Yahoo!’s certificate for lcsap.msg.yahoo.com expired. This caused traffic sent to Yahoo! to be rejected by their edge servers. If you have experienced PIC Federation issues with Yahoo! users due to certificates, please read this article.
Author: Quincy Davis, Microsoft Senior Support Engineer
Editor: Susan S. Bradley
Publication date: April 4, 2013
Product version: Lync Server 2013, Lync Server 2010, Office Communications Server
Yahoo!’s certificate for lcsap.msg.yahoo.com expired. This caused traffic sent to Yahoo! to be rejected by their edge servers.
The solution is to obtain a new certificate with the required level of security, which is higher than the old certificate (2048bit versus 1024bit). After in place on Yahoo!’s edge servers, Yahoo! can receive traffic again. Further testing and parsing of log data indicates that at least for most of Microsoft’s customers, no further action is required to use the new certificates.
If the IM & Presence function is not working properly with your federated Yahoo! users due to certificates, you should install the following 2048 bit certificates on your edge servers: DigiCert High Assurance EV Root CA and DigiCert High Assurance CA-3.
Installation Steps for Certificates
- Go to DigiCert Trusted Root Authority Certificates.
- Download and install the following certificates on your Edge servers.
- DigiCert Root Certificate: DigiCert High Assurance EV Root CA.
- DigiCert Intermediate Certificate: DigiCert High Assurance CA-3.
- In Windows Server, click Start, and then search on mmc.
- When the MMC Console opens, click File, and then select Add or Remove Snap-ins.
- In the Available Snap-ins box, select Certificates, and then click Add.
- In the Certificates snap-in dialog box, select Computer Account, and then click Next.
- In the Select Computer dialog box, Local Computer should be selected by default. Click Finish.
- In the Add or Remove Snap-ins dialog box, click OK.
- In the MMC Console, expand Certificates, and then right-click Trusted Root Certification Authorities.
- Select All Tasks, and then click Import.
- Browse to the DigiCert Root Certificate (DigiCert High Assurance EV Root CA) that you downloaded in Step 2.
- Select it, and then click Next.
- Ensure that Place all certificates in the following store is selected and that the certificate store is Trusted Root Certification Authorities.
- Click Next, and then click Finish.
- On the MMC Console, right-click Intermediate Certification Authorities, and then repeat Steps 12-14.
- In Step 14, browse to the DigiCert Intermediate Certificate (DigiCert High Assurance CA-3) you downloaded in Step 2.
- In Step 13, ensure that Place all certificates in the following store is selected and that the certificate store is Intermediate Certification Authorities.
After installing these certificates on your edge server, communication between your users and Yahoo! should resume. If this does not resolve the issue, you may be encountering another problem entirely.
Lync Server Resources
We Want to Hear from You
Keywords: Lync, Yahoo, Federation, PIC