none
Lync 2010 Certificate Issue - "There was a problem verifying your certificate from the server"

    Question

  • Greetings.

    My Issue:

    Lync 2010 client does not connect to server;error displayed "Cannot sign into Lync. There was a problem verifying the certificate from the server."

    Description:

    The client is running on my Windows 7 box, and my CA server is a Windows Server 2003 box. I have installed the hotfix on the Server 2003 box to update the Web Enrollment portion of CA to allow for newer clients (Vista and 7) to receive certificates from this server. 

    Lync server is running on Server 2008 R2 STD, installation was a success.

    The Windows 7 box is a part of the domain.

    I have manually exported the Root CA from my Enterprise CA server from Trusted Root Certification Authorities -> Certificates and imported into the same location on my Windows 7 box. 

    If I look at the certification path on the Root CA, on my Windows 7 box,  it says "The certificate is OK." The same goes for the servers involved. 

    Still nothing.

    I have read the other forum posts on here about people having success once they manually import the Root CA from the Enterprise CA server, but this is not my case here. 

    All certificates are successfully assigned on the Lync server box; however, I did have to manually import the Root CA into Lync server's Trusted Root Certification Authorities -> Certificates before I could successfully assign them. Had to do this on another deployment I completed, so I didn't think anything of it.

    To recap: it seems that even with my Root CA imported into my Windows 7 box I can still not connect to my Lync server with the client, and I get the error message "There was a problem verifying the certificate from the server."

     

    Wednesday, February 09, 2011 9:37 PM

Answers

  • I suppose you are talking about a Standard Edition setup?

    Are you using auto configuration for Lync client to connect (based on DNS SRV recors) or did you manually specify the server to connect? If you did this manually, did you provide the FQDN of the server?

    What is the common name and what are the Subject Alternative Names for the Lync certificate?


    Technical Specialist Microsoft OCS/Lync & UC Voice Specialisation - http://www.uwictpartner.be
    If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.
    • Marked as answer by MWAK Thursday, February 10, 2011 7:35 PM
    Thursday, February 10, 2011 7:29 PM

All replies

  • UPDATED:

    I was able to successfully log in using a Windows XP client, but only after I visited the Web Enrollment Certificate URL and chose to install the Certificate Chain. On Windows XP the hyper link "install this certificate chain" is available when I visit the following URL: http://%nameofmyCAserver%/certsrv, but on Windows 7 it is only text.

    Trying to identify if there's an available hotfix.

     

    Wednesday, February 09, 2011 10:32 PM
  • I also see this in my Windows 7 box's System Event log:

     

    The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is %LyncServerHostname%. The SSL connection request has failed. The attached data contains the server certificate.

     

     

    ** I typed in %LyncServerHostname% to replace my actual server hostname. **

    Wednesday, February 09, 2011 10:44 PM
  • I suppose you are talking about a Standard Edition setup?

    Are you using auto configuration for Lync client to connect (based on DNS SRV recors) or did you manually specify the server to connect? If you did this manually, did you provide the FQDN of the server?

    What is the common name and what are the Subject Alternative Names for the Lync certificate?


    Technical Specialist Microsoft OCS/Lync & UC Voice Specialisation - http://www.uwictpartner.be
    If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.
    • Marked as answer by MWAK Thursday, February 10, 2011 7:35 PM
    Thursday, February 10, 2011 7:29 PM
  • Hello, Ruben. Thanks for your response.

    Yes, this is a Standard Edition setup.

     

    I actually resolved the issue this morning, but haven't had time to come back here and close the question out. The resolution was that the Lync client was set to MANUAL configuration and I only had the hostname filled in when I should of been using the FQDN. I can't tell you how this client came to use manual configuration, but I was able to identify the issue once I enabled logging for the Lync client to the Windows Application event log. This is a very helpful feature. I wish I had noticed it yesterday!

     

    Thanks, again.

    Thursday, February 10, 2011 7:35 PM
  • Hello Reuben,

    We have just deployed Lync this week and are having the same exact issue.  Where is the MANUAL configuration set, where do you add the FQDN?  Is this in the Client SW settings somewhere? 

     

    Thanks

    Monday, March 21, 2011 9:54 PM
  • Just found it - I have sent the info to my colleague and will see if this gets results.  We may be back to square one ...
    Monday, March 21, 2011 10:25 PM
  • Greetings Fedora64, 

    Glad you found it. Let me know if it resolves your issue.

     

    MWAK

    Wednesday, March 23, 2011 6:04 PM
  • I have been running into the same issue. I cannot connect using my Windows 2003 Standard Server, but the Windows 7 computer connects just fine. I have the same certificates installed on both computers to the same stores.

    I have tried manually setting the SIP address, with the same result. The error changes if I import the Internal certificate to "Cannot verify credentials".

    The application and screen sharing still does not work remotely either (but just fine on the local LAN or VLAN).

    Any help would be greatly appreciated - I sure wish Micorsoft had a REAL how-to. Seems there are soo many 'hidden' options, features, and settings.

    Wednesday, May 02, 2012 2:28 PM
  • Any resolution on this.  I have added and deleted dns, tried ip address, server name, and automatic in the lync client.  I have used the enable-csuser (already enabled), issued certificates and re-ran wizards and I cannot get this to connect.  If i add ip address it gives me a cert error.  If i change to servername.com or server name it gives me a server temporarily unavailable.  HELP!
    Thursday, May 10, 2012 7:10 PM
  • Enter server name + FQDN name under manual config.

    open lync, file > tools > options > personal > advanced > manual configuration > internal server name/ip address:

    example: lyncsrv.domain.local or lyncsrv.domain.com

    Thursday, September 06, 2012 9:32 AM
  • I did manual config but there was  message when I try log on lync client message : there was problem verifying the certificate from the server
    Friday, October 26, 2012 12:02 PM
  • Solved

    Solution :  Export certificate from Lync Server Start > Administrative Tools > IIS > Server Certificate > Export >   abc.pfx   save it,  Copy and place the certificate where Ms Lync 2010 client is installed or getting certificate error.  Follow these steps on client machine to install certificate 

    Run > mmc > add or remove snap in > certificates > computer account > local computer >finish > ok > expand Certificate > Trusted Root Certification Authorities > Certificate > All task > Import > copy abc.pfx certificate and delete unnecessary certificate from there.

    Restart Client machine and open microsoft Lync client 2010 and open option menu > Personal > Advanced > choose Auto Configuration > save ok


    • Proposed as answer by inder7 Tuesday, May 14, 2013 11:21 AM
    Tuesday, May 14, 2013 10:56 AM