After installing or renewing your DigiCert public certificate for your OCS 2007 Edge server(s), PIC stops functioning properly (however, Remote Access still works correctly).
This issue occurs if the certificate issued uses the Certificate Authority listed below:
Root: DigiCert Global CA (2048), Intermediate Root: Entrust.net Certificate Authority (2048)
It will work if DigiCert issues certificate from the Certificate Authority below:
Root: Entrust.net Secure Server Certificate Authority, Intermediate Root: DigiCert Global CA
DigiCert is aware of this issue, and is collaborating with Microsoft to ensure our mutual OCS customers experience minimal to no impact. DigiCert has made a change on their end to solve this problem moving forward.
If you are encountering this issue, you will need to reissue and replace any certificates which are issued from the “DigiCert Global CA (2048)” certificate. DigiCert has made a change so your replacement certificate(s) will descend from the correct Entrust.net root certificate for PIC. For help with any part of this process, please engage DigiCert support, either via web chat, phone, or e-mail at firstname.lastname@example.org.
After re-applying this certificate to your Edge server, and you still find that your PIC-related issues are still occurring, please restart Edge Front-End services first. Allow me to apologize for this up front; I understand this will require an “emergency service restart change request” for some of you.
If all this fails to resolve the PIC issue, please engage Microsoft Customer Support Services. Premier customers: please leverage your Technical Account Manager to initiate the case creation process.
Please be prepared to supply Edge Server logs, remote access via our EasyAssist applications from MSFT, and we will do our best to investigate and resolve this in a timely manner.
Kudos to Paul Tiemann @ DigiCert for his tenacity & helpfulness …