Tuesday 28 January 2014

No audio/video connectivity from Edge Server - TLS Negotiation

With a lot of people starting to adopt Lync 2013 the over excited System Administrator(s) are testing their abilities and trying to install/configure Lync Server them self's. I am not discouraging people from learning Lync but not in a PRODUCTION environment.

A friend and IT pro of mine was running into issues with a partially configured environment and a strange edge pool issue, where video and audio calls from external were hit and miss. I advised him to connect to each edge server individually (HOSTS file) and run traces.

What was discovered on the second edge server was quite interesting during the TLS negotiation.


It was confirmed that all the certificates were valid with the correct CN/SAN names on the edge server. It was then discovered there were over a dozen certificates in the personal store (from failed attempts) on the edge server. I asked for all unrequired certificates to be removed and the only ones left are the certificates being used.

After all the non valid certificates were removed, and the edge services restarted, VOILA video/audio issues resolved.

For anyone reading this post, and you are unclear of the path required to create valid certificates on the Edge and even on the Front-End servers I have added the Microsoft TechNet articles for the certificate requirements for both Edge and Front-End servers.

Remember, if your certificates are in need of a SAN change/re-key please delete your old certificates!

A clean environment is a healthy environment.

Certificate Requirements for Internal Servers

Certificate Requirements for External User Access


Thanks to Neal Horth for brining this odd error to my attention.