Thursday, May 11, 2017

Skype for Business Front-End service stuck in starting

Occasionally I have experienced the Skype for Business Server Front-End service stuck at Starting. Traditionally this is related to expired certificates. I have however recently seen a new variant related to certificates not being self signed which are located in wrong stores.

The problem is simple enough to spot - the Skype for Business Server Front-End service is stuck in the Starting status:

Front-End service is Starting

EventViewer reports Evevn Id's like 32178, 32174 and 30988. I was paying specifically attention to the Event Id 30988 which lead me to an article (2795828) from Microsoft related to Skype for Business Server 2013 on Windows Server 2012. My experience with this problem has been related to Skype for Business Server 2015 on Windows Server 2012 R2, but it seems to be the same cause.
Event ID 30988
This issue occues because a certificate that is not self-signed is installed in the wrong store. A self-signed certificate is defined as a certificate in which the "issuer" property and the "subject" property on the certificate are the same.

In order to figure out if this was the case, I did run the following Powershell command to find certificates that are stored incorrectly on the local computer. The command compares the "Issuer" property and the "Subject" property of each certificate and outputs the details of the certificates that do not meet the criteria:
Get-ChildItem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List *
Powershell to find certificates causing problems
The Powershell gave me a TXT file with Certificates to investigate.
Certificate reported by powershell command
The SerialNumber of the Certificate reported by the powershell command was copied and used in a MMC with the Certificate Snap In loaded. A search for certificate based on the SerialNumber gave one hit on a certificate. This certificate was moved to the Intermediate Certificate Authorities store.
Reported certificate was located and moved.
The Skype for Business Front End server was rebooted after the certificate was moved. The Front-End service was running as normal after the reboot of the server.
Front-End service running as normal
Please comment if you have experienced similar problems.











No comments:

Post a Comment