• Windows Application Event log shows the following error message:

Event Type:     Error

Event Source:   IMLinkage

Event Category: None

Event ID:  4886

Date:      8/16/2010

Time:      2:11:33 PM

User:      BLACKOPS-SIMM\seva_vagodny

Computer:  SV-IMM-8-4-5

Description:

Unable to Initialize SSL Security Context for AIM Protocol.

Possible causes of failures could be:

- Could not find a certificate in the certificate store matching the given thumbprint.

- Installed certificate does not have Private Key marked as exportable.

Please refer the log files for more details.

• IM Manager IMLinkage.log file shows the following error messages:

[|] 0x5bc | 08/02/10 16:12:33 | Error | CACENetworkingService::GetWin32PrivateKey | PFXExportCertStore1, error 80090016[-]

…

[|] 0x5bc | 08/02/10 16:12:33 | Error | CACENetworkingService::InitializeWin32SslContext | Couldn't find private key for certificate(0466019d4e401d9e383dbfd56a70424eae3606c8), error 40001[-]

 …

[|] 0x5bc | 08/02/10 16:12:33 | Error | AIMServerService::ProtocolSpecificStartService | Unable to Initialize SSL Security Context for AIM Protocol.

Possible causes of failures could be:

- Could not find a certificate in the certificate store matching the given thumbprint.

- Installed certificate does not have Private Key marked as exportable.

Please refer the log files for more details.[-]

[|] 0x5bc | 08/02/10 16:12:33 | Error | AIMServerService::ProtocolSpecificStartService | Unable to initialize SSL security context. InitializeSslContext returned:0x40001. SSL will be disabled.[-]

These messages appear immediately after IMLogRelayService service starts up.

Conditions

·        IM Manager IMLogRelayService is not listening on port 443

1.      On the IM Manager computer run the following command from a command prompt.

netstat -anb > netstat.txt

2.      Open the file netstat.txt in a text editor.

Look for LISTENING lines for port 443.

Here is an example:

 TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 3628
[IMLogRelayService.exe]

This line shows that the process IMLogRelayService.exe is listening on all available IPs on port 443.

If there are no lines that show IMLogRelayService.exe process listening on an IP (or 0.0.0.0) for port 443 this condition is met..

·         Service account running IMLogRelayService service does not have create permissions on C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ directory.·         

1.      Download Microsoft Process Monitor tool http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx to the IM Manager Server.

2.      Navigate to the downloaded folder and run Procmon.exe.

3.      Restart IMLogRelayService service.

4.      Save the Process Monitor log File | Save.

5.      Chose All events and Native Process Monitor Format (PML).

6.      Open the file and search for C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\

 If you find a line with Process Name equal to IMLogRelayService.exe and the Path equal to C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f297b602ef8c6bbff0bb187716f1604e_8461fb31-d62f-42bf-814c-78bc0aea071c (the f297b602ef8c6bbff0bb187716f1604e_8461fb31-d62f-42bf-814c-78bc0aea071c  value will vary) and Result equal to ACCESS DENIED, this condition is met.