Web Conferencing Server connection failed to Establish on Edge server

In an environment of a domain with a backup DC you might face a problem with Lync Edge deployment.

After the step where you have to add the CA authority certificate to your Trusted CA store in Edge Server you might notice

some errors with Edge server trusting the connection from Front end or vice versa.

The problem will happen if there's two CA certificates in the Trusted CA store and you only have imported one of them.

Looking at the Front End server Certificate store which is joined to the Domain.

Errors might be generated by the same symptom are:

Web Conferencing Server connection failed to establish.

Over the past 1 minutes Lync Server has experienced incoming TLS connection failures 1 time(s). The error code of the last

failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.

) and the last connection was from the host "".

Cause: This can occur if this box is not properly configured for TLS communications with remote Web Conferencing Server.

Resolution:

Check your topology configuration to ensure that both this host and remote Web Conferencing Server can validate each

other TLS certificates and are otherwise trusted for communications.

The XMPP Translating Gateway Proxy has no connections to any XMPP gateways.

Cause: Connectivity issue.

Resolution:

Check that a configured gateway is running.

---

TLS outgoing connection failures.

Over the past 1 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the

last failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.) while trying to connect to

the server "EGELYNCFE.domain.local" at address [192.168.16.45:5061], and the display name in the peer certificate is

"Unavailable".

Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer

server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server

used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is not

trusted by the local machine.

Resolution:

Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN

somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses

returned by DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain

is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.

Resolution:

To Resolve this problem, make sure that you export both CA from Front End and import them in to Edge's Trusted root

CA Local store.