Archive for December, 2018
Skype For Business: Invalid incoming HTTPS certificate
by Travis on Dec.15, 2018, under Tech Stuff
Skype for Business Front End Server
Event ID 32042 – LS User Services – Invalid incoming HTTPS Certificate
I ran into this issue recently when someone thought it’d be cute to have the intermediate and root certs for a domain sitting in the same container (Trusted Root Certification Authorities). There’s a reason we have different containers folks. 🙂
Needless to say I was not amused after wasting an hour or so trying to figure out just why this error kept popping up in my event logs and the FE services wouldn’t come up. The worst part? I’d looked at the certificate objects and because these two certs looked almost identical in name, I missed them entirely during my search.
So after doing a little digging around, I was pointed back towards a problem with a chain. There were a few examples of some Powershell to accomplish what I needed, but I liked this one the best. It allowed for me to see the list of my offenders easily.
Get-ChildItem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} |fl FriendlyName,Subject,Issuer
Once run, any certificate listed is going to be a cert you need to take a look at. You’ll most likely either move these certificates to the Intermediate or Personal containers. Just be careful where you move stuff so you don’t create new problems for yourself.
Hopefully you can save yourself some time by having this handy.
Migrating Windows DNS Server
by Travis on Dec.09, 2018, under Tech Stuff
Ever needed to migrate a non-AD integrated Windows DNS Server to another instance of Windows? I found myself in the situation to do so this weekend so I figured I’d share the process for reference.
From the source server:
- Create a folder for storing the migration files. (ex. c:\temp\dnsgmig)
- From an elevated command prompt, execute the following commands:
- ‘reg export “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Parameters” c:\temp\dnsmig\dns-params.reg
- ‘reg export “HKEY_LOCAL_MACHINE\System\CurrentVersion\DNS Server” c:\temp\dnsmig\dns-version.reg
- ‘reg export “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Parameters” c:\temp\dnsmig\dns-params.reg
- Modify dns-params.reg and change “PreviousLocalHostname” to the fqdn of your new DNS server. If you using the same name, skip this step.
- Copy the folder c:\windows\system32\dns to c:\temp\dnsmig\
Copy the source folder (c:\temp\dnsmig) to the destination server. (example will use the same folder name)
- From an elevated command prompt, execute the following command:
- Stop-Service DNS
- Click to import your two registry files, dns-params.reg and dns-version.reg. You’ll be prompted each time to confirm you want to import the information. Click ‘Yes’.
- Copy all of the files from c:\temp\dnsmig\dns to c:\windows\system32\dns
- From an elevated command prompt, execute the following command:
- Start-Service DNS
You should now be up and running.