Configure OAuth authentication with AzureAD PowerShell Module

Looks like Lync/SfB PowerShell scripts - UC Lobby wasn't the last post for Skype for Business... While looking into a request to update the OAuth certificate I found some notes for an unpublished blog post. Here is that blog post with some additional information how to remove expired OAuth certificates. We already have detailed steps … Continue reading Configure OAuth authentication with AzureAD PowerShell Module

Lync/SfB Server: Certificate assignment location

Usually to check the Lync/SfB Server assigned certificates we simply use the Certificate Wizard (Step 3 in the Lync/SfB Deployment Wizard): Or we can also use a PowerShell cmdlet: Get-csCertificate https://docs.microsoft.com/powershell/module/skype/get-cscertificate However, there is another way... We can go directly to where the assigned certificates information is located. The certificate assignment is stored in XML, … Continue reading Lync/SfB Server: Certificate assignment location

Lync/SfB Server: Quickly access the Certificate Store

In a previous post we wrote about the Checks to do in the Lync/Skype for Business Server Certificate Store, however, sometimes we might also want to manually check it using the Certificate Store MMC. Since Windows Server 2012 and Windows 8 we can quick access the Certificate Store MMC, for Local Computer and Current User, using Command Prompt/PowerShell or the … Continue reading Lync/SfB Server: Quickly access the Certificate Store

Lync/SfB Server: Event 41026, LS Data MCU after May 2017 .NET Framework update

Update 2017/06/28 – In Workaround #1 we also need to request new Front End certificates with Client and Server authentication in the EKU. Recently we notice that Lync Server 2010/2013 and Skype for Business Server 2015 Front Ends were generating the Events 41025 and immediately after the Event 41026: Log Name: Lync Server Source: LS … Continue reading Lync/SfB Server: Event 41026, LS Data MCU after May 2017 .NET Framework update

Lync/SfB Server: OAuthTokenIssuer, Assigned certificate not found or untrusted.

In a recent support case the OAuth certificate was missing in one of the Front Ends: We also notice the Missing message in the Deployment Wizard Step 3, for the OAuth certificate: And in PowerShell we had the following error when we tried to check the certificates: Get-CsCertificate https://technet.microsoft.com/en-us/library/gg398227.aspx Get-CsCertificate : OAuthTokenIssuer: Assigned certificate not found … Continue reading Lync/SfB Server: OAuthTokenIssuer, Assigned certificate not found or untrusted.

Lync Phone Edition now supports SHA-2 certificates

In a previous post, we discussed resigning certificates with SHA-2: Certificate re-key to change signature algorithm in Lync Server (SHA-1 to SHA-2) Some users raised a concern about the SHA-2 supportability for Lync Phone Edition. This support (SHA-2) was included in the December 2015 update for Lync Phone Edition: This update for Microsoft Lync Phone … Continue reading Lync Phone Edition now supports SHA-2 certificates

PSScript: Lync/SfB Server Certification Store Validation

In a previous post, we published the checks/validations that we should do in the Certification Store in the Lync/SfB servers. Checks to do in the Lync/SfB Certificate Store We decided to write a PowerShell with all these checks to make it simple to use. The script will be kept in sync with the post, meaning that … Continue reading PSScript: Lync/SfB Server Certification Store Validation

Checks to do in the Lync/SfB Server Certificate Store

Update 2023/04/17 - Script available at PowerShell Gallery Install-Script Test-CertificateStore Test-CertificateStore Update 2019/06/10 - Added Check #7 for expired certificates. The checks described in this article are the result of what we normally check during troubleshooting. Some of these already have specific error events, but the objective here is to try to avoid that these … Continue reading Checks to do in the Lync/SfB Server Certificate Store

Reassign the private key after deleting a certificate from the snap-in

In case we delete, by mistake, a certificate using the Certificate snap-in, we can still restore it. In order to do this, we need to import the certificate again and reassign the stored private key to it, without having to create a new request. The following article was published for IIS, but it also applies to Lync/SfB Server … Continue reading Reassign the private key after deleting a certificate from the snap-in

Merge certificate public and private key with OpenSSL

This post isn't about Lync Server/Skype for Business Server, but we think it will be a good reference for people that work with Lync/Skype. When we do an offline certificate request, we will get an .REQ file that looks like this: -----BEGIN NEW CERTIFICATE REQUEST----- ################################### -----END NEW CERTIFICATE REQUEST----- Then we use public or private CA … Continue reading Merge certificate public and private key with OpenSSL