Lync/SfB Server: Certificate assignment location

Usually to check the Lync/SfB Server assigned certificates we simply use the Certificate Wizard (Step 3 in the Lync/SfB Deployment Wizard): Or we can also use a PowerShell cmdlet: Get-csCertificate https://docs.microsoft.com/powershell/module/skype/get-cscertificate However, there is another way... We can go directly to where the assigned certificates information is located. The certificate assignment is stored in XML, … Continue reading Lync/SfB Server: Certificate assignment location

Lync/SfB: Quickly access the Certificate Store

In a previous post we wrote about the Checks to do in the Lync/Skype for Business Server Certificate Store, however, sometimes we might also want to manually check it using the Certificate Store MMC. Since Windows Server 2012 and Windows 8 we can quick access the Certificate Store MMC, for Local Computer and Current User, using Command Prompt/PowerShell or the … Continue reading Lync/SfB: Quickly access the Certificate Store

Lync/SfB Server: Event 41026, LS Data MCU after May 2017 .NET Framework update

Update 2017/06/28 – In Workaround #1 we also need to request new Front End certificates with Client and Server authentication in the EKU. Recently we notice that Lync Server 2010/2013 and Skype for Business Server 2015 Front Ends were generating the Events 41025 and immediately after the Event 41026: Log Name: Lync Server Source: LS … Continue reading Lync/SfB Server: Event 41026, LS Data MCU after May 2017 .NET Framework update

Lync/SfB Server: OAuthTokenIssuer, Assigned certificate not found or untrusted.

In a recent support case the OAuth certificate was missing in one of the Front Ends: We also notice the Missing message in the Deployment Wizard Step 3, for the OAuth certificate: And in PowerShell we had the following error when we tried to check the certificates: Get-CsCertificate https://technet.microsoft.com/en-us/library/gg398227.aspx Get-CsCertificate : OAuthTokenIssuer: Assigned certificate not found … Continue reading Lync/SfB Server: OAuthTokenIssuer, Assigned certificate not found or untrusted.

PSScript: Lync/SfB Server Certification Store Validation

In a previous post, we published the checks/validations that we should do in the Certification Store in the Lync/SfB servers. Checks to do in the Lync/SfB Certificate Store We decided to write a PowerShell with all these checks to make it simple to use. The script will be kept in sync with the post, meaning that … Continue reading PSScript: Lync/SfB Server Certification Store Validation

Checks to do in the Lync/SfB Server Certificate Store

Update 2019/06/10 - Added Check #7 for expired certificates. The checks described in this article are the result of what we normally check during troubleshooting. Some of these already have specific error events, but the objective here is to try to avoid that these events occur. We plan to keep the post updated and add … Continue reading Checks to do in the Lync/SfB Server Certificate Store

Reassign the private key after deleting a certificate from the snap-in

In case we delete, by mistake, a certificate using the Certificate snap-in, we can still restore it. In order to do this, we need to import the certificate again and reassign the stored private key to it, without having to create a new request. The following article was published for IIS, but it also applies to Lync/SfB Server … Continue reading Reassign the private key after deleting a certificate from the snap-in

Merge certificate public and private key with OpenSSL

This post isn't about Lync Server/Skype for Business Server, but we think it will be a good reference for people that work with Lync/Skype. When we do an offline certificate request, we will get an .REQ file that looks like this: -----BEGIN NEW CERTIFICATE REQUEST----- ################################### -----END NEW CERTIFICATE REQUEST----- Then we use public or private CA … Continue reading Merge certificate public and private key with OpenSSL

Request/Renewing Skype for Business Server 2015 Certificates

Here are the steps to request or renew certificates in Skype for Business Server 2015. Most of the steps are similar to Lync Server 2010/2013, so to start let's go to the well-known Deployment Wizard Step 3 and click Run or Run Again (depending on if you are requesting for the first time or renewing … Continue reading Request/Renewing Skype for Business Server 2015 Certificates

Lync Server 2013: Event 31007 LS Certificate Manager

It is really important to regularly check the Event Viewer for Warnings/Errors (or to use System Center Operation Manager to do it for you). In one of these checks, the following event was found: Log Name: Lync Server Source: LS Certificate Manager Date: 06/10/2014 02:29:30 Event ID: 31007 Task Category: (1016) Level: Warning Keywords: Classic … Continue reading Lync Server 2013: Event 31007 LS Certificate Manager