Lync Edge External Certificate request.

Hi,
We have a Lync 2010 Server deployed in our Organization, We have requirement to add 2 additional SIP domain to our Organization.
We have successfully configured the 2 Additional SIP domains with necessary requirement its working internally.
Where as the 2 new Additional SIP domain users not able to communicate Externally.
We found in Edge External certificate we required to add 2 SAN names which is of 2 Additional SIP domain.
My Query is what is the procedure to generate certificate with additional SAN names.
I have tried in Edge console its automatically includes 3 sip.domain.com which results in more SAN entries in Certificates.
My company worried on Cost for Public Certificate which has more SAN names included.
How to overcome this.
Note: My existing Lync External certificate have 2 SAN names.

After doing Lync for several years - my evolution included my embracing the fact that Lync is going to need a lot of SAN's and the cost of certs is going to something that is part of doing Lync.  If you're going to have multiple SIP domains, it's the
cost of doing business that you;ll have corresponding cert additions.
I beseech you to NOT heed the recommendation above that included cross domain SRV records.  Your Windows users will get prompted and it makes for a bad impression for Lync.  Keep your SRV records pointed to a matching DNS zone.   You WILL
get support calls on it and security will only be getting tighter against practices such as this in the future.
And yes, do the meet/dialin URL's that have the long URL format. 
We use the HTTP lyncdiscover.domain1.com and lyncdiscover.domain2.com over port 80 - it works great.  I don't see any issue with as it only directs your client to the desired external web services (SSL connection).  It works great.  
if my post is helpful - please click on the green arrow. (please excuse, in advance, any perceived sarcasm/humor - as I often forget it does not translate through text) :)

Similar Messages

  • Lync Edge 2013 Certificate Assign (again!)

    Hi,
    I recently posted a similar topic on the forum (Lync
    Edge 2013 Certificate Assign). The issue was related to certificate assignation. I solved it, but I needed later to change my certification authority, and so change the certificate assigned to the public Edge interface. Trying this, I encountered a new
    (different) problem with my new certificate, so I am back here to try to find a solution.
    As said, I am trying to assign a Certificate to my Lync 2013 Edge Server on the Internet edge.  This certificate is signed by a recognized authority (Comodo).
    Whenever I imported the certificate in the store via the Lync wizard and proceed on to the Assign Certificate step, the Certificate that i have imported does not appear in the List of certificates on the Lync deployment tool interface, so that I cannot assign
    it to the External Edge interface.
    I tried to import it with Digicert (which allow me to solve my previous importation problem, but not this time...) with no more result.  I tried to import it from cer format, or crt format, results are the same.
    I launched the MMC on the computer and add the Computer Certificate Snap-In. If I look at the certificate icon, I see the little key in the icon, so it sounds like I have the private key available.
    Any help would be greatly appreciated!
    Thank you very much for your help.
    EDIT: when running the digicert tool "Test Key", the result is the following : " the private key was successfully tested" and "revocation check for certificate chain failed". Does it give any clue ?

    I had the feeling I did everything fine too...!  This is maybe a silly question, but I try anyway: do you think it be possible that I cannot choose the imported certificate by the Lync Deployment assistant because the assistant does not recognize the
    public name of the computer? I mean, I could add the internal interface certificate because the computer recognized its local name (edge.local.domain). But it seems he doesn't know its Internet FQDN (lync.mydomain.com) which is mentionned in the topology.
    It does not explain why I could previously add the wilcard certificate, so I think my remark is silly, but I am kind of lost....
    Thank you anyway for your messages.
    EDIT: when I try to use powershell to assign manually my certificate, i got an error message telling that the command execution failed because [my certificate thumbprint] is not in the store or not approved. It is true that I had some intermediate certificate
    provided by Comodo, but I installed all of them in the store via mmc>Certificate, both in trusted root CA and intermediate CA. Maybe I miss a location ?

