Share via


Lync 2013 not starting on Windows 2012

If you are deploying Lync 2013 on Windows 2012 you may encounter one of the following issues

1. Lync 2013 Front End Service RTCSRV failing to start
2. HTTPs connectivity failures reported in the event viewer [we will add some events here for reference:

 

Event 30988, Ls User Services

Sending HTTP request failed. Server functionality will be affected if messages are failing consistently.

Sending the message to https://URL.contoso.com:444/LiveServer/Replication failed. IP Address is 192.168.0.1. Error code is 2EFE. Content-Type is application/replication+xml. Http Error Code is 0.
Cause: Network connectivity issues or an incorrectly configured certificate on the destination server. Check the eventlog description for more information.
Resolution:
Check the destination server to see that it is listening on the same URI and it has certificate configured for MTLS. Other reasons might be network connectivity issues between the two servers.

 

clip_image001[4]

Event 32178, LS User Services

 

Failed to sync data for Routing group {EB10E520-9B20-575D-9D4C-C06E5A937F65} from backup store.
Cause: This may indicate a problem with connectivity to backup database or some unknown product issue.
Resolution:
Ensure that connectivity to backup database is proper. If the error persists, please contact product support with server traces.

 

clip_image001[7]

Event 32174, LS User Services

 

Server startup is being delayed because fabric pool manager has not finished initial placement of users.

Currently waiting for routing group: {EB10E520-9B20-575D-9D4C-C06E5A937F65}.
Number of groups potentially not yet placed: 1.
Total number of groups: 1.
Cause: This is normal during cold-start of a Pool and during server startup.
If you continue to see this message many times, it indicates that insufficient number of Front-Ends are available in the Pool.
Resolution:
During a cold-start of a large Pool it can take upto an hour for the placement process to finish as it needs to populate all the Front-End databases with data from the Backup Store. If the Pool is running and the Front-End is just started, this is normal for some time. If this repeats for a long time, ensure that all the Front-Ends configured for this Pool are up and running. If multiple Front-Ends have been recently decommissioned, run Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery to enable the Pool to recover from Quorum Loss and make progress.

 

image

 

Cause:

 

You are likely to hit one of these issues if you have deployed non self-signed certificates into Trusted Root Certification Authorities instead of Intermediate Certification Authorities. This is a misconfiguration and can cause HTTP communication between Lync servers to be broken with untrusted root cert error. In Windows 2012 there is a high level of trust check for certification authentication, and hence this issue is exposed only for Lync deployments on Windows 2012.

 

Resolution:

 

You can follow the following steps to fix such misconfigurations:
1. If you are using group policies to deploy certs (https://technet.microsoft.com/en-us/library/cc738131(v=WS.10).aspx) ensure Trusted Root Certification Authorities only contains self-signed certificates (where Issued To = Issued By). Move any non-self-signed certificate present in this store to Intermediate Certification Authorities
2. If you are importing any new certificates (either on your DC or Windows 2012 machines), then ensure as part of import you choose Trusted Root Certification Authorities for any self-signed certificates and Intermediate Certification Authorities for any non-self-signed ones

 

UPDATE:

 

Public KB article has just been published at https://support.microsoft.com/kb/2795828 -
Lync Server 2013 Front-End service cannot start in Windows Server 2012

Comments

  • Anonymous
    January 01, 2003
    Yeah, this is a big gotcha, I've run into this a lot with clients with internal PKI and subordinate authorities.

  • Anonymous
    August 24, 2013
    This is not always the cause. Losing to many servers in a pool causes this as well. I think it isn't a great design and should recommend people to stay on 2008 R2 until it gets fixed

  • Anonymous
    October 29, 2013
    This worked for me after moving a 3rd party certificate to the Intermediate store and rebooting the server all services started up. Thank You!!

  • Anonymous
    December 02, 2013
    This worked for me thank you!  What a complete farce!  All I did was install updates and restart and suddenly I was unable to start the Front End service.

  • Anonymous
    February 21, 2014
    It did not work for me! I have only one own (self signed) certificate in the store, I created it with IIS. But the Frontend Service doesn't start!

  • Anonymous
    March 27, 2014
    didn't work here either. Server 2012R2

  • Anonymous
    March 28, 2014
    Same here. Didn't work and there are no other systems in the Enterprise Front-end Pool to communicate with.

  • Anonymous
    April 25, 2014
    Anyone found out why this doesn't start? Can't find any answer bar this one online and this doesn't work. :(

  • Anonymous
    September 18, 2014
    This worked for me! Many Thanks!

  • Anonymous
    October 22, 2014
    The comment has been removed

  • Anonymous
    December 03, 2014
    It worked for me, after deleting the 3rd party certificate the Front End Service started.

  • Anonymous
    February 06, 2015
    Worked for me as well. Thank you.

  • Anonymous
    July 02, 2015
    Great article. Thanks for saving my day!!!!

  • Anonymous
    July 19, 2015
    doesn't work. :(

  • Anonymous
    July 19, 2015
    The comment has been removed