Lync/SfB Server: Event 41026, LS Data MCU after May 2017 .NET Framework update

Update 2017/06/28 – In Workaround #1 we also need to request new Front End certificates with Client and Server authentication in the EKU. Recently we notice that Lync Server 2010/2013 and Skype for Business Server 2015 Front Ends were generating the Events 41025 and immediately after the Event 41026: Log Name: Lync Server Source: LS… Read more

Lync/Skype4B Server: OAuthTokenIssuer, Assigned certificate not found or untrusted.

In a recent support case the OAuth certificate was missing in one of the Front Ends: We also notice the Missing message in the Deployment Wizard Step 3, for the OAuth certificate: And in PowerShell we had the following error when we tried to check the certificates: Get-CsCertificate Get-CsCertificate : OAuthTokenIssuer: Assigned certificate not found… Read more

Lync Phone Edition now supports SHA-2 certificates

In a previous post, we discussed resigning certificates with SHA-2: Certificate re-key to change signature algorithm in Lync Server (SHA-1 to SHA-2) Some users raised a concern about the SHA-2 supportability for Lync Phone Edition. This support (SHA-2) was included in the December 2015 update for Lync Phone Edition: This update for Microsoft Lync Phone… Read more

Checks to do in the Lync/Skype for Business Server Certificate Store

The checks described in this article are the result of what we normally check during troubleshooting. Some of these already have specific error events, but the objective here is to try to avoid that these events occur. We plan to keep the post updated and add more checks that we identify as useful. Also, we… Read more

The address ‘LyncEnterprise-ApplicationAccount@…’ isn’t a valid SMTP address

Integrating Lync Server 2013 and Exchange 2013 is usually a relative straight forward process. We just need to follow the steps described here: Integrating Microsoft Lync Server 2013 and Microsoft Exchange Server 2013 One of these steps is to run the script Configure-EnterprisePartnerApplication.ps1 on a Exchange PowerShell. This script will create a User and the Lync Server… Read more

Reassign the private key after deleting a certificate from the snap-in

In case we delete, by mistake, a certificate using the Certificate snap-in, we can still restore it. In order to do this, we need to import the certificate again and reassign the stored private key to it, without having to create a new request. The following article was published for IIS, but it also applies to Lync/Skype4B Server… Read more

Merge certificate public and private key with OpenSSL

This post isn’t about Lync Server/Skype for Business Server, but we think it will be a good reference for people that work with Lync/Skype. When we do an offline certificate request, we will get an .REQ file that looks like this: —–BEGIN NEW CERTIFICATE REQUEST—– ################################### —–END NEW CERTIFICATE REQUEST—– Then we use public or private CA to… Read more

Request/Renewing Skype for Business Server 2015 Certificates

Following the same idea as in the Renewing Lync Server 2010/2013 Certificates, here are the steps to request or renew certificates in Skype for Business Server 2015. Most of the steps are similar to Lync Server 2010/2013, so to start let’s go to the well-known Deployment Wizard Step 3 and click Run or Run Again (depending on if you are requesting for the first… Read more

Lync Server 2013: Event 31007 LS Certificate Manager

It is really important to regularly check the Event Viewer for Warnings/Errors (or to use System Center Operation Manager to do it for you). In one of these checks, the following event was found: Log Name: Lync Server Source: LS Certificate Manager Date: 06/10/2014 02:29:30 Event ID: 31007 Task Category: (1016) Level: Warning Keywords: Classic… Read more

Disabling SSL 3.0 in Lync Server 2013 and Skype for Business Server 2015

If you recently tried to check on a certificate on DigiCert – SSL Certificate Checker (, you may have noticed the following warning:   DigiCert added this verification due to a vulnerability that was discovered a few days ago. For more information about this vulnerability, check the following articles: Vulnerability Summary for CVE-2014-3566 This POODLE… Read more