Our Lync 2013 Enterprise Edition Front End Pool consists of 3 servers dispersed globally.
We had some issues where users weren't able to join Lync meetings and determined there was a certificate issue on one of the FE's.
That was resolved, but now for some reason the other 2 FE's now show missing OAuthTokenIssuer certificates despite it showing correctly on the 3rd.
EXAMPLE GOOD SERVER IN THE POOL:
EXAMPLE BAD SERVER IN THE POOL:
My understanding from TechNet's article Assigning a server-to-server authentication certificate to Microsoft Lync Server 2013 states:
Lync Server's replication service will then automatically create a set of scheduled tasks that will decrypt and deploy the certificate to all your Front End Servers.
So I'm lost as to why the other 2 FE servers aren't showing the OAuth cert anymore, when they were yesterday? I would restart the FE services but my experience in the past has been that it won't come back up if it doesn't see valid certs.
Is there a way to determine what happened to these certs on the problem FEs? Potential log files or Powershell commands? I've tried Get-CsCertificate -Type OAuthTokenIssuer
to no avail, it reports back an error finding the cert.
Best Answer
TROUBLESHOOTING
The following cmdlets were ran on the 3 FE’s:
Get-CSManagementStoreReplicationStatus
= Returned expected positive resultsInvoke-CSManagementStoreReplication
= Ran and waited for replicationGet-CSManagementStoreReplicationStatus
againGet-CsCertificate –Type OAuthTokenIssuer
= Failed to find cert stillANSWER
In the end however, the simplest answer is usually the best. Since the Lync Deployment Wizard has a step, STEP 1, that grabs all the replication certs from the Central Store, I went ahead and rand that Step again from the Deployment Wizard on the two problematic Front End servers. The results showed successful, and when I went and looked again the cert was now there.
Hope that helps someone else.