You might see the following 2 Event ID’s on your server if your have certificates in the wrong store:

  • Event ID 32042 LS User Services
    Invalid incoming HTTPS certificate
    cause: This can happen if the HTTPS certificate has expired or is untrusted

and

Solution:

Open up Lync Management Shell and run the following command:

    Get-Childitem cert:\LocalMachine\root -Recurse | 
    Where-Object {$_.Issuer -ne $_.Subject} | 
    Format-List * | Out-File c:\computer_filtered.txt

If the text file lists certificates then you know which ones to remove/move. After you have cleaned up, reboot your server and all should be fine.

One thing to also take note of, your Lync client will show other users status as “Updating”. Once the server is rebooted it changes to there current status.


#region - PowerShell 4.0
(Get-ChildItem Cert:\LocalMachine\Root -Recurse).Where({$_.Issuer -ne $_.Subject})
#endregion


More description: 
This issue is related to Client Authentication certificate against IIS web server running on Windows 2012R2. Using this command help you to find the "VeriSign Class 3 Code Signing 2010 CA" that should be in "Intermediate Certification Authorities" repository instead of "Trusted Root Authorities" folder on your Lync/Skype Frontend Servers.


Force Update LYNC Client Address Book using PowerShell