Now I'm back to 100% IE7 with Vista. Yes, I have Protected Mode on. In my line of work I've noticed it's enough to have a shortcut for disabling and enabling proxy settings, and be familiar with the Advanced Settings-section. And sometimes you just have to take the plunge and sacrifice some of the security to get things working, while you figure out why it didn't work before. </p>