  • Lync Edge Server Certificate Issue

    I've implemented a single internal Standard Edition
    Front End server with a single consolidated Edge server and Reverse Proxy server/appliance located in a perimeter network.
    On the internal IP of the Edge server I use a certificate form a internal CA ( which is trusted by the edge server), the "internal" certificate issued by the internal Ca is used only between the edge server and the frontend server. An external certificate
    with cn sip.ipabo.nl and alt.subj sip.ipabo.nl and webconf.ipabo.nl. from Globalsign is used on the external IP’s . Services have their own ip adresses and are natted by a router. Ive tested that all ports can be reached from the internet. But still no connection
    possible from external clients. The ms. connectivity analyser says: "The The certificate couldn't be validated because SSL negotiation wasn't successful". Connections from mobile clients through reverse proxy are no problem also internal clients
    have no issue ( they both don’t use the edge but proxy ). So i assume there's someting wrong with the certificate implementation on the Edge server, however ive tested it with the RUCT from Curtis Johnstone, and the certificate seems to be OK. Also in the
    Lync Server Deployment Wizard the certificates seem to be OK. In the computers personal certificate store the are only the two necessary certificates ( internal and external) also intermediate certificates are installed. Routing ( default gateway on external
    interface ) is working fine. So I think I'm out of options, any ideas? 
    Tnx, 
    Guido

    Ok I found It:
    It was a simple setting in the Control panel, or in the management shell:
    In Set-Accessedgeconfiguration
    AllowOutsideUsers was set to False. this should be true.
    I found it by Using OCSlogging on the Edgeserver, looking at SIP.
    So I don't understand how all the certificate and server unavailable warnings make any sense. 
    The next issue will be exchange integration :)
    Thanks for your help everybody

  • Lync Edge 2013 Certificate Assign

    Hi,
    I am trying to assign a Certificate to my Lync 2013 Edge Server on the Internet edge.  This certificate is signed by a recognize authority, so it should not be a problem.
    Whenever I have imported the certificate in via the Lync wizard and proceed on to the Assign Certificate step, the Certificate that i have imported does not appear in the List of certificate for me to assign it to the External Edge Certificate.
    I launched the MMC on the computer and add the Computer Certificate Snap-In. Unfortunatelly, if I look at the certificate icon, I do not see the little key in the icon. This sounds like I don't have the private key.
    In addition, I should say that I earned my certificate as a PEM file. I tried to convert it in PFX, DER, but always with the same result. So maybe I made a mistake while converting....
    Any help would be greatly appreciated!
    Thank you very much

    He's probably requested it on a different platform (like Linux w/Apache and then exported it)
    Try this: https://www.sslshopper.com/ssl-converter.html I
    wouldn't upload your private key and cert to the site, because it's not something you want to be sharing, but if you scroll to the bottom there are some options (mainly the second last option to grab certificate and key pem and output to PFX
    file)
    If I'm assuming correctly and your admin is using Linux/Unix then you can run the OpenSSL commands there or you could do it yourself on Windows http://www.openssl.org/related/binaries.html (but
    I'd say the first option is much easier)
    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
    www.lynced.com.au | Twitter
    @imlynced

  • Lync edge internal Certificate

    Hi guys, i have an interesting problem. I'm switching my TMg server for a Palo Alto server, and when i do an external test, it fails and its showing my internal cert not the SAN certificate bound to the external dmz nic, and yes i've reassigned the certs
    multiple times to make sure.
    Any one ever see anything like this. works perfectly on TMG :|

    I have 1 Lync Standard Frontend and 1 Edge, the edge server has 2 NICs, 1 internal and 1 in the DMZ with three IPs and 1 to 1 NAT. It has static routes for the internal network.
    I'm aware there is no SAN requirement for internal. What i cant figure out is why externally tests are seeing the internal certificate.
    Testing remote connectivity for user test@i*.com to the Microsoft Lync server.
    Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
    Additional Details
    Elapsed Time: 16269 ms.
    Test Steps
    Attempting to resolve the host name sip.i*.com in DNS.
    The host name resolved successfully.
    Additional Details
    IP addresses returned: 190.********
    Elapsed Time: 186 ms.
    Testing TCP port 443 on host sip.i*.com to ensure it's listening and open.
    The port was opened successfully.
    Additional Details
    Elapsed Time: 193 ms.
    Testing the SSL certificate to make sure it's valid.
    The SSL certificate failed one or more certificate validation checks.
    Additional Details
    Elapsed Time: 15560 ms.
    Test Steps
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.i*.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
    Additional Details
    Remote Certificate Subject: CN=cerberus.*.com, Issuer: CN=ICONS-CA, DC=i*, DC=com.
    Elapsed Time: 15501 ms.
    Validating the certificate name.
    Certificate name validation failed.
     <label for="testSelectWizard_ctl12_ctl06_ctl02_ctl01_tmmArrow">Tell
    me more about this issue and how to resolve it</label>

  • Lync Connectivity Analyzer Certificate Error

    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server lyncedgesvr.redfoxtechnologies.net on port 443.
    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
    Elapsed Time: 456 ms.
    I got the following certificate error when trying to test remote connection from lync connectivity analyzer, But we have purchase a comodo PositiveSSL Multi-domain what do I need to do Please help I have contact the SSL provider but they don't even know
    the problem.
    Than Public Certificate is bind only on Lync Edge Server and there is not Public Certificate on Lync Federation Server.
    The Lync Edge server is not using a NAT it is directly connected to the internet or the public ip address mounted on LAN.
    I have used only one Public IP address.

    Hi Everyone,
    I am not using reversed proxy I only just used the following below:
    Pfsense: Public IP
    Lync Fe : Single internal IP
    Lync Edge : External Public IP no NAT
    Lync Edge : Internal IP
    Based on the Lync Validator below it says that I should create a NAT of Lync Fe Server to the External ip 103.17.21.198 Then issues a public Certificate to Internal of Lync Fe. Just because I don't have a External for Lync Fe. And I only have one LAN. correct
    me if this validator is wrong.
    For the Certificate CAN I USE THE "Comodo PositiveSSL Multi-Domain"?
    Internal DNS:
    Internal DNS Records                                
    Type
    FQDN
    IP
    Service
    Protocol
    Domain
    Host
    PRI
    Weight
    Port
    SRV
    _sipinternaltls
    _tcp
    redfoxtechnologies.net
    sip.redfoxtechnologies.net
    0
    0
    5061
    Automatic Login
    A
    dialin.redfoxtechnologies.net
    10.10.10.11
    Simple URL Dialin
    A
    lyncadmin.redfoxtechnologies.net
    10.10.10.11
    Simple URL Admin
    A
    lyncdiscoverinternal.redfoxtechnologies.net
    10.10.10.11
    Internal Lync client discovery.
    A
    lyncedgesvr.redfoxtechnologies.net
    172.0.0.113
    Edge Pool Name
    A
    lyncedgesvr.redfoxtechnologies.net
    172.0.0.113
    Edge Server #1
    A
    lyncfesvr.redfoxtechnologies.net
    103.17.21.198
    External Web Services
    A
    lyncfesvr.redfoxtechnologies.net
    10.10.1.1
    Front-End Server #1
    A
    lyncfesvr.redfoxtechnologies.net
    10.10.10.11
    Internal Web Services
    A
    lyncpool.redfoxtechnologies.net
    10.10.1.1
    Front-End Server #1
    A
    meet.redfoxtechnologies.net
    10.10.10.11
    Simple URL Meet
    A
    sip.redfoxtechnologies.net
    10.10.1.1
    Front-End Server #1
    External DNS:
    External DNS Records                                
    Type
    FQDN
    IP
    Service
    Protocol
    Domain
    Host
    PRI
    Weight
    Port
    SRV
    _sip
    _tls
    redfoxtechnologies.net
    lyncedgesvr.redfoxtechnologies.net
    0
    0
    443
    Automatic Login
    SRV
    _sipfederationtls
    _tcp
    redfoxtechnologies.net
    lyncedgesvr.redfoxtechnologies.net
    0
    0
    5061
    Lync Federation Discovery
    A
    dialin.redfoxtechnologies.net
    103.17.21.198
    Simple URL Dialin
    A
    lyncdiscover.redfoxtechnologies.net
    103.17.21.198
    Lync client discovery.
    A
    lyncedgesvr.redfoxtechnologies.net
    103.17.21.196
    Access Edge #1
    A
    lyncedgesvr.redfoxtechnologies.net
    0.0.0.0
    Web Conferencing #1
    A
    lyncedgesvr.redfoxtechnologies.net
    0.0.0.0
    AV #1
    A
    lyncfesvr.redfoxtechnologies.net
    103.17.21.198
    External Web Services
    A
    meet.redfoxtechnologies.net
    103.17.21.198
    Simple URL Meet
    Internal Certificates                                
    Type
    Server
    SN
    SAN
    EKU
    Internal
    Front-End
    lyncpool.redfoxtechnologies.net
    lyncpool.redfoxtechnologies.net
    lyncfesvr.redfoxtechnologies.net
    meet.redfoxtechnologies.net
    dialin.redfoxtechnologies.net
    lyncadmin.redfoxtechnologies.net
    lyncdiscoverinternal.redfoxtechnologies.net
    lyncdiscover.redfoxtechnologies.net
    sip.redfoxtechnologies.net
    lyncfesvr.redfoxtechnologies.net
    lyncfesvr.redfoxtechnologies.net
    Server
    SAN/UCC Certificate for Front-End Pool
    Internal
    OAuth
    redfoxtechnologies.net
    Server
    OAuth
    Internal
    Edge Server
    lyncedgesvr.redfoxtechnologies.net
    Server
    Certificate for Internal Edge
    External Certificates                                
    Type
    Server
    SN
    SAN
    EKU
    Public
    Lync Edge
    lyncedgesvr.redfoxtechnologies.net
    lyncedgesvr.redfoxtechnologies.net
    lyncedgesvr.redfoxtechnologies.net
    Server Client
    SAN/UCC Certificate for Edge Server
    Public
    Reverse Proxy
    lyncfesvr.redfoxtechnologies.net
    meet.redfoxtechnologies.net
    dialin.redfoxtechnologies.net
    lyncdiscover.redfoxtechnologies.net
    lyncfesvr.redfoxtechnologies.net
    Server
    SAN/UCC Certificate for Reverse Proxy

