One of my Lync 2013 FE did not start after update to August 2014 CU.
The error pointed to certificate:
Event Id: 14397:
A configured certificate could not be loaded from store. The serial number is attached for reference.
Extended Error Code: 0x800B0109(CERT_E_UNTRUSTEDROOT).
Event Id 14646:
A serious problem related to certificates is preventing Lync Server from functioning.
Unable to use the default outgoing certificate.
The certificate may have been deleted or may be invalid, or permissions are not set correctly.
Ensure that a valid certificate is present in the local computer certificate store. Also ensure that the server has sufficient privileges to access the store.
details page (for Event Id 14397) shows the certificate number. I tried to find it using PowerShell
Get-ChildItem -Path CERT: -Recurse | FT Subject, SerialNumber | FindStr <NUMBER FROM EVENT VIEWER>
It returned an empty string. So I rerun it without |findstr … and checked output. Naturally I saw one of cert number is similar to whatever was in event id BUT
1. it was backward and
2. each two bytes were changed in place
It is confusing, eh? so I will try to give an example:
Number in Event viewer: ABCDEFGH12
Certificate number: 12GHEFCDAB
After that I found the certificate in question – it is my pool cert which works just fine of my first FE server…
I checked the certificate using Cert MMS – it looked ok and fully trusted. Trusted root – GeoTrust Global CA was on its place.
Resolution: An intermediate certificate (GeoTrust SSL CA – G2) was not under “Intermediate Certification Authorities”. I copied it from my first server store to the second one and restarted the front-end on the second server. It started successfully this time.