Skype for Business and Lync Servers certificate report

Standard

This is a cross-post with Guy Bachar’s blog, of a script we wrote back in August 2014 and that went through some technical (mostly Guy) and cosmetic (mostly yours truly) updates.

Report

This script will generate an HTML report of all Skype for Business \ Lync servers’ certificates, and you can even use it to send periodical emails.

As the new script supports contacting your Edge servers, there are some prereqs involved:

1. Enable Trusted Hosts on the Front-End server you’re running the script from:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value “*” -Force

2. Enable HTTP Compatibility Listener on all Edge servers:

Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value True

The script is pretty straight forward, all you have to do is run it form a local folder on your FE server with elevated permissions.
However, this will only give you the FE’s certificates.
Guy was smart enough to create the following additions:

-EdgeCertificates and -OWASCertificates

You can run either or both, and they will give you information about your Office Web Apps Servers’ certificates (-OWASCertificates) and your Edge Servers’ certificates (-EdgeCertificates).
When using the -EdgeCertificates option, you’ll be prompted to enter your Edge Server’s credentials.

Command

Visit Guy’s post for further information.

The script can be downloaded here, and we’ll love to hear your feedback.

Advertisements

5 thoughts on “Skype for Business and Lync Servers certificate report

  1. Richard

    Would it be impossible to include at least some rudimentary info about the certificates of TLS-based PSTNgateways?

    • It’s on our to do list, we’re looking for a way to pull certificate information based on a given port, but i’m not sure how easy it’s gonna be 🙂

  2. davidchr

    I just ran this script with the -OWASCertificates switch unfortunately we have a 4 server WAC Farm with the cn of the cert as a hostname resolving to the F5 in front of the WAC servers. Im guessing that the OWAS switch uses the cn and assumes its the FQDN of the WAC server.

    • Hey David,
      The script is based on the Lync/SfB topology and unfortunately the topology does not include the actual OWAS server if those are behind an HLB.
      So what the script does is just pinging and trying to connect to the HLB IP which then just load balances between one of the servers in the pool and retriving the certificate information from
      that.

      We are currently looking for another solution, maybe once we’ll be able to get to one of the OWAS server we’ll run some other commands to get the list of all servers in the OWAS pool first.

      But that’s great feedback, thank you!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s