Command execution failed: The certificate of type “WebServicesExternal” cannot be assigned locally because it is assigned from the central management store

An interesting one today, something I didn’t think was possible, but apparently, it is!

A customer was able to assign an externally issued wildcard cert to the global scope, which like the OAuth certificate is stored in the Central Management Store and replicated to all servers. The result was that all Edge server and Front End servers all had this certificate assigned for their External services. When trying to change this via the Deployment Wizard I got the following error:

Checking things out from PowerShell, I could see things more clearly. Running the following command I could see all of the certificates scoped to “Global”:

Typically I would expect to only see the OAuth certificate here but in this case, External services across Front End and Edge servers were listed. I’m not sure whether or not this case should be possible, so if anyone knows please let us all know in the commands section below.

Here’s an example:

To get rid of the incorrectly assigned certificates I ran the following command for each “Use” I wanted to remove. In the examples case “Use” = “AccessEdgeExternal”:

After removing all the certs, I went back to the Deployment Wizard and was able to successfully assign all the correct certificates at the “Local” server scope:

Hope that helps someone out! Thanks for reading.

 

Andrew Morpeth
Andrew Morpethhttps://ucgeek.co/author/amorpeth/
Andrew is a Modern Workplace Consultant specialising in Microsoft technologies based in Auckland, New Zealand; Andrew is a Director and Professional Services Manager at Lucidity Cloud Services and a Microsoft MVP.

Related Articles

00:13:43

Skype for Business Response Groups Made Easy

Call Flow Manager for Skype for Business and Lync makes creating and managing Response Groups easy! No more bouncing between interfaces to configure a simple call flow. Call Flow Manager brings all the functionality of the Response Group service into a single user interface
00:13:30

Office 365 Backup with Synology NAS

There are many reasons that you may want to back up your Office 365 data. The most common reasons I see are data sovereignty...

Microsoft 365 Feature Roundup Dec 2020

Feature Roundup Presentation Microsoft 365 key feature releases and announcements for June to December 2020, in an easy to digest PowerPoint format.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Andrew Morpeth
Andrew Morpethhttps://ucgeek.co/author/amorpeth/
Andrew is a Modern Workplace Consultant specialising in Microsoft technologies based in Auckland, New Zealand; Andrew is a Director and Professional Services Manager at Lucidity Cloud Services and a Microsoft MVP.

Latest Articles

00:13:43

Skype for Business Response Groups Made Easy

Call Flow Manager for Skype for Business and Lync makes creating and managing Response Groups easy! No more bouncing between interfaces to configure a simple call flow. Call Flow Manager brings all the functionality of the Response Group service into a single user interface
00:13:30

Office 365 Backup with Synology NAS

There are many reasons that you may want to back up your Office 365 data. The most common reasons I see are data sovereignty...

Microsoft 365 Feature Roundup Dec 2020

Feature Roundup Presentation Microsoft 365 key feature releases and announcements for June to December 2020, in an easy to digest PowerPoint format.

My reading list for personal and professional development in 2020

If like me you are interested in personal and professional development, I thought I would share some of my top picks (as at 2020)....

Call reporting for Microsoft Teams Auto Attendants and Call Queues

Finally, we have the ability to run reports for Microsoft Teams Auto Attendants and Call Queues, albeit probably a little clunky for the average...