Skip to content

Skype For Business

Published by lazy-admin on Mar 26, 2017

Last updated on Mar 28, 2017

Recently i was faced with the below issue when users tried to create new Skype for Business meetings in Outlook.

Skype For Business Error : Create Skype Meeting Failed. Please make sure that Skype for Business is running and signed-in and try again.

 

User were also faced with an Error message on the Skype for Business Client.

After going through all the Event logs on the C:\Softlib\Scripts\Set-ReadOnlyRadReps.ps1 i come across the below Application Error Event. Event ID 32042

Before we get to the Resolution here is the Cause:

Cause:

This issue occurs because a certificate that is not self-signed was installed in the Trusted Root Certification Authorities store. This is an incorrect configuration that can cause HTTP communication between Lync servers to fail with an untrusted root certificate error. Lync Server 2013 deployments in Windows Server 2012 may experience this issue because Windows Server 2012 implements checks for a higher level of trust for certificate authentication.

Note: A self-signed certificate is defined as a certificate in which the “Issuer” property and the “Subject” property on the certificate are the same. This is normal and expected for Root Certification Authorities.

 

Resolution:

To resolve this issue, use one of the following methods:

  • If you use group policies to deploy certificates, make sure that the Trusted Root Certification Authorities store only contains self-signed certificates (certificates in which the certificate property “Subject” is the same as the certificate property “Issuer”). Move any certificates that are not self-signed certificates from the Trusted Root Certification Authorities store to the Intermediate Certification Authorities store.
  • If you import new certificates manually, make sure that you select the computer’s Trusted Root Certification Authorities store for the self-signed certificates, and the computer’s Intermediate Certification Authorities store for the certificates that are not self-signed certificates.

You can use a Windows PowerShell command to find certificates that are put in the Trusted Root Certification Authorities store incorrectly on the local computer. The following command compares the “Issuer” property and the “Subject” property of each certificate in the store, and then outputs details of certificates that do not meet the criteria of a self-signed certificate:

Lets Make use of PowerShell to find these problem child Items 🙂 .

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\computer_filtered.txt”

Lets Check the Trusted Root Authority using the GUI as well.

Here we can see the “The Problem Items” highlighted in Blue

Lets get back to using some PowerShell to remove these items.

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | remove-Item

 

After removing these items all is back to normal .

 

Hope this helps some folks out there.




Post Views: 797

Sharing is caring!

Published inMicrosoft OfficeOffice 2016PowerShellSkype For BusinessWindows Server 2012

Be First to Comment

Leave a Reply

Your email address will not be published.