Today I faced an issue, my Lync server 2010 internal certificate got expired then I have to renew it.
My environment is
I have two FE servers, one Archiving/Monitoring server and one LyncEdge server.
The expired certificate was default certificate of Lync Front end fool.
Now to renew it I generate CSR on first FE server, I added all the required subject alternate name but lost one (second FE server FQDN), and get SSL against this CSR from my internal CA.
I download the SSL form CA and copy to first FE server, import it and assign to the service according.
after that I start the "Lync Server Front-End" and it was started without any issue.
Now for second FE server I export form first FE server and import in second FE server and assign as well with out any issue. Then I went to services on this server and tried to start the "Lync Server Front-End" service but was unable to start and was getting the following error in event viewer as well.
Event ID: 14587
Lync Server machine FQDN cannot be located in the default certificate.
Machine FQDN: 'FE02.mydomain.com
Cause: This is a configuration problem.
Resolution:
Make sure the default certificate matches the machine FQDN.
Now start thinking on error description and I decide, lets check FQDN of both servers in the subject alternative names of this renewed SSL.
after checking, it was found that the name of the second FE server was not included as Subject alternative name.
For it I started to renew again the SSL with the above mentioned method but just add the FQDN of the second FE server as well as Subject alternative name in CSR.
Now after adding the FQDN and assigning the new SSL to services on both FE servers I was able to start the "Lync Server Front-End" service without any issue on second FE server as wll.
and in this way my issue was resolved
My environment is
I have two FE servers, one Archiving/Monitoring server and one LyncEdge server.
The expired certificate was default certificate of Lync Front end fool.
Now to renew it I generate CSR on first FE server, I added all the required subject alternate name but lost one (second FE server FQDN), and get SSL against this CSR from my internal CA.
I download the SSL form CA and copy to first FE server, import it and assign to the service according.
after that I start the "Lync Server Front-End" and it was started without any issue.
Now for second FE server I export form first FE server and import in second FE server and assign as well with out any issue. Then I went to services on this server and tried to start the "Lync Server Front-End" service but was unable to start and was getting the following error in event viewer as well.
Event ID: 14587
Lync Server machine FQDN cannot be located in the default certificate.
Machine FQDN: 'FE02.mydomain.com
Cause: This is a configuration problem.
Resolution:
Make sure the default certificate matches the machine FQDN.
Now start thinking on error description and I decide, lets check FQDN of both servers in the subject alternative names of this renewed SSL.
after checking, it was found that the name of the second FE server was not included as Subject alternative name.
For it I started to renew again the SSL with the above mentioned method but just add the FQDN of the second FE server as well as Subject alternative name in CSR.
Now after adding the FQDN and assigning the new SSL to services on both FE servers I was able to start the "Lync Server Front-End" service without any issue on second FE server as wll.
and in this way my issue was resolved
