Usually to check the Lync/SfB Server assigned certificates we simply use the Certificate Wizard (Step 3 in the Lync/SfB Deployment Wizard): Or we can also use a PowerShell cmdlet: Get-csCertificate https://docs.microsoft.com/powershell/module/skype/get-cscertificate However, there is another way... We can go directly to where the assigned certificates information is located. The certificate assignment is stored in XML, … Continue reading Lync/SfB Server: Certificate assignment location
In a previous post we wrote about the Checks to do in the Lync/Skype for Business Server Certificate Store, however, sometimes we might also want to manually check it using the Certificate Store MMC. Since Windows Server 2012 and Windows 8 we can quick access the Certificate Store MMC, for Local Computer and Current User, using Command Prompt/PowerShell or the … Continue reading Lync/SfB: Quickly access the Certificate Store
Update 2017/06/28 – In Workaround #1 we also need to request new Front End certificates with Client and Server authentication in the EKU. Recently we notice that Lync Server 2010/2013 and Skype for Business Server 2015 Front Ends were generating the Events 41025 and immediately after the Event 41026: Log Name: Lync Server Source: LS … Continue reading Lync/SfB Server: Event 41026, LS Data MCU after May 2017 .NET Framework update
In a recent support case the OAuth certificate was missing in one of the Front Ends: We also notice the Missing message in the Deployment Wizard Step 3, for the OAuth certificate: And in PowerShell we had the following error when we tried to check the certificates: Get-CsCertificate https://technet.microsoft.com/en-us/library/gg398227.aspx Get-CsCertificate : OAuthTokenIssuer: Assigned certificate not found … Continue reading Lync/SfB Server: OAuthTokenIssuer, Assigned certificate not found or untrusted.
In a previous post, we published the checks/validations that we should do in the Certification Store in the Lync/SfB servers. Checks to do in the Lync/SfB Certificate Store We decided to write a PowerShell with all these checks to make it simple to use. The script will be kept in sync with the post, meaning that … Continue reading PSScript: Lync/SfB Server Certification Store Validation
Update 2019/06/10 - Added Check #7 for expired certificates. The checks described in this article are the result of what we normally check during troubleshooting. Some of these already have specific error events, but the objective here is to try to avoid that these events occur. We plan to keep the post updated and add … Continue reading Checks to do in the Lync/SfB Server Certificate Store
In case we delete, by mistake, a certificate using the Certificate snap-in, we can still restore it. In order to do this, we need to import the certificate again and reassign the stored private key to it, without having to create a new request. The following article was published for IIS, but it also applies to Lync/SfB Server … Continue reading Reassign the private key after deleting a certificate from the snap-in