I have rebuild this server 4 times now and rebuilding it again is NOT an option... I have finally come to a point that I am almost completed.

My issue is that the Front end service will not start. I get an error when I try to start this manually. Service-Specified error code - 1008125646. I have also started to notice the Event ID of 12303 and 14649.

All I am reading aobut is Cert issues but I have a wild card cert which i have read is valid to use on this server/Service. I have serachedc the internet and I can't find anything. Any help would be great. Really not looking forward to contacting Microsoft.

Thank you in advance for the help.

Wildcard is actually not supported for the front end for all services: http://technet.microsoft.com/en-us/library/hh202161.aspx, just the simple URL portion.

Do you have an internal certificate authority?  Are you planning for an edge s

I do not have an internal Certificate Authority and I am not planning an edge server at this time. I am simply using this for the internal Chat and collaboration.

I see that they are in this doc I am reading.

Lync Server 2013 uses certificates to provide communications encryption and server identity authentication. In some cases, such as web publishing through the reverse proxy, strong subject alternative name (SAN) entry matching to the fully qualified domain name (FQDN) of the server presenting the service is not required. In these cases, you can use certificates with wildcard SAN entries (commonly known as wildcard certificates) to reduce the cost of a certificate requested from a public certification authority and to reduce the complexity of the planning process for certificates.

That's true, but really only applies to a portion of the Lync deployment, in this case, publishing the web services to the Internet via a reverse proxy.

You're going to have trouble with that wildcard certificate, and a third party UC certificate (basically a web server certificate with subject alternative names) will be expensive but is an option.  I'd suggest setting up a simple internal CA that all computers trust so you can move forward. 

What about a Self assigned Cert? I think it is pretty foolish to have a service depend on a cert. I am trying to get this going to test this out to see if it will be a fit. I dont want to spend all that $$ just to try it.

That's exactly what I'm suggesting, an internally signed certificate from an internal CA server.  Even in full production, keeping a privately signed certificate on the front end is common practice.

If this is a lab, just install that CA role somewhere.  If this is in your production domain, it might be worth planning it out as an Internal CA can be useful for securing many devices and services that would be a waste of a public cert.

I did the self assigned and it seemed to start most of the services but the Front end is stuck in starting phase. I am not sure why. I do see it giving me Event ID's listed below. But they are: 32174, 32178, 30988, 32178.

Event ID 32174

Server startup is being delayed because fabric pool manager has not finished initial placement of users.

Currently waiting for routing group: {8EC325CB-B512-587D-9D03-E940E7CC1490}.

Number of groups potentially not yet placed: 1.

Total number of groups: 1.

Cause: This is normal during cold-start of a Pool and during server startup.

If you continue to see this message many times, it indicates that insufficient number of Front-Ends are available in the Pool.

Resolution:

During a cold-start of a large Pool it can take upto an hour for the placement process to finish as it needs to populate all the Front-End databases with data from the Backup Store. If the Pool is running and the Front-End is just started, this is normal for some time. If this repeats for a long time, ensure that all the Front-Ends configured for this Pool are up and running. If multiple Front-Ends have been recently decommissioned, run Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery to enable the Pool to recover from Quorum Loss and make progress.

Event ID 32178

Failed to sync data for Routing group {8EC325CB-B512-587D-9D03-E940E7CC1490} from backup store.

Cause: This may indicate a problem with connectivity to backup database or some unknown product issue.

Resolution:

Ensure that connectivity to backup database is proper. If the error persists, please contact product support with server traces.

Event ID 30988

Sending HTTP request failed. Server functionality will be affected if messages are failing consistently.

Sending the message to https://FQDN.com:444/LiveServer/Replication failed. IP Address is 10.76.0.163. Error code is 2EFE. Content-Type is application/replication+xml. Http Error Code is 0.

Cause: Network connectivity issues or an incorrectly configured certificate on the destination server. Check the eventlog description for more information.

Resolution:

Check the destination server to see that it is listening on the same URI and it has certificate configured for MTLS. Other reasons might be network connectivity issues between the two servers.

Event ID 32178

Failed to sync data for Routing group {8EC325CB-B512-587D-9D03-E940E7CC1490} from backup store.

Cause: This may indicate a problem with connectivity to backup database or some unknown product issue.

Resolution:

Ensure that connectivity to backup database is proper. If the error persists, please contact product support with server traces.

Is this standard or enterprise?  If enterprise, how many front ends are defined in the topology builder?

How much time has it been and what server OS are you running?

This is standard and it is a new installation. I have done this about 5 times now lol. I am pretty close to done and just need to resolve these couple of issues.

The OS is Windows server 2012.

