Cannot start service RTCMEDIARELAY (Network Steve Forum)

Cannot start service RTCMEDIARELAY

Hi Everyone,

This is my first post. I've sort of hit a dead end with the Edge deployment and so I thought I'd post it up here for some help.

I went through what I think is the normal process of requesting the "Edge Internal" cert from our internal CA and didn't have any issues requesting and assigning. I also have the External Edge cert setup that I requested from the public CA. I'm getting the following errors on the event logs after trying to start the services.

1 FE

1 Edge (DMZ)

1 TMG (Not Setup Yet)

Please let me know if you need any additional details.

"The TLS certificate WAS not found in the computer's certificate store, or the certificate may be invalid. The LS Audio/Video Authentication service will stop.

Certificate Serial Number: '12de9dd40000000000a2' Issuer 'CN=InternalCA, DC=domain, DC=local'
Cause: The certificate was not found in the computer's certificate store, or the certificate that was found may be invalid.
Resolution:
If there is no certificate, install the certificate on the computer's certificate store and verify that the configuration parameter has the correct serial number. If the certificate was found, verify that it is valid.

LS Audio/Video Authentication service could not be started.

Exception: Microsoft.Rtc.MRAS.MRASException: Server Tls certificate not found in the local machinestore
   at Microsoft.Rtc.MRAS.Crypto.GetValidCertificate(String issuerName, String serialNumber, Boolean isBankCert)
   at Microsoft.Rtc.MRAS.Core.GetTlsCertificate()
   at Microsoft.Rtc.MRAS.Core.Initialize()
   at Microsoft.Rtc.MRAS.Core..ctor(ServiceStopHandler serviceStop, RoleName roleName)
   at Microsoft.Rtc.MRAS.Server.OnStart(RoleName roleName)
Cause: Internal error.
Resolution:
Examine the details in the associated event log entry to determine the potential cause and report to Product Support Services."

Edited by SoarVigor Friday, June 08, 2012 3:04 PM

June 8th, 2012 3:04pm

Also figured I'd add the TestOCSConnectivity results in case it can help.

Test Details

Copy to Clipboard

Expand/Collapse

Testing the Remote Connectivity to Microsoft Lync Server through the Access Edge Server sip.domain.com running on port number 443 to see if user me@domain.com can connect remotely.

Specified Remote Connectivity test(s) to Microsoft Lync Server failed. Please examine below details of specific reason for failure.

Test Steps

	Attempting to Resolve the host name sip.domain.com in DNS.
	Host successfully Resolved
	Additional Details
	IP(s) returned: 123.456.789.69

	Testing TCP Port 443 on host sip.domain.com to ensure it is listening/open.
	The port was opened successfully.

	Testing SSLCertificate for validity.
	The certificate passed all validation requirements.validation checks.
	Additional Details
	Subject: CN=sip.domain.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=domain.local, O=Company, L=Sylmar, S=California, C=US, Issuer CN=VeriSign Class 3 International Server CA - T1, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Testing the Remote Connectivity to Microsoft Lync Server through the Access Edge Server sip.domain.com running on port number 443 to see if user me@domain.com can connect remotely.

Specified Remote Connectivity test(s) to Microsoft Lync Server failed. Please examine below details of specific reason for failure.

Tell me more about this issue and how to resolve it

Additional Details

Subscription for provisioning data did not return a valid MRAS URI.

Edited by SoarVigor Friday, June 08, 2012 3:12 PM

Free Windows Admin Tool Kit Click here and download it now

June 8th, 2012 3:12pm

Probably the easiest thing to do is to run the certificates wizard again and assign the public certificate to the AV auth service. If this works you can either leave it because this is an acceptable approach or troubleshoot further since you will now also know that there is some kind of problem with the internal certificate.

Marked as answer by SoarVigor Friday, June 08, 2012 8:19 PM

June 8th, 2012 7:16pm

HI ALANMAD,

Wouldn't this mean that I'd have to add a SAN on the public cert with the Edge server DNS suffix? ie; HOULYNCEDGE01.DOMAIN.LOCAL. I tried what you recommended and received an error when trying to Assign:

"Warning: The subject name "sip.domain.com" of the certificate does not match the computer FQDN "HOULYNCEDGE01.DOMAIN.LOCAL"

** UPDATE **

Despite that error message, it actually let me start the services! I'm hoping this doesn't cause any pains in the future.

Thanks!

Edited by SoarVigor Friday, June 08, 2012 7:58 PM

Free Windows Admin Tool Kit Click here and download it now

June 8th, 2012 7:53pm

This topic is archived. No further replies will be accepted.