Does I.C.T matters to you ?

Friday, April 22, 2016

Skype for Business Certificate Expiration Issue - The Skype for Business Server Front-End service terminated with the following service-specific error:

Unable to start “Skype for Business Server Front-End service”

Event viewer:

The Skype for Business Server Front-End service terminated with the following service-specific error:
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Note: Before requesting a new certificate, we need to make sure that the Root CA certificate is installed in the Trusted Root Certification Authorities under the Local Computer Certificate Store:

Also please review the expired cert before starting the wizard so that you have necessary information request in the wizards, Example shows the SANs used my cert.

Step 1 – Login to SFB Server which the cert is expired.

Open Skype for Business 2015 – Deployment Wizard and click on Install or Update SFBS Systems

Click on Request, Install or Assign Certificates >> Run

you will see exclamation marks as shown below if the cert is not valid (in our case expired)

Click on Request button, it will bring Certificate Request window, You’ll need to fill the form. It is very important to select ALL or domain for subject alternative names (My case I use my domain) Click for advance if you need to do some custom settings like ;

Create an Offline Request, Specify another CA, Specify different CA credentials, Use a different Certificate Template, Change key bit length and/or Mark the certificate private key as exportable and Add additional SAN names. After that, we will return to the initial Certificate Request screen