The other day I ran into a strange issue: When opening Lync Management Shell on one Front End, I was prompted to trust “Microsoft Corporation” as a Trusted issuer. Now, immediately this got me worried, although the certificate details looked legitimate. After some review, I chose the “Run once” option to see what happened next, only to be prompted over and over again. By now I got fed up and hit “Never run”. Bad mistake, as the Management Shell or
import-module Lync in Powershell now would not work any more.
Error Messages were pointing towards the “startup.ps1” file of the Lync module being blocked by software restriction policies. The fault was definitely mine, but how to go about unblocking it was not being clear. Even uninstalling/reinstalling Lync Server Administrative Tools was being blocked due to the same policy (believe me, I tried).
I carried on by examining the file, located under %Programfiles%\Common Files\Microsoft Lync Server 2013\Modules\Lync. The Security tab showed that all users were authorized to read and execute. While looking at the Digital Signatures tab, however, digging down into the certificate details the following was listed: “A certificate was explicitly revoked by it’s issuer“.
The solution turned out quite simply to be “trusting” the certificate again, which can be accomplished in two ways:
- Open Internet Explorer – Tools – Content – Certificates. Find the tab “Untrusted Publishers” and remove the certificate that is being used to sign the Powershell module file.
- Open MMC – add the “Certificates” snap-in for “Current user” (not the “Local machine” one, I did this by mistake and was stuck). From there, locate the “Untrusted Certificates” folder and remove the certificate that is being used to sign the Powershell module file.
By now, simply run the Lync Management Shell or do an
import-module Lync and it is working again.
Although a simple fix to a simple problem I could not find any clear help on the matter, so I decided to post this for anyone stumbling upon this themselves.