Problem in requesting certificate from enterprice CA

Similar Messages

• Lync 2010 Certificate Issue - "There was a problem verifying your certificate from the server"

  Greetings.
  My Issue:
  Lync 2010 client does not connect to server;error displayed "Cannot sign into Lync. There was a problem verifying the certificate from the server."
  Description:
  The client is running on my Windows 7 box, and my CA server is a Windows Server 2003 box. I have installed the hotfix on the Server 2003 box to update the Web Enrollment portion of CA to allow for newer clients (Vista and 7) to receive certificates from
  this server. 
  Lync server is running on Server 2008 R2 STD, installation was a success.
  The Windows 7 box is a part of the domain.
  I have manually exported the Root CA from my Enterprise CA server from
  Trusted Root Certification Authorities -> Certificates and imported into the same location on my Windows 7 box. 
  If I look at the certification path on the Root CA, on my Windows 7 box,  it says "The certificate is OK." The same goes for the servers involved. 
  Still nothing.
  I have read the other forum posts on here about people having success once they manually import the Root CA from the Enterprise CA server, but this is not my case here. 
  All certificates are successfully assigned on the Lync server box; however, I did have to manually import the Root CA into Lync server's
  Trusted Root Certification Authorities -> Certificates before I could successfully assign them. Had to do this on another deployment I completed, so I didn't think anything of it.
  To recap: it seems that even with my Root CA imported into my Windows 7 box I can still not connect to my Lync server with the client, and I get the error message "There was a problem verifying the certificate from the server."

  Solved
  Solution :  Export certificate from Lync Server Start > Administrative Tools > IIS > Server Certificate > Export >   abc.pfx   save it,  Copy and place the certificate where Ms Lync 2010 client is installed or getting certificate
  error.  Follow these steps on client machine to install certificate 
  Run > mmc > add or remove snap in > certificates > computer account > local computer >finish > ok > expand Certificate > Trusted Root Certification Authorities > Certificate > All task > Import > copy abc.pfx certificate
  and delete unnecessary certificate from there.
  Restart Client machine and open microsoft Lync client 2010 and open option menu > Personal > Advanced > choose Auto Configuration > save ok

• CA issue - Workstation signin "There was a problem verifying the certificate from the server"

  Hi,
  We have issues with all workstations on our domain. I just recently setup Lync 2013 server on a windows 2012 OS. When I went to test sign-in, I received a message "There was
  a problem verifying the certificate from the server". To fix this issue, I had to download the cert and import it into Trust Root Certification Authorities on the local workstation. This will be impossible if I have to do this for multiple machines.
  Is there a way around  this? Why is it asking to do this?
  Thanks guys, much appreciated.
  MM

  You can follow the instructions here to use Group Policy to install your root certificate to all your workstations.
  Or you could re-deploy your CA as an Enterprise CA.
  Hi Georg,
  Thank you for your reply.
  I did deploy my CA as an Enterprise CA..... Not sure why its still asking me to install on workstations?
  How can I confirm its an Enterprise CA?
  Thanks,
  MM

• There was a problem verifying the certificate from the server

  i can not sign in to my lync server in client user and the error message is "There was a problem verifying the certificate from the server".
  i can sign in in my lync server by any account but i can not sign in in other pc clients.

  Hi,there,
  Just some additional info...
  Please go through the following old threads with the same error message
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/19d74620-9ea8-4f19-bc01-25387e4ee380/
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/7a973094-6cd1-4f3f-9af0-6d330a9b8428 
  http://social.technet.microsoft.com/Forums/en-US/ocscertificates/thread/4034e791-6c3c-4c35-b936-bca734204fd4/ 
  Hope these helpful!
  B/R
  Sharon
  Sharon Shen
  TechNet Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

• How to request certificate from a non-domain computer

  We using a Windows Server 2008 R2 Enterprise CA to issuing webserver-certificates (SSL). The CA-Server is a member of a AD-Domain and online. Now we want to request certificates from computers like Windows Server 2008 R2 or Linux Server which aren't member
  of the domain.
  How we can request certificates automatically with a script remote from these Windows Servers, for example ? Is it possible to use  the "Certificate Enrollment Web Service" without the "Certificate Enrollment Policy Web Service" ?
  Is it possible to use certreq in this scenario ?
  Thanks for your help.

