none
Lync 2013 FE Error : The specified directory service attribute or value does not exist RRS feed

  • Question

  • Hi Everyone

    I have a problem with lync 2013 OAuthTokenIssuer ca,  when i want assign  a ca to OAuthTokenIssuer i get this error:

    Command execution failed: The specified directory service attribute or value does not exist.

    I Restart The server but don't solve my problem

    Saturday, March 17, 2018 6:13 AM

All replies

  • Hi javad,

    Did you use internal CA published by ADCS or your use an public certificate?

    Are you including the SIP domain as an entry in the certificate Subject Name or SAN fields? (e.g. "contoso.com", simply including "sip.contoso.com" is not the same thing.)  This is required for the OAuth certificate.

    The OAuthTokenIssuer certificate is a global certificate. When you assign this certificate, it is replicated via the CMS and is assigned to all of the Lync Server 2013 servers that require OAuth. So please also check if the CMS replication is working properly. You can run Get-CsManagementStoreReplicationStatus to check it.


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, March 19, 2018 2:22 AM
    Moderator
  • Hi,

    Are there any update about this issue?


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, March 26, 2018 10:02 AM
    Moderator
  • Hi,

    Are there any update about this issue? If the reply is helpful to you, please mark it as an answer.

    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, April 2, 2018 8:17 AM
    Moderator
  • hi

    thanx for yor answer but my problem is persist and do not solve.

    i use internal CA published by ADCS.

    Thursday, June 7, 2018 3:44 AM
  • Hi

    No, The issue is persist

    Thursday, June 7, 2018 4:13 AM
  • Error: The specified directory service attribute or value does not exist.  
    ▼ Details
    └ Type: COMException
    └ ▼ Stack Trace
        └   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
    at System.DirectoryServices.DirectoryEntry.Bind()
    at System.DirectoryServices.DirectoryEntry.get_IsContainer()
    at System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container)
    at Microsoft.Incubation.Crypto.GroupKeys.ADRepository.EnumerateKeys()
    at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.FindNewestKey()
    at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.GetCurrentKeyAndUpdate(KeyPolicy& keyPolicy)
    at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.Protect(MemoryStream plaintext)
    at Microsoft.Rtc.Management.Internal.KeyManagement.GroupKeyWrapper.Encode(Byte[] inBytes)
    at Microsoft.Rtc.Management.Deployment.Core.Certificate.SetCMSCertificate(IScopeAnchor scope, X509Certificate2 foundCert, X509Certificate2Collection certs, Nullable`1 effectiveTime, Boolean isRoll)
    at Microsoft.Rtc.Management.Deployment.Core.Certificate.SetCMSCertificate(IScopeAnchor scope, String thumbprint, Nullable`1 effectiveTime, Boolean isRoll)
    at Microsoft.Rtc.Management.Deployment.Tasks.SetCertificateTask.Action()
    at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog(Action action)
     
     
       6/7/2018 7:22:36 AM   Error

     └    Error: An error occurred: "System.Runtime.InteropServices.COMException" "The specified directory service attribute or value does not exist.
     
    Thursday, June 7, 2018 5:55 AM
  • i've got the same, you solved it? 
    Thursday, August 23, 2018 1:36 PM
  • I get it, need domain admins rights.
    Thursday, August 23, 2018 2:30 PM
  • Is it a prerequisite to assign oAuthTokenIssuer to be Domain Admin?


    Monday, November 26, 2018 9:52 AM
  • Maybe not but with this right, the assignation has been done without any error. The log shows cmdlet that must be done with Advanced right.

    This has been done on SFB 2015

    Tuesday, November 27, 2018 7:58 PM
  • hi
    i solved that , after i install Lync Cumulative Update on lync FE .
    Good luck

    Monday, April 15, 2019 5:22 AM