Hi, Services are not staring and these are the services.

1. Lync Server Access Edge

2. Lync Server Audio/Video Authentication.

3. Lync Server Audio/Video edge.

When I try to start the service, I am getting the below error message.

Windows Could not start the Lync Server Access Edge on local computer. For more information, review the system event log. if this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -2146762495.

Please suggest the solution.

Thanks is Advance.

Regards.

Sandeep Kumar Reddy

Hi

A few things to check

1. Have you assigned a trusted certificate to the Edge server external services that contains a valid public key? including Subject and Subject Alternative Names are required (Wildcard not supported)
2. Have you assigned an internal certificate to the internal edge services from your CA and have the corresponding root certificate and private key associated?
3. In your trusted root store on the machine, do you have any non-self signed certificates? If so remove them and reboot your server
4. Have you put in the FE IP address and FQDN in the servers HOSTS file?
5. Have you added the internal domain suffix to the machine name of the edge?
6. Maybe worth re-exporting the configuration from your FE and importing back into the edge server and rerunning the deployment wizard if the above steps answers are all yes

thanks

Hi,

please find the below error

Error " windows could not start the Lync Server Access Edge on Local computer. For more information, review the system Event Log. IF this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code-2146762495.

Regards

Lakshminarayana

• Merged by Eason HuangMicrosoft contingent staff, Moderator 21 hours 41 minutes ago duplicate

Hi,

please find the below error

Error " windows could not start the Lync Server Access Edge on Local computer. For more information, review the system Event Log. IF this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code-2146762495.

Regards

Lakshminarayana

• Merged by Eason HuangMicrosoft contingent staff, Moderator Friday, September 04, 2015 9:48 AM duplicate

Hi,

please find the below error

Error " windows could not start the Lync Server Access Edge on Local computer. For more information, review the system Event Log. IF this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code-2146762495.

Regards

Lakshminarayana

• Merged by Eason HuangMicrosoft contingent staff, Moderator Friday, September 04, 2015 9:48 AM duplicate

Hi

Must be the day for Edge services not starting. Another thread here: https://social.technet.microsoft.com/Forums/en-US/1ce3d530-25b1-4313-abba-d67f5db73e8f/lync-services-are-not-getting-start?forum=ocscertificates could you try the suggested steps in there to save me re writing them?

thanks

Hi,

I have checked in logs

You will need to renew your internal  and external edge certificate then. Once renewed, replace and run the deployment wizard > assign certificates, choose your new certificate to apply to your internal and external edge service and then start the services.

Hi,

I have renewal certificate and download from Godaddy. and opened Lync server 2010 deployment wizard and run in assign certificate wizard--> import certificate but its show status is missing.

Thanks

Laks

Hi

So if you run Get-CsCertificate on your edge server, do you see any service that has the old certificates assigned?

Specifically the AV Authentication and DataEdgeExternal?

perhaps run this command

Set-CsCertificate -Type AudioVideoAuthentication, DataEdgeExternal -Thumbprint <thumbprint of new go daddy cert>

and also

Set-CsCertificate -Type Internal -Thumbprint <thumbprint of new internal certificate>

thanks

Hi,

I have run the Get-Certificate cmd, I got below info.

PS C:\Users\Administrator> Get-CsCertificate
Internal: Assigned certificate not found or untrusted
AccessEdgeExternal: Assigned certificate not found or untrusted
DataEdgeExternal: Assigned certificate not found or untrusted
AudioVideoAuthentication: Assigned certificate not found or untrusted
WARNING: Get-CsCertificate encountered errors. Consult the log file for a
detailed analysis, and ensure all errors (4) and warnings (0) are addressed
before continuing.
WARNING: Detailed results can be found at
"C:\Users\Administrator\AppData\Local\Temp\2\Get-CsCertificate-3c3eea71-e4f0-40
ee-a929-7d39c93f39a0.html".

and run the Set-CSCertificate cmd, it says path is missing,

could you please send me more details.

Thanks

Laks

OK

so it looks like the certificates have not been applied to the edge server and as such missing.

The Set-CsCertificate command doesn't require a path parameter just the usage type and thumbprint

To get the thumbprint of the cert

Get-Childitem -path "cert:\LocalMachine\My" | fl

Copy the correct thumbprint should be a long string of numbers and characters

Also make sure that you have the latest and up to date root & intermediate certificates installed to the trusted root and intermediate stores for GoDaddy and your internal CA

then run the commands above. Once applied, run the Get-CsCertificate command again to make sure the errors have disappeared

thanks

Hi,

total I got 5 thumbprint

please see the below error for all of 5.

