Just another site

Lync 2010 Standard – 33060 events – PSTN dial in fails, SIP/2.0 503 Service unavailable, dial-in caller joins then immediately disconnected

Audio error message on PSTN dial-in of: “sorry i can’t seem to connect you to your meeting right now”…..

And in the event log:

User failed to join the conference.

Microsoft.Rtc.Collaboration.ConferenceFailureException:The operation failed due to a response from the server. For more information, examine the properties on the exception and inner exception.

Fought with this for three days then initiated a Microsoft support call, they spent another two days on it and finally the engineer hit on the right area….. surprise….. certificates.

Symptoms were: following loss of a Lync 2010 front end server we rebuilt it over a weekend, got all services working then noticed that although dial-out through our PSTN worked, dial-in didn’t.

Participants would dial into the server, hear the greeting, enter the conference, Lync client participants would see them join for a moment then get bounced out (they would show as anonymous) with the audio message: “sorry i can’t seem to connect you to your meeting right now, please try again later” etc.

We did traces, reinstalled conferencing service, the conference attendants, published and republished the topology etc etc, eventually some kind of timer tripped at Microsoft support in India and they brought out the big guns did a 25mb trace on the call join and went through it line by line.

At this point the engineer told me that the issue was with the certificate on the FE server, he showed me the certificate that we had (just) issued to our freshly minted Lync 2010 server and the certificate signing algorithm was RSASAA-PSS, apparently Lync ONLY works with certificates issued with the sha1RSA algorithm.

Since last issuing Lync certificates we have upgraded our enterprise PKI to 2012 R2 which it seems by default issues certs signed with RSASAA-PSS. Yes – this also affects Lync 2013 according to the support team.

Lync 2013 is also affected by this problem, and i believe it may also impact OSX’s use of windows issued certificates (our 802.1x wireless has not worked with certificate auth for some time).

At this point i was escalated to the directory services team but while i waited i did some googling and found this:

It seems i’m not the only one to find this, I have requested MS refund me my support token as this is clearly an issue with their documentation.

Anyway as mentioned in the link above the resolution is to change a value in the registry on issuing PKI servers, restart cert services then reissue the FE cert, as stated by Rufat Aliyev in the technet forums:

You do this:

The problem is solved. There is a huge Microsoft mistake in documentation for MS Lync. I don’t know why but I can’t find any information about exact PKI requiments for MS Lync. In my case all my certificates use RSASSA-PSS algorythm instead of RSAsha1. I changed the registry key on my Enterprise CA server.   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\Your Cert Authority\CSP

value AlternateSignatureAlgorithm from 1 to 0 and restart CA service.

After this request a new certificate from Lync deployment withard and everything become OK.

It take me about 3 month to find out this!!!!”

Once the cert is installed, bounce the box and your conferences will function normally again. I hope this helps someone else.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: