Lync Client: Certificate Authentication Problem
Very often I'm ask about this problem:
English:
Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?
German:
Lync kann nicht überprüfen, ob der Server für Ihre Anmeldeadresse vertrauenswürdich ist. Trotzdem verbinden?
Explanation:
Lync Client 2013 has an additional safety check implemented.
This verify the users SIP Domain with the FQDN of Lync server where the user tries to connect with.
In the most customer environments, the SIP domain is different from the Active Directory domain. It usual and normal. Possible the SIP domain will match the SMTP domain, so user can easily experience Unified Communication, and the communication addresses are the identically.
If you are in an lager enterprise, it's quiet a hassle if all users would have to click the acknowledgement. We need a solution!
How to solve this problem, there are two methods
A manual way and a GPO based solution.
If you are adjusting the Lync Client manually, you have to navigate to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync
here you need to modify or add the "new String Value" TrustModelData
in this key, you need to add the server listed in the warning.
e.g. lyncpool.domain.sip
the second method by using the group policy:
add the registry settings in, e.g. the default domain policy or a dedicated client policy.
(possible: you implement the Office 2013 Administrative Template)
References:
TechNet German: http://support.microsoft.com/kb/2833618/de
TechNet English: http://support.microsoft.com/kb/2833618/en-us
Office 2013 ADMX: http://www.microsoft.com/en-us/download/details.aspx?id=35554
Author: Thomas Pött Managing Consultant Microsoft UC
English:
Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?
German:
Lync kann nicht überprüfen, ob der Server für Ihre Anmeldeadresse vertrauenswürdich ist. Trotzdem verbinden?
Explanation:
Lync Client 2013 has an additional safety check implemented.
This verify the users SIP Domain with the FQDN of Lync server where the user tries to connect with.
In the most customer environments, the SIP domain is different from the Active Directory domain. It usual and normal. Possible the SIP domain will match the SMTP domain, so user can easily experience Unified Communication, and the communication addresses are the identically.
If you are in an lager enterprise, it's quiet a hassle if all users would have to click the acknowledgement. We need a solution!
How to solve this problem, there are two methods
A manual way and a GPO based solution.
If you are adjusting the Lync Client manually, you have to navigate to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync
here you need to modify or add the "new String Value" TrustModelData
in this key, you need to add the server listed in the warning.
e.g. lyncpool.domain.sip
the second method by using the group policy:
add the registry settings in, e.g. the default domain policy or a dedicated client policy.
(possible: you implement the Office 2013 Administrative Template)
References:
TechNet German: http://support.microsoft.com/kb/2833618/de
TechNet English: http://support.microsoft.com/kb/2833618/en-us
Office 2013 ADMX: http://www.microsoft.com/en-us/download/details.aspx?id=35554
Author: Thomas Pött Managing Consultant Microsoft UC
dear thomas
ReplyDeletei cannot logging from work group system. it asking for certificates which is i all ready installed still giving me error.
Hi John,
Deleteyou need the root certificate from your internal PKI installed on this WG Clients