PS C:\Users\Administrator> Set-CsCertificate -Type AudioVideoAuthentication, Dat
aEdgeExternal -Thumbprint 974F962CE5E0AB512ED21A0164429B690F8CDBF4
WARNING: Set-CsCertificate failed.
WARNING: Detailed results can be found at
"C:\Users\Administrator\AppData\Local\Temp\2\Set-CsCertificate-74be17f3-4605-42
3b-8a2a-b8a33ea31747.html".
Set-CsCertificate : Command execution failed:
"974F962CE5E0AB512ED21A0164429B690F8CDBF4" not found in MY certificate store
or not trusted. To enable trust, install the root certificate in the Trusted
Certification Authorities store.
At line:1 char:1
+ Set-CsCertificate -Type AudioVideoAuthentication, DataEdgeExternal
-Thumbprint 9 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : InvalidOperation: (:) [Set-CsCertificate], Deplo
   ymentException
    + FullyQualifiedErrorId : ProcessingFailed,Microsoft.Rtc.Management.Deploy
   ment.SetCertificateCmdlet

Hi

So as per my previous posts please ensure you have the root and intermediates installed into the trusted root and intermediate stores on the local machine store for GoDaddy and your internal CA.

then repeat the commands with the correct thumbprint of the correct certificate. You don't need to apply all 5, use only the valid one from the certificate you have renewed. Look at the expiry dates to confirm the correct thumbprint to use

thanks

Hi,

In Godaddy before downloading certificate I have selected server type is IIS.

is it fine or select other one.

Thanks

Laks

IIS type is fine, but this is your server certificate. I am talking about the intermediate and root certificate from GoDaddy that completes the certificate chain of trust.

Maybe these links will help

https://uk.godaddy.com/help/what-is-an-intermediate-certificate-868 (same applies for the root cert)

Repository here:

https://certs.godaddy.com/repository

without either the root or the intermediates, your cert will not be valid in the eyes of Lync.

thanks

Hi Mark,

Thanks for the message.

1. Have you assigned a trusted certificate to the Edge server external services that contains a valid public key? including Subject and Subject Alternative Names are required (Wildcard not supported).

We are using GoDaddy Services. We have downloaded the certificate and imported to trusted Certificate on the Lync Edge Server.

2. Have you assigned an internal certificate to the internal edge services from your CA and have the corresponding root certificate and private key associated?

We have assigned an internal certificate to the internal edge Server from CA.

3. In your trusted root store on the machine, do you have any non-self signed certificates? If so remove them and reboot your server

We do not have non-self signed certificated on Server.

4. Have you put in the FE IP address and FQDN in the servers HOSTS file?

Can you please tell me, What is FE IP address?

5. Have you added the internal domain suffix to the machine name of the edge?

Yes, Its already added internal domain suffix.

6. Maybe worth re-exporting the configuration from your FE and importing back into the edge server and rerunning the deployment wizard.

Can you please explain the process to export from FE and import.

Regards,

Sandeep Kumar Reddy

Hi

In the hosts file have you entered the IP address of your Front End Pool (FE) and the FQDN on your edge server?

If you run Get-CsCertificate on your edge server, do you receive any warnings?

Number 6, means on your FE run Export-CsConfiguration -FilePath c:\config.zip and then copy this file to your edge server, then on the edge server run Import-CsConfiguration -FilePath c:\config.zip -LocalStore

Then run the installer from the deployment wizard again.

Think you may have misunderstood the certificate root etc, If you are using GoDaddy, have you installed the GoDaddy intermediate certificate to the localmachine\intermediate and installed the GoDaddy root certificate to localmachine\root certificate stores?

Also have you installed your internal root certificate to the localmachine\root store?

The server certificate you have from GoDaddy, was the CSR that was used generated from that edge server directly or another machine? If another machine, did you install the cert on the CSR generated machine first and then export with the private key?

Another good tool for testing certificates out, if you are unsure is this https://www.digicert.com/util/

Basically there is really one reason why edge server services do not start and that will be down to certificates. There maybe others, but this is by far the most common reason.

thanks

Hi,

Please test with the following sides:

1. DNS record for Edge Server

2. Ports for Edge Server

3. Certificate for both Edge internal and external interface

You can troubleshooting with the following link:

http://blogs.technet.com/b/nexthop/archive/2011/12/07/useful-tips-for-testing-your-lync-edge-server.aspx

Best Regqards

I believe, the root cause for the problem is, the certificate is not getting validate.

We have downloaded the certificate and imported it again but again the certificate is not getting validate.