  Now I have found a solution. Shortly I want describe the way:
  Prerequirements:
  1. ADCS Enterprise Certification Authority is installed
  2. ADCS Certificate Enrollment Web Service is installed on a server
  3. ADCS Certificate Enrollment Policy Web Service is installed on an other server
  Steps to do:
  1. Prepare a request-file for a certificate
  2. On a computer which is not a member of the Domain/Forest of the CA-Service: submit the request to the CA and receive the issued certificate. The following command have to written in one line without line breaks.
    certreq -submit
      -Username {domain}\{username}
      -p {password}
      -PolicyServer "https://{FQDN CertificateEnrollmentPolicyWebService-Server/-Alias}/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP"
      -config "https://{FQDN CertificateEnrollentWebService-Server/-Alias}/{CAName}_CES_UsernamePassword/service.svc/CES"
      -attrib "CertificateTemplate:{TemplateName}"
      {Enter Path and Name of the Request-File}
      {Choose Path and Filename for certificate}
     Sample:
     certreq -submit
          -Username contoso\Serviceaccount
          -p P@ssw0rd
          -PolicyServer "https://CAPolicyEnroll.contoso.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP"
          -config "https://CAWebEnroll.contoso.com/IssuingCA1_CES_UsernamePassword/service.svc/CES"
          -attrib "CertificateTemplate:MyOwnSSLTemplate"
          request.req
          sslcert.cer
  3. Now you can find a file with your requested certificate locally in path you have choosen for the certificate-file.
  I hope this will be helpful for other people enrolling certificates on non-domain member computers.

• While logon to lync it gives error " there was a problem verifying the certificate from the server "

  i already go through all threads related to my question. but not even one thread is satisfying my question  ok my problem is again the same it gives me error as i mentioned in title. client OS is XP. actually can somebody tell  me which certificate
  i should import in which name of certificate group.
  N ya why error has occur. help me 
  thanks in advance 
  jayesh rohit

  You'll want the CS root certificate in the trusted root certificate authorities area of the machine store (vs the user store).  If there are any subordinate CAs with intermediate certificates, put them in the intermediate certification authorities area. 
  Verify that the certificate has the correct SANs for you server.  Did you generate the certificate from the deployment wizard, did you check the box for the sip domains as you went through the wizard?  Is the certificate internally signed by your
  certificate authority?  Are you attempting to connect internally or externally when you see the issue? 
  Can you confirm that your SRV records for _sipinternaltls._tcp.domain.com have the correct port and hostname and that the hostname is also resolvable?  Can you do the same for _sip._tls.domain.com?
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Requesting certificate from certificate authority

  I am in the last step of migrating from a personal account to a business account. I need to remove my old certificate, request a new one from the Certificate Authority in my keychain access. I attempt to get the new certificate, but it says the Certificate Authority email address is required. Does anybody know it or know how to bypass this step? Thanks

  I am actually working on getting this setup for user Certs. and I am having some trouble. Can you tell me how you got this working?

• Office Communicator 2007 "There was a problem verifying the certificate from the server" issue

  Hello,
  Last Friday is when this error first started. This is effecting all users. I am new to this position and am unfamiliar with how the Communicator server is setup. I am unsure as to where to look and where to start. We are using Office Communicator 2007 R2
  running on a VM with Server 2003 R2. This is the only application being used on this host. Any ideas on where to start looking?
  Thanks for the help

  Hi Jenebo,
  Looks like you did not install the CA install your client PC.
  Access you enterprise CA server, like
  http://dc.server.com/certsrv, download the certificate chain and intall it.
  If it still can not work, please check you use automatic configuration to login your ocs client and you can resolve the SRV record to correct srv hostname using Nslookup.
  If you use manual configuration, please do not use IP address of of FE.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  I issued a certificate off of the server running OC 2007; I do not have a dedicated CA server. How would I pull the crtificate off of that server and install it on my clients (server name is SFBlackberry)?
  By the way, half of the clients worked after I renewed the CA on the server and the other half are the ones I am having problems with.
  Thanks for your help...as you can tell I am new to OC and really appreciate your help.

