I ran to an interesting issue today. Customer replaced Public Edge server certificate (fortunately in lab) and all of a sudden federation broke.
We saw in the edge traces "SIP/2.0 488 Compression algorithm refused". Interesting, isn't it?
Here I have to mention that the customer uses VeriSign as certificate issuer. In the past, the certificates were signed by VeriSign Intermediate Certificate Authority and never had issues with it. The current certificate, however, was signed by "Symantec Class 3 Secure Server CA - G4".
The issuer itself is not a problem. However, this article - https://technet.microsoft.com/en-us/library/gg398066.aspx states: "All certificates must be signed using a signing algorithm supported by the operating system. Lync Server 2013 supports the SHA-1 and SHA-2 suite of digest sizes (224, 256, 384 and 512-bit)... ".
When the certificate was reviewed, we found that it was signed with signature algorithm "sha256RSA".
Federated Lync Edge servers did not liked this Signature Algorithm, resulting "SIP/2.0 488 Compression algorithm refused"
After the certificate was re-issued from Intermediate Authority, where the acceptable (sha1) algoritm was used, federation was re-established.
The moral of the story is -
