Web Conferencing Server connection failed to Establish on Edge server

Web Conferencing Server connection failed to Establish on Edge server

In an environment of a domain with a backup DC you might face a problem with Lync Edge deployment.

After the step where you have to add the CA authority certificate to your Trusted CA store in Edge Server you might notice 

some errors with Edge server trusting the connection from Front end or vice versa.

The problem will happen if there’s two CA certificates in the Trusted CA store and you only have imported one of them.

Looking at the Front End server Certificate store which is joined to the Domain. We still need to dig more to make sure the certificate chain is fully installed.

Errors might be generated by the same symptom are:

Web Conferencing Server connection failed to establish.

Over the past 1 minutes Lync Server has experienced incoming TLS connection failures 1 time(s). The error code of the last

Failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted. ) and the last connection was from the host “”.

Cause:

This can occur in case the box is not properly configured for TLS communications with remote Web Conferencing Server.

Resolution:

Check your topology configuration to ensure that both this host and remote Web Conferencing Server can validate each other TLS certificates and are otherwise trusted for communications.

—

The XMPP Translating Gateway Proxy has no connections to any XMPP gateways.

Cause: Connectivity issue.

Resolution:

Check that a configured gateway is running.

—

TLS outgoing connection failures.

Over the past 1 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.) while trying to connect to

the server “EGELYNCFE.domain.local” at address [192.168.16.45:5061], and the display name in the peer certificate is “Unavailable”.

Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer 

server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect.

The root certificate is not trusted error means the peer certificate was issued by a remote CA that is not trusted by the local machine.

Resolution:

Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN 

somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses 

returned by DNS refer to a server in the same pool. For un-trusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.

Resolution:

To Resolve this problem, make sure that you export both CA from Front End and import them in to Edge’s Trusted root 

CA Local store.