Dear Experts,

Thanks in advance. While Installing Lync2010 in my lab environment I stocked in creating certificates on Lync server 2010.

I followed this link and as the instruction I did and I am sure I have not done any mistake.

 http://policelli.com/blog/archive/2011/02/28/step-by-step-guide-to-preparing-a-lab-environment-for-lync-server-2010-2/

My Lab Setup

LYNC-DC-Windows2008R2, AD DS, DNS, AD CS

LYNC-SVR- Windows 2008R2  Front end ,Back end

When requesting the Certificate I get the following message:

 

A Certificate with thumbprint " 3E76ED3EC12XXXXXXXXXXXX has been added to the local certificate store.

The certificate has been issued by the online certification authority and is installed to the local certificate store, however it is not valid.  Make sure that the Root certificate, and necessary certificate chain is installed on this server.

I am requesting you please help me out..

Regards

Biswajeet

Hi

It maybe because the root certificate from your internal CA is not published to the NTAuth store of the Lync server. This should be replicated using AD but in some instances it can be missing and in turn cause certificate validation errors.

You can check this registry key  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\NTAuth\Certificates

You can import the root certificate by using this command on the Lync server

certutil -enterprise -addstore NTAuth CA_CertFilename.cer

thanks

Note: Please remember to `Mark as Answered` a post that answers your question and/or `Vote as Helpful` posts that have helped you. This will help others find answers to similar problems. For more Skype for Business help visit: http://www.skype4b.uk Please note that answers are based on my experience and opinion only and do not necessarily represent the views of my employer.

• Edited by Mark Vale 20 hours 17 minutes ago

Hi

It maybe because the root certificate from your internal CA is not published to the NTAuth store of the Lync server. This should be replicated using AD but in some instances it can be missing and in turn cause certificate validation errors.

You can check this registry key  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\NTAuth\Certificates

You can import the root certificate by using this command on the Lync server

certutil -enterprise -addstore NTAuth CA_CertFilename.cer

thanks

Note: Please remember to `Mark as Answered` a post that answers your question and/or `Vote as Helpful` posts that have helped you. This will help others find answers to similar problems. For more Skype for Business help visit: http://www.skype4b.uk Please note that answers are based on my experience and opinion only and do not necessarily represent the views of my employer.

• Edited by Mark Vale Sunday, September 13, 2015 11:04 AM

Dear Mark,

Thanks a lot for your support I executed the command which you said and the output is below.

C:\certutil -enterprise addstore NTAuth CA_cert2482FXXXXXXXXXXX.cer

Executed  no more than 1 args, received 3

certutil : Too many arguments

Regards

Biswajeet



Hi

1. .Please open the cert from the MMC and check to see if the root certificate in the trusted CA list.

2. You can delete all certificates on that machine and re-ran step 3 to request and assign certificate again.

Best regards

Allan

Hi did you replace the CAxxxxxx.cer with the path to your root cert?

Hi all,

The issue has been resolved after installed some certificates in Lync2010 server.

Thanks  a lot for all of your support

Regards

Biswajeet

• Marked as answer by biswajeetpattnaik 13 hours 24 minutes ago