Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, January 14, 2017 10:10 AM
My Skype for Business certificates recently expired. So, I updated all of them by requesting new ones from my domain controller and installing my latest Godaddy certificate. However, now my Sonus SBC gateway cannot connect to my SfB server (We still use POTS lines). I get these errors:
| 14.1 | ||
| Condition | Invalid Session for attempted realtime connection | |
| Description | If a web-client tries to open a realtime monitor connection with invalid session ID, BMP will generate this alarm. | |
| Severity | Minor | |
| Source | 127.0.0.1 | |
| Category | Security | |
| Acknowledged | False | |
| Clearing Event ID | 0.0 |
| ID | 9.44 | |
| Condition | SIP-TLS Client Handshake Failure | |
| Description | TLS1.0 alert sent:unknown CA(48), conn_id:1, port:5067, key:00TLS4-24579; Cause: Invalid CA, cert chain was too long, or cert chain import was not complete. | |
| Severity | Minor | |
| Source | TLSProfile: 2:192.168.24.57 | |
| Category | Security | |
| Acknowledged | False | |
| Clearing Event ID | 9.47 |
I also get errors saying that my SIP cluster went down and the signaling group was taken out of service because of this.
I have temporarily tried disabling TLS, and my Lync UC Mediation comes up, but is unable to make or receive calls.
I have reinstalled the root CA certificate successfully. I have tried to install the certificates from my SfB server, but I get this error:
Internal communication error when validating configuration change
Any ideas what I might be missing?
| The following errors occurred:
Internal communication error when validating configuration change |
| The following errors occurred:
Internal communication error when validating configuration change |
| The following errors occurred:
Internal communication error when validating configuration change |
Daryl Sensenig Tents For Rent
All replies (7)
Monday, January 23, 2017 3:54 PM ✅Answered
I replaced the default Sonus certificate with a certificate issued by our internal Windows CA. This resolved the issue. Thanks for your help.
Daryl Sensenig Tents For Rent
Saturday, January 14, 2017 10:24 AM
On the SfB server, I get these errors:
Log Name: Lync Server
Source: LS Mediation Server
Date: 1/14/2017 5:06:50 AM
Event ID: 25076
Task Category: (1030)
Level: Error
Keywords: Classic
User: N/A
Computer: *****************
Description:
TLS negotiation failed with a incoming connection from an unknown Trunk.
Remote Endpoint: ******************
Reason: UntrustedRemoteCertificate
Cause: A Trunk peer may not be configured to send connections to the port Mediation Server is listening to, or the certificate of the Trunk peer is not recognized by the Mediation Server.
Resolution:
Check that the Mediation server and Trunk certificates are configured correctly. Check if the MEDIATIONSERVER_MAJOR_CONFIGURATION_ALARM (Event ID: 25057) has been fired. Check whether the remote endpoint a known peer.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LS Mediation Server" />
<EventID Qualifiers="50182">25076</EventID>
<Level>2</Level>
<Task>1030</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-01-14T10:06:50.000000000Z" />
<EventRecordID>728099</EventRecordID>
<Channel>Lync Server</Channel>
<Computer>**************</Computer>
<Security />
</System>
<EventData>
<Data>************</Data>
<Data>UntrustedRemoteCertificate</Data>
</EventData>
</Event>
Log Name: Lync Server
Source: LS Mediation Server
Date: 1/14/2017 5:07:00 AM
Event ID: 25076
Task Category: (1030)
Level: Error
Keywords: Classic
User: N/A
Computer: *********************
Description:
TLS negotiation failed with a incoming connection from an unknown Trunk.
Remote Endpoint: **************
Reason: UntrustedRemoteCertificate
Cause: A Trunk peer may not be configured to send connections to the port Mediation Server is listening to, or the certificate of the Trunk peer is not recognized by the Mediation Server.
Resolution:
Check that the Mediation server and Trunk certificates are configured correctly. Check if the MEDIATIONSERVER_MAJOR_CONFIGURATION_ALARM (Event ID: 25057) has been fired. Check whether the remote endpoint a known peer.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LS Mediation Server" />
<EventID Qualifiers="50182">25076</EventID>
<Level>2</Level>
<Task>1030</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-01-14T10:07:00.000000000Z" />
<EventRecordID>728121</EventRecordID>
<Channel>Lync Server</Channel>
<Computer>*****************</Computer>
<Security />
</System>
<EventData>
<Data>****************</Data>
<Data>UntrustedRemoteCertificate</Data>
</EventData>
</Event>
Daryl Sensenig Tents For Rent
Monday, January 16, 2017 2:53 AM
Hi Daryl,
Welcome to post in our forum.
Based on the error message, please check if the certificate is correct for Mediation server and Sonus Gateway.
If you want to renew your SFB server certificate, you need to use SFB deployment wizard. For details, please refer to the following document:
https://blogs.technet.microsoft.com/uclobby/2013/09/16/renewing-lync-server-20102013-certificates/
Here is an article describes the troubleshooting tips for Sonus SBC, please refer to
https://support.sonus.net/display/UXDOC61/Common+Troubleshooting+Issues+with+Certificates+in+Sonus+SBC+1000-2000
Hope this reply is helpful to you.
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Regards,
Alice Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, January 16, 2017 11:34 AM
I was able to resolve this issue be requesting a new certificate from our internal Windows CA and replacing the default Sonus certificate with the new one issued from our internal CA.
Monday, January 16, 2017 1:50 PM
The certificate imported in Gateway should have trusted root certificate as well as intermediate certificate if any.Looks like the root or intermediate certificate is missing in Gateway.
Jayakumar K
Monday, January 23, 2017 3:16 AM
Hi Daryl,
Did you check the certificate on the Mediation server and Sonus Gateway? Please try to check the certificate firstly, if any errors, please don’t hesitate provide it for us to do further troubleshooting, we glad to help you.
Regards,
Alice Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, February 6, 2017 10:37 AM
Hi Daryl,
Thanks for your sharing, it will help others who has the similar issue.
Regards,
Alice Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].