• Receiving error when signing into Lync 2013 Externally "There was a problem verifying the certificate from the server"

  I have gone through multiple forums and just about everyone states install the Root CA on the machine trying to connect.
  I have installed the Root CA on this machine as it is not on the domain and is not inside the domain. It is installed in the Trusted Root CA folder.
  I run the test connectivity microsoft tester and this is what i receive:
  Testing remote connectivity to Microsoft Lync server through the Lync Access Edge server sip.netrixit.com on port 5061 to verify user [email protected] can connect remotely.
  Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
   <label for="testSelectWizard_ctl12_ctl06_ctl03_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  Couldn't sign in. Error: Error Message: Unknown error (0x80131500).
  Error Type: TlsFailureException
  Any insight would be helpful.

  Here is certificate you have your edge server external interface for sip.netrixit.com
  Common name: *.netrixit.com
  SANs: *.netrixit.com, netrixit.com
  Valid from January 30, 2014 to January 30, 2015
  Issuer: Go Daddy Secure Certification Authority
  As per Wildcard certificate support in Lync Server 2013
  http://technet.microsoft.com/en-us/library/hh202161.aspx
  Server roles that are not support for WildCard Certificate 
  Internal server roles (including, but not limited to the Mediation Server, Archiving and Monitoring Server, Survivable Branch Appliance, or Survivable Branch Server)
  External Edge Server interfaces
  Internal Edge Server
  Please change the certificate on edge server external interface 
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer"
  Regards Edwin Anthony Joseph

• Problem when requesting data from r/3

  when i was extracting data from R/3 4.7 by generic data extract using views,the following error occured
    Error when updating Idocs in Source System
  Diagnosis
  Errors have been reported in Source System during IDoc update:
  System response
  There are IDocs with incorrect status.
  when i saw the inbound idoc in the source system it was with status 51 with the below error message
  "Incomplete control parameter for commmunication with the BW system"
  it would be great if u could solve it for me.

  HI,
  What somanth says is true. But i would like to add something else, after u restore the connection u need to re-activate all the transfer structures on the source system.
  You can activate all the transfer rules by running the program 'RS_TRANSTRU_ACTIVATE_ALL'. This should work.
  Hope it helps.
  Mav.

• Non-domain computer request certificate

  We have Enterprise CA with Certificate Enrollment Policy Web Service and Certificate Enrollment Web Service on same domain computer. 
  When I configure Enrollment policy on non-domain computers by adding exist Certificate Enrollment Policy Server: 
  mmc->Certificates(local computer)->Personal-Manage Enrollment Policy, all looks fine. But when I do request
  New Certificate -> Select Certificate Enrollment Policy appears window with empty list and message:
  Certificate types are not available.You cannot request a certificate at this time because no certificate types are available. From domain computers all works fine, I can choose templates from the list and can do command:
     certutil -config "DomainComp\CAname" -ping. 
  from non-domain computers I can't do certutil -ping:
  ...Connecting to DomainComp\CAname ...
  Server could not be reached: The RPC server is unavailable. 0x800706ba

  I'm used select username/password authentication when installed CES/CEP roles. If I want to use authentication with
  certificates, I must to make request and enroll it on CA. This is a problem for non-domain computer. By the way, using method:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/098f858a-3e89-48d2-828e-274487033f6b/how-to-request-certificate-from-a-nondomain-computer?forum=winserversecurity
  I can manually make request file, issue it on Enterprise CA and export certificate file, when import certificate.
  This method
  http://blogs.technet.com/b/askds/archive/2010/05/25/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates.aspx not work because appears empty list of enrolment templates.

• .MSG files. Problem with getting requested values from crawled properites

  Hi
  I have a lot of msg files on my file server. I use SharePoint Enterprise Serach engine to crawl all these MSGs.
  I would like to get extra managed properties out of these files. I am most interested in getting Mail:5(text) / Mail:12(Date and Time) / Mail:53(Date and Time) from MAIL category in Managed Properties.
  This thread is very similar to one already posted by SpinnerUp:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/82d69df0-5cb2-4e51-a485-34209e111f4b/problem-with-crawling-msg-files-doesnt-seem-to-return-requested-values-from-crawled-property
  Please be aware that I do not use Public Folders. These MSGs are exproted from Outlook and are stored on File Server not Exchange.
  I tried to link Crawled Properties to new property however I cannot get any results back.
  Thank you for you help.
  Regards, Marcin (Please mark as helpful or answered if it helps)

