locked
Can't login after renewal of the default certificate RRS feed

  • Question

  • Hi there,

    a few days ago our Skype for Business 2015 server denied any login attempts. Turned out the default certificate expired and I had to request and assign a new one. We're using our own certificate authority.
    After the renewal (and assignment), which showed no errors, I restarted the FE. But still, no client can login to this server.

    Client log says:

    06/21/2017|14:42:23.918 4558:36AC ERROR :: SECURE_SOCKET: negotiation failed: 80092012, principal name: [server.company.local]
    06/21/2017|14:42:23.921 4558:4730 ERROR :: CSIPTransportLayerSecurity::OnTlsNegotiationComplete (1C5477C8) failed with 0x80ee0069. Raising OnConnect with the same error
    06/21/2017|14:42:23.921 4558:4730 ERROR :: CSIPClientConnection::OnConnect (80ee0069) this: 0E708FF0

    I already tried to clear the client cache and client login credentials, but the problem persists.

    Any hint is appreciated! Thanks in advance.


    • Edited by llox Wednesday, June 21, 2017 12:53 PM
    Wednesday, June 21, 2017 12:46 PM

Answers

  • Found it!

    For some reason the guy that administers the CA at our company disabled the publication of the certificate revocation list (CRL). Those certificates do not work. I re-enabled it and the newly requested and assigned certificate works.

    • Marked as answer by llox Wednesday, June 21, 2017 3:13 PM
    Wednesday, June 21, 2017 3:13 PM