Working on a Nintex 2013 WF with 'Enable Lync/OCS' WF Action and when WF executes I receive this error message: "Error enabling Lync for Active Directory account. Connecting to remote server 'lync server name' failed with the following error message: The server certificate on the destination computer (lync server name:443) has the following errors: The SSl certificate contai" and the rest of the WF error message is cutoff. Has anyone seen this issue before and know how I can resolve it? Also, any troubleshooting/debug advice to resolve my onboarding workflow would be greatly appreciated. Thanks, Frank.
Solved! Go to Solution.
I was able to resolve this issue and successfully get the Lync account enabled. What I did was retrieved the ULS logs in my Web Front End server and saw the FULL error message. What was missing was the following text which found extremely helpful in resolving the certificate issue. Additional Error Text stated the following: "The SSL certificate contains a common name (CN) that does not match the hostname."
I then logged into my Lync server and looked at the certificate and what I saw for the CN = lyncservername.domainname.com. I then edited my Nintex WF Action for 'Enable Lync/OCS' and changed the field named 'Lync server' from OLD = lyncservername to NEW = lyncservername.domainname.com
Once I did the above change in my WF action I no longer had the certificate issue error message.
At this point I got a different error message that stated "Error enabling Lync for Active Directory account. Management object not found for identity "username".
I then logged back into my Lync server and pulled up a Lync Management Shell CMD and issued cmd as follows: enable-csuser -identity domainname\username -RegistrarPool YourPoolname -SIpAddress "sip:firstname.lastname@example.org which issued because the WF action is trying to do a enable-csuser cmd to the Lync server. My thought was to ensure I knew the correct parameter values to input directly into Lync server to enable an AD User account for Lync.
Armed with this information I then went back to my WF and input the correct RegistrarPool, Account to enable, SIP Address. I also changed the Username and Password to a service account that has permissions to enable Lync on the Lync server. I believe the AD Security Group that is used to provide proper credentials to the Lync Server = CSAdministrator which allows for administrative tasks in Lync Server 2010.
At this point my AD User account was Lync Enabled and this issue is now solved.
I just wanted to add the above details in case it helps someone else in the future.