"There was a problem verifying the certificate from the server" - OCS client
-
Wednesday, June 15, 2011 6:31 PMHello
Running OCS 2007 R2 client with OCS 2007 R2 backend.
I have a client machine with OCS installed and the user cannot use OCS since when they try to login, they receive the message
"There was a problem verifying the certificate from the server"
If she logs into another machine, it works fine, so problem with this machine only relating to the certificate.
Does anyone know how I can fix this?
OS is Windows XP
All Replies
-
Wednesday, June 15, 2011 7:28 PM
Joe
Is the client machine a member of the domain? It sounds like the Lync client does not trust the server certificate. If this is issued from an internal CA then it (the CA) will be trusted by domain joined machines. If the client machine is not a member of the domain, you need to export the root certificate from the CA and install it on the client machine under the computer account as a trusted certificate.
Mike
If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks
MCITP: Lync, Exchange 2010 & Server Administrator
Blog- Proposed As Answer by Charbel Hanna Thursday, June 16, 2011 10:07 AM
-
Wednesday, June 15, 2011 7:45 PMCan other users log on to Lync on this machine? Is the time correct on the client and the server? You can view the certificate store using the Certificates MMC snap-in (select the computer account) and check the internal CA is in the intermediate certificates store - compare with a working machine.
Mike
If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks
MCITP: Lync, Exchange 2010 & Server Administrator
Blog -
Wednesday, June 15, 2011 8:08 PM
Hi Michael
The problem seems to be that machine itself (it's on the smae domain as all others though). User can access OCS fine from another machine, and othres have the same issue when using that machine.
The time is correct on server/client.
So I need to open the Cert MMC > Intermediate Certs Authority > Certificates
And check for what exactly?
-
Wednesday, June 15, 2011 9:10 PM procedure to view certificates is here. Check the trusted root certification authorities for your domain CA. If you need to install the root certificate, check this thread.
Mike
If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks
MCITP: Lync, Exchange 2010 & Server Administrator
Blog- Proposed As Answer by Noya LauModerator Tuesday, June 21, 2011 2:22 AM
- Marked As Answer by Noya LauModerator Wednesday, June 22, 2011 1:56 AM
-
Friday, June 17, 2011 8:05 AMModerator
Hi, Joe,
Any update?
And you can manually import the trusted Root (CA) certificate as follows:
1. In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
2. Expand Trusted Root Certification Authorities, and then click Certificates.
3. Right-click Certificates, select All Tasks, and then click Import.
More info, please refer to this document. And hope useful.
Please remember to click “Mark As Answer” on the post that helps you, and to click “Unmark As Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Saturday, April 28, 2012 12:21 AM
I battled with this too and found a really stupid answer.
The one machine that threw up the certificate errors had been manually configured using the IP address of the Lync server.
Replaced IP address with FQDN <lyncserver.subdomain.mycompany.com> and it logged right in.
I started going that direction after I enabled the logging in Lync and looked in the error logs on the problem system. The logs said the the certificate did not match the server and posted the IP address. Lots of things preferr FQDN when HTTPS is involved. :>)
I felt pretty silly when I finally figured this one out.
- Proposed As Answer by Mr. Router Saturday, April 28, 2012 12:22 AM
.png)
