Requesting and assigning a certificate to Lync/Skype for Business server is a crucial process. Any kind of ignorance while requesting the certificate can trouble end-user services. If you are requesting the certificate for Lync/Skype for Business server, you may notice “WARNING: The chain of the certificate “xxxxxxxxxxxxxxxxxxxx” is invalid”.
If you will look into the logs then you can easily find it out that the process couldn’t find certificate chain and it happens because of root certificate. It simply means that the root certificate of certification authority does not exist on the local server from where the request is being generated.
Note: To reproduce this problem you should not install and configure local AD CS before Lync/Skype for Business Server installation. Install and configure AD CS after Lync/Skype for Business installation and try to request certificate without restarting the Lync/Skype for Business server. Most probably you will see the same error.
Now, let me use step by step process to identify and resolve this problem.
Below snapshot shows warning message while requesting certificate.
Open certificate snap-in through MMC and look for the root certificate of certification authority by which you are trying to request certificate.
You will not find the root CA in both “Current User” and “Local Computer”.
Now, Reboot the Lync/Skype for Business server and check again, now you may find the root certificate. In my case, certification authority name is “dcloud-AD-CA”. If you could not find the root certificate or not using AD CS then install the root certificate chain manually.
You can check this root certificate chain in both the locations “Local Computer” and “Current User”.
Now, you should try to request and assign the certificate.
Hope, it helps you.