The Lync server stop responding for all users. Lo and behold the certificate had expired. The last certificate was installed/updated 2 years ago. Fairly painless to update the certificate (i.e. install a new certificate) on the Server. We use an Internal Windows CA. Lync can use (and by default) a simple SSL cert.
Today, the Lync client bombs for all users. Lync 2010 client reads "there was a problem verifying the certificate from the server...". The login process seems to hang indefinitely.
I open the Lync Control Panel and get a security alert. View certificate yields the following. I should have reminded myself to update the certificate. It is unfortunate that the process isn't automated nor is there a good system of alerting for impending certificate expiration.
Look at the details of the cert. I am noting the SAN entries
The rest is fairly simple. Open the Lync Deployment Wizard. Select "Request, Install or Assign...".
For my installation, I was able to accept all the default of the Certificate generation since I had previously received (installed) a certificate from the same CA server.
During the cert generation wizard, I am verifying that the auto-generated Subject Alternative Names (SAN) matches what I had previously. Notice the SIP.<domainname>.com SAN was not there. No sweat because it is added on the next screen.
.
Make sure the SIP domain is correct. Again, for me, all I had to do was accept the default.
Next, next, next and the new cert is generated and installed. From the Wizard I select "start services" for good measure.
I will be upgrading to on-prem Lync 2013 very soon.
Good Luck.
