none
Error in control panel and web services after upgrading the internal certificate RRS feed

  • Question

  • I upgrading Lync CU4 and i don´t have problems, the next week i update my internal certificate and now  I have several problems:

    1. The address book is not updated
    2. The control panel does not start

    first run a test on the address book services    ---------------------------------------------------------------------------------

    Error:  [ERROR  -  No  response  received  for  Web-Ticket  service.
    Inner  Exception:An  error  occurred  while  making  the  HTTP  request  to  https://pooldomain/WebTicket/WebTicketService.svc.  This  could  be  due  to  the  fact  that  the  server  certificate  is  not  configured  properly  with  HTTP.SYS  in  the  HTTPS  case.  This  could  also  be  caused  by  a  mismatch  of  the  security  binding  between  the  client  and  the  server.
    Inner  Exception:The  underlying  connection  was  closed:  An  unexpected  error  occurred  on  a  send.
    Inner  Exception:Unable  to  read  data  from  the  transport  connection:  A  connection  attempt  failed  because  the  connected  party  did  not  properly  respond  after  a  period  of  time,  or  established  connection  failed  because  connected  host  has  failed  to  respond.
    Inner  Exception:A  connection  attempt  failed  because  the  connected  party  did  not  properly  respond  after  a  period  of  time,  or  established  connection  failed  because  connected  host  has  failed  to  respond

    CHECK: 
        -  Web  service  url  is  valid  and  the  web  services  are  functional 
        -  If  using  PhoneNo\PIN  to  authenticate,  make  sure  they  match  the  user  uri 
        -  If  using  NTLM\Kerberos  auth,  make  sure  you  provided  valid  credentials
    An  exception  'ERROR  -  No  response  received  for  Web-Ticket  service.'  occurred  during  Workflow  Microsoft.Rtc.SyntheticTransactions.Workflows.STAbsWorkflow  execution.
    Exception  Call  Stack:        at  Microsoft.Rtc.SyntheticTransactions.WebServicesHelper.GetWebTicket()

    --------------------------------------------------------------------------------------------------------

    And check that the balancer has enabled web services, web services on the front end everything looks smooth

    The Control Panel not start look messages Navigation to the webpage was canceled.

    Any idea I can suggest?

    Marcos

    Wednesday, March 21, 2012 11:33 PM

Answers

  • The problem was the configuration balancer, the persistence cache was bad configurate
    • Marked as answer by Marcos MKS Thursday, April 12, 2012 2:21 PM
    Thursday, April 12, 2012 2:21 PM

All replies

  • Hi,

    Since the issues occur after updating certificate, would you tell us how did you update certificate? Would you please elaborate more on your Lync topology?

     

    If you deployed Lync Enterprise Edition, here is the certificate requirement for Enterprise Edition. I suggest you check if your SN and SANs are correct:

            

    Default: SN= FE pool FQDN;   SAN= FE pool FQDN;    SAN= FE server FQDN;

     

    Web Internal: SN=Internal Web FQDN(generally it is same with FE FQDN)SAN= Internal Web FQDNSAN=Meet simple URLSAN=Dial in simple URLSAN=Admin simple URL

     

    Web External: SN=FE Server FQDNSAN=External Web FQDNSAN=Meet simple URLSAN=Dial in simple URLSAN=Admin simple URL

     

    For details about certificate for Lync internal service:

    http://technet.microsoft.com/en-us/library/gg398094.aspx

     

    In addition, which FQDN did you put in for internal web service? It should be the Hardware Load Balancer's FQDN.

    Regards,

    Kent






    • Edited by Kent HX Thursday, March 22, 2012 7:58 AM
    Thursday, March 22, 2012 7:57 AM
  • I have a Lync Enterprise, 1 pool, 2 Front End, 2 Edge, 1 Balancer Hardware

    The process for the internal certificate was as follows:

    1. Request Certificate:

    Request-CsCertificate -New -Type WebServicesInternal -Country MX -City Mexico -State "Distrito Federal" -ClientEKU $true -DomainName "XXXXXXX.domain, XXXXXXXXXX.Domain" -FriendlyName "XXXXXXXXXXX" -Organization XXX -OU Sistemas XXXX -Output C:\CS_Request_internal.txt -PrivateKeyExportable $true

    Making sure that SN and SANs are equal to the previous certificate and just adding lyncdiscoverinternal.dominio

    Then into the Lync Control Wizard Update the certificate, select the store and update the certificate with the request I made, restart Webservices services and Windows services, it was after about half an hour I realized I had problems with address book and I just realized I had problems logging in to the control panel

    Referring todata from theSNand SAN'skeepthemthat I hadand itwas fine,justaddtothe problemand startedLyncDiscoverInternal

    Perhapstorestart the servicewassomeupdateand that is whathas affectedme.

    Deshacer cambios

    Regards,

    Marcos

    Thursday, March 22, 2012 3:29 PM
  • Hi Marcos,

    I thought we need to run the following command to modify Certificates for Mobility:

    Request-CsCertificate -New -Type WebServicesInternal -Ca dc\myca -AllSipDomain –verbose
    Request-CsCertificate -New -Type WebServicesExternal -Ca dc\myca -AllSipDomain –verbose

    After running two commands, the SANs for Mobility have been added. We do not need to go to Lync Control Wizard Update the certificate. The command you ran and the certificate update you did may Ooerwritten the original WebServicesInternal certificate.

    Now, I suggest trying to run Get-CsCertificate to check the current certificate. After running it, please let us know what the content that displays on screen.

    Regards,
    Kent

    Friday, March 23, 2012 7:46 AM
  • Hi Ken

    Yesterday I went back to remove the internal certificate with Lync Deploy Wizard, the steps were as follows

    1. Remove the certificate

    2. Request again a certificate internal

    3.Assignment the certificate

    4. Remove old certificates into IIS Manager

    5. Stop services windows and IIS

    6. Run services windows and IIS

    but still I have the same problem

    The Hardware balancer configured it for persistent cookies that day that updates the internal certificate, maybe that's the problem ...

    Friday, March 23, 2012 6:44 PM
  • In addition to the above,review system logs I see the following:

        
    • Marked as answer by Marcos MKS Thursday, April 12, 2012 2:20 PM
    • Unmarked as answer by Marcos MKS Thursday, April 12, 2012 2:20 PM
    Friday, March 23, 2012 7:23 PM
  • The problem was the configuration balancer, the persistence cache was bad configurate
    • Marked as answer by Marcos MKS Thursday, April 12, 2012 2:21 PM
    Thursday, April 12, 2012 2:21 PM