Renewed Access Edge Certificates Call Connecting

When you renew the certificates on your Skype for Business Access Edge Server you cannot make PSTN calls from external.

A very quick one for you today. You may run in to an issue where if you renew your public certificates on your Skype for Business Access Edge Server you may not be able to make calls when connected via your Edge Server (I.e. External).

You can call out, the phone will ring, and when the user answers you'll see 'Connecting' and then the call drops.

If you get this, the simple way to fix this is just to restart the Mediation Server Service on the front-ends associated with the pool.

Why? Well, I think the reason is down to the A/V authentication service - have a look here:

Stage AV and OAuth certificates in Skype for Business Server using -Roll in Set-CsCertificate

In particular, note this bit:

The A/V Authentication service is responsible for issuing tokens that are used by clients and other A/V consumers. The tokens are generated from attributes on the certificate, and when the certificate expires, loss of connection and requirement to rejoin with a new token generated by the new certificate will result.

There is also a 'proper' way to address this, and this is also outlined in the article:

A new feature in Skype for Business Server will alleviate this problem - the ability to stage a new certificate in advance of the old one expiring and allowing both certificates to continue to function for a period of time.

So you can use this new feature - or you can restart the Mediation Server service and from what I can tell it achieves the same thing. You can also just wait - it should start working after the tokens timeout in 8ish hours.

blog comments powered by Disqus