Answered by:
Synthetic transaction getting failed with Cert error

Question
-
Hi,
Synthetic transactions getting failed with following error.
"Can not find any valid certificate on local machine with the mathcing issuer name CN=xxxxxxx, DC=xxxx, DC=xx, DC=xx.
Please make sure that default certificate exists, is valid and not expired"
Synthetic transactions were fine before Cert expired, But after new cert getting above error. What i observed, it still showing old issuer name. we have new internal CA and get all new certs form that ca.
Your suggestions greatly appreciated
Thanks,
Gopi
Thursday, August 18, 2016 4:11 PM
Answers
-
Hi,
Within the properties of both the old and the new certificates, compare the subject alternative names. Are all SANs of the old certificate also part of the new one?
Then, open Lync or Skype setup, go to step 3 of the installation (Request, Install or Assign Certificates) and click Run Again. Is the new certificate shown under Default Certificate AND OAuthTokenIssuer, or do you see the old one?
On the right of that window, click View. On the first tab (General), does it say that the certificate has a corresponding private key? On the third tab (Certification Path), is the entire certificate path shown as valid?
Finally, after replacing the old certificate by the new one in setup, have you rebooted the server?
You can then also export the old certificate and then remove it from the MMC certificates snap-in, to make sure it's no longer used.
Peter Van Gils Toa Projects
- Marked as answer by Gopi Amirineni Friday, August 19, 2016 3:10 PM
Friday, August 19, 2016 6:42 AM
All replies
-
Hi,
Within the properties of both the old and the new certificates, compare the subject alternative names. Are all SANs of the old certificate also part of the new one?
Then, open Lync or Skype setup, go to step 3 of the installation (Request, Install or Assign Certificates) and click Run Again. Is the new certificate shown under Default Certificate AND OAuthTokenIssuer, or do you see the old one?
On the right of that window, click View. On the first tab (General), does it say that the certificate has a corresponding private key? On the third tab (Certification Path), is the entire certificate path shown as valid?
Finally, after replacing the old certificate by the new one in setup, have you rebooted the server?
You can then also export the old certificate and then remove it from the MMC certificates snap-in, to make sure it's no longer used.
Peter Van Gils Toa Projects
- Marked as answer by Gopi Amirineni Friday, August 19, 2016 3:10 PM
Friday, August 19, 2016 6:42 AM -
Hi Gopi Amirineni,
Yes, agree with Peter. Check if the new certificate has been already imported correctly.
Besides, you could try to re-import or renew the certificate and monitor if the error persists.
Please also help to confirm if any clients are affected by this issue. If the error is just from some monitor applications without user being affected actually, you can feel free to ignore the message.
Here is a blog for your reference
https://blogs.technet.microsoft.com/uclobby/2013/09/16/renewing-lync-server-20102013-certificates/
Best regards,
Alice Wang
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
Alice Wang
TechNet Community SupportFriday, August 19, 2016 10:29 AM -
Thank you Peter, it solved my issue.
Friday, August 19, 2016 3:11 PM -
Thank you Alice and article is really goodFriday, August 19, 2016 3:12 PM