{"id":852,"date":"2019-01-03T19:29:51","date_gmt":"2019-01-03T18:29:51","guid":{"rendered":"http:\/\/www.vatland.no\/?p=852"},"modified":"2019-01-06T12:50:44","modified_gmt":"2019-01-06T11:50:44","slug":"make-sure-you-have-the-correct-csp-for-your-ca","status":"publish","type":"post","link":"https:\/\/www.vatland.no\/index.php\/make-sure-you-have-the-correct-csp-for-your-ca\/","title":{"rendered":"Make sure you have the correct CSP for Your CA"},"content":{"rendered":"\n<p>Got some weird errors on our new Skype for Business server install. After a straight forward install users was unable to login from external and some issues regarding conferences. Skype services seemed to start but ended up running with unknown details when get-windowsservices. Also we had one error in the eventviewer on frontende server.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1020\" height=\"257\" data-attachment-id=\"853\" data-permalink=\"https:\/\/www.vatland.no\/index.php\/make-sure-you-have-the-correct-csp-for-your-ca\/cspeventview\/\" data-orig-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/CSPEventview.png\" data-orig-size=\"1020,257\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CSPEventview\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/CSPEventview.png\" src=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/CSPEventview.png\" alt=\"\" class=\"wp-image-853\" srcset=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/CSPEventview.png 1020w, https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/CSPEventview-300x76.png 300w, https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/CSPEventview-768x194.png 768w\" sizes=\"auto, (max-width: 1020px) 100vw, 1020px\" \/><\/figure>\n\n\n\n<p>The most important clue was : CA_Failure: InternalError . So this pointed towards a certificate error. What could be wrong with the CA server (A windows server 2016 Enterprise Root CA).<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"383\" height=\"150\" data-attachment-id=\"856\" data-permalink=\"https:\/\/www.vatland.no\/index.php\/make-sure-you-have-the-correct-csp-for-your-ca\/ecdsa_csp\/\" data-orig-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/ECDSA_CSP.png\" data-orig-size=\"383,150\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"ECDSA_CSP\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/ECDSA_CSP.png\" src=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/ECDSA_CSP.png\" alt=\"\" class=\"wp-image-856\" srcset=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/ECDSA_CSP.png 383w, https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/ECDSA_CSP-300x117.png 300w\" sizes=\"auto, (max-width: 383px) 100vw, 383px\" \/><\/figure>\n\n\n\n<p>This was the first time I have seen a ECDSA CSP used. Next was to  verify S4B requirements.  <a href=\"https:\/\/docs.microsoft.com\/en-us\/skypeforbusiness\/plan-your-deployment\/requirements-for-your-environment\/environmental-requirements\">https:\/\/docs.microsoft.com\/en-us\/skypeforbusiness\/plan-your-deployment\/requirements-for-your-environment\/environmental-requirement<\/a>       <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Encryption key lengths of 1024, 2048, and 4096 are supported. Key lengths of 2048 and greater are recommended.<\/li><li>The default digest, or hash signing, algorithm is RSA. The ECDH_P256, ECDH_P384, and ECDH_P521 algorithms are also supported.<\/li><\/ul>\n\n\n\n<p>Once again check CA configuration:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"818\" height=\"247\" data-attachment-id=\"858\" data-permalink=\"https:\/\/www.vatland.no\/index.php\/make-sure-you-have-the-correct-csp-for-your-ca\/getreg-csp2\/\" data-orig-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/getreg-csp2.png\" data-orig-size=\"818,247\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"getreg-csp2\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/getreg-csp2.png\" src=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/getreg-csp2.png\" alt=\"\" class=\"wp-image-858\" srcset=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/getreg-csp2.png 818w, https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/getreg-csp2-300x91.png 300w, https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/getreg-csp2-768x232.png 768w\" sizes=\"auto, (max-width: 818px) 100vw, 818px\" \/><\/figure>\n\n\n\n<p>This CA was installed with the ECDSA_P256 CSP, We did not have the option to reinstall\/migrate the CA to a supported version, so our workaround was to install a new  standalone CA using RSA256 CSP and use this CA to issue certificates for Edge server internal and frontend certificate. (We published the new CA public key to clients using GPO).