locked
SfB OWA Integration lost after OAuth certificate expired RRS feed

  • Question

  • Hello,

    I have lost my SfB OWA integration ("online meeting" - Icon and presence status) in the on prem environment (SfB 2015, Exchange 2013) after the OAuth Cert on Exchange side was expired.

    I instantly renewed it via ECP but still no OWA integration.

    Even creating a new one via powershell and authorizing it did not the trick.

    Checked OAuth on Skype side:

    get-CsOAuthConfiguration

    Identity                               : Global
    PartnerApplications                    : {Name=Exchange;ApplicationIdentifier=0
                                             0000002-0000-0ff1-ce00-000000000000;Re
                                             alm=contoso.com;ApplicationTrustLevel
                                             =Full;AcceptSecurityIdentifierInformat
                                             ion=False;Enabled=True}
    OAuthServers                           : {}
    Realm                                  :
    ServiceName                            : 00000004-0000-0ff1-ce00-000000000000
    ClientAuthorizationOAuthServerIdentity :
    ExchangeAutodiscoverUrl                : https://autodiscover.contoso.com/Auto
                                             discover/Autodiscover.svc
    ExchangeAutodiscoverAllowedDomains     :

    Checked connectivity on Exchange side:

    Test-CsExStorageConnectivity -SipUri "sip:jeff@contoso.com" -Verbose

    and it passes that test. I am wondering that SfB integration in Outlook 2016 on MAC (!) is not broken although this is doing only https as well. (On PC everything is fine, too).

    Any ideas on this?

    Wednesday, June 3, 2020 8:43 AM

Answers

  • Fixed by myself.

    On Skype-Server:

    Get-CsCertificate -Type OAuthTokenIssuer

    exported this cert via MMC and imported it into all Exchange servers in the DAG.

    • Marked as answer by F.One Wednesday, June 3, 2020 10:04 AM
    Wednesday, June 3, 2020 10:04 AM

All replies

  • Fixed by myself.

    On Skype-Server:

    Get-CsCertificate -Type OAuthTokenIssuer

    exported this cert via MMC and imported it into all Exchange servers in the DAG.

    • Marked as answer by F.One Wednesday, June 3, 2020 10:04 AM
    Wednesday, June 3, 2020 10:04 AM
  • Hi F.One!

    I am glad to hear you have resolved this issue.

    Here I will provide a brief summary of this post. This will make answer searching in the forum easier.

    <Issue Symptom>:

    User have lost SFB OWA integration in the on prem environment (SFB 2015, Exchange 2013) after the OAuth Cert on Exchange side was expired.

    <Possible cause>:

    OAuth certificate missing

    <Solution>:

    1.Running the command “Get-CsCertificate -Type OAuthTokenIssuer” to verify if server-to-server authentication has already been assigned to Skype for Business Server.

    2.Export this cert via MMC

    3.import the cert into all Exchange servers in the DAG.

    <Reference Links>:

    https://docs.microsoft.com/en-us/skypeforbusiness/manage/authentication/assign-a-server-to-server-certificate

    Best Regards,
    Jimmy Yang

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
    Thursday, June 4, 2020 7:01 AM