Due to migration from old PKI infrastructure to the new one I decided to change certificates for my Lync Server 2013 infrastructure.
What I was particularly interested in is do I need to reboot servers (or at least restart corresponding services after I changed certificates)
Lync 2013 Deployment Wizard avoids this question both in "as next steps" and at in descriptions during the whole process.
So yesterday evening (to be on the save side) I changed certificates and was quite happy, that nowadays such things can happen without service downtime.
How wrong I was :P
Early morning today I got complaints from support team, that call forwarding is not working. Not only to external numbers, but also internally between local Lync users. Direct internal/external calls worked fine.
Diagnostics yielded with an interesting error (some fields are removed):
![]()
What I was particularly interested in is do I need to reboot servers (or at least restart corresponding services after I changed certificates)
Lync 2013 Deployment Wizard avoids this question both in "as next steps" and at in descriptions during the whole process.
So yesterday evening (to be on the save side) I changed certificates and was quite happy, that nowadays such things can happen without service downtime.
How wrong I was :P
Early morning today I got complaints from support team, that call forwarding is not working. Not only to external numbers, but also internally between local Lync users. Direct internal/external calls worked fine.
Diagnostics yielded with an interesting error (some fields are removed):
Direction: outgoing;source="local"
Message-Type: response
Start-Line: SIP/2.0 500 The server encountered an unexpected internal error
From: ""<>;tag=0df6247fdd;epid=81f1fbc243
To: <sip:+@;user=phone>;tag=FFCBF4529754E4D559A8CDC605D16A8E
Call-ID: db735a0353b1478092ff66c58bbc0cc9
CSeq: 1 INVITE
Via: SIP/2.0/TLS 172.20.20.101:49373;ms-received-port=49373;ms-received-cid=134BD00
Content-Length: 0
ms-diagnostics: 1;reason="Service Unavailable";AppUri="http%3A%2F%2Fwww.microsoft.com%2FLCS%2FDefaultRouting"; reason="Failed when constructing the outgoing request";source=""
Immediately after I saw the error I swallowed a bitter pill and restarted FrontEnd service - yep, downtime for users for 30 seconds (but ongoing calls unaffected) and success - users are back online and forwarding is working again
So, next time restart all Lync Server services after you change certificates.
As a side note: backup frontend, standalone mediation server, director server all were able to communicate fine with this particular frontend, I checked this just after changing certificates and today while looking for the clue.