If you had configured the Lync 2013 Oauth token issuer, and then made changes, you may find you get a an rtc.managent error that says you cannot create the certificate in the Lync deployment wizzard. However if you run Get-CsCertificate -type OAuthTokenIssuer it is blank! This is a catch 22, that i happend to work myself out of one morning.
This did not work for everyone, so please look at it in context with the overall blog on this subject.
Here was my solution
1. Remove the Edge Server from the topology – republish
2. Generated a manual certificate request for a web cert from IIS (with private key)
3. Imported the private key to the DC root store and personal store on lync FE server
4. Started at the top of the depolyment wizzard and ran “install local configuration store” even though it says complete.
5. San setup or remove Lync Server Components again
6. Ran request, install, or assign Certificates.
7 selected my self signed cert with the name of “lyncfe.domain.com”
8. assigned it to the oauthTokenIssuer.
I dont know if steps 2 and three were altogher necessary, however, these are exactly the steps I followed. Feel free to please post if the oath req will succeed. I have a feeling it will.
Thats it! Oath seem to be working and I dont get the oauth certificate usages are not assigned error and i can now start the lync services.