Greetings….

Odd Issue I encountered here.

The setup:

Greenfield 2013 environment.

– Single 2013 CU4 Standard Edition Front End

– Single 2013 CU4 Edge

– Single Office Web Apps Server 2013 (SP1)

Thanks to @patrichard for the Set-Cs2013Features script, as always.

Deployment went as expected, and there were no surprises. Until I tested PowerPoint sharing, that is. Then my basement flooded and my car got a flat tire. Ok not really, but I was just trying to convey the impact of something as salient as PowerPoint sharing now working. /s

The Issue:

When testing PowerPoint sharing to validate the Office Web App Server deployment I came across a

’There was a problem verifying the certificate from the server. Please contact your support team.’

NewImage

Saywha? Firing up some Hot BING action, I came across a really great post from Agus Rachman on this very subject. The HTTP target was not enabled on the internal Certificate Authority, and as I was testing from an internal non domain joined workstation, I figured following this guidance would resolve my issue. Nope (though I should have checked the CRL on the CA in the first place, silly John).

NewImage

Ok, so now what. Once I was certain the HTTP target was on the CRL distribution point on the certificate I attempted to actually connect to the CRL URL (uh, yeah try to say  that with peanut butter in your mouth, CRRRLLLURLLL). Placing the following in a browser:

http://ROOTCA.company.com//CertEnroll/ROOTCA.crl

Produced:

NewImage

“NO CRL FOR YOU!!!!!”

Examining AUTH on the CertEnroll VDIR on the CA machine showed auth looked ok (Anonymous Enabled, WINDOWS AUTH DISABLED), so no joy there, but looking at SSL Settings on the CertEnroll VDIR (how ghetto is that arrow?)

NewImage

We see that SSL Required is checked. Ok, so lets think that through. The client is trying to access the CRL over HTTP and the web site says “Oh no you didn’t!” so the client fails to verify the CRL and this is reflected in the PowerPoint share.

NewImage NewImage

Unchecking and applying ‘Require SSL’ and retrying to load the CRL URL in a browser now shows the ‘Do you want to open or save the root.crl’ dialog which we would expect.

NewImage

Retrying the Powerpoint share in Lync now works. Giddyup. Hey who is that guy?

NewImage

Your mileage may very with this fix however as IIS can be ‘funky’ so this may not be reproducible in all cases. But it worked for me. So now you know (and knowing is half  the battle).

Hope this helps.