Office Communicator removes root ssl certificates

Within some environments and especially an RDS or Citrix based SBC environment, there can be a problem with the root SSL certificates when using Office Communicator 2007.

In my case:

The first user on serverA who starts the Office Communicator won’t have any problems, because it can use the imported root SSL certificate to secure the connection. The second user (on serverA) who starts the Office Communicator will have problems, because the Office Communicator in the first session probably tries to change something and the root certificate is removed.

why? good question, but even Microsoft doesn’t know why, but it happens.

Ok.. you can fix this by doing the following steps:

  1.  Login to the same server as the users
  2. Start regedit
  3. Go to: HKLM\Software\Microsoft\SystemCertificates\ROOT\Certificates
  4. Note which certificate ID’s are present
  5. Start the Office Communicator (as a user) on the same server
  6. Determine what certificate ID disappears (if nothing disappears, let a second user login)
  7. Reinstall the root certificate (the same ID will now appear)
  8. Give the user write rights to the root certificate registry key (the ID)
  9. Let the user start Office Communicator
  10. The BLOB value of the root certificate will change and will not be removed.
  11. Export the modified certificate with regedit
  12. Remove the write rights from the user account to the registry key.
  13. Let the user start Office Communicator and let an other user login on the same server and start Office Communicator
  14. No certificate errors!
  15. Import the exported regedit file on every server.
  16. Good luck!

Was once an enthusiastic PepperByte employee but is now working elsewhere. His blogs are still valuable to us and we hope to you too.