Wednesday, December 26, 2018

Lync Front Service hangs on "starting" status on Lync 2013 Servers.

The common cause of Lync FE servers service to hang is related to non self-assigned certificates found on the Trusted Root Certificate store. Lync servers does use HTTP/s to communicate each other and the issue mentioned will break this behavior. Until such certs removed, FE service wont come back to its health state.

Step # 1
 Identify the certs causing this issue, run below PS from problem Lync FE Server.


# Script : Non_Self_Assigned_Certs-Scan.ps1
# Created : ISE 3.0
# Author(s) : casey.dedeal
# Date : 12/26/2018  
# Org : ETC Solutions
# File Name :
# Comments :
# Assumptions :
Acknowledgements : Open license
Limitations : None
Known issues : None
Credits : None
(1)_.Adding Vars
(2)_.Check Log Folder create one if ! exist
(3)_.Scan Local Machine Trusted Root Certs Store
(4)_.Open File
Cleanup all Certs listed on the log file.
Certs could be pushed via GPO, if that is the case
You will have find the GPO and make sure, problems
Cers have been removed from Policy.



#(1)_.Adding Vars

$Fname = "None-Self-Certs-Report.txt"
$TargetFolder = "C:\temp\Logs\"
$file = $TargetFolder + $Fname

#(2)_.Check Log Folder create one if ! exist

if(!(Test-Path -Path $TargetFolder))


write-host "()_Creating Target Folder" -f Yellow
New-Item -ItemType directory -Path $TargetFolder


#(3)_.Scan Local Machone Trusted Root Certs Store

$Report = Get-Childitem cert:\LocalMachine\root -Recurse |`
?{$_.Issuer -ne $_.Subject} | fl *
$Report | Out-File


Step # 2
Delete the problem certificates from Trusted root store, it is easy to identify these certificates as
"Issued From" and "Issues To" wont match. Check to make sure these certs are not getting pushed via GPO if so, you will need to make sure such GPO is cleared out.

Step # 3
Reboot FE server and make sure FE service comes up. Check event logs to make sure related event logs are cleared.

Related KB

Casey, Dedeal
Principal Systems Engineer