  • Lync Edge Server External Private Certificate

    Hey GURUS!
    Please help me out:
    I'm having issues accessing Lync from external network.
    Mobile clients login fine, but computer clients fail to login.
    My current deployment consists in a single 2013 front-end and a single 2013 edge server.
    All servers have certificates from my internal CA.
    All servers have the root CA certificate installed in the trusted root certificate authority.
    I have 2 sip domains, and the edge certificate has both sip domains.
    However, when I test from test connectivity.microsoft.com, I get an error regarding the certificate chain.
    I can't understand why lync requires a intermediate certificate, if I don't have any published in my organisation.
    The certificate path goes: Root CA -> Certificate.
    Also, the lync discover test runs with no errors what so ever.
    This error on the edge didn't occur when I had lync 2010 running.
    Does anyone know how to solve this?
    Thanks!
    Andrey Santana
    edit: i forgot to upload the screenshot

    Thiago,
    The certificates from the Front End / Reverse Proxy are also from the internal CA and I don't get the error, it actually runs successfully.
    Andrey
    How did you test the certificates from the Front End and Reverse Proxy Server?
    The public website connectivity.microsoft.com need a public certificate.
    But if you use private certificate in lab, it could work as long as you install the Root CA certificate on client computer.
    Lisa Zheng
    TechNet Community Support

  • Lync Edge Certificate

    Hi All
    I am Doing POC of Microsoft Lync 2010 for one of my client, i had deployed lync Front End server (STD Edition) and configured the same. I have also installed lync on some client side and test all the features internally was sucessfull, now i want to deploy
    lync Edge server, i have done all the necassary configuration for Lync edge server, but now i have stuck in part of External certificate, though this is just a POC i dont want to import any public certificate now for this POC, so is there is any way to import
    private certificate on Lync Edge server which can be used externally so that i can bring internet users in my lync environment
    please provide me some step, how to create private certificate for Lync edge server and also how to import the same
    Thanks in advance
    Vinayak

