• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

I've followed Brennon's article http://www.ucprimer.com/tech-blog/deploying-lync-enterprise-voice-phones-without-dhcp, and am pointing my STS-UTI directly at a Lync 2013 server running Windows 2012 R2.  In my situation t's https://lync-03.domain.com:443/CertProv/CertProvisioningService.svc  We're using public certificates on the server, but I exported the roots and intermediates regardless and installed them as Application CA 1, 2, and 3.  Still, when I attempt to pin authenticate I get the following:

 

0626154056|cfg |5|00|Prm|Parameter reg.x.auth.useLoginCredentials requested type 2 but is of type 7
0626154056|so |4|00|[soRegistrationC] Login Credentials valid causing SoRegEventLine Changed
0626154056|cfg |4|00|Web|[cfgSaProcessRequestC::signInToLync] Successfully updated the PIN Auth Login credentials
0626154100|sip |*|00|dhcpOption120LyncQuery numList [2]
0626154100|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626154100|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626154101|app1 |*|00|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0
0626154101|app1 |*|00|SoRegistrationEventLast - new AppRegLineC, Default user
0626154101|sip |*|00|Sip Register Usr:VVX310 Dsp:VVX 310 Auth:'Using Login Cred' Inx:0
0626154115|tickt|5|00|soWebticketGetAllUserInfo: soWebTicketPinAuthGetRootCertChain Failed
0626154115|tickt|5|00|[MsgSoWebTicketSignWithPinAuth]: PIN Auth Failed

 

I see the line "soWebTicketPinAuthGetRootCertChain Failed" but I don't really understand what it's trying to tell me.  I thought at first it might be a trust issue, which is why I imported the root and intermediates as seperate certs.

 

Can someone help me decipher what it's trying to tell me is failing?

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Nevermind, figured it out.  Sometimes it just helps to talk it out.

 

I saw this in the log:

 

0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon

hack prepended http: to the getRootCertChains URL 

 

and realized that port 80 was blocked though the hardware load balancer while 443 was allowed.  That was my issue.  Problem solved.

View solution in original post

2 REPLIES 2
HP Recommended

I upped the logging levels to debug and received this if it helps:

 

 

0626160146|cfg |5|00|Prm|Parameter reg.x.auth.useLoginCredentials requested type 2 but is of type 7
0626160146|so |4|00|[soRegistrationC] Login Credentials valid causing SoRegEventLine Changed
0626160146|cfg |4|00|Web|[cfgSaProcessRequestC::signInToLync] Successfully updated the PIN Auth Login credentials
0626160150|sip |*|00|dhcpOption120LyncQuery numList [2]
0626160150|tickt|0|00|soWebTicket: msg 7002 0 22 e86028
0626160150|tickt|0|00|[MsgSoWebTicketSignWithPinAuth]: Pin Sign With Ext/Pin In Device Flash
0626160150|tickt|1|00|soWebticketGetAllUserInfo:input parameters user index 0, Extension 67324 server https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc UUID 41251496-6342-53e9-9513-4652e9c5acf0
0626160150|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626160150|tickt|1|00|soWebTicketServersGet: request URI is https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc/mex
0626160150|tickt|1|00|Provisioning:Cipher suite = RSA:!EXP:!LOW:!NULL:!MD5:@STRENGTH
0626160150|tickt|1|00|soWebTicketServersGet: Got response 0 code 200
0626160150|tickt|0|00|Got response 0 code 200 data:

[HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16599
Content-Type: text/xml; charset=UTF-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-Server-Fqdn: lync-03.ad.domain.com
X-Powered-By: ASP.NET
Date: Fri, 26 Jun 2015 21:01:50 GMT

<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="
0626160150|tickt|2|00|doXmlParsingForErrorCode: stripped pResponse is:
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmln
0626160150|tickt|3|00|soWebTicketServersGet: WebTicketAddress is https://lyncfeint.domain.com/WebTicket/WebTicketService.svc
0626160150|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
0626160150|tickt|3|00|soWebTicketServersGet: webticket proof service URL is https://lyncfeint.domain.com/CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: SpecialInterop_Lync2010 detected
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: autoProvision location is 6
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: Cert is not available at 6
0626160150|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626160150|tickt|1|00|soWebTicketServersGet: request URI is https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc/mex
0626160150|tickt|1|00|Provisioning:Cipher suite = RSA:!EXP:!LOW:!NULL:!MD5:@STRENGTH
0626160151|app1 |*|00|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0
0626160151|app1 |*|00|SoRegistrationEventLast - new AppRegLineC, Default user
0626160151|sip |*|00|Sip Register Usr:VVX310 Dsp:VVX 310 Auth:'Using Login Cred' Inx:0
0626160151|tickt|1|00|soWebTicketServersGet: Got response 0 code 200
0626160151|tickt|0|00|Got response 0 code 200 data&colon;

[HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16599
Content-Type: text/xml; charset=UTF-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-Server-Fqdn: lync-03.ad.domain.com
X-Powered-By: ASP.NET
Date: Fri, 26 Jun 2015 21:01:51 GMT

<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="
0626160151|tickt|2|00|doXmlParsingForErrorCode: stripped pResponse is:
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmln
0626160151|tickt|3|00|soWebTicketServersGet: WebTicketAddress is https://lyncfeint.domain.com/WebTicket/WebTicketService.svc
0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
0626160152|tickt|3|00|soWebTicketServersGet: webticket proof service URL is https://lyncfeint.domain.com/CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1
0626160152|tickt|1|00|soRootCertGet: hack prepended http: to the getRootCertChains URL
0626160205|tickt|2|00|[PpsHybridC]: OnEvSipOnFetchRootCert soRootCertGet returned Failure
0626160205|tickt|5|00|soWebticketGetAllUserInfo: soWebTicketPinAuthGetRootCertChain Failed
0626160205|tickt|5|00|[MsgSoWebTicketSignWithPinAuth]: PIN Auth Failed

HP Recommended

Nevermind, figured it out.  Sometimes it just helps to talk it out.

 

I saw this in the log:

 

0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon

hack prepended http: to the getRootCertChains URL 

 

and realized that port 80 was blocked though the hardware load balancer while 443 was allowed.  That was my issue.  Problem solved.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.