locked
Lync Mobile with Windows Phone 8 RRS feed

  • Question

  • It seems that internal CA certificates are not installing on the Windows Phone 8 correctly. I have multiple windows phone 7 devices that connect to Lync mobile correctly after installing our CA cert via IE or an email account. Windows Phone 8 installs the certificate and will not connect with Lync Mobile. Is anyone else having this issue?

    Logs pretty much tell me that the sign-on process cannot proceed past the root cert. I have rebooted and wiped the phones multiple times. They are Nokia Lumia 920s.

    Sunday, November 11, 2012 4:41 PM

Answers

  • Problem:

    Some of the Lync clients (companies with lync deployments) weren’t able to signin with Lync 2010 client on WP8 whereas signin works for the same client on WP7.5

    1. Issue here is with the certificate. The certificate which was working for WP7.5 isn’t accepted by WP8 anymore which resulted in signin to fail for WP8 users
    2. We will hit the same issue with new Lync 2013 clients as well because this issue is not related to the Lync client rather the OS

    Conclusion:

    1. Companies use private Root CA certificates signed by private CA. They might face the issue and Lync won’t signin if their Lync Server certificate doesn’t meet the requirements.
    2. For WP8 root certificates need to have HTTP Urls in the CRL (Certificate Revocation List). If root certs doesn’t contain these CRL attributes than the certificate won’t be accepted by WP8 and signin would fail.
    3. The same cert works for WP7.5 because WP7.5 didn’t use to fetch revocation information from certificates, however WP8 does and thus this issue is seen

    There is nothing Lync can do here and it is purely a certificate issue where the server root CA certificate doesn’t meet the requirements imposed by WP8.

    • Proposed as answer by Kamal Choudhary Thursday, February 14, 2013 6:25 PM
    • Marked as answer by Tom Ricca Friday, February 22, 2013 1:47 PM
    Thursday, February 14, 2013 6:24 PM

All replies

  • It seems that internal CA certificates are not installing on the Windows Phone 8 correctly. I have multiple windows phone 7 devices that connect to Lync mobile correctly after installing our CA cert via IE or an email account. Windows Phone 8 installs the certificate and will not connect with Lync Mobile. Is anyone else having this issue?

    Logs pretty much tell me that the sign-on process cannot proceed past the root cert. I have rebooted and wiped the phones multiple times. They are Nokia Lumia 920s.

    We are having the same issue.
    Monday, November 12, 2012 10:06 PM
  • Is there any place to report this issue? We are also having trouble with .wav files from exchange um encoded with g711.
    Tuesday, November 13, 2012 1:18 AM
  • Hi,

    Does the issue happen for all Windows Phone 8? Are you using wifi to connect Lync mobility?

    Regarding the exchange um issue, you can post another theme on UC Integration catalog. Thank you for your understanding.

    http://social.technet.microsoft.com/Forums/en-us/ocsucintegration/threads


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    • Edited by Kent-Huang Tuesday, November 13, 2012 1:41 AM
    Tuesday, November 13, 2012 1:40 AM
  • Thanks. I also have an HTC 8X that is not working either. WiFi and lte/3g same issue. All Windows Phone 7 devices function properly.
    Tuesday, November 13, 2012 2:46 AM
  • Anyone else having this issue? Where can I submit info on this to try and get it resolved?
    Saturday, November 17, 2012 2:32 PM
  • same problem here. major issue. got 37 lumia 920 sitting on my desk and cant deploy them due to lync not working.

    worked fine on 7.5 (focus and lumia 900)

    please help.

    Saturday, November 17, 2012 10:40 PM
  • Just ran the external connectivity test tool and everything passed.

    Still working perfectly fine with our WP7 and WP7.5.

    NOT working with Windows Phone 8 and the latest client from the Marketplace.

    • Edited by mprichter Monday, November 19, 2012 5:14 PM
    Monday, November 19, 2012 5:13 PM
  • Lync Client is working great on my Lumia 920. I have several coworkers that have the 920 as well. chat, call forwarding...all perfect.

