When I have been deploying Lync on to existing domains that use an internal DNS name that is not verifiable on the internet I have been receiving the following error when I run an internally trusted certificate on all Lync internal services and an externally trusted one on the external services.[error]Error from LS Data MCU; Event ID: 41029
Event logged each 30 minutes after computer start, or Lync services start.
Event details: No connectivity with the Lync Web App. Affected Web browser clients cannot use Web Conferencing modality.
Server Machine FQDN: <FQDN of FrontEnd Server>, Port:8061
Server Type: External-WebApp-Edge [HTTP side error:The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.] If the problem persists this event will be logged again after 20 minutes
Cause: Service may be unavailable or Network connectivity may have been compromised.[/error]
I did some digging around and found that the service that listens on this port is the External Reach service, this when you look in IIS Application Pools is set to start OnDemand so it doesn't start until someone connects externally.
To overcome this I changed the start type to AlwaysStart however it doesn't make any difference to the error message.
The easiest way to remedy this is to access this site, https://FEServer:4443/reach for each Front End server after any reboot or configure an external verifier as part of your monitoring solution.