Thursday, March 09, 2006

Live Communications Server Snap-in cannot open the certificate store

OK – now Per is at it, I also want to confess about one of my “mistakes”. I want to tell a story about LCS and the certificates snap-in that eventually made me rip my hair off (figuratively speaking that is – I need a magnifier and a pair of tweezers to find some) and calling PSS (It’s not a shame to do so btw … I keep telling myself).
As usual in LCS deployments I started by installing a LCS Home Server, implemented the necessary internal DNS records and then tested the functionality with TCP (Everything worked like a breeze). I then installed my LCS Access Proxy, used LCSCertUtil from the resource kit to request a public certificate and installed this on the Public Interface and our own certificate on the Internal Interface.
Then on my LCS Home Server I requested the necessary certificate and started the Live Communications Server 2005 MMC. I dribbled down through Forest, LCS Servers and pools, Server and right-clicked Properties on my server. I then clicked add and received the error message Live Communications Server Snap-in cannot open the certificate store followed by a Live Communications Server Snap-in cannot read the certificate information associated with this entry and a greyed out Add Connection Window. The same happened when I clicked the Security tab.
Googling the error message showed me that there was a known issue, whereby Sysadmins had installed the certificate in the user store (Checking, double and triple checking this made me certain that this wasn’t the problem) also the certificates checked out fine. Eventually (A day later) I ended up reinstalling the server, and it had no effect what so ever (Thinking that missing security rights or something the like was an issue).
To cut the story short(er) then I’m a geek so when I install new servers, I disable everything I can. One of the things I like to disable is File and Printer Sharing for Microsoft Networks on servers/network cards that doesn’t need it.
With the assistance of a skilled PSS guy from Turkey, named Fadi, it turned out, that when a LCS Home Server needs to find certificates in the GUI of the LCS MMC; it needs File and Printer sharing enabled on the server! But this isn’t the case on Access Proxies – so in the beginning I had no clue what to look for. Disabling File and Printer Sharing again, after installing and verifying the certificates, works fine so it must be a “feature” in the LCS 2005 MMC.

6 comments:

Jan Petersen said...

Thx. for that information! I have bin wondering why I couldn’t find certificates information on some of my servers.

Anonymous said...

Actually disabling it doesn't solve the problem. Any other solutions??????

Dennis Lundtoft Thomsen said...

You should enable it not disable it ;-) The issue here is that its dependant on the File and Printer sharing. So it might be some kind of firewalling/Security Configuration Wizard/IPSEC policies !?

Todd said...

Thanks for the info. I just disabled F/P Sharing on my external network nic and it presented this problem. Without your blog, I'd probably be looking for hours/days to find this. Kudos to you.

Anonymous said...

How do i enable File and Printer sharing on the server. Please help i am stuck.

Dennis Lundtoft Thomsen [MVP] said...

Find the appropriate network card, take properties on it and enable "File and Printer Sharing for Microsoft Networks".