<\/p>\n\n\n\n<p>After we assigned the new certificates and rebooted it all seems to work OK. The new certs are now RSA256<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"387\" height=\"105\" data-attachment-id=\"859\" data-permalink=\"https:\/\/www.vatland.no\/index.php\/make-sure-you-have-the-correct-csp-for-your-ca\/rsacsp\/\" data-orig-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/RSAcsp.png\" data-orig-size=\"387,105\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"RSAcsp\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/RSAcsp.png\" src=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/RSAcsp.png\" alt=\"\" class=\"wp-image-859\" srcset=\"https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/RSAcsp.png 387w, https:\/\/www.vatland.no\/wp-content\/uploads\/2019\/01\/RSAcsp-300x81.png 300w\" sizes=\"auto, (max-width: 387px) 100vw, 387px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Got some weird errors on our new Skype for Business server install. After a straight forward install users was unable to login from external and some issues regarding conferences. Skype services seemed to start but ended up running with unknown details when get-windowsservices. Also we had one error in the eventviewer on frontende server. The &hellip; <a href=\"https:\/\/www.vatland.no\/index.php\/make-sure-you-have-the-correct-csp-for-your-ca\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Make sure you have the correct CSP for Your CA<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2,6,42,41,10],"tags":[63],"class_list":["post-852","post","type-post","status-publish","format-standard","hentry","category-development","category-lync","category-s4b","category-skype-for-business","category-windows","tag-ca_failure"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":false,"jetpack-related-posts":[{"id":526,"url":"https:\/\/www.vatland.no\/index.php\/error-installing-skype-for-business-server-2015\/","url_meta":{"origin":852,"position":0},"title":"Error installing Skype for Business server 2015","author":"Atle","date":"September 3, 2015","format":false,"excerpt":"Tried to install S4B server 2015 in my lab. Tried this from a computer with no internet access, also I did not install any prerequisites. \"Error: Prerequisite installation failed: Prerequisite installation failed: SqlInstanceRtc For more information, check your SQL Server log files. Log files are in the folder C:\\Program Files\\Microsoft\u2026","rel":"","context":"In &quot;Lync&quot;","block_context":{"text":"Lync","link":"https:\/\/www.vatland.no\/index.php\/category\/lync\/"},"img":{"alt_text":"installerror","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2015\/09\/installerror.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2015\/09\/installerror.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2015\/09\/installerror.png?resize=525%2C300 1.5x"},"classes":[]},{"id":795,"url":"https:\/\/www.vatland.no\/index.php\/sfb-server-startup-is-being-delayed-because-fabric-pool-manager-is-initializing\/","url_meta":{"origin":852,"position":1},"title":"SfB : Server startup is being delayed because fabric pool manager is initializing.","author":"Atle","date":"October 20, 2018","format":false,"excerpt":"Ran into a issue where Skype for\u00a0 Business frontend service refused to start. It remained in starting for ages before giving up. In the event viewer the statement was :\u00a0Server startup is being delayed because fabric pool manager is initializing. This event seemed to have something to do regarding pool,\u2026","rel":"","context":"In \"Skype for business\"","block_context":{"text":"Skype for business","link":"https:\/\/www.vatland.no\/index.php\/tag\/skype-for-business\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2018\/10\/Capture2.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2018\/10\/Capture2.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2018\/10\/Capture2.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2018\/10\/Capture2.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":706,"url":"https:\/\/www.vatland.no\/index.php\/s4b-deploy-database-to-sql-server-failed\/","url_meta":{"origin":852,"position":2},"title":"S4B &#8211; Deploy database to SQL server failed.","author":"Atle","date":"September 5, 2016","format":false,"excerpt":"This is a simple one. If you have trouble deploying databases during Skype for Business topology publising.