LS User Services – Invalid Incoming HTTPS Certificate


Today I’m going to write about a problem I’ve been seeing in a lot of deployments that include Skype for business or Lync Server on a Windows server 2012 R2 OS at customers
Side Note: this blog article was written using my new Lumia 950XL with OneNote and Display dock connected to it, how cool is that 🙂


Lync or Skype for business deployment  with Enterprise pool including 3 or more frontends inside the pool


Users are unable to login to Lync client or the frontend services not starting sometimes, when checking the frontends logs you see a log of Event ID 32042 LS user services,

“Invalid incoming HTTPS certificate
Subject Name: xxx Issuer: xxx
Cause: this can happen if the HTTPS certificate has expired or is untrusted. The Certificate serial number is attached for reference….”


Or another one is:
“Sending HTTPS request failed. Server functionality will be affected if messages are failing consistently
 Sending the message to https://<frontend.domain&gt;:444/.. Failed”


If you go and check the mentioned certificate you notice that all of the “important” certificate for Lync to function are correctly issued and not expired, then you start to wonder what the F this event is talking about???

Root cause:

The problem is usually a certificate installed in the wrong container, windows server 2012 is more sensitive than older versions of windows servers when it comes to SSL certificate and TLS connection, and one mess placed certificate can cause a chain reaction of problems on the OS.


Using PowerShell check if the Trusted root certification container has no mess placed certificates, usually Admins install the intermediate certificate in the Trusted root certificate causing this problems

:\>Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\wrong_certificate.txt”

Exam the content of the text file where you should find the name of the certificate(s) causing the problem in this file locate it and delete it or move it to the correct container, restart your server and all should be fine 😉

Author: Lyncdude

A Senior Service Engineer with more than 9 years of experience in Microsoft Exchange and Microsoft Lync Server / Skype for Business. Egyptian guy lives and works in Frankfurt - Germany. what is written in this blog is my own opinion and thoughts, not my employer and does not reflect their opinion

One thought on “LS User Services – Invalid Incoming HTTPS Certificate”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: