Lync 2013 not starting on Windows 2012

If you are deploying Lync 2013 on Windows 2012 you may encounter one of the following issues

1. Lync 2013 Front End Service RTCSRV failing to start
2. HTTPs connectivity failures reported in the event viewer [we will add some events here for reference:

 

Event 30988, Ls User Services

Sending HTTP request failed. Server functionality will be affected if messages are failing consistently.

Sending the message to https://URL.contoso.com:444/LiveServer/Replication failed. IP Address is 192.168.0.1. Error code is 2EFE. Content-Type is application/replication+xml. Http Error Code is 0.
Cause: Network connectivity issues or an incorrectly configured certificate on the destination server. Check the eventlog description for more information.
Resolution:
Check the destination server to see that it is listening on the same URI and it has certificate configured for MTLS. Other reasons might be network connectivity issues between the two servers.

 

Event 32178, LS User Services

 

Failed to sync data for Routing group {EB10E520-9B20-575D-9D4C-C06E5A937F65} from backup store.
Cause: This may indicate a problem with connectivity to backup database or some unknown product issue.
Resolution:
Ensure that connectivity to backup database is proper. If the error persists, please contact product support with server traces.

 

Event 32174, LS User Services

 

Server startup is being delayed because fabric pool manager has not finished initial placement of users.

Currently waiting for routing group: {EB10E520-9B20-575D-9D4C-C06E5A937F65}.
Number of groups potentially not yet placed: 1.
Total number of groups: 1.
Cause: This is normal during cold-start of a Pool and during server startup.
If you continue to see this message many times, it indicates that insufficient number of Front-Ends are available in the Pool.
Resolution:
During a cold-start of a large Pool it can take upto an hour for the placement process to finish as it needs to populate all the Front-End databases with data from the Backup Store. If the Pool is running and the Front-End is just started, this is normal for some time. If this repeats for a long time, ensure that all the Front-Ends configured for this Pool are up and running. If multiple Front-Ends have been recently decommissioned, run Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery to enable the Pool to recover from Quorum Loss and make progress.

 

 

Cause:

 

You are likely to hit one of these issues if you have deployed non self-signed certificates into Trusted Root Certification Authorities instead of Intermediate Certification Authorities. This is a misconfiguration and can cause HTTP communication between Lync servers to be broken with untrusted root cert error. In Windows 2012 there is a high level of trust check for certification authentication, and hence this issue is exposed only for Lync deployments on Windows 2012.

 

Resolution:

 

You can follow the following steps to fix such misconfigurations:
1. If you are using group policies to deploy certs (https://technet.microsoft.com/en-us/library/cc738131(v=WS.10).aspx) ensure Trusted Root Certification Authorities only contains self-signed certificates (where Issued To = Issued By). Move any non-self-signed certificate present in this store to Intermediate Certification Authorities
2. If you are importing any new certificates (either on your DC or Windows 2012 machines), then ensure as part of import you choose Trusted Root Certification Authorities for any self-signed certificates and Intermediate Certification Authorities for any non-self-signed ones

 

UPDATE:

 

Public KB article has just been published at https://support.microsoft.com/kb/2795828 -
Lync Server 2013 Front-End service cannot start in Windows Server 2012