A typical sign of this problem with front end services not starting might be Event ID 18465  and 32178. I had verified the certificates were all correct and seemed to be in the right place in the stores. However on detail review, The Inter-webs have examples of this error, pointing to certificate problems. I also found several articles telling me to import the various certificates into locations  I knew were incorrect. I decided to publish this “how to” , in order to get the steps straight.

First thing, I will say there is a work around for some subtle problems with your certificates. You may try this  first, to see if this  will work around your issue on, for example Server 2012. Begin with a consult of the Tech Net article on the Server 2012 Web Services not starting at KB2795828.  Examples of basic steps to fixing issues include the following:

Add the REG_DWORD “SendTrustedIssuerList” to the SCHANNEL registry location. The value is going to be 2:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Second, check the replication of the Edge web service at https://edgeFQDN.domain.com.com:4443/replicationwebservice. This is from your Edge Server.

https://ontheedge.1reeves.com:4443/replicationwebservice

If you get prompted for authentication, then you may have the certificate in the user store instead of the computer store ( for example).

  • Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\a.txt”
  • Get Childitem cert: \ LocalMachine \ root-Recurse | Where-Object {$ _.Issuer-ne $ _.Subject} | Format-List *
  • Get-Childitem cert:\LocalMachine\ca | Where-Object {$_.HasPrivateKey} | Format-List
  • Get-Childitem cert:\LocalMachine\ca -Recurse| Where-Object {$_.Issuer -eq $_.Subject} | Format-List *
  • Get-Childitem cert:\LocalMachine\my | Where-Object {$ _.HasPrivateKey!} | Format-List


Once you Identify the certificate that does not belong, remove it. Read about articles which elaborate on the certificates. MSXFAQ is a great couple of screen shots if you can translate from German. It is worth reading.

You will then need to make sure all the certificates are in place  and match the Lync Deployment Wizard settings. Once this is corrected, Restart your Edge and all Front End servers. See The MS documentation if you need to verify this known issue

How to fix the Lync Edge or Front End Service failing to start.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s