Lync 2013 not starting on Windows 2012
If you are deploying Lync 2013 on Windows 2012 you may encounter one of the following issues
1. Lync 2013 Front End Service RTCSRV failing to start
2. HTTPs connectivity failures reported in the event viewer [we will add some events here for reference:
Event 30988, Ls User Services
Sending HTTP request failed. Server functionality will be affected if messages are failing consistently.
Sending the message to https://URL.contoso.com:444/LiveServer/Replication failed. IP Address is 192.168.0.1. Error code is 2EFE. Content-Type is application/replication+xml. Http Error Code is 0.
Cause: Network connectivity issues or an incorrectly configured certificate on the destination server. Check the eventlog description for more information.
Resolution:
Check the destination server to see that it is listening on the same URI and it has certificate configured for MTLS. Other reasons might be network connectivity issues between the two servers.
![clip_image001[4]](https://msdntnarchive.z22.web.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/97/45/metablogapi/3568.clip_image0014_70401CD3.jpg "clip_image001[4]")
Event 32178, LS User Services
Failed to sync data for Routing group {EB10E520-9B20-575D-9D4C-C06E5A937F65} from backup store.
Cause: This may indicate a problem with connectivity to backup database or some unknown product issue.
Resolution:
Ensure that connectivity to backup database is proper. If the error persists, please contact product support with server traces.
![clip_image001[7]](https://msdntnarchive.z22.web.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/97/45/metablogapi/8865.clip_image0017_08EF4417.jpg "clip_image001[7]")
Event 32174, LS User Services
Server startup is being delayed because fabric pool manager has not finished initial placement of users.
Currently waiting for routing group: {EB10E520-9B20-575D-9D4C-C06E5A937F65}.
Number of groups potentially not yet placed: 1.
Total number of groups: 1.
Cause: This is normal during cold-start of a Pool and during server startup.
If you continue to see this message many times, it indicates that insufficient number of Front-Ends are available in the Pool.
Resolution:
During a cold-start of a large Pool it can take upto an hour for the placement process to finish as it needs to populate all the Front-End databases with data from the Backup Store. If the Pool is running and the Front-End is just started, this is normal for some time. If this repeats for a long time, ensure that all the Front-Ends configured for this Pool are up and running. If multiple Front-Ends have been recently decommissioned, run Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery to enable the Pool to recover from Quorum Loss and make progress.
Cause:
You are likely to hit one of these issues if you have deployed non self-signed certificates into Trusted Root Certification Authorities instead of Intermediate Certification Authorities. This is a misconfiguration and can cause HTTP communication between Lync servers to be broken with untrusted root cert error. In Windows 2012 there is a high level of trust check for certification authentication, and hence this issue is exposed only for Lync deployments on Windows 2012.
Resolution:
You can follow the following steps to fix such misconfigurations:
1. If you are using group policies to deploy certs (https://technet.microsoft.com/en-us/library/cc738131(v=WS.10).aspx) ensure Trusted Root Certification Authorities only contains self-signed certificates (where Issued To = Issued By). Move any non-self-signed certificate present in this store to Intermediate Certification Authorities
2. If you are importing any new certificates (either on your DC or Windows 2012 machines), then ensure as part of import you choose Trusted Root Certification Authorities for any self-signed certificates and Intermediate Certification Authorities for any non-self-signed ones
UPDATE:
Public KB article has just been published at https://support.microsoft.com/kb/2795828 -
Lync Server 2013 Front-End service cannot start in Windows Server 2012
Comments
Anonymous
January 01, 2003
Yeah, this is a big gotcha, I've run into this a lot with clients with internal PKI and subordinate authorities.Anonymous
August 24, 2013
This is not always the cause. Losing to many servers in a pool causes this as well. I think it isn't a great design and should recommend people to stay on 2008 R2 until it gets fixedAnonymous
October 29, 2013
This worked for me after moving a 3rd party certificate to the Intermediate store and rebooting the server all services started up. Thank You!!Anonymous
December 02, 2013
This worked for me thank you! What a complete farce! All I did was install updates and restart and suddenly I was unable to start the Front End service.Anonymous
February 21, 2014
It did not work for me! I have only one own (self signed) certificate in the store, I created it with IIS. But the Frontend Service doesn't start!Anonymous
March 27, 2014
didn't work here either. Server 2012R2Anonymous
March 28, 2014
Same here. Didn't work and there are no other systems in the Enterprise Front-end Pool to communicate with.Anonymous
April 25, 2014
Anyone found out why this doesn't start? Can't find any answer bar this one online and this doesn't work. :(Anonymous
September 18, 2014
This worked for me! Many Thanks!Anonymous
October 22, 2014
The comment has been removedAnonymous
December 03, 2014
It worked for me, after deleting the 3rd party certificate the Front End Service started.Anonymous
February 06, 2015
Worked for me as well. Thank you.Anonymous
July 02, 2015
Great article. Thanks for saving my day!!!!Anonymous
July 19, 2015
doesn't work. :(Anonymous
July 19, 2015
The comment has been removed