question

ThisisParya-7758 avatar image
0 Votes"
ThisisParya-7758 asked JimmyYang-MSFT commented

problem with Windows Server 2019's certificate in Skype for business

Hello there,
We have S4B 2019 v1809, I do have a serious problem with it. As we are using Edge service in S4B structure, a intermediate certificate must not be in Trusted ROOT. An intermediate certificate that was exist in trusted root in certificate store. so we moved it to the intermediate place. However, after a while it return to the original place which is trusted root and it causes the access service of Edge being stopped.
We tried to close the connection of the that specific cert with its URL checker but the result was unsuccessful.
Also we tried to remove it (and check the chain was ok), but it appears after a while.
What should I do to get rid it, it really is bothering me at this time because all the access of skype from the internet will be disconnected.

Regards

office-skype-business-server-administration
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ThisisParya-7758

a intermediate certificate must not be in Trusted ROOT.

What is your intermediate certificate? Is it related to your edge server?

Is this certificate affected by group policy so you cannot remove it?

Did you restart the Skype for Business Server after moving the certificate to the intermediate place?

0 Votes 0 ·

Hi Jimmy,
The intermediate Cert is "GlobeSSL DV CA".
It's not related to Edge and I have tried to remove it but after a restart or after a few days (because it has internet access) it appeared again.
this cert is not affected by GPO, and for ur third Q, yes I restart it and it placed in intermediate but after a few days passed it again appeared in Root console and cause the access service of Edge S4B being stopped.
Regards

0 Votes 0 ·

Hi @ThisisParya-7758

Is this intermediate cert related to the trust root certificate? If so, you could try to delete the trust root certificate and reassigned it. To locate the matched Trusted Root Certification Authorities certificate and each Intermediate Certification Authorities certificate, you could refer to:

https://docs.microsoft.com/en-us/skypeforbusiness/troubleshoot/server-sign-in/authentication-fails-pin-sign-in#resolution

0 Votes 0 ·
Show more comments

1 Answer

ThisisParya-7758 avatar image
0 Votes"
ThisisParya-7758 answered JimmyYang-MSFT commented

Hi Jimmy,
I really appreciated for your guidance. I found that that Certificate was wrongly applied by GPO to trusted root authority.
I moved it to intermediate container and the problem has been solved.

Best Regards.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ThisisParya-7758

Glad to see the above information is helpful to you.

0 Votes 0 ·