Share via

SHA512 certificates preventing RTCSRV from starting

  • Article

Hi All

just a quick note about SHA512 certificates and their effect on Lync Server 2013 and Skype for Business 2015. If your Certificate Authority issues certificate with a SHA512 signature hash algorithm (which is where a lot of organisations are now moving to *from sha1*), there is a problem with using these certificates on Windows Server 2012 R2 (and Windows Server 2012, and 2008 R2) if you do not have a particular hotfix installed.

When you try to start a on premises Front End Pool for Skype for Business 2015 or Lync Server 2013 you'll start seeing these errors in the System Event log.

This issue happens when the Pool certificate you are using has a Signature hash algorithm of sha512RSA

The good news is the fix is easy, go and install the hotfix from https://support.microsoft.com/kb/2975719. So if you hit this go and install the hotfix. 

Interestingly, the first server in a Front End Pool appears to successfully start the RTCSRV service, it's just the 2nd+ servers attempting to start the RTCSRV service that fails. The key is check if you have sha512 certs, and if you are getting the Schannel errors.

 

Happy Skype/Lync'ing.

Steve

Comments

  • Anonymous
    July 16, 2015
    The comment has been removed

  • Anonymous
    July 21, 2015
    From the lack of answer / state of silence I have to assume that either a)  I am indeed right and people agree with me b) this is a haunted site with write-only / never-read-comments owner

  • Anonymous
    July 22, 2015
    Hi Soder thanks for your comments. The Lync Server certificate TechNet pages that I use for reference when deploying Lync/Skype are (I am sure a Skype for Business version will be released shortly, but use this 2013 version for now): Internal Certificates - technet.microsoft.com/.../gg398094(v=ocs.15).aspx External Certificates - technet.microsoft.com/.../gg398920(v=ocs.15).aspx If there are gaps/questions you have around those articles there is a contact section at the bottom of the TechNet page where you can provide feedback about your concerns. HTH Steve

  • Anonymous
    August 08, 2015
    No need to approve my critics, its still the truth I wrote down..