Some days ago I was working on a Lync Edge server (brand new installation).
My choice was to use one public address for every service of the edge, and to have an Enterprise pool of Lync in the backend.
The edge is not part of the domain.
In the first part of the deployement I wanted to use the internal C.A. (domain C.A., Windows 2008 R2) to assign the internal certificate for edge/pool communication and also the “public” certificate (with the SAN names sip, av and WC and, of course, also
with the edge server name inside).
Using the Lync wizard it was easy to create the request and to receive the certificate (only difference respect to a domain server, is that you’ve to manually insert the name of the C.A. and that you’ve to insert an authorized user / password to access the
The certificate process went well and I assigned the certificate to the edge “external” interface.
In this phase I had a warning “Warning: Revocation status unknown. Cannot contact the revocation server specified in certificate”
Even worst, Lync services wont start with the following error
The Lync Server Access Edge service terminated with service-specific error %%-1008124830.
The Lync certificate is NOT binded to IIS, so there you’ve no tool to resolve the issue
After a search on the web I found the following thread
"Warning: Revocation status unknown. Cannot contact the revocation server specified in certificate"
The answer by Ruben Nauwelaers is really good but the procedure he suggested
Configure Active Directory Certificate Services for CRL Locations solved only a part of the problem (the .crl files where available but there was no way to download them using the web site).
I checked the files and they were in the inetpub folder, as I planned.
My solution : map the internal Lync server drive, right click on the .crl files and import them
That solved the error, and Lync services started as thay had to