Lync/Skype4B Server: OAuthTokenIssuer, Assigned certificate not found or untrusted.

In a recent support case the OAuth certificate was missing in one of the Front Ends:


We also notice the Missing message in the Deployment Wizard Step 3, for the OAuth certificate:


And in PowerShell we had the following error when we tried to check the certificates:



Get-CsCertificate : OAuthTokenIssuer: Assigned certificate not found or untrusted. Check that the certificate exists
in the certificate store, that it is not expired and that the certificate chain is valid.

Since the OAuth certificate is a Global setting and it’s replicated, we don’t need to request a new one.

To restore the OAuth certificate, we simply need to restart the Lync/SfB Server Replica Replicator Agent:


During start-up the Replica Replicator Agent will add the OAuth certificate again to the Computer Certificate Store:


We can also check the Deployment Wizard Step 3, to confirm that the correct certificate will be displayed:


For reference, here is the PowerShell output:

Get-CsCertificate -Type OAuthTokenIssuer