Certificate Not Valid While Installaing LYNC2010 SERVER

Dear Experts,

Thanks in advance. While Installing Lync2010 in my lab environment I stocked in creating certificates on Lync server 2010.

I followed this link and as the instruction I did and I am sure I have not done any mistake.

 http://policelli.com/blog/archive/2011/02/28/step-by-step-guide-to-preparing-a-lab-environment-for-lync-server-2010-2/

My Lab Setup

LYNC-DC-Windows2008R2, AD DS, DNS, AD CS

LYNC-SVR- Windows 2008R2  Front end ,Back end

When requesting the Certificate I get the following message:

 

A Certificate with thumbprint " 3E76ED3EC12XXXXXXXXXXXX has been added to the local certificate store.

The certificate has been issued by the online certification authority and is installed to the local certificate store, however it is not valid.  Make sure that the Root certificate, and necessary certificate chain is installed on this server.

I am requesting you please help me out..
LVL 1
JJ KRWindows System administratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
these days most certificate authorities use a subordinate CA to issue certificates
root ca
---- subordinate ca
--------- sub-subordinate ca
-------------- your certificate
You need all of these certificates except for yours in the trusted root provider store.
godaddy/starfield https://certs.godaddy.com/repository
digicert  https://www.digicert.com/digicert-root-certificates.htm
startssl https://www.startssl.com/certs/
Verisign Root Cert. https://access.ca.gov/Certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
Verisign Intermediate Cert. https://access.ca.gov/Certs/VeriSign_Class_3_Secure_Server_CA_-_G3.crt
0
JJ KRWindows System administratorAuthor Commented:
Dear David,

Thanks for your comments.
There are lots of certificates as I mentioned below. Which File need for download

DigiCert Assured ID CA-1
DigiCert Assured ID CA G2
DigiCert Assured ID CA G3
DigiCert Assured ID Code Signing CA-1
DigiCert EV Code Signing CA (SHA2)

Regards
Biswajeet
0
JJ KRWindows System administratorAuthor Commented:
Dear David,

I am in Lync Server 2010 Deployment wizard  where I have finished step 1: Install local configuration store completed

Step:2  Setup or Remove Lync Server  Components completed.

Step 3: Request, Install or Assign Certificates  Not completed . I am stuck in step no 3. Certificate Wizard . Which option I have to select ?
Request
Assign
Import Certificate.

Please suggest....
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

David Johnson, CD, MVPOwnerCommented:
you can download and install all of the certificates except for the code signing intermediates.  Digicert has 2 free utilities to check your certificate chain. basically you have to examine the certificate chain and get the certificate that matches the one higher than the one you are looking at. Look for the issued by line .. use certmgr.msc to do this
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JJ KRWindows System administratorAuthor Commented:
Dear David,

You are genius. Thanks a lot for your time and support. After installed all these required certificates the Issue resolved. I installed successfully LYNC2010 in my lab. Thank you so much.

Regards
Biswajeet Pattnaik
0
JJ KRWindows System administratorAuthor Commented:
Hi,

As per the instruction of David Johnson, MVP issue resolved
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.