    Not playing the WAV file, I'd like to hear an answer to that as that is a bummer.

    Saturday, November 24, 2012 4:56 AM
  • Jeff - You must be using an certificate from an external authority (like go daddy, digicert, or others) not an internal certificate. The issue lies with using and internal certificate for lync and an internal certificate authority.


    We had the same issue with WAVs. I had to change Exchange UM to use MP3 and make a script in our asterisk system to convert voicemail to mp3 before emailing.

    Sunday, November 25, 2012 11:50 PM
  • We currently have the same problem.

    Phones using WP7 + WP7.5 are working fine (with internal certificate). Its total balls on WP8 though. All settings are the same and WP8 is getting stuck at certificate authorization. (PS. Where is the cert management on this device ?) 


    • Edited by WiseguyTR Monday, November 26, 2012 12:39 PM
    Monday, November 26, 2012 12:07 PM
  • We have just upgraded to Lync 2013, I could not get my Nokia Lumia 920 to login to the mobility services on the 2010 FE, after moving my account onto the 2013 FE and rehomed mobility to the 2013, I login just fine on my phone
    Tuesday, December 11, 2012 4:32 PM
  • I took the plunge and tried this. It did not work, same certificate error. I migrated all dns, my user, and redirections to the 2013 server. Are you using an internal CA for the certificate? I am not using a public CA for my front end. 
    Friday, December 21, 2012 4:58 AM
  • same issue here, using an internal certificate.. connects fine with windows phone 7.5.

    jocelyn villaraza

    Thursday, January 10, 2013 10:48 AM
  • I may have ame issues here, android works , iphone works but Windows 8 does not.

    Error from client log.

    : Warning : 3 : HttpRequestPump : Got a WebException while reading the response for IntDisc_https.
    2013-01-11 15:56:34.340-8 : Error : 3 : HttpRequestPump : Request IntDisc_https failed due to an unidentified network error.

    Saturday, January 12, 2013 1:07 AM
  • I can definitly confirm that it is caused by and internal certificate. I applied a wildcard certificate temporarily and the Windows Phone 8 connected without issue. Once I changed back to the internal certificate, it failed. I have found no answer to this issue and no one seems to want to help. All other platforms perform perfectly.
    Monday, January 14, 2013 12:52 AM
  • make sure that you are installing the entire certificate chain into the store.  the problem is obviously with your certificate.   Browse to your "internal site" via https:  and see if your browser gives you a cert error.   If you're having issues - don't use the internal discovery .... hairpin the users through the external reverse proxy if you have one.  Then you won't have to deal with the internal certs.  They are a pain and will continue to be a pain for all new devices.  

    if my post is helpful - please click on the green arrow. (please excuse, in advance, any perceived sarcasm/humor - as I often forget it does not translate through text) :)

    Wednesday, January 30, 2013 4:21 PM
  • If the certificate is to blame why does the same procedure work on windows phone 7.5, iPhone, and iPad? I have loaded the CA exactly as I have for every other mobile device with access to Lync. The browser does not get a cert error.
    Tuesday, February 5, 2013 1:05 PM
  • Correct, and to clarify - I am not saying that your cert is in error, but perhaps how "Windows Phone 8" is handling the cert.  The internal CERT is the common link.  This lead me to the following document:

    http://blogs.technet.com/b/exchange/archive/2012/11/26/supporting-windows-8-mail-in-your-organization.aspx

    Are you using the following methods of installing the cert?    Specifically using the .cer extension?

    The user or the system administrator can use the .cer file to install the certificate. To do this, use one of the following methods:

    • Command-line tool

      At an elevated command prompt, run the following command:

      certutil.exe -f -addstore root <name_of_certificatefile>.cer

      NOTE The command installs the certificate for all users on the device.

    • User interface

      1. Double-click the certificate file. A certificate dialog opens.
      2. Click Install Certificate. A Certificate Import Wizard window opens.
      3. Select the option to install the certificate for only the current user or for the local device.
      4. Select Place all certificates in the following store
      5. Click Browse to open the store selection dialog. Select Trusted Root Certification Authorities.
      6. Select the store, and then click Ok. You are returned to Certificate Import Wizard dialog, and the certificate store and certificate to be installed into that store are displayed.