\u00a0 \"The network path was not found\" This is because you have not enable Network discovery on the SQL server. Enable this and rerun install-csdatabase .........","rel":"","context":"In &quot;S4B&quot;","block_context":{"text":"S4B","link":"https:\/\/www.vatland.no\/index.php\/category\/s4b\/"},"img":{"alt_text":"monitoringdb","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2016\/09\/monitoringdb.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2016\/09\/monitoringdb.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2016\/09\/monitoringdb.jpg?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2016\/09\/monitoringdb.jpg?resize=700%2C400 2x"},"classes":[]},{"id":790,"url":"https:\/\/www.vatland.no\/index.php\/upgrade-to-skype-for-business-failed-error-1603\/","url_meta":{"origin":852,"position":3},"title":"Upgrade to Skype for Business failed. Error 1603","author":"Atle","date":"October 20, 2018","format":false,"excerpt":"Have done several upgrades from Lync 2013 to Skype for Business 2015, so this last one should be no different, but faith had other plans. Installed topology builder on a new computer and prepared the upgrade process. But when a bit into the upgrade it failed. Error: Error returned while\u2026","rel":"","context":"In &quot;Lync&quot;","block_context":{"text":"Lync","link":"https:\/\/www.vatland.no\/index.php\/category\/lync\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2018\/10\/Capture5.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2018\/10\/Capture5.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2018\/10\/Capture5.jpg?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2018\/10\/Capture5.jpg?resize=700%2C400 2x"},"classes":[]},{"id":746,"url":"https:\/\/www.vatland.no\/index.php\/no-connectivity-with-any-of-web-conferencing-servers\/","url_meta":{"origin":852,"position":4},"title":"No connectivity with any of Web Conferencing Servers.","author":"Atle","date":"December 8, 2017","format":false,"excerpt":"This event started to appear every 20 seconds or so. The Skype for Business servers had recently been patched. In the patch list was updates to .Net framework. Included in these patches is a security update that resolves an security bypass feature. https:\/\/support.microsoft.com\/en-us\/help\/4014510\/description-of-the-security-and-quality-rollup-for-the-net-framework-4\u00a0. To solve this all I had to\u2026","rel":"","context":"In &quot;Lync&quot;","block_context":{"text":"Lync","link":"https:\/\/www.vatland.no\/index.php\/category\/lync\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2017\/12\/SkypeEventID41026.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2017\/12\/SkypeEventID41026.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2017\/12\/SkypeEventID41026.jpg?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2017\/12\/SkypeEventID41026.jpg?resize=700%2C400 2x"},"classes":[]},{"id":277,"url":"https:\/\/www.vatland.no\/index.php\/lync-server-2010-rtchost-exe-crashes-after-windows-update\/","url_meta":{"origin":852,"position":5},"title":"Lync server 2010 rtchost.exe crashes after Windows Update.","author":"Atle","date":"September 11, 2014","format":false,"excerpt":"\u00a0After running Windows update on a Lync 2010 edge server\u00a0I was unable to communicate with external contacts. I could see their presence but no\u00a0chat\/video or audio.\u00a0The eventlog contained lots of event 1001 \"Information\"(Why\u00a0not error\u00a0!!!!!) that RTCHOST.EXE crashed. Probably failed installation of KB2982385. Why are these only information events. Even more\u2026","rel":"","context":"In &quot;Lync&quot;","block_context":{"text":"Lync","link":"https:\/\/www.vatland.no\/index.php\/category\/lync\/"},"img":{"alt_text":"Lync2013","src":"https:\/\/i0.wp.com\/www.vatland.no\/wp-content\/uploads\/2014\/05\/Lync2013.gif?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/comments?post=852"}],"version-history":[{"count":3,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/852\/revisions"}],"predecessor-version":[{"id":862,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/852\/revisions\/862"}],"wp:attachment":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/media?parent=852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/categories?post=852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/tags?post=852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}