This is the story of a couple of errors I have seen on two of our customer’s Edge servers; once about a year ago, and again just recently. Back when I first came across the error I couldn’t for the life of me figure out what was causing it. Nothing I tried got rid of the errors showing up in the event log. Interestingly, the error didn’t actually cause any issues, and everything carried on working as it should.
Recently at another customer, it showed itself again, and this time I was determined to figure it out!! Again no luck!! Next, I logged a Microsoft support ticket. They had seen similar issues but not this one specifically. Stalemate again!!
Then…….while troubleshooting another issue detailed here, I stumbled across the fix. Long story short, the Central Management Store contained Edge server certificates stored at the Global scope, which in theory would be replicated to all servers in the topology. Thing is, I don’t think this is a supported scenario; as I understand things, certificates should be installed on the local server and only, with the exception of the OAuth certificate which would be legitimately installed to the Global scope and replicated to all servers.
In case you missed it the solution is here
The Event Log Errors
Every few minutes the following events would be raised in the Event Log.
Event 3037 LS Replica Replicator Agent Service
Windows Task Scheduler task for replication of certificates from the central management store to the local machine has failed to run. Skype for Business Server 2015, Replica Replicator Agent will continuously attempt to re-initialize the task. While this condition persists, no replication of the certificates from the central management store to the local machine will be done.
Condition: Error returned by the certificate replication task.
Detail: Unknown error (0xffffffff)
Cause: Windows Task Scheduler may not be running or certificate replication task may have been deleted or disabled.
Resolution:
Ensure that Windows Task Scheduler service is running and certificate replication task is enabled.
Event 3042 LS Replica Replicator Agent Service
The replication of certificates from the central management store to the local machine failed due to an unexpected exception. Skype for Business Server 2015, Replica Replicator Agent will continuously attempt to retry the replication. While this condition persists, the certificates on the local machine will not be updated.
Exception: System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException: The local computer is not joined to a domain or the domain cannot be contacted.
at System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain()
at Microsoft.Rtc.Management.Internal.KeyManagement.GroupKeyFactory.GetRootDomain()
at Microsoft.Rtc.Management.Deployment.Core.Certificate.ReplicateCMSCertificates(IScopeAnchor scope)
at Microsoft.Rtc.Internal.Tools.Bootstrapper.Bootstrapper.ReplicateCMSCertificates().
Scheduled Task
When you install Skype for Business, a scheduled task is installed to Replicate CMS certificates; its called ReplicateCMSCertificates:
The Scheduled task executes the following bootstrap command so you can run it that way too:
|
1 |
PS C:\Program Files\Skype for Business Server 2015\Deployment> .\Bootstrapper.exe /ReplicateCMSCertificates |
Whatever way you run the command, the errors will be generated.
Conclusion
Patience is a virtue 🙂 Hope it helps someone else.
