0

Our Lync 2013 Enterprise Edition Front End Pool consists of 3 servers dispersed globally.

We had some issues where users weren't able to join Lync meetings and determined there was a certificate issue on one of the FE's.

That was resolved, but now for some reason the other 2 FE's now show missing OAuthTokenIssuer certificates despite it showing correctly on the 3rd.

EXAMPLE GOOD SERVER IN THE POOL: enter image description here

EXAMPLE BAD SERVER IN THE POOL: enter image description here

My understanding from TechNet's article Assigning a server-to-server authentication certificate to Microsoft Lync Server 2013 states:

Lync Server's replication service will then automatically create a set of scheduled tasks that will decrypt and deploy the certificate to all your Front End Servers.

So I'm lost as to why the other 2 FE servers aren't showing the OAuth cert anymore, when they were yesterday? I would restart the FE services but my experience in the past has been that it won't come back up if it doesn't see valid certs.

Is there a way to determine what happened to these certs on the problem FEs? Potential log files or Powershell commands? I've tried Get-CsCertificate -Type OAuthTokenIssuer to no avail, it reports back an error finding the cert.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188

1 Answers1

1

TROUBLESHOOTING

The following cmdlets were ran on the 3 FE’s:

  • Get-CSManagementStoreReplicationStatus = Returned expected positive results
  • Invoke-CSManagementStoreReplication = Ran and waited for replication
  • All 3 servers returned true expected results after running Get-CSManagementStoreReplicationStatus again
  • Get-CsCertificate –Type OAuthTokenIssuer = Failed to find cert still

ANSWER

In the end however, the simplest answer is usually the best. Since the Lync Deployment Wizard has a step, STEP 1, that grabs all the replication certs from the Central Store, I went ahead and rand that Step again from the Deployment Wizard on the two problematic Front End servers. The results showed successful, and when I went and looked again the cert was now there.

Hope that helps someone else.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • 1
    Confirmed, re-running the first server deployment step ("Install Local Configuration Store") forces a full download of the up-to-date topology and common certificates. – Massimo May 26 '15 at 20:56