Certificate Chain is Invalid / Problem Deploying Lync Server

Howdy,

 

Sometimes While Deploying Microsoft Lync Server, when it comes to Requesting and Assigning Certificate for the Lync Services It will fail with the following Error (Although it should not fail because your Internal CA root certificate should be installed automatically once the server is joined to the domain):

 

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)

 

To solve this Error you will need to Download the Certificate chain from your Certificate Authority , and install it in the Lync FE .

How To Do That Step – by – Step :

• Open An Internet Explorer at the Lync FE server ( the One You Are Running the Installation Wizard on it).
• Write the URL of the Certificate Authority Server e.g. ( Http://ca.contoso.com/contoso-ca)
• Click on “Download a CA Certificate, Certificate Chain, or CRL”

• In the next Page click on “Download  CA Certificate Chain”

 

• Click Save and save the Cert. to the Desktop.
• now you will need to import, Click Start, Run and type MMC.
• Press Ctrl+M
• From the Left Menu Double Click “Certificates”
• From the Certificate Snap-in Window, Select “Computer Account” and Click Finish
• Click Ok
• Now Expand the Certificates Menu and double Click “Trusted Root Certificate Authorities”
• Right Click Certificates >> All Tasks >> Import

 

• In the Import Certificate Wizard Welcome Page Click Next

 

• Browse to the Desktop and select the downloaded Certificate ( make sure that file Type is All Files)
• Click Next
• Click Next
• Click Finish

By this You had imported the Certificate and try now to re-request the certificate for Lync Services in the Deployment Wizard and it will NOT fail .

 

if these Steps weren’t Clear Enough for you , please use the Following Link

Click Here