Thomas.Poett@TEAMS (MVP Teams and Cross-Tenant M&A/D Migration Expert Lead)

Hi Folks, thanks you for your participiation in my TechED 2014 session in Barcelona. I'm very proud you listen and enjoyed the session. For your reference, you can view and download my session here: http://channel9.msdn.com/Events/TechEd/Europe/2014/OFC-B325 Cheers Thomas   Author: Thomas Poett MVP, Senior Principal Consultant Microsoft Unified Communication

Lync is quiet strict in certificate validation. If you assign a non compatible certificate to Lync it will run into serious issues. This is most likely happen if you are using dedicated certificate for each Lync service. Especially the Lync WebServiceInternal certificate cannot be requested correctly, neither with Lync Wizard nor with the Request-CsCertificate command. Here the problem is that both methods are requesting a certificate with a Subject Name of the Internal Web Services rather than the POOL FQDN. Lync BUG: The remote certificate is invalid according to the validation procedure. reason="The web ticket is invalid." ;faultcode="wsse:InvalidSecurityToken",Replace=false In both, the TechNet and Help File the correct certificate is described. Therefore you need a valide process of requesting the correct certificate. If you have a consolidated certificate for all services, this is issue is not present, because the Subject Name responds to the POO...

Demystify Lync 2013 Server internal certificate requirements © 27.08.2014, Thomas Pött, Microsoft MVP Lync and PLSL 3 rd level Support certified. Version 1.7 . 2 The technical level of this document is 400. This article requires knowledge about certificate authorities, TLS encryption and identity authorization. Lync relay on several external components, as network or certificate authority, especially the CA is an important component for TLS encryption. We need to understand how Lync make use of certificates for authentication, identity authorization and encryption. It also makes differences between Lync service and its related web service, which are even segregated into internal and external site. Note: This document is neither a sizing nor a configuration guide. You should use this document only for your environment planning’s purposes and security considerations. In lager environments you should spend some time to evaluate the optimal path of your certificate deploy...