No announcement yet.

Lync 2013 Possible Certificate Issue

  • Filter
  • Time
  • Show
Clear All
new posts

  • Lync 2013 Possible Certificate Issue

    So at some point last week, I noticed that when I logged onto my computer at the hotel, Lync wouldn't connect until i started the VPN. For some reason, this didn't seem out of the ordinary for me, crappy hotel wireless in the middle of nowhere Alice, Tx.

    Anyway, like I said, I didn't think anything of it until today... I had a user call and say that his Lync wouldn't connect from his house but that Outlook and everything else we use would.

    I started looking into it and sure enough, Lync wouldn't connect for me at my house.

    I started to think DNS, but everything else was working.

    Then I started to think Certificate, and then I thought I didn't want to deal with certificates.

    So, my question is this... I have no idea what cert I'm looking for at all. I did find one that was expired 11/5/2016 for this server MYCASVR but that's the only one.

    Can anyone point me in the general direction?
    I'd rather check my Facebook than face my checkbook...


  • #2
    Okay, here's my resolution. I deleted my replies because they really did nothing to further the status and I was being a whiny little b*tch to be honest.

    1) Certificate expired in mid November 2016. I figured this out a few days later but was unsure if this was the root cause because I saw our Wildcard cert sitting in the store on my Edge and FE servers. I could band aid the problem by having users connect the VPN therefore gaining external sign in access. I did this because I was dealing with other problems (ESXi failure and complete backup failure on top of tedious network infrastructure problems popping up weekly).

    2) I tried using the Wildcard but apparently it didn't play nice, so I let the issue sit.

    3) I reached out to the company (We'll call them Sipco) that set our Lync environment up, but heard nothing back.

    3a) Two weeks ago, I purchased two 10 slot SSL certs to replace the one that expired. I hate dealing with certificates but I decided I needed to get this fixed, the snowball wasn't getting any smaller.

    4) Two weeks ago, on a whim, I browsed through emails from 3.5 years ago, finding another contact from Sipco I emailed him and he said he'd contact me. He did last week and went through our environment and cleared some old, invalid certs that were just hanging around. I realized that I only needed one of the certs I purchased, so I went back to my account, matched serial numbers and revoked one cert and installed/issued the other one.

    5) Last week, I also called Microsoft and the first tech I worked with didn't really do much, he was convinced the problem was with networking and my firewall. I confirmed with the help of the guy from Sipco that our networking was fine and that the problem was most likely with our Kemp load balancers. I completely lost touch with Microsoft, the guy refused to call me back.

    6) Thursday of last week I enabled logging on my Lync client at home (I know, I know, I'm an idiot for not checking that FIRST!). I noticed that the errors I was getting at sign in were due to the server issuing a revoked cert. In my mind, I figured we still had the expired cert out there somewhere on either my edge or the Kemps. I checked the Edge servers and they were clean. I checked the Kemps and sure enough, there was the expired cert. But it wasn't being used on any active VS. In fact, it was just sitting there, doing nothing.

    7) Last Friday, I got to work, and waited on Microsoft's call. The guy from Sipco had done some free work for me in hopes that the company that bought out Sipco would gain a client and he could do no more for me. As I waited for Microsoft's call, I decided to double check my certs again. I opened the cert on my Edge server and it had it's own specific serial number. I then logged into my account to see the active cert. It's serial number was completely different. I re-downloaded the GOOD cert and got it installed on the Edge servers and the Kemp load balancers and everything worked.

    So, I was the cause of the problems starting from 2 weeks ago until now. I am extremely disappointed in myself for allowing this to happen but I'm also happy for myself because I worked through it on top of everything else I was/am dealing with to solve the problem myself.

    Moral of the story? Measure twice, cut once.
    I'd rather check my Facebook than face my checkbook...



    • #3
      Excellent work.

      Thanks for posting back with your resolution.