locked
Lync Server 2013 certificate update RRS feed

  • Question

  • Due to recent problems with SHA1 and the conversion to SHA2 we have replaced our internal CA, which also meant replacing all internal certificates with SHA2 certs.  i've updated the certificates on my two lync FE servers, and one Lync edge server.  Sine doing so it appears edge services no longer work correctly.  i can't sign in from my SFB2015 app on my phone, and 3rd party users are unable to connect up for meetings.  I'm wondering if i missed something along the way.  i check my certificates and they all show good.  Event he Microsoft external connectivity analyzer says things should be fine.  Any ideas as to where to start troubleshooting?  Common mistakes when replacing Lync server certificates?

    Monday, August 8, 2016 9:17 PM

Answers

  • Hi cs001100,

    Would you please tell us if it is the specific user cannot login SFB client on the mobile phone?

    If it is only the specific user has the issue, try to change another mobile device and test again.

    If multiple users have the issue, please try to check whether the Public certificate including the entry of lyncdiscover, external web services and whether the next hop of lyncdiscover, web services point to the IP of FE pool.

    The link is about Lync mobility for your reference

    https://blogs.technet.microsoft.com/nexthop/2012/02/21/troubleshooting-external-lync-mobility-connectivity-issues-step-by-step/

    For Lync edge, you need to use public CA for external network.

    Make sure domain names in the new certificates are the same as in previous certificates.

    You could go to Lync deployment wizard, rerun step 3 to renew your certificate.

    https://blogs.technet.microsoft.com/uclobby/2013/09/16/renewing-lync-server-20102013-certificates/

    Best regards,

    Alice Wang


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Alice Wang
    TechNet Community Support

    • Proposed as answer by Alice-Wang Friday, August 19, 2016 10:20 AM
    • Marked as answer by Alice-Wang Friday, August 19, 2016 10:20 AM
    Wednesday, August 10, 2016 1:41 AM

All replies

  • Did you swap out the certs on your reverse proxies as well?  Have you restarted all front end and edge services?  Can you connect with a normal Windows client internally and externally?

    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, August 9, 2016 3:22 PM
  • Hi cs001100,

    Would you please tell us if it is the specific user cannot login SFB client on the mobile phone?

    If it is only the specific user has the issue, try to change another mobile device and test again.

    If multiple users have the issue, please try to check whether the Public certificate including the entry of lyncdiscover, external web services and whether the next hop of lyncdiscover, web services point to the IP of FE pool.

    The link is about Lync mobility for your reference

    https://blogs.technet.microsoft.com/nexthop/2012/02/21/troubleshooting-external-lync-mobility-connectivity-issues-step-by-step/

    For Lync edge, you need to use public CA for external network.

    Make sure domain names in the new certificates are the same as in previous certificates.

    You could go to Lync deployment wizard, rerun step 3 to renew your certificate.

    https://blogs.technet.microsoft.com/uclobby/2013/09/16/renewing-lync-server-20102013-certificates/

    Best regards,

    Alice Wang


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Alice Wang
    TechNet Community Support

    • Proposed as answer by Alice-Wang Friday, August 19, 2016 10:20 AM
    • Marked as answer by Alice-Wang Friday, August 19, 2016 10:20 AM
    Wednesday, August 10, 2016 1:41 AM