Lync 2013 Front End Service won’t start



After a fresh install of Lync 2013 Standard Edition onto a Windows 2012 server, and its been running for about 2 weeks I may add…I came across the following issue

Issue

After a reboot of the Lync Standard Edition Server I found that the Lync Server Front End Server (RTCSRV) wouldn’t start. It just sat there on “Starting”


Further Symptoms

Event ID 32174

Interestingly the Event ID reports that resetting the Quorum is a potential solution, not true in my case.

Event ID 32178

NOTE
There were many other Events triggered by the inability of numerous processes being able to connect etc etc

Cause

A common cause of this issue is if non self-signed certificates are imported into Trusted Root Certification Authorities instead of Intermediate Certification Authorities. Although this was not an issue in Windows Server 2008, Windows 2012 requires a high level of trust dependant on certification authentication.The result is that HTTP communication between Lync servers is broken.

Solution

Check the Trusted Root Certification Authority Store for any NON self-signed certificates. Self signed certificates have the same value for the Issued To and Issued By field. The screen shot below shows the highlighted certificate as not being self-signed (whilst residing in the Trusted Root Certification Authority Store)



Another quick way to check, especially when there are many entries, is to run the following PowerShell command:

Get-Childitem cert:LocalMachineroot -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:computer_filtered.txt”


The output file will contain the details of the culprit.

Now simply move the NON Self-Signed Certificate to the Intermediate Certification Authorities.
and the Self-Signed Certificates to the Trusted Root Certification Authorities

Microsoft KB article http://support.microsoft.com/kb/2795828 – 
Lync Server 2013 Front-End service cannot start in Windows Server 2012
Advertisements

About Paul B

My name is Paul Bloem and I am employed at Lexel Systems in New Zealand as a Principal Consultant for Unified Communications. I have been working on enterprise voice solutions for over 20 years. My first 10 years were spent working for a Telco in South Africa (Telcom SA). This is where all the groundwork happened as I was exposed to just about every aspect of telecommunication you could imagine. I develop an interest in PBX technologies and eventually became the go-to guy. Next, I had a 10 year run at Siemens South Africa, most of my time there was as a Technical Trainer. During this time VoIP hit the world stage, I had the privilege of introducing VoIP both as H.323 and later SIP across the Siemens HiPath 4000 solution stack. In 2008 I immigrated to New Zealand with my newly attained MCSE, I was ready to go where no PBX Techie had gone before. I was employed to explore OCS 2007 and that was pretty much the beginning of the end for me. I have been working on OCS and Lync ever since. My current role focuses exclusively on Lync and associated technologies.. That includes pre-sales, consulting, architecture and design, training and support. I even get to play in the development space from time to time - focus on play ;-) I was nominated as a Microsoft VTSP for Lync early in 2013 and also awarded Microsoft's MVP award for Lync in 2014.
This entry was posted in Event ID 32174, Event ID 32178, Lync 2013 Front End Service won't start. Bookmark the permalink.

3 Responses to Lync 2013 Front End Service won’t start

  1. Scott Riser says:

    Ok, what do you do when you've done this, moved the offending certificates and the service still doesn't start? Additionally, I have only one Front-End server currently in the topology.

    Like

  2. Paul B says:

    Hi Scott,So if you have run the powershell script as in the post and the c:computer_filtered.txt file comes up empty then you have addressed that particular issue. I'd start by looking into the event log to see what errors you are getting. Also, the front end service won't start without a valid OAuth cert – double check that.Let me know how you ptogress

    Like

  3. I had to restart after I moved the offending certificate. also found that this only started occurring after moving my first lots of pilots users out of our current 2010 pool into our new 2013 pool. thanks for the post as it saved me from a lot of potential stress

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s