Unable to get the certificate for one user account who is unable to sign in to lync client.

Hello, 

I'm trying to run Lync Shell command (Get-csClientcertificate)  for one user account and it throws up the below error:

##50012: CertStoreGetUserCerts: user@domain.com is temporarily unavailable.,Microsoft.Rtc.Managment.UserPinService.GetOcsUserCertsCmdlet

This command works just fine for all other users. Only this particular user is unable to signin and this command doesn't work for this account,  Communicator.Uccapil logs says the following:

ms-diagnostics-public: 4050;reason="From User is either disabled or moving away"

I  tried the following solutions:

>> Disabled and enabled the user account  on lync--> no luck.

>> Deleted from AD and recreated the account, then enabled the user account in lync --> no luck. 

>> Removed the user account from lync server and recreated it --> no luck.

I believe something we need to focus on the client certificate part. 

Can anyone help me on this?

  • Edited by SBHV Monday, June 10, 2013 1:55 PM
June 10th, 2013 4:54pm

Hi,

Did you move this account to Lync pool from OCS before?

Have you try to logon from another computer using this account?

Please also try Revoke-CsClientCertificate to check if the same message appears.

Free Windows Admin Tool Kit Click here and download it now
June 11th, 2013 11:11am

Thank you for your update. I moved this user account from OCS to Lync. It  was working just fine, suddenly the specific user got this issue (for all other users no issues). I tried with all the computers and issue is same. I ran the commands for this user account(Get-Csclientcertificate &Revoke-CsClientcertificate) and received the below error message:

Get-CsClientCertificate : ###50012:CertStoreGetUserCerts: user@domain.com is temporarily unavailable.
At line:1 char:24
+ Get-CsClientCertificate <<<<  -Identity "user"
    + CategoryInfo          : InvalidOperation: (Microsoft.Rtc.Common.Data.DBC
   ore:DBCore) [Get-CsClientCertificate], SqlException
    + FullyQualifiedErrorId : ###50012:CertStoreGetUserCerts:user@domain.com is temporarily unavailable.,Microsoft.Rtc.Management.UserPinSer
  vice.GetOcsUserCertsCmdlet

----------------------------------------------------------------------------------------------------------------

Revoke-CsClientCertificate : ###50012:CertStorePurgeCerts: user@domain.com is temporarily unavailable.
At line:1 char:27
+ Revoke-CsClientCertificate <<<<  -Identity "user"
    + CategoryInfo          : InvalidOperation: (Microsoft.Rtc.Common.Data.DBC
   ore:DBCore) [Revoke-CsClientCertificate], SqlException
    + FullyQualifiedErrorId : ###50012:CertStorePurgeCerts:user@domain.com is temporarily unavailable.,Microsoft.Rtc.Management.UserPinServi
  ce.RemoveOcsUserCertsCmdlet


  • Edited by SBHV Tuesday, June 11, 2013 9:46 AM
June 11th, 2013 12:45pm


Try to sign in with affected account and check FEs if event 30020 exist.

----------------------------------------------------------------------------------------------

Event 30020 

A user URI is already being used by another valid user in the database. Resolve the conflict by using a URI that isn't already taken, or deleting one of the users from AD.

Cause: Typically caused by having multiple user or contact objects in AD with identical msRTCSIP-PrimaryUserAddress attribute values.

----------------------------------------------------------------------------------------------

Re-enable (or assign) SipAddress to old (wrong) account that is in conflict.... and it should work 


Free Windows Admin Tool Kit Click here and download it now
January 22nd, 2015 6:27pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics