Hero Banner

Products Discussions

Share best practices and get the latest Microsoft product info

Reply
Anonymous
Not applicable

Skype for Business Cloud Connector installation issues

Hi there 🙂

I encounter an error when installing the Cloud Connector (Install-CcAppliance) Version 2.0.1:

 

WARNING: Set-CsCertificate failed.

 

Command execution failed: "83A0DF9CAADA542E4B78745683FFBEA8C3045DF1" not found in MY certificate store or not trusted

 

I have a certificate with private key with this configuration (SN is ap.commehr.de, SAN is ap.commehr.de, sip.commehr.de).

I have imported the certificate on the Edge Server and copied from Personal to trusted and Intermediate store.

Is this issue known?
Do you have any ideas what might be wrong?

Have uninstall and unregister the appliance serveral times and started the installation from scratch I still see the same error.

I highly appreciate your help!

Thank you!

Ana-Maria

 

 

1 ACCEPTED SOLUTION
Level 2 Contributor

I had the same issue as well during my isntallation.  So I think it is a bug.  To work around this, once the Edge server VM gets created and before the script finishes I copy the certificate to the Personal > Certificates folder in the MMC on the Edge Server.  The script seems happy once it sees it there.

View solution in original post

18 REPLIES 18
Visitor 1

I haven't fixed this as such but I did find a work around by adding a pause to the CCE script then manually running bootstrapper on Edge before resuming the script.

 

https://chrishayward.co.uk/2020/07/26/skype-for-business-cce-install-problems/

Anonymous
Not applicable

hello every body

I have the same problem Smiley Sad Smiley Sad

I appreciate so much if anybody help to solve this problem !!

This is the error msg :

WARNING: Set-CsCertificate failed.
WARNING: Detailed results can be found at "C:\Users\Administrator\AppData\Local\Temp\Set-CsCertificate-6d958a50-29e5-4d6e-885c-a3a7585d9833.html".
WARNING: Start-CsWindowsService encountered errors. Consult the log file for a detailed analysis, and ensure all errors (3) and warnin gs (0) are addressed before continuing.
WARNING: Detailed results can be found at "C:\Users\Administrator\AppData\Local\Temp\Start-CsWindowsService-3bcae505-0c30-4bcb- 9cf6-6ac4ce077a7b.html".
Command execution failed: "A135E9BF194CD674CBA1EDD31E77990278523006" not found in MY certificate store or not trusted. To enable trust, install the root certificate in the Trusted Certification Authorities store.
At C:\Program Files\WindowsPowerShell\Modules\CloudConnector\Internal\MtSetup.ps1:360 char:13
+             Invoke-Command -ComputerName $machineIP -Credential $domainAdminCred ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Set-CsCertificate], UnknownObjectException
    + FullyQualifiedErrorId : ProcessingFailed,Microsoft.Rtc.Management.Deployment.SetCertificateCmdlet
Trying to exit current manual maintenance mode.
Successfully exit manual maintenance mode.
Command execution failed: "A135E9BF194CD674CBA1EDD31E77990278523006" not found in MY certificate store or not trusted. To enable
trust, install the root certificate in the Trusted Certification Authorities store.
At C:\Program Files\WindowsPowerShell\Modules\CloudConnector\Internal\MtSetup.ps1:360 char:13
+             Invoke-Command -ComputerName $machineIP -Credential $domainAdminCred ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Set-CsCertificate], UnknownObjectException
    + FullyQualifiedErrorId : ProcessingFailed,Microsoft.Rtc.Management.Deployment.SetCertificateCmdlet
    + PSComputerName        : 192.168.213.5

[Krayem]

Level 2 Contributor

Did you try the solution provided earlier?

Anonymous
Not applicable

Hello DouglasJ

Thanks for helping me, 

I want to ask you which of these certificates : 

1- ServerCertificate
2- Intermediate
3- Root

i have to copy to the Personal > Certificates folder in the MMC on the Edge Server

sorry maybe it is Stupid question, but I am very new to these things 🙂 

Anonymous
Not applicable

Hi DouglasJ 

I did that , i deployed again, but it gave me other error about :[WARNING: Set-CsCertificate failed]

can you review the error ? it is here 

Host name: edgeserver.bct.local
Install internal certificate AD.BCT.LOCAL\SfB CCE Root from domain controller on Edge server.
Issued thumbprint "6E1572BACB19AE9612F488C8DE586B0FE98AD9A8" for use "Internal" by "AD.BCT.LOCAL\SfB CCE Root".
WARNING: Set-CsCertificate failed.
WARNING: Detailed results can be found at "C:\Users\Administrator.BCT\AppData\Local\Temp\Set-CsCertificate-10858004-2baf-41b4-b491-279
b502ff2f9.html".
Certificate "cce.oc365s.info" added to store.
 
CertUtil: -importPFX command completed successfully.
WARNING: Set-CsCertificate failed.
WARNING: Detailed results can be found at "C:\Users\Administrator.BCT\AppData\Local\Temp\Set-CsCertificate-de881943-49c7-4705-b560-21b
aff2d1f5f.html".
WARNING: Detailed results can be found at "C:\Users\Administrator.BCT\AppData\Local\Temp\Enable-CsReplica-47f5f317-ba06-4d54-9519-9359
724d52ac.html".
Parent registry key for Cloud Connector server role doesn't exist on VM : Edge, will create a new one.
Creating server role registry key on VM : Edge.
NotSpecified: (:String) [], RemoteException
At C:\Program Files\WindowsPowerShell\Modules\CloudConnector\Internal\MtSetup.ps1:360 char:13
+             Invoke-Command -ComputerName $machineIP -Credential $domainAdminCred ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 Trying to exit current manual maintenance mode.
Successfully exit manual maintenance mode.
NotSpecified: (:String) [], RemoteException
At C:\Program Files\WindowsPowerShell\Modules\CloudConnector\Internal\MtSetup.ps1:360 char:13
+             Invoke-Command -ComputerName $machineIP -Credential $domainAdminCred ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : 192.168.213.5
Level 2 Contributor

cce.oc365s.info - .pfx should be the format?

Anonymous
Not applicable

I have followed this link : 

WARNING: Detailed results can be found at "C:\Users\Administrator.BCT\AppData\Local\Temp\Set-CsCertificate-83203955-ca5e-4cfd-b293-c007f67d77a7.html".

it is giving me the error in connecting the SQLserver 

this is the msg: 
Error: An error occurred: "Microsoft.Rtc.Common.Data.SqlConnectionException" "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)"

Level 2 Contributor

I had not encountered that issue or error message before.

Anonymous
Not applicable

Oh DoglasJ 

I did what you have done exactly but no way , still giving me the same problem 😞

Level 2 Contributor

Im sorry.  You may have a different issue then.

Level 1 Contributor

I am seeing the same issue. It looks like the SQL instance for the local config replica is failing to install due to an SQL install error 0x84B10001, which apparently is a .NET 3.5 install issue - although it looks ok, and clearly has worked ok on the other role VMs.

 

Has anyone found a solution?

Level 1 Contributor

Hi BN8958,

Did you ever find a solution to this ?

James

Level 1 Contributor

In effect no - but after about 5 attempts to install the appliance (without making any changes, other than deleteing the failed VMs each time), it worked. I cant explain why! Smiley Frustrated

Level 1 Contributor

I'll continue, maybe 3rd time lucky!

I can only think that it's related to the external cert, however i generated the CSR using the SfB built in tool, so you would hope it would be correct!

I'll perservere, but thank you for the quick response.

Level 2 Contributor

In our environment, I did not create the cert via the Skyp for Business tool.  It was done externally then imported.  It should not make a difference but just wanted you to know.

Level 1 Contributor

Hi DouglasJ

Thank you for the info, we tried the DigiCert tool also. Same issue.

I thought if the SfB tool was used it would be 100% accurate, never mind.

I have one last idea which i'll try now otherwise i'll escalate to Microsoft. Will feedback.

James

Level 2 Contributor

I had the same issue as well during my isntallation.  So I think it is a bug.  To work around this, once the Edge server VM gets created and before the script finishes I copy the certificate to the Personal > Certificates folder in the MMC on the Edge Server.  The script seems happy once it sees it there.

View solution in original post

Anonymous
Not applicable

Hi @Anonymous, have you already contacted support? @Anonymous, is this something you can help with?

I also discovered this technet article, which might be helpful for you.