{"id":408,"date":"2015-01-15T14:47:55","date_gmt":"2015-01-15T12:47:55","guid":{"rendered":"http:\/\/www.vatland.no\/?p=408"},"modified":"2015-01-15T14:47:55","modified_gmt":"2015-01-15T12:47:55","slug":"keep-your-lync-public-certificates-up-to-date","status":"publish","type":"post","link":"https:\/\/www.vatland.no\/index.php\/keep-your-lync-public-certificates-up-to-date\/","title":{"rendered":"Keep Your Lync Public certificates up to date."},"content":{"rendered":"<p><a href=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/ssl-certificate.jpg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"412\" data-permalink=\"https:\/\/www.vatland.no\/index.php\/keep-your-lync-public-certificates-up-to-date\/ssl-certificate\/\" data-orig-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/ssl-certificate.jpg\" data-orig-size=\"600,600\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"ssl-certificate\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/ssl-certificate.jpg\" class=\"alignnone  wp-image-412\" src=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/ssl-certificate-300x300.jpg\" alt=\"ssl-certificate\" width=\"77\" height=\"77\" srcset=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/ssl-certificate-300x300.jpg 300w, https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/ssl-certificate-150x150.jpg 150w, https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/ssl-certificate.jpg 600w\" sizes=\"auto, (max-width: 77px) 100vw, 77px\" \/><\/a>Here is one reason why you should cleanup SAN&#8217;s in your certificates.\u00a0Experienced\u00a0one scenario where a customer moved from one hosting provider to another and was unable to federate after the\u00a0move.\u00a0<!--more--><\/p>\n<p>This is not\u00a0about defining these hosting providers in the &#8220;hosting provider&#8221; configuration in Lync. The reason to do that\u00a0is if your domain is not defined in the SAN of the edge server\u00a0certificate more precise the FQDN of the Lync Access\u00a0server\u00a0is note\u00a0the same domain as\u00a0you sip domain.\u00a0\u00a0 Image below shows the configuration .\u00a0 Two sip domains (domain.sip and Company.sip) are hosted on the provider to the left. Partner1.sip are hosted by the provider to the right. All of these\u00a03 Companies where able to federate.<\/p>\n<p><a href=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert1.jpg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"409\" data-permalink=\"https:\/\/www.vatland.no\/index.php\/keep-your-lync-public-certificates-up-to-date\/lynccert1\/\" data-orig-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert1.jpg\" data-orig-size=\"1083,704\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"lynccert1\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert1-1024x666.jpg\" class=\"alignnone size-medium wp-image-409\" src=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert1-300x195.jpg\" alt=\"lynccert1\" width=\"300\" height=\"195\" srcset=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert1-300x195.jpg 300w, https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert1-1024x666.jpg 1024w, https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert1.jpg 1083w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>At some time &#8220;domain.sip&#8221; moved their Lync solution to the provider at the right hand side. This new provider did the Lync installation by the book. They added an extra SAN to their Lync edge server Public certificate to reflect the New SIP domain. And the required DNS records where update with the new IP addresses.<\/p>\n<p><a href=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert2.jpg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"410\" data-permalink=\"https:\/\/www.vatland.no\/index.php\/keep-your-lync-public-certificates-up-to-date\/lynccert2\/\" data-orig-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert2.jpg\" data-orig-size=\"1105,719\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"lynccert2\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert2-1024x666.jpg\" class=\"alignnone size-medium wp-image-410\" src=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert2-300x195.jpg\" alt=\"lynccert2\" width=\"300\" height=\"195\" srcset=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert2-300x195.jpg 300w, https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert2-1024x666.jpg 1024w, https:\/\/www.vatland.no\/wp-content\/uploads\/2015\/01\/lynccert2.jpg 1105w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>As we can &#8220;see&#8221; on the figure above, the hosting provider to the left has removed the &#8220;domain.sip&#8221; domain from their Lync topology. They have not removed the SAN from the certificate.<\/p>\n<p>At this point users in &#8220;domain.sip&#8221; complains that they are unable to federate with users in &#8220;Company.sip&#8221; domain. They can however federate with everyone else.<\/p>\n<p>Logging will return some sort of errors that there is no tag about domain split. At this point we where sure that there has to be something left at the old provider causing this. After some days I remembered that Lync edge server has en entry in eventviewer describing that certain domains has been found by parsing SAN&#8217;s from incoming Connections.<\/p>\n<p>Used DigiCerts SSL validator and discovered that the old domain was stil left in the certificate from the old provider. Asked them to clean this up and &#8230;&#8230;. Yup that was it. Federation is now working.<\/p>\n<p>And yes I tried adding the other ASP as a &#8220;hosting provider&#8221;\u00a0 also tried adding all as &#8220;allowed domain&#8221; , but removing tha SAN was the solution.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here is one reason why you should cleanup SAN&#8217;s in your certificates.\u00a0Experienced\u00a0one scenario where a customer moved from one hosting provider to another and was unable to federate after the\u00a0move.