0

Just got my Lync server deployed on Windows Server 2008 R2 and am trying to connect via Lync client on a different machine. When attempting to sign in, the client throws an error saying "Cannot sign in to Lync: There was a problem verifying the certificate from the server.".

Looking deeper, into the client box's event viewer, I see the following error "The certificate received from the remote serer was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate. ....

My organization has an internal CA, which is in charge of issuing all required certificates to the Lync server. My client box has installed the internal CA (root) as a trusted CA provider. To me, this should cause any certificates that issues, including the Lync certificates, to be trusted.

I installed Lync client on the same box that Lync server is hoted, and am able to log in fine. My error only occurs when connecting from another box.

Can someone shed some light? Thanks!

kmehta
  • 50
  • 1
  • 9

1 Answers1

0

Maybe your server is using a self-signed-cert rather then one issued from your CA.

What certificate did you assign with the Lync server Certificate Wizard in the deployment wizard? That's the one the client's will see when connecting. If you used the same certificate for all three services in the Certificate Wizard, then you can test if the client trusts the cert or it's root by web browsing to the web services URL from the client machine i.e. pull up the admin console: https://hostname.domain.com/cscp for standard Ed or enterprise ed: https://poolname.domain.com/cscp

In IE you can actually look at the cert the server is sending to the client and view any warnings the client has about the cert (I don't know how to see the incoming certificate from Lync client).

Bret Fisher
  • 3,973
  • 2
  • 21
  • 25
  • Thanks for the reply. We requested a cert from our internal CA and then used that cert in the Lync server Cert Wizard. I also added this cert to the Trusted Certificate Authorities cert location on my client machine. The wizard then created certs for the three services...but I'm still failing cert verification, even from the browser like you suggested. I am able to view the cert from the browser, and it is the one I installed in the trusted node. I am missing something... – kmehta Mar 23 '11 at 15:57
  • in IE, what is the reason it tells you it's failing cert? If you click the lock what's the error it gives? if you view cert from that drop down and look either first or last tab it should tell you why. – Bret Fisher Mar 23 '11 at 23:40
  • In IE, the error message is the following: There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. – kmehta Mar 24 '11 at 14:27
  • Got it working. Turns out that I was looking in the wrong place for the cert that was issued by the CA. Thanks for the help! – kmehta Mar 24 '11 at 15:20