Office Communicator clients cannot communicate with contacts homed on AOL



If your organization leverages Public Internet Connectivity (aka: "PIC") in conjunction with their Live Communication Server 2005 and/or Office Communications Server 2007 servers, you may not be able to successfully communicate with (or see the presence status of) America Online Instant Messenger users.


America Online changed their root certificates on their SIP Access Gateway at approximately 12/2/2008, 4:00 AM EST.


The America Online Root CA 1 certificate, which can be obtained from, needs to be in the trust list of all Live Communication Server 2005 and/or Office Communications Server 2007 servers (that connect to by 12/2/2008, 4:00 AM EST.

More Information:

Microsoft Customer Support Services has created a Windows Media Video to walk our customers through the process of adding this certificate.

Comments (15)
  1. Scott Oseychik over on the MSDN blogs has a good post today about federation issues between OCS 2005/2007 and AOL. Apparently, American Online changed their root certificates on their SIP Access Gateway at approximately 12/2/2008, 4:00 AM EST.Via Scott’s

  2. Bill Winters says:

    Thanks very much for posting this info!

  3. jelkadri says:

    Thanks for posting this, we’ve been trying to fix this all day!

  4. Scott Oseychik blogged about the AOL update for the root authority and where to get the update for your…

  5. Sabel9579 says:

    It would have been nice for AOL to have communicate d this to MSFT and in turn communicate it to its customer base.  A simple email would have caused us a lot less aggrevation

  6. I agree we could have done a much better job handling this, and am all ears in terms of what customers would find useful in the future.  Regarding your specific point, we’ve already ruled out maintaining a mailing list, as there are simply too many variables for this to work effectively (e.g. how do we keep such a list up-to-date, how do we ensure ‘mailing list mail’ doesn’t get junk mailed, etc).  While we don’t have the answer yet, I can tell you that it is being looked at internally with much greater focus and intensity now.  We caught a large amount of heat from our customers over this one (rightfully so), and upset customers is simply bad for business.  Stay tuned.  🙂


  7. For those that subscribe to the Public Internet Connector (PIC) feature in Office Communication Server

  8. Rob says:

    Thanks Scott!  Very valuable information.  Nice you could do AOL’s job for them…

  9. I haven’t run into this one personally but I noticed it linked off of LCSKid’s site, pointing to an escalation engineer blog entry here. Long story short, AOL changed their certificate signer, and you’ll need to grab/import the updated authority from

  10. B says:

    Lifesaver… Awesome blog. You…complete…me…. Well, my AOL connectivity that is… You da man!

  11. Kyriakos says:

    Thanks for the info.

    Do you of a similar solution for Yahoo?

  12. Brent Knipfer says:

    Does this explain an trying to connect to my Communicator? Sound like a virus, spam or malicious attack method to me.

  13. Unfortunately, no.

    What you can do, however, is on the properties of the Edge server, select the "IM Provider" tab, click AOL, click Edit, and select "Allow communications only from users on recipient’s contact list."

    Hope this helps,

    Scott Osecyhik

  14. Gus says:

    Looks like this is still the case with Lync.  Unfortunately, not only do you need to install the two certs but also change the cipher.

    Can't Microsoft make these changes as part of the Lync installation procedure?  Seems kind of silly that you need to remember those two things just to talk to AOL.

  15. oc smith says:

    haveing problem loging on to

    not certificate

Comments are closed.

Skip to main content