  Thank you for your replay.
  However I am not keen to write custom connector at this stage.
  Is it possible to simply get "Subject", "Sent", "Received" info from msg file and then map it to managed properties.
  Does SharePoint create any crawled properties which contain information about let's say "Subject" which then can be used to create managed properties?
  I tried playing with "MAIL" properties however I cannot get them to work. I guess this is because the file is a msg file rather than mail which is stored in Exchange Public Folder.
  Regards, Marcin (Please mark as helpful or answered if it helps)

• Provide steps to send Root CA certificate to the Lync client, getting error" There was a problem verifying certificate from the server"

  Hi,
    I Build an Lync 2013 set up with FEpool, Director pool and Exchange server is integrated. I have windows 8 client machine, with Lync client installed. When I try to login to the lync client, I am getting error like"There was a problem verifying
  certificate from the server".
  When I installed ROOT CA cert  manually on client machine I am able to login to the lync client. similarly if I add my client machine in my domain, I am able to login to the Lync client.
  Now is there any other way to send the certificate automatically to the client machine (Which are NOT part of the DOMAIN) from the server, instead of manual installation process.
  Please help me troubleshoot this problem

  Agree with S Guna, there is no easy way to push a certificate automatically to a client that you don't control other than building an installer package and asking them to run it.  In this situation, if there are a lot of non-domain joined machines
  a third party certificate is the way you need to go.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Problem in downlaod the certificate from portal

  Hi,
  I am new to iphone Please help me it's very urgent.
  I have create a new developer certificate and download it
  it works fine after that i have applied for distribution.
  when I have download this certificate but this certificate is invalid.
  I have revoked this certificate from portal and development also.
  when I have created the developer certificate again.
  downloaded it it is giving that it is not valid.
  when i have revoked the certificate from portal then in team section it is showing that it is revoked.but in certificate section it is showing issued
  and when i click on download or revoke it gives an error
  failed to download or revoked

  I'm having the same problem... A google search turned up another thread about it, but it appears too late to call anyone today, as support goes home at 5PM PST on Friday and doesn't come back until Monday.

• Problem consuming Web Service from ECC 6.0 using dual certificates

  Hi, I am trying to consume a secure web service on ECC 6.0 - so far without much luck.
  When I try to connect to the ws server, it seems there are three certificates in action: a CICS certificate for establishing the SSL connection, a 'root' certificate from the PKI certificate issuer, and a private certificate issued by the above issuer (please forgive me if a have the syntax wrong - certificates are not my primary line of work). So, using Trust Manager (STRUST), I have created a PSE named 'OES' and imported all three certificates into it.
  In SOAMANAGER I have set up the end-point using the WSDL-file and set the following parameters:
  - Authentication Method = X.509 Client Certificate
  - Trustworthiness Method = Holder of Key
  - Issuer = <issuer from the root certificate>
  - Name of Attester = <blank>
  - Validity of SAML Assertion = 180
  - Caching of SAML Assertions = False
  - Attester System Destination = <blank>
  - Name of Attester = <blank>
  - User = SRxxxWS
  - Password = <blank>
  - Client PSE = OES
  When I try to consume the web service, I can see in the log files that the CICS certificat is used for establishing the SSL connection but all I receive back is an HTTP 403 "Client Authentication Error". If I remove the CICS certificate from the PSE, the connection is not made.
  How do I make the client certificate available for the connection? Have I approached the problem from the wrong side? Has anybody experienced something similar? Any help will be highly appreciated.
  Thanks,
  Bo

  Hi,
  I am not Certificate expert either but you can get plenty of help from "Security" forum on SDN. I can help you bit with some related SAP notes and forum answers:
  See following notes :
  1324884 - Analysis of ABAP Web Service SOA Configuration
  1318906 - Trace analysis of SSL problems
  1319507 - Overview: Analysis of ABAP Web Service Configuration
  See this forum discussed about consuming secured ws in webdynbpro:
  Problem in Calling Secure Webservice.
  Articles:
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/92914af6-0d01-0010-3081-ded3a41be8f2&overridelayout=true -
  Web Services Security Configuration Guide (discussed IBM and NW WS security but you can find some examples and hints there)
  Regards,
  Gourav