Certificates sometimes expire… it happens! 🙂
But what happens if the certificate for your Office Online Server (OOS) or Office Web Apps Server (OWAS) farm expires and your farm is not available anymore?
Obviously, OOS farm and your Skype for Business, Exchange & SharePoint integration stops working. Next thing to do will be to renew the expired certificate.
But how?
My MVP colleague Andi Krüger did a nice blog post on updating the farm certificate, and it’s fairly simple – Set-OfficeWebAppsFarm -CertificateName “RenewedOOSInternalCertificate” should do the trick… if your farm is running.
If things got out of hand and your farm is not running anymore and you cannot use the Set-OfficeWebAppsFarm cmdlet (you’ll see that Office Online (WACSM) service is Stopped and cannot be brought back up with the expired certificate and your machine is showing that it’s no longer part of the farm), you’ll need to take a different approach, because you’ll be getting errors when running the above mentioned command (like “It does not appear this machine is part of an Office Online Server farm.” or similar).
WACSM Service is Stopped and and your machine is showing that it’s no longer part of the farm
One of the possible solutions would be:
- make a note of the Friendly Name of your old (expired) certificate (MMC or PowerShell) (in my case it’s called “OOSInternalCertificate“)
- remove the expired certificate
- renew/request/install the new certificate
- change the Friendly Name of a new certificate to match the previous one
- start the Office Online (WACSM) service or restart the machine
- (copy the certificate/do the procedure on other farm members, if needed)
Everything is back normal
Your farm operations should now be restored and you can run Get-OfficeWebAppsFarm cmdlet normally:
Or you can open up the farm’s discovery URL – if it’s rendering again, everything should be OK (in my case “https://oos.myfarm.local/hosting/discovery“):
Even the discovery works
Cheers!