Answered by:
Error in control panel and web services after upgrading the internal certificate

Question
-
I upgrading Lync CU4 and i don´t have problems, the next week i update my internal certificate and now I have several problems:
1. The address book is not updated
2. The control panel does not startfirst run a test on the address book services ---------------------------------------------------------------------------------
Error: [ERROR - No response received for Web-Ticket service.
Inner Exception:An error occurred while making the HTTP request to https://pooldomain/WebTicket/WebTicketService.svc. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
Inner Exception:The underlying connection was closed: An unexpected error occurred on a send.
Inner Exception:Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Inner Exception:A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
CHECK:
- Web service url is valid and the web services are functional
- If using PhoneNo\PIN to authenticate, make sure they match the user uri
- If using NTLM\Kerberos auth, make sure you provided valid credentials
An exception 'ERROR - No response received for Web-Ticket service.' occurred during Workflow Microsoft.Rtc.SyntheticTransactions.Workflows.STAbsWorkflow execution.
Exception Call Stack: at Microsoft.Rtc.SyntheticTransactions.WebServicesHelper.GetWebTicket()--------------------------------------------------------------------------------------------------------
And check that the balancer has enabled web services, web services on the front end everything looks smooth
The Control Panel not start look messages Navigation to the webpage was canceled.
Any idea I can suggest?
Marcos
Answers
-
The problem was the configuration balancer, the persistence cache was bad configurate
- Marked as answer by Marcos MKS Thursday, April 12, 2012 2:21 PM
All replies
-
Hi,
Since the issues occur after updating certificate, would you tell us how did you update certificate? Would you please elaborate more on your Lync topology?
If you deployed Lync Enterprise Edition, here is the certificate requirement for Enterprise Edition. I suggest you check if your SN and SANs are correct:
Default: SN= FE pool FQDN; SAN= FE pool FQDN; SAN= FE server FQDN;
Web Internal: SN=Internal Web FQDN(generally it is same with FE FQDN);SAN= Internal Web FQDN;SAN=Meet simple URL;SAN=Dial in simple URL;SAN=Admin simple URL
Web External: SN=FE Server FQDN;SAN=External Web FQDN;SAN=Meet simple URL;SAN=Dial in simple URL;SAN=Admin simple URL
For details about certificate for Lync internal service:
http://technet.microsoft.com/en-us/library/gg398094.aspx
In addition, which FQDN did you put in for internal web service? It should be the Hardware Load Balancer's FQDN.
Regards,
Kent
- Edited by Kent HX Thursday, March 22, 2012 7:58 AM
-
I have a Lync Enterprise, 1 pool, 2 Front End, 2 Edge, 1 Balancer Hardware
The process for the internal certificate was as follows:
1. Request Certificate:
Request-CsCertificate -New -Type WebServicesInternal -Country MX -City Mexico -State "Distrito Federal" -ClientEKU $true -DomainName "XXXXXXX.domain, XXXXXXXXXX.Domain" -FriendlyName "XXXXXXXXXXX" -Organization XXX -OU Sistemas XXXX -Output C:\CS_Request_internal.txt -PrivateKeyExportable $true
Making sure that SN and SANs are equal to the previous certificate and just adding lyncdiscoverinternal.dominio
Then into the Lync Control Wizard Update the certificate, select the store and update the certificate with the request I made, restart Webservices services and Windows services, it was after about half an hour I realized I had problems with address book and I just realized I had problems logging in to the control panel
Referring todata from theSNand SAN'skeepthemthat I hadand itwas fine,justaddtothe problemand startedLyncDiscoverInternal
Perhapstorestart the servicewassomeupdateand that is whathas affectedme. -
Hi Marcos,
I thought we need to run the following command to modify Certificates for Mobility:
Request-CsCertificate -New -Type WebServicesInternal -Ca dc\myca -AllSipDomain –verbose
Request-CsCertificate -New -Type WebServicesExternal -Ca dc\myca -AllSipDomain –verbose
After running two commands, the SANs for Mobility have been added. We do not need to go to Lync Control Wizard Update the certificate. The command you ran and the certificate update you did may Ooerwritten the original WebServicesInternal certificate.
Now, I suggest trying to run Get-CsCertificate to check the current certificate. After running it, please let us know what the content that displays on screen.
Regards,
Kent
-
Hi Ken
Yesterday I went back to remove the internal certificate with Lync Deploy Wizard, the steps were as follows
1. Remove the certificate
2. Request again a certificate internal
3.Assignment the certificate
4. Remove old certificates into IIS Manager
5. Stop services windows and IIS
6. Run services windows and IIS
but still I have the same problem
The Hardware balancer configured it for persistent cookies that day that updates the internal certificate, maybe that's the problem ...
-
In addition to the above,review system logs I see the following:
- Marked as answer by Marcos MKS Thursday, April 12, 2012 2:20 PM
- Unmarked as answer by Marcos MKS Thursday, April 12, 2012 2:20 PM
-
The problem was the configuration balancer, the persistence cache was bad configurate
- Marked as answer by Marcos MKS Thursday, April 12, 2012 2:21 PM