    Hi,
    Basically the steps are the same as how you've create for the internal certificates, using an internal Microsoft CA Server:
    Using the Installation Wizard, generate an offline certificate requests for your external domain: sip.domain.com, webconf.domain.com, av.domain.com, meet.domain.com & dialin.domain.com.
    With that, log in to your internal CA server (e.g.
    https://servername/certserv)
    Paste the offline certificate request onto the web page, make sure you've select Web Server as the certificate type
    Download the generate certificate
    Assign the downloaded certificate using the Lync installation wizard to the Access Edge external interface
    If you're publishing via a Reverse Proxy, just export the certificate from the Access Edge and install it into your TMG certificate store
    Alternatively, VeriSign also offers a free 30 days trial -
    http://www.verisign.com/ssl/free-30day-trial/index.html
    Hope this helps.
    James Ooi MCITP Lync Server 2010 | Blog: http://jamesosw.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial
    to other community members reading the thread

  • Lync Edge Server 2013 Certificate Issue seems unresolvable

    I've implemented a single internal Standard Edition Front End server with a single consolidated Edge server and Reverse Proxy server/appliance located in a perimeter network.
    On the internal IP of the Edge server I use a certificate form a internal CA ( which is trusted by the edge server), the "internal" certificate issued by the internal Ca is used only between the edge server and the frontend server. An external certificate
    with cn sip.ipabo.nl and alt.subj sip.ipabo.nl and webconf.ipabo.nl. from Globalsign is used on the external IP’s . Services have their own ip adresses and are natted by a router. Ive tested that all ports can be reached from the internet. But still no connection
    possible from external clients. The ms. connectivity analyser says: "The The certificate couldn't be validated because SSL negotiation wasn't successful". Connections from mobile clients through reverse proxy are no problem also internal clients
    have no issue ( they both don’t use the edge but proxy ). So i assume there's someting wrong with the certificate implementation on the Edge server, however ive tested it with the RUCT from Curtis Johnstone, and the certificate seems to be OK. Also in the
    Lync Server Deployment Wizard the certificates seem to be OK. In the computers personal certificate store the are only the two necessary certificates ( internal and external) also intermediate certificates are installed. Routing ( default gateway on external
    interface ) is working fine. So I think I'm out of options, any ideas? 
    Tnx, 
    Guido

    Please check the DNS records for sip.ipabo.nl and webconf.ipabo.nl are created on external DNS server.
    Please check you can telnet Lync Edge Access service FQDN on 443 port.
    Check the automatic configuration for remote access is configured correctly or you can try to sign in manually.
    Follow the steps in blog blow to test your Edge Server:
    http://blogs.technet.com/b/nexthop/archive/2011/12/07/useful-tips-for-testing-your-lync-edge-server.aspx
    Lisa Zheng
    TechNet Community Support

  • Lync Edge functional for external client but federation is not working

    Hi,
    I am working on Lync Edge Server from couple of weeks but unfortunately, I can't federate with Skype and other partners. First of all I want to mention following things:
    1. Lync 2013 Front-End Server is fully functional for Internal Users
    2. Lync 2013 Reverse Proxy is fully functional for Mobile Users
    3. Lync 2013 Edge Server is fully functional for External Users except Federation.
    Let me share Edge Server current configuration with you.
    1. Lync Edge Pool have two NICs, Internal (Private IP) and External (3 Public IPs with default gateway and External DNS)
    2. Host File have entries for Lync front-end server
    3. Local CA certificate for Internal Interface and Starfield CA Certificate for External interface with required SAN e.g., acs.domain.com etc
    4. Skype is searching my domain URIs but added contact is showing offline in skype
    5. Lync 2013 Basic client is showing Presence Unknown for Skype contacts (Skype contacts already merged with Live ID)
    6. Test-CSFederatedPartner cmdlet is also giving 504 error while testing from Front-end server.
    This is production environment actually so please let me know if I am missing something.

