Friday, April 22, 2016

Skype for Business Certificate Expiration Issue - The Skype for Business Server Front-End service terminated with the following service-specific error:

 

Unable to start “Skype for Business Server Front-End service”

Event viewer:

The Skype for Business Server Front-End service terminated with the following service-specific error:
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Note: Before requesting a new certificate, we need to make sure that the Root CA certificate is installed in the Trusted Root Certification Authorities under the Local Computer Certificate Store:

Also please review the expired cert before starting the wizard so that you have necessary information request in the wizards, Example shows the SANs used my cert.

image

Step 1 – Login to SFB Server which the cert is expired.

Open Skype for Business 2015 – Deployment Wizard and click on Install or Update SFBS Systems

image

Click on Request, Install or Assign Certificates >> Run

image

you will see exclamation marks as shown below if the cert is not valid (in our case expired)

image

Click on Request button, it will bring  Certificate Request window, You’ll need to fill the form. It is very important to select ALL or domain for subject alternative names (My case I use my domain) Click for advance if you need to do some custom settings like ;

Create an Offline Request, Specify another CA, Specify different CA credentials, Use a different Certificate Template, Change key bit length and/or Mark the certificate private key as exportable and Add additional SAN names. After that, we will return to the initial Certificate Request screen

image

Review the summery if all good click on Next.

image

If the certificate request is successful, we get Task status: Completed:, for more information you can view the view log.

image

This will open the Certificate Assign wizard click on Finish

image

Before assignment check and validate the cert by View Certificate Details

image

Click on Next

image

If the certificate assignment successful you see tick marks as below.

image

Congratulation ! now you have reconfigured the cert successfully, recommend a server restart but not mandatory now you can start services manually

@roshan-