25 March 2014

Lync 2013 Front End Service won't start


After a fresh install of Lync 2013 Standard Edition onto a Windows 2012 server, and its been running for about 2 weeks I may add...I came across the following issue

Issue

After a reboot of the Lync Standard Edition Server I found that the Lync Server Front End Server (RTCSRV) wouldn't start. It just sat there on "Starting"


Further Symptoms

Event ID 32174



Interestingly the Event ID reports that resetting the Quorum is a potential solution, not true in my case.

Event ID 32178



NOTE
There were many other Events triggered by the inability of numerous processes being able to connect etc etc

Cause

A common cause of this issue is if non self-signed certificates are imported into Trusted Root Certification Authorities instead of Intermediate Certification Authorities. Although this was not an issue in Windows Server 2008, Windows 2012 requires a high level of trust dependant on certification authentication.The result is that HTTP communication between Lync servers is broken.

Solution

Check the Trusted Root Certification Authority Store for any NON self-signed certificates. Self signed certificates have the same value for the Issued To and Issued By field. The screen shot below shows the highlighted certificate as not being self-signed (whilst residing in the Trusted Root Certification Authority Store)


Another quick way to check, especially when there are many entries, is to run the following PowerShell command:

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File "c:\computer_filtered.txt"

The output file will contain the details of the culprit.

Now simply move the NON Self-Signed Certificate to the Intermediate Certification Authorities.
and the Self-Signed Certificates to the Trusted Root Certification Authorities

Microsoft KB article http://support.microsoft.com/kb/2795828
Lync Server 2013 Front-End service cannot start in Windows Server 2012

10 comments:

  1. Ok, what do you do when you've done this, moved the offending certificates and the service still doesn't start? Additionally, I have only one Front-End server currently in the topology.

    ReplyDelete
  2. Hi Scott,
    So if you have run the powershell script as in the post and the c:\computer_filtered.txt file comes up empty then you have addressed that particular issue. I'd start by looking into the event log to see what errors you are getting. Also, the front end service won't start without a valid OAuth cert - double check that.
    Let me know how you ptogress

    ReplyDelete
  3. I had to restart after I moved the offending certificate. also found that this only started occurring after moving my first lots of pilots users out of our current 2010 pool into our new 2013 pool. thanks for the post as it saved me from a lot of potential stress

    ReplyDelete
  4. I was having the same issues and after completing several checks (including yours) I could not get the service to start. Ended up applying the latest updates to the Lync 2013 and then reran the Lync Server 2013 Deployment Wizard (ran each task again) and voila it started back up.

    ReplyDelete
  5. I was getting Event id 7024 with SfB version 2015, and it was terminating after long delays with %%3286773805

    ReplyDelete
  6. Great article exactly what I needed after removing certificate service started up without any problems.

    ReplyDelete
  7. Thank you! You just saved me!

    ReplyDelete