Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, July 22, 2011 1:23 PM | 1 vote
Hi,
Were trying to use the Test-CSFederatedPartner cmdlet to test Federation to a remote party but the command fail with the following error:
Test-CsFederatedPartner -Domain redscan.net -TargetFqdn lyn
c-edge.avt-systems.co.uk
Test-CsFederatedPartner : The operation failed due to issues with Tls. See the
exception for more information.
At line:1 char:24
- Test-CsFederatedPartner <<<< -Domain redscan.net -TargetFqdn lync-edge.avt-s
ystems.co.uk
+ CategoryInfo : OperationStopped: (:) [Test-CsFederatedPartner],
TlsFailureException
+ FullyQualifiedErrorId : WorkflowNotCompleted,Microsoft.Rtc.Management.Sy
ntheticTransactions.TestFederatedPartnerCmdlet
We are running this on the Frontend. Using Microsoft Network Monitor I can see the command is only communicating with the internal domain controllers via LDAP. After the command is run we get the following error in the event log:
A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003.
Does anyone know which certificate this would be checking, or how to resolve this error ?
Regards,
Neil
All replies (7)
Tuesday, July 26, 2011 8:44 AM ✅Answered | 2 votes
Hi,Neil,
By search on the internet this error is often caused by the service ssl certificate is not fully trusted or the service account hasn't full permission.
Would you please go to http://www.digicert.com/help/ and test your certificate status?
Have you created and enabled federation route between you and your partner?
Is the federate domain listed in the collection of allowed (federated) domains?
Also please verify the account you run the cmdlets has the appropriate permission and try to reassign a new certificate for the server.
Otherwise if there are more error messages along with this error in the event viewer please also extract them for troubleshooting.
If above doesn't help could you elaborate more on your Lync topology,please?
Moreover,another post with the same error message just for your reference(TMG relevant). http://social.technet.microsoft.com/Forums/en/Forefrontedgegeneral/thread/15c4bded-1848-480a-914d-a131cb49f0bd
Regards,
Sharon
Wednesday, August 3, 2011 1:10 PM
hi,
Were you able to get to a resolution on this issue ? Seeing teh same problem, however federation using client works correctly.
Thursday, March 22, 2012 3:46 PM
Just came across this, you'll get this error if you don't run the Lync Shell with administrative permissions and try to run the test-csfederatedpartner. Close the shell, then start it as administrator and it should work fine if your certs are configured correctly.
Monday, August 26, 2013 4:08 AM | 12 votes
This is NTFS permission problem, just go to C:\ProgramData\Microsoft\Crypto\RSA and grant "Network Services" Read permission to "MachineKeys" folder.
and then restart server.
Done
Wednesday, February 26, 2014 11:17 PM
Well done! This fixed it for me
John Lucas - Code Monkey
Tuesday, June 3, 2014 3:49 PM
Thank you for providing an answer instead of a link to another forum. It pointed me to the issue right away.
Tuesday, December 11, 2018 6:53 PM
Muchas gracias, esto me fue de utilidad, tenía dos semanas buscando y no encontraba la solución.
Saludos.