After a fresh install of Lync 2013 Standard Edition onto a Windows 2012 server, and its been running for about 2 weeks I may add…I came across the following issue

Issue

After a reboot of the Lync Standard Edition Server I found that the Lync Server Front End Server (RTCSRV) wouldn’t start. It just sat there on “Starting”


Further Symptoms

Event ID 32174

Interestingly the Event ID reports that resetting the Quorum is a potential solution, not true in my case.

Event ID 32178

NOTE
There were many other Events triggered by the inability of numerous processes being able to connect etc etc

Cause

A common cause of this issue is if non self-signed certificates are imported into Trusted Root Certification Authorities instead of Intermediate Certification Authorities. Although this was not an issue in Windows Server 2008, Windows 2012 requires a high level of trust dependant on certification authentication.The result is that HTTP communication between Lync servers is broken.

Solution

Check the Trusted Root Certification Authority Store for any NON self-signed certificates. Self signed certificates have the same value for the Issued To and Issued By field. The screen shot below shows the highlighted certificate as not being self-signed (whilst residing in the Trusted Root Certification Authority Store)



Another quick way to check, especially when there are many entries, is to run the following PowerShell command:

Get-Childitem cert:LocalMachineroot -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:computer_filtered.txt”


The output file will contain the details of the culprit.

Now simply move the NON Self-Signed Certificate to the Intermediate Certification Authorities.
and the Self-Signed Certificates to the Trusted Root Certification Authorities

Microsoft KB article http://support.microsoft.com/kb/2795828 – 
Lync Server 2013 Front-End service cannot start in Windows Server 2012
Advertisements