Lync/SfB Server: OAuthTokenIssuer, Assigned certificate not found or untrusted.

In a recent support case the OAuth certificate was missing in one of the Front Ends:

We also notice the Missing message in the Deployment Wizard Step 3, for the OAuth certificate:

And in PowerShell we had the following error when we tried to check the certificates:


Get-CsCertificate : OAuthTokenIssuer: Assigned certificate not found or untrusted. Check that the certificate exists
in the certificate store, that it is not expired and that the certificate chain is valid.

Since the OAuth certificate is a Global setting and it’s replicated, we don’t need to request a new one.

To restore the OAuth certificate, we simply need to restart the Lync/SfB Server Replica Replicator Agent:

During start-up the Replica Replicator Agent will add the OAuth certificate again to the Computer Certificate Store:

We can also check the Deployment Wizard Step 3, to confirm that the correct certificate will be displayed:

For reference, here is the PowerShell output:

Get-CsCertificate -Type OAuthTokenIssuer


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.