none
Skpye Business Cloud Connector install fails cert error?

    Question

  • Command execution failed: "503A08844823732BCE5628690881150543D23DDD" not found in MY certificate store or not trusted.
    To enable trust, install the root certificate in the Trusted Certification Authorities store.
        + CategoryInfo          : InvalidOperation: (:) [Set-CsCertificate], UnknownObjectException
        + FullyQualifiedErrorId : ProcessingFailed,Microsoft.Rtc.Management.Deployment.SetCertificateCmdlet
        + PSComputerName        : 192.168.213.5
    WARNING: Start-CsWindowsService encountered errors. Consult the log file for a detailed analysis, and ensure all errors
     (3) and warnings (0) are addressed before continuing.
    WARNING: Detailed results can be found at
    "C:\Users\CceService\AppData\Local\Temp\Start-CsWindowsService-6a9f4c12-64bd-458c-b3fc-02f812585596.html".
    Service RTCSRV failed to start. Check to make sure the service is not disabled. Failure to start could also be because
    this front end was previously failed over(using computer fail over), in which case please invoke fail back(using
    computer failback). Consult event logs for further details.
        + CategoryInfo          : OperationTimeout: (:SourceCollection) [Start-CsWindowsService], InvalidOperationExceptio
       n
        + FullyQualifiedErrorId : ServiceStartFailed,Microsoft.Rtc.Management.Deployment.StartServicesCmdlet
        + PSComputerName        : 192.168.213.5
    Validate-Deployment : RTCSRV not found or not running
    RTCDATAPROXY not found or not running
    RTCMRAUTH not found or not running
    RTCMEDIARELAY not found or not running
    At C:\Program Files\WindowsPowerShell\Modules\CloudConnector\Install-CcInstance.ps1:162 char:9
    +         Validate-Deployment $config
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
        + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Validate-Deployment

    Validate-Deployment : Validation failed
    At C:\Program Files\WindowsPowerShell\Modules\CloudConnector\Install-CcInstance.ps1:162 char:9
    +         Validate-Deployment $config
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
        + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Validate-Deployment

    after doing what is listed hear it still does not start RTCMRAUTH or RTCSRV


    Switch-CcVersion

    DrainAndSwitchVersionInternal : Failed to drain services on instance version . Please wait and try again later, or run
    the cmdlet again with the '-Force' parameter.
    At C:\Program Files\WindowsPowerShell\Modules\CloudConnector\Switch-CcVersion.ps1:13 char:21
    +     ExecuteAndLog { DrainAndSwitchVersionInternal $NewDeployment $Force } $LogTa ...
    +                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
        + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,DrainAndSwitchVersionInternal



    Wednesday, March 15, 2017 6:01 PM

All replies

  • Hi Joeblasi,

    To this issue, please import the root CA certificate and all intermediate CA certificates of your external certificate manually into the Edge Server and then restart the Edge Server. After you see the RTCMRAUTH and RTCSRV services started on the Edge Server, go back to your host server, launch a PowerShell console as administrator, and run following cmdlet to switch to the new deployment:

    Switch-CcVersion

    You could refer to the following link about”Issue: You receive the following error message, "Service RTCMRAUTH failed to start. Check to make sure the service is not disabled”:
    https://technet.microsoft.com/en-us/library/mt740658.aspx


    Best Regards,
    Jim Xu
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Akampa Thursday, March 16, 2017 9:58 AM
    Thursday, March 16, 2017 2:53 AM
    Moderator
  • I have done that and it fails to start.

    Thursday, March 16, 2017 8:11 PM
  • Hi JoeBlasi,

    During setup, did you place the SSL publically signed certificate in an accessible location, and then include this path within the following command?

    Set-CcExternalCertificateFilePath -Path <Full path to External certificate, including file name>
    Then, during install you're prompted to enter the certificate password. This is then used to install the certificate

    Are you able to confirm what type of certificate you're using?

    Cheers.

    Craig
    blog.chiffers.com


    Friday, March 17, 2017 6:14 AM
  • The cert is set and it gets past the 1st checks of it.


    It's an Go Daddy Secure Certificate.


    Later in the install I do get an error with.  X's = removed info

    WARNING: The subject name "XXXX.XXXXX.com" of the certificate does not match the computer fully qualified domain name
    (FQDN) "ap.XXXX.XXXXX.com".

    But ap.XXXX.XXXXX.com is part of the SAN

    the subject is just XXXX.XXXXX.com

    Friday, March 17, 2017 3:23 PM
  • The cert seems to be good but error log says The requested address is not valid in its context.
    Monday, March 20, 2017 2:04 PM
  • Hi Joeblasi,

    Please make sure the subject name is match with FQDN, you could refer to the following link: https://technet.microsoft.com/en-us/library/mt605227.aspx

    “The generated FQDN name must match the name provided for the SSL certificate”


    Best Regards,
    Jim Xu
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 22, 2017 9:51 AM
    Moderator
  • I also get this error

    set IP addresses 198.***.85.74 with prefix length 29
    DefaultGateway 198.***.96.73 is not on the same network segment (subnet) that is defined by the IP address 198.***.85.74
    and PrefixLength 24.

    Wednesday, March 22, 2017 3:13 PM
  • I also get this error

    set IP addresses 198.***.85.74 with prefix length 29
    DefaultGateway 198.***.96.73 is not on the same network segment (subnet) that is defined by the IP address 198.***.85.74
    and PrefixLength 24.

    Hi Joeblasi,

    Please check IP configuration to make sure IP address and gateway are in the same subnet as what the error indicates.


    Best Regards,
    Jim Xu
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    Thursday, March 23, 2017 9:06 AM
    Moderator