\u00a0<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Keep Your #Lync Public #certificates up to date.","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[6],"tags":[19,18,31,30],"class_list":["post-408","post","type-post","status-publish","format-standard","hentry","category-lync","tag-certificates","tag-lync-edge-server","tag-lync-federation","tag-pki"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":false,"jetpack-related-posts":[{"id":251,"url":"https:\/\/www.vatland.no\/index.php\/provisioning-lync-federation-with-skype\/","url_meta":{"origin":408,"position":0},"title":"Provisioning Lync federation with Skype.","author":"Atle","date":"August 21, 2014","format":false,"excerpt":"If you want your Lync\u00a0users to be able to federate with Microsoft\u00a0and Skype you will need to\u00a0go to https:\/\/pic.lync.com and request\u00a0a new service. Login with the live account that has permissions to access your Microsoft Licenses through the\u00a0Microsoft licensing portal. Enter your Licensing type and\u00a0\u00a0License Agreement number. Add you Lync\u2026","rel":"","context":"In &quot;Lync&quot;","block_context":{"text":"Lync","link":"https:\/\/www.vatland.no\/index.php\/category\/lync\/"},"img":{"alt_text":"Lync2013","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2014\/05\/Lync2013.gif?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":241,"url":"https:\/\/www.vatland.no\/index.php\/lync-federation-failes-for-some-partners\/","url_meta":{"origin":408,"position":1},"title":"Lync federation failes for some partners.","author":"Atle","date":"August 12, 2014","format":false,"excerpt":"You have installed Lync edge server and have\u00a0issues federating with some or all of your partners. If you check the eventlog you might see multiple errors\u00a0like \u00a0event Source\u00a0:\u00a0\"LS Protocol Stack\" and Event ID 14428. Event description might mislead you to think that there is something wrong with\u00a0your partners certificate.\u00a0 The\u2026","rel":"","context":"In &quot;Lync&quot;","block_context":{"text":"Lync","link":"https:\/\/www.vatland.no\/index.php\/category\/lync\/"},"img":{"alt_text":"Lync2013","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2014\/05\/Lync2013.gif?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":645,"url":"https:\/\/www.vatland.no\/index.php\/exchange-um-event-id-1400\/","url_meta":{"origin":408,"position":2},"title":"Exchange UM event ID 1400","author":"Atle","date":"February 12, 2016","format":false,"excerpt":"This is a rather confusing event. It occurs on the Exchange server 2010 that is holding the Unified Messaging role. \"The following UM IP gateways did not respond as expected to a SIP OPTIONS request\", and at the end \"This operation has timed out\". The server mentioned in the erro\u2026","rel":"","context":"In &quot;Exchange&quot;","block_context":{"text":"Exchange","link":"https:\/\/www.vatland.no\/index.php\/category\/exchange\/"},"img":{"alt_text":"exevent1400","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2016\/02\/exevent1400.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2016\/02\/exevent1400.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2016\/02\/exevent1400.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":14,"url":"https:\/\/www.vatland.no\/index.php\/lync-unified-contact-store-ucs\/","url_meta":{"origin":408,"position":3},"title":"Lync Unified Contact Store &#8211; UCS","author":"Atle","date":"March 7, 2014","format":false,"excerpt":"How do I check and enable Lync UCS? First of all you need Exchange 2013 , then\u00a0make sure you have enabled UCS in Lync server. By running get-csuserservicesPolicy and verify it has been set to UCSAllowed=TRUE Next check you client policy. Get-CsClientPolicy should show you \"EnableExchangeContactSync = true\" for the\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"USERSP","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2014\/03\/USERSP-300x71.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":56,"url":"https:\/\/www.vatland.no\/index.php\/lync-edge-server-stopped-replicating-cms\/","url_meta":{"origin":408,"position":4},"title":"Lync Edge server stopped replicating CMS","author":"Atle","date":"January 3, 2013","format":false,"excerpt":"At some time Lync\u00a0edge server stopped replicating changes\u00a0in configuration. Also a\u00a0\"get-csmanagementstorereplicationstatus\" show False on\u00a0Edge server. Investigation shows\u00a0that the firewall has not changed and you can telnet from frontend to edge on port 4443. Alse got\u00a0the same error\u00a0in systemlog on edge server\u00a0: Description: When asking for client authentication, this server sends\u2026","rel":"","context":"In &quot;Lync&quot;","block_context":{"text":"Lync","link":"https:\/\/www.vatland.no\/index.php\/category\/lync\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":71,"url":"https:\/\/www.vatland.no\/index.php\/lync-phone-calls-failes-and-log-reportssniff-that-lync-server-cancel-it\/","url_meta":{"origin":408,"position":5},"title":"Lync phone calls failes, and log reports\/sniff that Lync server cancel it.","author":"Atle","date":"May 16, 2012","format":false,"excerpt":"When calling some foreign numers Lync server\u00a0CANCEL the call when it is in progress. Network sniff shows that the call is terminates after 10 sec. \u00a0 This is a default value of the Lync Routing engine. The value is located in \"c:\\program files\\Microsoft Lync Server 2010\\Server\\Core\\OutboundRouting.exe.config\" SOLUTION:Replace value \"FailOverTimeout\" value\u2026","rel":"","context":"In &quot;Lync&quot;","block_context":{"text":"Lync","link":"https:\/\/www.vatland.no\/index.php\/category\/lync\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/408","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/comments?post=408"}],"version-history":[{"count":4,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/408\/revisions"}],"predecessor-version":[{"id":417,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/408\/revisions\/417"}],"wp:attachment":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/media?parent=408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/categories?post=408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/tags?post=408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}