locked
Synthetic transaction getting failed with Cert error RRS feed

  • Question

  • Hi,

    Synthetic transactions getting failed with following error. 

    "Can not find any valid certificate on local machine with the mathcing issuer name CN=xxxxxxx, DC=xxxx, DC=xx, DC=xx. 
    Please make sure that default certificate exists, is valid and not expired"


    Synthetic transactions were fine before Cert expired, But after new cert getting above error. What i observed, it still showing old issuer name. we have new internal CA and get all new certs form that ca. 

    Your suggestions greatly appreciated

    Thanks,

    Gopi


    Thursday, August 18, 2016 4:11 PM

Answers

  • Hi,

    Within the properties of both the old and the new certificates, compare the subject alternative names. Are all SANs of the old certificate also part of the new one?

    Then, open Lync or Skype setup, go to step 3 of the installation (Request, Install or Assign Certificates) and click Run Again. Is the new certificate shown under Default Certificate AND OAuthTokenIssuer, or do you see the old one?

    On the right of that window, click View. On the first tab (General), does it say that the certificate has a corresponding private key? On the third tab (Certification Path), is the entire certificate path shown as valid?

    Finally, after replacing the old certificate by the new one in setup, have you rebooted the server?

    You can then also export the old certificate and then remove it from the MMC certificates snap-in, to make sure it's no longer used.


    Peter Van Gils Toa Projects

    Friday, August 19, 2016 6:42 AM

All replies

  • Hi,

    Within the properties of both the old and the new certificates, compare the subject alternative names. Are all SANs of the old certificate also part of the new one?

    Then, open Lync or Skype setup, go to step 3 of the installation (Request, Install or Assign Certificates) and click Run Again. Is the new certificate shown under Default Certificate AND OAuthTokenIssuer, or do you see the old one?

    On the right of that window, click View. On the first tab (General), does it say that the certificate has a corresponding private key? On the third tab (Certification Path), is the entire certificate path shown as valid?

    Finally, after replacing the old certificate by the new one in setup, have you rebooted the server?

    You can then also export the old certificate and then remove it from the MMC certificates snap-in, to make sure it's no longer used.


    Peter Van Gils Toa Projects

    Friday, August 19, 2016 6:42 AM
  • Hi Gopi Amirineni,

    Yes, agree with Peter. Check if the new certificate has been already imported correctly.

    Besides, you could try to re-import or renew the certificate and monitor if the error persists.

    Please also help to confirm if any clients are affected by this issue. If the error is just from some monitor applications without user being affected actually, you can feel free to ignore the message.

    Here is a blog for your reference

    https://blogs.technet.microsoft.com/uclobby/2013/09/16/renewing-lync-server-20102013-certificates/

    Best regards,

    Alice Wang


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Alice Wang
    TechNet Community Support

    Friday, August 19, 2016 10:29 AM
  • Thank you Peter, it solved my issue.

    Friday, August 19, 2016 3:11 PM
  • Thank you Alice and article is really good
    Friday, August 19, 2016 3:12 PM