Microsoft Lync 2010 (Office Communications Server) web service certificate
I have a Lync 2010 system with topology as follows:
Microsoft Forefront TMG -> Kemp load balancer -> (2) Lync Front End servers, (2) Lync Edge servers, (2) certificate servers, a monitoring server, and of course a few appliances to handle SIP and what not.
I've been working on this problem for a while, trying to learn my way through it, but it has become more urgent so now it's time to ask for help.
Users attempting to connect to Lync (using the soft client) from outside of our main employee network encounter SSL certificate errors ever since our old certificate expired. Using a web browser to connect to some of our Lync service host names, it is possible to see the old certificate still in place and expired. I cannot find the offending certificate; I believe I've replaced it everywhere with a new one.
The Lync Web Service certificate is definitely where the problem is, although I can't say for sure if the problem is anywhere else also. When I run Get-CsCertificate | fl I see only up-to-date certificates. They are listed for Default, WebServicesInternal, and WebServicesExternal. Looking in the Certification Authority MMC and IIS Manager on all my servers and checking in the load balancer I cannot find the expired certificate.
Where else should I look for it?