none
Lync control panel gives access denied error RRS feed

  • Question

  • We have 2 lync front end servers, with a internal certificate from our internal ROOT CA and a Public CA certificate.

    Nothing was changed, we have noticed that when we launch lync control panel we receive a cetificate error "the name on the certificate is invalid or does not match the name"

    When we check the certificate details it shows the Public SAN cetificate and if we continue it gives a access denied error.

    All the services are up and when we run the deployment wizard it shows all the certs as valid and assigned. 

    We tried unassign and reassign the certificates and reboot, still it gives the same security alert and cert error.

    The Control panel opens up  when we try https://servername.domainname.com/cscp or https://poolname.domainname.com/cscp from IE


    • Edited by Ahmednayeem Tuesday, July 9, 2013 8:01 AM Error changed
    Tuesday, June 18, 2013 8:35 PM

All replies

  • The CSCP should be using the internal certificate, are you using a hardware load balancer for the Lync Web Services? Seems as though you are hitting the Lync Web External Web services page. Did you specified an Internal Lync web services URL in the Topology builder, is this configured on the Hardware load balancer with the Internal cert?
    • Marked as answer by Ahmednayeem Tuesday, June 18, 2013 10:18 PM
    • Unmarked as answer by Ahmednayeem Tuesday, June 18, 2013 11:13 PM
    Tuesday, June 18, 2013 9:16 PM
  • We have a Kemp Load master and i noticed that certificate assigned for Lync web services internally on port 443 was a Public SAN Cert.

    I changed the Cert to internal cert. Now i get error "navigation to this page was cancelled" "This program cannot display the webpage"

    Tuesday, June 18, 2013 11:53 PM
  • Make sure the Kemp Load Master trusts the root certificate for your Internal CA. 
    Wednesday, June 19, 2013 4:51 AM
  • I have happened to see the error "Navigation to this page was cancelled" on Lync control panel.

    The following is my conclusion to troubleshoot this error.

    On Lync Front End Server.

    1. Click Start, click Administrative Tools, and then click the Internet Information Services (IIS) Manager.
    2. In the Connections pane, expand the Web service.
    3. Expand Sites, and then click Lync Server Internal Web Site.
    4. Expand Lync Server Internal Web Site, click cscp.
    5. in the Actions panel, click Browser *:443(https).
    6. To access the URL https://localhost/cscp. You need to add lync admin account to CSAdministrator group.
    7. If the cscp web site doesn’t exist, you need to check you have deploy Administrative access URL for Lync control panel access. After you deployed Administrative access URL, you need to run Step2:Setup or Remove Lync Server Components in Lync server Deployment Wizard.
    8. If you can access https://localhost/cscp but can’t access from Lync Server Control Panel, then you need to check these DNS records below(suppose the domain is contoso.com):

    admin.contoso.com

    DNS A record for Internal web services.

    DNS record for Lync Pool

    9.If you can’t access https://localhost/cscp, you need to check the SSL certificate binding for Lync Site is correct. you should check the required SANs are added into the certificate.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, June 19, 2013 10:48 AM
    Moderator
  • Sorry for a very delayed reply. I can access https://localhost/cscp. From the front end servers.

    DNS records are correct lyncpoo1.domain.com , lyncweb-ext.domain.com , lyncweb-int.domain.com.



    Ahmed NAyeem

    Monday, July 8, 2013 7:26 AM
  • Ran the option 2 in deployment wizard, Now i see 403 forbidden access denied error.

    Nothing has been changed as far as permissions of the lync admin account.



    Ahmed NAyeem

    Tuesday, July 9, 2013 8:00 AM