Skype For Business

0
3479
views

Recently i was faced with the below issue when users tried to create new Skype for Business meetings in Outlook.

Skype For Business Error : Create Skype Meeting Failed. Please make sure that Skype for Business is running and signed-in and try again.

 

User were also faced with an Error message on the Skype for Business Client.

After going through all the Event logs on the C:\Softlib\Scripts\Set-ReadOnlyRadReps.ps1 i come across the below Application Error Event. Event ID 32042

Before we get to the Resolution here is the Cause:

Cause:

This issue occurs because a certificate that is not self-signed was installed in the Trusted Root Certification Authorities store. This is an incorrect configuration that can cause HTTP communication between Lync servers to fail with an untrusted root certificate error. Lync Server 2013 deployments in Windows Server 2012 may experience this issue because Windows Server 2012 implements checks for a higher level of trust for certificate authentication.

Note: A self-signed certificate is defined as a certificate in which the “Issuer” property and the “Subject” property on the certificate are the same. This is normal and expected for Root Certification Authorities.

 

Resolution:

To resolve this issue, use one of the following methods:

  • If you use group policies to deploy certificates, make sure that the Trusted Root Certification Authorities store only contains self-signed certificates (certificates in which the certificate property “Subject” is the same as the certificate property “Issuer”). Move any certificates that are not self-signed certificates from the Trusted Root Certification Authorities store to the Intermediate Certification Authorities store.
  • If you import new certificates manually, make sure that you select the computer’s Trusted Root Certification Authorities store for the self-signed certificates, and the computer’s Intermediate Certification Authorities store for the certificates that are not self-signed certificates.

You can use a Windows PowerShell command to find certificates that are put in the Trusted Root Certification Authorities store incorrectly on the local computer. The following command compares the “Issuer” property and the “Subject” property of each certificate in the store, and then outputs details of certificates that do not meet the criteria of a self-signed certificate:

Lets Make use of PowerShell to find these problem child Items 🙂 .

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\computer_filtered.txt”

Lets Check the Trusted Root Authority using the GUI as well.

Here we can see the “The Problem Items” highlighted in Blue

Lets get back to using some PowerShell to remove these items.

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | remove-Item

 

After removing these items all is back to normal .

 

Hope this helps some folks out there.




Sharing is caring!

Previous articleWindows SysInternals
Next articlePowerShell Training
About Me ? I Guess i would start by saying i am a family guys and full time SysAdmin and Tech Junky. This Blog is my first attempt to share information about daily issues i come across as a SysAdmin as well as some new deployments i am part of. Topics that i will cover will mostly be about Office 365,Windows,Exchange as well as Active Directory. I hope some of my Blog posts helps someone #LiveLongAndBeLazy #Exchange #Office 365 #ActiveDirectory #Hyper-V
SHARE

LEAVE A REPLY

Please enter your comment!
Please enter your name here