Our Lync 2013 Enterprise Edition Front End Pool consists of 3 servers dispersed globally.
Preventing Lync Server certificate expiration. Content provided by Microsoft. Applies to: Lync Server 2010 Standard Edition Lync Server 2010 Enterprise Edition Lync Server 2010, Group Chat Lync Server 2013 More. Select Product Version. Note You can also request a certificate from an internal CA.
We had some issues where users weren't able to join Lync meetings and determined there was a certificate issue on one of the FE's.
That was resolved, but now for some reason the other 2 FE's now show missing OAuthTokenIssuer certificates despite it showing correctly on the 3rd.
EXAMPLE GOOD SERVER IN THE POOL:
EXAMPLE BAD SERVER IN THE POOL:
My understanding from TechNet's article Assigning a server-to-server authentication certificate to Microsoft Lync Server 2013 states:
![Internal Internal](http://2.bp.blogspot.com/-E-iRF24aFts/U_2beD8NCKI/AAAAAAAABKI/xjLek0zmKCg/s1600/04.jpg)
Lync Server's replication service will then automatically create a set of scheduled tasks that will decrypt and deploy the certificate to all your Front End Servers.
So I'm lost as to why the other 2 FE servers aren't showing the OAuth cert anymore, when they were yesterday? I would restart the FE services but my experience in the past has been that it won't come back up if it doesn't see valid certs.
Is there a way to determine what happened to these certs on the problem FEs? Potential log files or Powershell commands? I've tried
Get-CsCertificate -Type OAuthTokenIssuer
to no avail, it reports back an error finding the cert.TheCleaner
TheCleanerTheCleaner28.4k2323 gold badges111111 silver badges183183 bronze badges
1 Answer
TROUBLESHOOTING
The following cmdlets were ran on the 3 FE’s:
Get-CSManagementStoreReplicationStatus
= Returned expected positive resultsInvoke-CSManagementStoreReplication
= Ran and waited for replication- All 3 servers returned true expected results after running
Get-CSManagementStoreReplicationStatus
again Get-CsCertificate –Type OAuthTokenIssuer
= Failed to find cert still
ANSWER
In the end however, the simplest answer is usually the best. Since the Lync Deployment Wizard has a step, STEP 1, that grabs all the replication certs from the Central Store, I went ahead and rand that Step again from the Deployment Wizard on the two problematic Front End servers. The results showed successful, and when I went and looked again the cert was now there.
Hope that helps someone else.
TheCleaner![Renew Lync 2013 Edge Internal Certificate Renew Lync 2013 Edge Internal Certificate](https://msdnshared.blob.core.windows.net/media/2013/09/renew5.jpg)
28.4k2323 gold badges111111 silver badges183183 bronze badges