We are in process to migrate all servers from an old datacenter to new datacenter. We have a Lync 2010 pool in old DC and now have built another pool in same organization in new DC. Both pools have SSL certificate from different external vendors. Old pool all servers have certificate from Comodo while new pool have it from Geotrust. Old pool and new pool both are integrated with old datacenter Edge pool.  Moved half users to new pool but now many users are complaining that Lync signs off every minute and again connects but it is not stable if user connected from internet. If user connects to LAN then it works fine. I check the CA certificate chain in user's machine and communication server certificate and both are fine. Below is the error I can see in UCCP Logs -

SIP/2.0 403 Forbidden

Via: SIP/2.0/TLS 172.20.10.2:60152;received=188.149.204.213;ms-received-port=32127;ms-received-cid=285DE00 

ms-diagnostics: 4172;reason="No cert found for the user";isauthoritative="false";source="ABC.XYZ.com"

SIP/2.0 401 Unauthorized

ms-diagnostics: 1000;reason="Final handshake failed";HRESULT="0xC3E93EC8(SIP_E_AUTH_INVALIDSIGNATURE)";source="ABC.XYZ.com"

Here source is old pool FE server.

• Edited by SaurabhMG Thursday, July 16, 2015 3:20 PM jj

Hi,

1. Please try to use the following Lync Server Management Shell command: Revoke-CsClientCertificate to revoke the Lync user's certificate. Then test the issue again.

2. Check the network performance between the Edge Pool on old datacenter and the new Lync Server Pool on the new datacenter.

Best Regards,
Eason Huang