Thank you

Could be a few things.  Could you check your trusted root store for the computer and verify that all of the certificates in there are root certs?  By this I mean the Issued To and Issued By columns should be identical.  If you see an intermediate certificate in the root store, the Front End service might not start and you'll have to move it to the right container.  It's a picky thing with 2012 http://support.microsoft.com/kb/2795828

I have the cert in there and it is a self signed cert and it is Server.domain.local. I am not sure what else would need to be done. It is exactly as it should read. I only need that one cert for the machine name as I am not using the SIP or anything else. I dont have meeting.domain.local or anything else. I didn't and don't think I need it.

So I am not sure what else I can do with this. It is getting frustrating and all I am reading online is not helping either. Why would MS make a product depending on the Cert.. ugh...

Anything else?

It depends on the cert because all traffic is encrypted by default.  I'm not just talking about the certificate you created, but others that may be in there as well.   In the trusted root container of your local computer, are there any certs who's Issued To doesn't match the Issued By? 

I have faced this multiple time , each one time it was different solution

first one try this

http://support.microsoft.com/kb/2795828/en-us

Second try to check that you point to the correct DNS server , I have faced it in one customer was having DNS in different forest so the service is not started

third thing to check , try to limit your scope to only the domain that has Lync user enabled using this command

Set-CsUserReplicatorConfiguration -Identity global -ADDomainNamingContextList @{Add="dc=yourdomain,dc=com"}

Also one time there were problem in the CA itself customized , so we build another CA for testing and it works 

Wish one of them will help 

Regards,

Well I went to that link and all my services and certs check out ok. I did the command Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File "c:\computer_filtered.txt" and noithing was in the doc so that is good.

My DNS server is good and we're all set there.

I run that command you gave me and then rebooted. Same issue.. I am starting to think this product is not going to really fit out needs if it is that much of a pain to get a service started.

Anything else I can try?

Hi Derek, 

Perhaps I skimmed over it and missed this but have you assigned the OAuth Cert?

Yes, for the cert I did a self signed cert. It is listed as Servername.domain.local. I am using this for the cert on this server. When I use it through the wizard it states everything is ok and when I close out of it that step is completed with the green check mark. Then I go to start the services and no dice..

Run the command Reset-CsPoolRegistrarState -PoolFqdn -ResetType QuorumLossRecovery.

This command resets the Registrar and Windows fabric services for the specified Registrar pool.

For error 32178, You can follow the following steps to fix such misconfigurations: 

1. If you are using group policies to deploy certs (http://technet.microsoft.com/en-us/library/cc738131(v=WS.10).aspx) ensure Trusted Root Certification Authorities only contains self-signed certificates (where Issued To = Issued By). Move any non-self-signed certificate present in this store to Intermediate Certification Authorities 
2. If you are importing any new certificates (either on your DC or Windows 2012 machines), then ensure as part of import you choose Trusted Root Certification Authorities for any self-signed certificates and Intermediate Certification Authorities for any non-self-signed ones

Also you can refer below link

http://terenceluk.blogspot.com/2013/09/new-lync-server-2013-deployments-front.html

I ran Reset-CsPoolRegistrarState -PoolFQDN Servername.domain.local -ResetType ServiceReset and I received the following error.

Reset-CsPoolRegistrarState : Sequence contains no matching element

At line:1 char:1

+ Reset-CsPoolRegistrarState -PoolFQDN "Servername.domain.local"

-ResetType Se ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~

    + CategoryInfo          : InvalidOperation: (:) [Reset-CsPoolRegistrarStat

   e], InvalidOperationException

    + FullyQualifiedErrorId : Error resetting fabric state. For details, see i

   nner exception.,Microsoft.Rtc.Management.Hadr.ResetPoolFabricStateCmdlet

I wanted to Run the command Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery BUT the service will need to be running to do this I believe.

Anything else?

• Edited by Derek Griffin 21 hours 0 minutes ago

Mai Ali,

I have confirmed this already.. it is all set as well.

For error 32178, You can follow the following steps to fix such misconfigurations:

1. If you are using group policies to deploy certs (http://technet.microsoft.com/en-us/library/cc738131(v=WS.10).aspx) ensure Trusted Root Certification Authorities only contains self-signed certificates (where Issued To = Issued By). Move any non-self-signed certificate present in this store to Intermediate Certification Authorities
2. If you are importing any new certificates (either on your DC or Windows 2012 machines), then ensure as part of import you choose Trusted Root Certification Authorities for any self-signed certificates and Intermediate Certification Authorities for any non-self-signed ones

Also you can refer below link

http://terenceluk.blogspot.com/2013/09/new-lync-server-2013-deployments-front.html

Hi,

Would you be able to test below steps ?

1. Install a internal root CA (private) on you domain controller.
2. Reboot the frontend server once CA installation completed.
3. Manually export root CA from DC to Lync frontend server using MMC (Trusted root CA store).
4. Request new certificate from Lync deployment wizard and assign the same.
5. Start the services and check the status.

Thanks

Saleesh

I ran Reset-CsPoolRegistrarState -PoolFQDN Servername.domain.local -ResetType ServiceReset and I received the following error.

