Jeff Schertz's Blog

Microsoft UC Technical Articles

Lync

Revoked Lync Server Certificates

By Jeff Schertz May 28, 2011

This is just a brief troubleshooting article on how to easily identify if a revoked SSL certificate is the cause of Lync user login failures in Lync Server 2010.

  • Seemingly out of the blue Lync clients are no longer able to sign in to Lync and the client generically reports back a “server is not responding or cannot be reached’” error.

image

Based on that description it appears that connectivity to the server is failing.  After validating that the server is still resolvable, is still listening on 5061 (or 443 for Edge), and is not displaying any errors in the Event Log it would appear that the issue may be related to the client itself.

Except that this issue is reported on many different clients (all of them, in fact) and if an Edge server is involved then external features like federation are also broken.  But attention should be turned back to a client for additional troubleshooting steps.

  • Often over-looked, but make sure to ‘Turn on Windows Event Logging for Lync’ on the workstation.

image

  • Attempt to sign in again and then check the Application event log on the Lync workstation for any errors from Communicator for Event ID 5.

image

The event description is the first clue pointing towards problems establishing a trusted TLs connection, meaning that the server is responding and is reachable, unlike the original error message reported within the client interface.

Communicator could not connect securely to server sip.mslync.net because the certificate presented by the server was not trusted due to validation error 0x80092010.  The issuing certificate authority (CA) for the server’s certificate may not be locally trusted by the client, the certificate may be revoked, or the certificate may have expired.

  • A quick Internet search for the error code above returned more specific details than the event log description does, pinning this code directly to certificate revocation.

The certificate is revoked. 0x80092010 (-2146885616)
————————————
Certificate is REVOKED

  • Alternatively a web browser can be used to test connections to any of the Lync Web Services if the sign in issues are to an internal Front End or Director.  Attempting to access one of the web services URLs manually (like the /abs site) will also help correctly uncover the revoked certificate.

image

By Jeff Schertz

Site Administrator

Related Post

Lync Skype

Q3 2017 SkypeUG Meetings

Jeff Schertz Aug 10, 2017
Lync Skype

Discovering the Skype for Business Registrar

Jeff Schertz May 30, 2017
Lync Poly Skype

Polycom Group Series with Skype for Business Server

Jeff Schertz May 10, 2017
One thought on “Revoked Lync Server Certificates”

Leave a Reply to Rick Kingslan Cancel reply

Your email address will not be published. Required fields are marked *