Monday, February 14, 2011

Requesting Lync Server 2010 Edge server’s internal certificate throws the error: “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)The certificate was not imported.”

Problem

You’re trying to request a certificate from your internal certificate authority but the process fails with:

> Request CertificateRequest-CSCertificate -New -Type Internal -CA "venus.someDomain.com\Your CA X" -Country CA -State "Ontario" -City "Oakville" -FriendlyName "LyncEdge" -KeySize 2048 -PrivateKeyExportable $True -Organization "Your CA" -OU "IT" -DomainName "lyncedge" -CAAccount "domain\tluk" -CAPassword "****" -Verbose -Report "C:\Users\Administrator\AppData\Local\Temp\2\Request-CSCertificate-[2011_02_09][20_24_17].html"Creating new log file "C:\Users\Administrator\AppData\Local\Temp\2\Request-CSCertificate-b95d7045-45e6-4d35-a067-2f8e05ef5061.xml".Create a certificate request based on Lync Server configuration for this computer.A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)The certificate was not imported.Issued thumbprint "" for use "Internal" by "venus.someDomain.com\Your CA X".Creating new log file "C:\Users\Administrator\AppData\Local\Temp\2\Request-CSCertificate-[2011_02_09][20_24_17].html".Warning: Request-CSCertificate failed.Warning: Detailed results can be found at "C:\Users\Administrator\AppData\Local\Temp\2\Request-CSCertificate-[2011_02_09][20_24_17].html".Command execution failed: Value cannot be null.Parameter name: thumbprint

image

Solution

The reason why this error is thrown is because the Edge server doesn’t have your internal certificate authority’s root certificate listed as a trusted authority.  Domain joined servers automatically trust the domain’s enterprise certificate authority but since the Edge is not joined to the domain, you’ll need to manually export and import it.

image