    Verify that you configure SRV Record on External DNS {SRV Record _sipfederationtls._tcp.<domain> on port 5061 and SRV Record _sip._tls.<domain> on port 443}
    Also Verify that you enable lync federation on Lync topology and publish it
    On a Front End server, open Topology Builder. Expand Edge pools, then right click your Edge server or Edge server pool. Select Edit properties.
    In Edit Properties under General, select Enable federation for this Edge pool (Port 5061). Click OK.
    Click Action, select Topology, select Publish. When prompted on Publish the topology, click Next. When the Publish is finished, click Finish.
    On the Edge server, open the Lync Server Deployment wizard. Click Install or Update Lync Server System, then click Setup or Remove Lync Server Components. Click Run Again.
    At Setup Lync Server components, click Next. The summary screen will show actions as they are executed. Once the deployment is done, click View Log to view available log files. Click Finish to complete the deployment.
    For configuration of lync federation, you can check blow link
    http://technet.microsoft.com/en-us/library/jj204800.aspx
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

  • Combining Lync Edge certificate of Reverse Proxy

    I wonder if the creation of a certificate from the combined Lync Edge server names and Reverse Proxy will work?
    Wants to create a certificate for Lync Edge with CN = sip.domain.com and add names required for the Edge and Reverse Proxy as an additional DNS:
    sip.domain.com 
    webconf.domain.com
    webext.domain.com
    meet.domain.com
    dialin.domain.com
    lyncdiscover.domain.com

    Hi,
    Yes, you can use the same certificate for both Edge Server (external interface) and Reverse Proxy, which SAN including all Edge Server and Reverse Proxy needed (such as: webcon.contoso.com, sip.contoso.com, webext.contoso.com, meet.contoso.com, dialin.contoso.com,
    lyncdiscover.contoso.com, and so on).
    More details:
    https://technet.microsoft.com/en-us/library/gg398519.aspx?f=255&MSPPError=-2147217396
    https://technet.microsoft.com/en-us/library/gg429704.aspx
    There is no special SAN for federate with Skype. However, the certificate must be the public SAN certificate.
    Best Regards,
    Eason Huang
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Eason Huang
    TechNet Community Support

  • Can't assign certificate in Lync Edge Server

    Hello, everyone
    I've installed Lync Server, internally it works fine, but while i'm deploying edge server, i have a certificate problem. On request assign certificate step, I've issued by online certificate authority, after request i see following error:
    The certificate has been issued by the online certification authority and is installed to the local certificate store, however it is not valid. Make sure that the Root certificate, and necessary certificate chain is installed on this server.
    I've downloaded root certificate from CA and imported to trusted root certificate of edge server. I think root certificate is valid, because non domain members which imported root certificate, sign in Lync successfully.
    I also sent offline certificate request (http://technet.microsoft.com/en-us/library/gg412750.aspx), importing certificate was successful. But  there are no certificates in assign
    certificate wizard. I checked personal certificates using mmc, there were certificates i have requested.
    How can I solve this problem? Please help me!
    Regards and thanks for any help :)
    Enkhee

    Hi,
    You need to access htt://CAserver/certsrv to download the certificate chain in the edge server. Open MMC and install the Certificate chain with the following steps(To import the CA certification chain for the internal interface ):
    http://technet.microsoft.com/en-us/library/gg412750.aspx
    Check whether the Certificate chain is installed successfully in the
    Trusted Root Certification Authorities.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Edge server external certificate CN

    For certification in edge external, some instructions said that CN is accessedge.contoso.com, and SAN includes accessedge.contoso.com and sip.contoso.com
    But in other instructions, it only needs sip.contoso.com as CN and SAN.
    I am confused, what is the purpose of accessedge.contoso.com ?

    Accessedge.contoso.com represents whatever name you choose for your external access edge role.  Sip.contoso.com will always be present as a SAN in the certificate as well.  So, you can take this route and have those two SANs in the certificate,
    or you can set the access edge FQDN to sip.contoso.com to save a SAN in your certificate.
    Really, the only purpose of having accessedge.contoso.com is to have a better naming convention that just reusing sip.contoso.com, or perhaps if you have multiple pools and want separate access edge names for each.
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Lync Edge Server (step 3)

    Hi All,
    Need help on Lync Edge Configuration.
    I've 1 lync FE & 1 Lync Edge. I'm successfully install Lync FE.
    Problem come on Edge Lync Setup.
    Step 1 : Install local Configuration Store (Complete)
    Step 2 : Setup or remove lync server component (Complete)
    step 3 : Request install or assigned certificates. ( I've assign certificate for both Internal & External but the status for step 3 not showing "Complete")
    I cannot proceed to step 4 (start Service) until step 3 is complete.
    Kindly help me on this issue.
    Thank you. 

