Lync LS Storage Service 32054 and 32053 errors (Solved!)

A customer wanted me to look into an issue with singning onto Lync 2013 remotely with a Lync mobile client for Android. Lync is updated with CU2.
The lync client could sing on but a error message was shown in the client.
"Invalid Exchange login credentials"

Error shown in Norwegian
A look at the errorlog on the front end server showed these error messages:

  • Storage Service had an EWS Autodiscovery failure
  • Microsoft.Rtc.Internal.Storage.StoreConfigException: No issuers are accepted by the target server, expected 1-many accepted Issuer(s)Storage Service had an OAuth authentication failure.


I ran the powershell command:
Test-CsExStorageConnectivity -SipUri jeti@customer.no -Verbose

It failed with this response:
2013.08.28 10:07:01.750 OAuth.CreateAppActAsToken failed,
ex=StoreConfigException: code=ErrorOAuthConfigIssuer, reason=No issuers are
accepted by the target server, expected 1-many accepted Issuer(s)

I then went focused on the partership between the lync fe and the exchange-server.
First the prerequisites mentioned here

Then the nest step mentioned here
I ran the script on the Lync frontend server and the powershell command "c:\Program Files\Microsoft\Exchange Server\V15\Scripts\Configure-EnterprisePartnerApplication.ps1" -AuthMetadataUrl "https://lync.contoso.com/metadata/json/1" -ApplicationType "Lync"
on the frontend server but still no luck.

Seems like more people are experiencing the same issue is this blog: Multiple LS Storage Service 32054 errors

Update:
Solution from Microsoft to this problem is found here: http://support.microsoft.com/kb/2905047/en-us

Second Update: http://blog.insidelync.com/2012/08/the-lync-2013-preview-unified-contact-store-ucs/

In this article it describes the following solution to this errors:

Check to see whether you have Event-id log errors 3205432053, and 32045 in the event log (under the ‘Lync Server’ application node).  Looking at the contents of these errors you will likely see an oAuth authentication failure.
This is a frustrating error because of the wrong error message returned by the Test-CsExStorageConnectivity cmdlet.  The real problem is that the Network Service account that the Lync Storage Service uses does not have access to the private key in used by the oAuth certificate. I found the solution in this Lync Server 2013 Preview Forum posting:
  1. Open MMC and add the “Certificates” Snap-in (Local Computer)
  2. Open Personal | Certificates and find the the Certificate being used for OAuth (use the Lync “Get-CsCertificate -Type OAuthTokenIssuer” cmdlet to find the serial number of the OAuth certificate).
  3. Right-click | “All Tasks” | “Manage Private Keys”
  4. Add Permissions for “Network Service” account (the defaults Full control and Read).
Note: if this was not the problem, test that you can browser to the Exchange Server 2013 autodiscover metadata URL in IE without any certificate warnings or errors (e.g.https://autodiscover.myDomain.com/autodiscover/metadata/json/1).
Tip: if you are having further problems with application pool trusts if you are trying to configure OWA integration, see “When to have a Lync Trusted Application Pool for Exchange OWA IM Integration?” by Jens Trier Rasmussen.

Comments

  1. Hello! Were you able to find a solution? I am running into the same issue. Thank you! Eric

    ReplyDelete
    Replies
    1. Seems like this is related to lync and office 365 but i still have found no solution

      Delete
  2. Event ID 32054 is logged on a Lync Server 2013 front-end server when a user signs in to a Lync mobile client

    http://support.microsoft.com/kb/2905047/en-us

    ReplyDelete
  3. Even with the latest CU, I have still this "problem".
    Exchange 2010 and Lync 2013 up-to-date.
    Autodiscover is OK.

    ReplyDelete
    Replies
    1. Have you tried the following:

      Open MMC and add the “Certificates” Snap-in (Local Computer)
      Open Personal | Certificates and find the the Certificate being used for OAuth (use the Lync “Get-CsCertificate -Type OAuthTokenIssuer” cmdlet to find the serial number of the OAuth certificate).
      Right-click | “All Tasks” | “Manage Private Keys”
      Add Permissions for “Network Service” account (the defaults Full control and Read).

      Delete
  4. I am still having this same problem

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
  6. So I made this change and I am still seeing the errors, does this require a reboot or any services to be restarted...?

    ReplyDelete
  7. Hello, I'm facing the same issue, did you find a solution ?

    ReplyDelete
  8. Cool stuff you have and you keep overhaul every one of us
    hong kong company formation

    ReplyDelete
  9. Hi Kjetil, old chum! :)
    I realized that this issue can also occur if you change the primary SIP-domain for the Skype for Business-users. The solution is to issue a new OAuth-certificate on the frontend servers, and re-run the scripts

    Exchange:
    .\Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl ‘https://fe.domain.local/metadata/json/1′ -ApplicationType Lync"

    S4B frontends:
    set-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl "https://autodiscover.newsipdomain.com/autodiscover/metadata/json/1"

    According to this howto: http://blog.schertz.name/2015/09/exchange-and-skype-for-business-integration/

    Cheers
    Rolf

    ReplyDelete
    Replies
    1. You the man Rolf! :) This was exactly the case at a customer. Added the partner application again with New-CsPartnerApplication and the errors disappeared.

      Delete
  10. This comment has been removed by a blog administrator.

    ReplyDelete

Post a Comment

Popular Posts