When Exchange Server 2013 is configured to connect to Lync / Skype for Business Server one of the steps is to create a partner application. When this is first run the partner application stores the certificate presented by Lync Server in the Active Directory configuration partition. If the certificate changes on the Lync Server then the Exchange Server will start to alert about this every 15 minutes with the following warning: MSExchange OAuth and Event ID 2008.
To fix this error we need to update the Active Directory configuration where the metadata info is kept (CN=LyncEnterprise-guid,CN=Partner Applications,CN=Auth Configuration,CN=Exchange Organization Name,CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=domain,DC=co,DC=uk)
To do this you need to start Exchange Management Shell on Exchange 2013 and remove the Lync partner application. Immediately after you have done this you can create the partner application again. The cmdlets for this are as follows:
is the same as you used when you first created the partner application. This is as follows:
- In the Exchange Management Shell confirm you have one Lync partner application with Get-PartnerApplication | FL
- In the Exchange Management Shell run Remove-PartnerApplication Lync* and then confirm that you want to do this.
- In the Exchange Management Shell, change directory to the Exchange scripts folder with cd $exscripts
- Then run the script to configure a new partner application. An example would be .\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl ‘https://lyncSrv.domain.co.uk/metadata/json/1’ -ApplicationType Lync where the URL points to the Lync server and contains a valid name for the certificate on the Lync Server.
This should return the following and report that the configuration has succeeded.
Your 2008 repeating errors in the Event Viewer will now be gone.
Does it effect users when I do this?
No – they do not notice