Sunday, June 30, 2013

Lync Client: Certificate Authentication Problem

Very often I'm ask about this problem:

English:
Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?

German:
Lync kann nicht überprüfen, ob der Server für Ihre Anmeldeadresse vertrauenswürdich ist. Trotzdem verbinden?


Explanation:
Lync Client 2013 has an additional safety check implemented.
This verify the users SIP Domain with the FQDN of Lync server where the user tries to connect with.
In the most customer environments, the SIP domain is different from the Active Directory domain. It usual and normal. Possible the SIP domain will match the SMTP domain, so user can easily experience Unified Communication, and the communication addresses are the identically.

If you are in an lager enterprise, it's quiet a hassle if all users would have to click the acknowledgement. We need a solution!

How to solve this problem, there are two methods
A manual way and a GPO based solution.

If you are adjusting the Lync Client manually, you have to navigate to:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync
here you need to modify or add the "new String Value" TrustModelData
in this key, you need to add the server listed in the warning.
e.g. lyncpool.domain.sip

the second method by using the group policy:
add the registry settings in, e.g. the default domain policy or a dedicated client policy.
(possible: you implement the Office 2013 Administrative Template)


References:
TechNet German: http://support.microsoft.com/kb/2833618/de
TechNet English: http://support.microsoft.com/kb/2833618/en-us
Office  2013 ADMX: http://www.microsoft.com/en-us/download/details.aspx?id=35554

2 comments:

  1. dear thomas
    i cannot logging from work group system. it asking for certificates which is i all ready installed still giving me error.

    ReplyDelete
    Replies
    1. Hi John,
      you need the root certificate from your internal PKI installed on this WG Clients

      Delete