Reset-CsPoolRegistrarState : Sequence contains no matching element

At line:1 char:1

+ Reset-CsPoolRegistrarState -PoolFQDN "Servername.domain.local"

-ResetType Se ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~

    + CategoryInfo          : InvalidOperation: (:) [Reset-CsPoolRegistrarStat

   e], InvalidOperationException

    + FullyQualifiedErrorId : Error resetting fabric state. For details, see i

   nner exception.,Microsoft.Rtc.Management.Hadr.ResetPoolFabricStateCmdlet

I wanted to Run the command Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery BUT the service will need to be running to do this I believe.

Anything else?

• Edited by Derek Griffin Friday, May 02, 2014 1:52 PM

I ran Reset-CsPoolRegistrarState -PoolFQDN Servername.domain.local -ResetType ServiceReset and I received the following error.

Reset-CsPoolRegistrarState : Sequence contains no matching element

At line:1 char:1

+ Reset-CsPoolRegistrarState -PoolFQDN "Servername.domain.local"

-ResetType Se ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~

    + CategoryInfo          : InvalidOperation: (:) [Reset-CsPoolRegistrarStat

   e], InvalidOperationException

    + FullyQualifiedErrorId : Error resetting fabric state. For details, see i

   nner exception.,Microsoft.Rtc.Management.Hadr.ResetPoolFabricStateCmdlet

I wanted to Run the command Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery BUT the service will need to be running to do this I believe.

Anything else?

• Edited by Derek Griffin Friday, May 02, 2014 1:52 PM

I ran Reset-CsPoolRegistrarState -PoolFQDN Servername.domain.local -ResetType ServiceReset and I received the following error.

Reset-CsPoolRegistrarState : Sequence contains no matching element

At line:1 char:1

+ Reset-CsPoolRegistrarState -PoolFQDN "Servername.domain.local"

-ResetType Se ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~

    + CategoryInfo          : InvalidOperation: (:) [Reset-CsPoolRegistrarStat

   e], InvalidOperationException

    + FullyQualifiedErrorId : Error resetting fabric state. For details, see i

   nner exception.,Microsoft.Rtc.Management.Hadr.ResetPoolFabricStateCmdlet

I wanted to Run the command Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery BUT the service will need to be running to do this I believe.

Anything else?

• Edited by Derek Griffin Friday, May 02, 2014 1:52 PM

I ran Reset-CsPoolRegistrarState -PoolFQDN Servername.domain.local -ResetType ServiceReset and I received the following error.

Reset-CsPoolRegistrarState : Sequence contains no matching element

At line:1 char:1

+ Reset-CsPoolRegistrarState -PoolFQDN "Servername.domain.local"

-ResetType Se ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~

    + CategoryInfo          : InvalidOperation: (:) [Reset-CsPoolRegistrarStat

   e], InvalidOperationException

    + FullyQualifiedErrorId : Error resetting fabric state. For details, see i

   nner exception.,Microsoft.Rtc.Management.Hadr.ResetPoolFabricStateCmdlet

I wanted to Run the command Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery BUT the service will need to be running to do this I believe.

Anything else?

• Edited by Derek Griffin Friday, May 02, 2014 1:52 PM

OK I did the following above and the service started.. Wow what a pain that was.

Not in the clear yet. Now I get the following when I try to start up the client.

The Server is temporarily unavailable.

I did configure users and mine is one of them to work on this. I am not sure why it will not connect.

Any thoughts? Would love to finish this thing today...

I have confirmed all DNS and was able to ping and do an NSlookup on what i needed it. Also I am only useing this for an internal IM client server (for now).

Thank

Hi,

Glad to hear that Lync services are started..!!

Few check points;

• Telnet standard server FQDN from client on port 5061. Make sure that it is working.
• Try to configure the client with manual configuration. Enter standard server FQDN in manual server name and check client sign-in.
• Stop windows firewall on Lync FE.
• Import root CA in the client machine and check client sign-in.
• Enable a new user in Lync control panel and try to sign-in.

Thanks

Saleesh

I ran Reset-CsPoolRegistrarState -PoolFQDN Servername.domain.local -ResetType ServiceReset and I received the following error.

Reset-CsPoolRegistrarState : Sequence contains no matching element

At line:1 char:1

+ Reset-CsPoolRegistrarState -PoolFQDN "Servername.domain.local"

-ResetType Se ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~

    + CategoryInfo          : InvalidOperation: (:) [Reset-CsPoolRegistrarStat

   e], InvalidOperationException

    + FullyQualifiedErrorId : Error resetting fabric state. For details, see i

   nner exception.,Microsoft.Rtc.Management.Hadr.ResetPoolFabricStateCmdlet

I wanted to Run the command Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery BUT the service will need to be running to do this I believe.

Anything else?

• Edited by Derek Griffin Friday, May 02, 2014 1:52 PM

Hi,

Did you happen to resolve this issue? I'm facing the same issue.

Could you update with solution.

BR/

Baaskar R