    Hi,
    I'd restart your Edge server if you haven't already done so, and check that you have not accidentally assigned the certificate to only specific Edge services and Sneff_Gabor suggested.
    Could you confirm that you used the Lync Certificate Wizard to generate the CSR's for these cert's rather than generating them through some other means?
    If you haven't already done so, import and assign the certificates for a second time post Edge restart to see if this makes a difference.
    If you're using a third party public certificate for you external Edge services, make sure that you have any required root and intermediate certificates in place for a valid chain. You can check this by viewing the certificate details and looking
    at the 'certification path' tab to ensure your public certificate is trusted.
    If you don't have any luck, create a new CSR for your External Edge services and generate a certificate from your internal CA rather than through a public CA and assign that. This will tell you if it's the external certificate that's causing an upset.
    Can you confirm the 'public key' and 'signature algorithm' on the details tab of both certificates?
    Kind regards
    Ben
    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.

  • Lync Edge 2013 NOT Replicating config data with CMS / NOT up to date

    I have recently installed my Lync 2013 Edge pool (1 edge server).
    all services are UP and public & internal certificates deployed successfully.
    BUT i keep seeing an X sign in the Replication Status field in the "Lync Control Panel->Topology" page.
    even running the "Get-CsManagementStoreReplicationStatus" gives:
        UpToDate           : False
        ReplicaFqdn        : internalEDGEFQDN.domain.com
        LastStatusReport   :
        LastUpdateCreation : 06/08/2013 10:09:41 AM
        ProductVersion     :
    telnet from my front-end to edge over port 4443 works
    all edge services are UP
    browsing [https://internalEDGEFQDN.domain.com:4443/ReplicationWebService] returns a special page
    there is a file called "data.zip" placed on the FileStore destined to my edge replica   \\filestorefqdn\lync2010files\1-CentralMgmt-1\CMSFileStore\xds-master\replicas\internalEDGEFQDN.domain.com\to-replica
    I dont know what might be causing the replciation to NOT get initiated. the edge server needs to be replicated so to be functional.
    thanks in advance,

    Hi,
    Please also run the Invoke-CsManagementStoreReplication cmdlet and allow time for the replication to complete before running the Get-CsManagementStoreReplicationStatus again.
    Would you tell us more details about certificate you used for Lync edge internal and external interface, and front end server? If you assigned a wildcard certificate to front end server, this may cause the replication issue between front end and edge.
    Please check event viewer if there is any relevant error message. In addition, you can refer to the blog you pasted how to check the CMS replication traffic.
    http://ocsguy.com/2011/09/07/troubleshooting-cms-replication/
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
    sure that you completely understand the risk before retrieving any suggestions from the above link.
    Kent Huang
    TechNet Community Support

Maybe you are looking for

  • What are the dependent master data for running MRP

    Hi Experts,                   My client wants to Run MRP After 8 Months of implementation. Now i want to know 1) What are the Master Data need to be check. They are Using the Strategy 20. 2) They have confirmed sales order for few customers. Forecast

  • TS4185 'an error occurred' while verifying comes up when I try to activate, what can i do?

    Can someone help me with this, I can't seem to sign on and get started on my new macbook pro. Also, I am calling (facetiming)  from my ipad to my phone and it rings on the ipad end but not the iphone end, but then shows up as a missed call on the iph

  • Automatic import into iTunes library

    Recently my iTunes has been automatically adding new songs into my iTunes library, when I download them online. How do I stop this from happening? I don't want these songs to automatically come into my iTunes Library. Thanks so much for your help.

  • Developer traces_Errors in ST11_ECC6_Oracle10g_Solaris10

    Hiello, When I check ST11 all the work process traces are showing errors . 1. Can we delete the developer traces in production environment??? 2. What could be the reason for the errors in dev_w0 trc file: "dev_w0", trc level: 1, release: "700" ACTIVE

  • Front panel not showing controls

    i have encountered a very strange thing where very often all of my front panel control displays will disappear. Closing and reopening the vi does not really solve the issue either. none of the controls should be hidden.... where the panels should be: