Requesting Lync Server 2010 Edge server’s internal certificate throws the error: “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)The certificate was not imported.”

Problem

You’re trying to request a certificate from your internal certificate authority but the process fails with:

> Request CertificateRequest-CSCertificate -New -Type Internal -CA "venus.someDomain.com\Your CA X" -Country CA -State "Ontario" -City "Oakville" -FriendlyName "LyncEdge" -KeySize 2048 -PrivateKeyExportable $True -Organization "Your CA" -OU "IT" -DomainName "lyncedge" -CAAccount "domain\tluk" -CAPassword "****" -Verbose -Report "C:\Users\Administrator\AppData\Local\Temp\2\Request-CSCertificate-[2011_02_09][20_24_17].html"Creating new log file "C:\Users\Administrator\AppData\Local\Temp\2\Request-CSCertificate-b95d7045-45e6-4d35-a067-2f8e05ef5061.xml".Create a certificate request based on Lync Server configuration for this computer.A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)The certificate was not imported.Issued thumbprint "" for use "Internal" by "venus.someDomain.com\Your CA X".Creating new log file "C:\Users\Administrator\AppData\Local\Temp\2\Request-CSCertificate-[2011_02_09][20_24_17].html".Warning: Request-CSCertificate failed.Warning: Detailed results can be found at "C:\Users\Administrator\AppData\Local\Temp\2\Request-CSCertificate-[2011_02_09][20_24_17].html".Command execution failed: Value cannot be null.Parameter name: thumbprint

Solution

The reason why this error is thrown is because the Edge server doesn’t have your internal certificate authority’s root certificate listed as a trusted authority.  Domain joined servers automatically trust the domain’s enterprise certificate authority but since the Edge is not joined to the domain, you’ll need to manually export and import it.