Command execution failed: The certificate of type “WebServicesExternal” cannot be assigned locally because it is assigned from the central management store

An interesting one today, something I didn’t think was possible, but apparently, it is!

A customer was able to assign an externally issued wildcard cert to the global scope, which like the OAuth certificate is stored in the Central Management Store and replicated to all servers. The result was that all Edge server and Front End servers all had this certificate assigned for their External services. When trying to change this via the Deployment Wizard I got the following error:

Checking things out from PowerShell, I could see things more clearly. Running the following command I could see all of the certificates scoped to “Global”:

Typically I would expect to only see the OAuth certificate here but in this case, External services across Front End and Edge servers were listed. I’m not sure whether or not this case should be possible, so if anyone knows please let us all know in the commands section below.

Here’s an example:

To get rid of the incorrectly assigned certificates I ran the following command for each “Use” I wanted to remove. In the examples case “Use” = “AccessEdgeExternal”:

After removing all the certs, I went back to the Deployment Wizard and was able to successfully assign all the correct certificates at the “Local” server scope:

Hope that helps someone out! Thanks for reading.

 

Andrew Morpethhttps://ucgeek.co/author/amorpeth/
Andrew is a Modern Workplace Consultant specialising in Microsoft technologies based in Auckland, New Zealand; Andrew is a Director and Professional Services Manager at Lucidity Cloud Services and a Microsoft MVP.

Related Articles

Azure Virtual Desktop vs Windows 365

Azure Virtual Desktop and Windows 365 are both cloud-based virtual desktop technologies provided by Microsoft. In this article we'll look at some of the key Azure Virtual Desktop vs Windows 365 differences.

Phishing Awareness Training for Office 365

Phishing Awareness Training for Office 365 is available in Microsoft Defender. It can test your user's awareness of this common scamming technique and provide learning tools to help them upskill.

Azure Virtual Desktop & Windows 365 Licencing Requirements

This article details the Microsoft Azure Virtual Desktop and Windows 365 licencing requirements.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Andrew Morpethhttps://ucgeek.co/author/amorpeth/
Andrew is a Modern Workplace Consultant specialising in Microsoft technologies based in Auckland, New Zealand; Andrew is a Director and Professional Services Manager at Lucidity Cloud Services and a Microsoft MVP.

Latest Articles

Azure Virtual Desktop vs Windows 365

Azure Virtual Desktop and Windows 365 are both cloud-based virtual desktop technologies provided by Microsoft. In this article we'll look at some of the key Azure Virtual Desktop vs Windows 365 differences.

Phishing Awareness Training for Office 365

Phishing Awareness Training for Office 365 is available in Microsoft Defender. It can test your user's awareness of this common scamming technique and provide learning tools to help them upskill.

Azure Virtual Desktop & Windows 365 Licencing Requirements

This article details the Microsoft Azure Virtual Desktop and Windows 365 licencing requirements.

Azure Virtual Desktop Review

This Azure Virtual Desktop review reveals a virtual desktop solution ready for the modern workplace. It's modern, fast, and scalable.

Azure Virtual Desktop Classic vs ARM

This article takes you through some of the differences between Azure Virtual Desktop Classic vs ARM, Microsoft's upgrade to AVD.