Monday, March 25, 2013

(A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

I was deploying a Lync Server Director in a Multi-Tenant configuration after i assigned the certificate a went to start the services, the Front-End services couldn't start with the following errors

Log Name:      Lync Server
Source:        LS Protocol Stack
Date:          3/12/2013 1:52:06 PM
Event ID:      14397
Task Category: (1001)
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Lync Director FQDN
Description:
A configured certificate could not be loaded from store. The serial number is attached for reference.
Extended Error Code: 0x800B0109 (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.).
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event
">
 
   
    14397
    3
    1001
    0x80000000000000
   
    58
    Lync Server
    Lync Director FQDN
   
 

 
    0x800B0109
    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
    AD5CEFED0AA77CC23B0B247DCF82F208
 

========================================================================Log Name:      Lync Server
Source:        LS Protocol Stack
Date:          3/12/2013 1:52:06 PM
Event ID:      14359
Task Category: (1001)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Lync Director FQDN
Description:
Unable to use the default outgoing certificate.
Error 0x800B0109 (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.).
Cause: The certificate may have been deleted or may be invalid, or permissions are not set correctly.
Resolution:
Ensure that a valid certificate is present in the local computer certificate store. Also ensure that the server has sufficient privileges to access the store.
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event
">
 
   
    14359
    2
    1001
    0x80000000000000
   
    59
    Lync Server
    Lync Director FQDN
   
 

 
    0x800B0109
    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
 


I installed an Inetermediate CA certificate from the certificate provider and the Front-End Service started successfully, the strange thing is that I didn't face this issue with the Front-End servers so I was pulling my hair out and looking into different directions!!

SQLServerAgent could not be started (reason: Unable to connect to server 'ServerName\Instancename'; SQLServerAgent cannot start).

Hello,

At one of the environments i faced a very strange issue, i was working on SQL Server cluster that was working fine, but for some reason i have to perform a failover, all the resources and services were restarted successfully except for the SQL Server Agent service... looking at the system logs of the vent viewer i found the following error, Event ID 103 "
SQLServerAgent could not be started (reason: Unable to connect to server 'ServerName\Instancename'; SQLServerAgent cannot start)."

Log Name:      Application
Source:        SQLAgent$InstaceName
Date:          3/20/2013 3:29:58 PM
Event ID:      103
Task Category: Service Control
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ServerName
Description:
SQLServerAgent could not be started (reason: Unable to connect to server 'ServerName\InstanceName'; SQLServerAgent cannot start).
Event Xml:
http://schemas.microsoft.com/win/2004/08/events/event
">
 
   
    103
    2
    2
    0x80000000000000
   
    22958
    Application
    ServeraName
   
 

 
    Unable to connect to server 'ServerName\InstanceName'; SQLServerAgent cannot start
 

A quick search on the Internet yielded some forum posts that talk about permission on the SQL drives, and this was not my case.
After some troubleshooting i looked at the account used by the SQL Server Agent Service, the account was OK, but looking at SQL server logs i fount the root cause !
Login failed for user 'Domain\ServiceAccount'. Reason: The account is disabled. [CLIENT: IP Address]
looking at the SQL logins I found out that the login for this account has been disabled by the DBA !!! :(

enabling the account solved the  problem and the service can start successfully

Regards
Amr