    I am seeing lots of questions in the wild about how Windows Phone 8 is acting.

    You may want to open a ticket with support.  It may be a bug.  Other users

    on this thread are having the issue as well.  My question - why can you

    not simply use theexternal MCX and not use the internal MCX?  This would

    bypass any potential issues with your internal certificates.

    ALSO, when you (i assume this is still an option) manually

    configure the Lync client to connect - type in the URL inside

    of the autodiscovery file and manually test that way




    if my post is helpful - please click on the green arrow. (please excuse, in advance, any perceived sarcasm/humor - as I often forget it does not translate through text) :)




    • Edited by Greg Seeber Tuesday, February 5, 2013 6:58 PM
    Tuesday, February 5, 2013 6:55 PM
  • I appreciate the reply, but the above is regarding windows 8, and windows RT. Lync works in my environment inside and out on windows 8, and RT. Lync Mobile is the issue. My system does not use a Microsoft Certified CA Certificate externally or internally. It is much more cost effective for our small deployment to install our Internal CA on the devices. Neither internal or external work. Since I have multiple domains I cannot use the wildcard certificate I was testing with as Lync will not connect if it does not match the fqdn. So only my domain would work and none of the others. I will see about contacting support.
    • Edited by Tom Ricca Saturday, February 9, 2013 2:07 PM
    Saturday, February 9, 2013 1:52 PM
  • Problem:

    Some of the Lync clients (companies with lync deployments) weren’t able to signin with Lync 2010 client on WP8 whereas signin works for the same client on WP7.5

    1. Issue here is with the certificate. The certificate which was working for WP7.5 isn’t accepted by WP8 anymore which resulted in signin to fail for WP8 users
    2. We will hit the same issue with new Lync 2013 clients as well because this issue is not related to the Lync client rather the OS

    Conclusion:

    1. Companies use private Root CA certificates signed by private CA. They might face the issue and Lync won’t signin if their Lync Server certificate doesn’t meet the requirements.
    2. For WP8 root certificates need to have HTTP Urls in the CRL (Certificate Revocation List). If root certs doesn’t contain these CRL attributes than the certificate won’t be accepted by WP8 and signin would fail.
    3. The same cert works for WP7.5 because WP7.5 didn’t use to fetch revocation information from certificates, however WP8 does and thus this issue is seen

    There is nothing Lync can do here and it is purely a certificate issue where the server root CA certificate doesn’t meet the requirements imposed by WP8.

    • Proposed as answer by Kamal Choudhary Thursday, February 14, 2013 6:25 PM
    • Marked as answer by Tom Ricca Friday, February 22, 2013 1:47 PM
    Thursday, February 14, 2013 6:24 PM
  • I have the same issue. But if Microsoft already released Lync 2013 App on mobile? it will resolved this issue?
    Friday, February 22, 2013 10:38 AM
  • THANK YOU!!! That is all I needed to know. Kamal's answer was spot on. I went to my internal CA and enabled the check boxes in the extensions tab to have it list the CRL via HTTP in new certificates. Created a new internal certificate for my lync server and all of my devices worked perfectly. 

    2. For WP8 root certificates need to have HTTP Urls in the CRL (Certificate Revocation List). If root certs doesn’t contain these CRL attributes than the certificate won’t be accepted by WP8 and signin would fail.

    Open Certificate Authority > Right Click on your Server > Properties > Extensions Tab

    Highlight the line that says http. Check the following boxes. Include in CRL, Include in the CDP.

    Now create a new certificate for lync server. Apply it and you should be good to connect.

    • Edited by Tom Ricca Friday, February 22, 2013 1:53 PM
    Friday, February 22, 2013 1:49 PM
  • I have another issue now. While its working internally, it is not working externally. I made a new CRL URL to point to an external link of my internal CA. I can visit the website from every device and get the crl. Lync Mobile will not connect with the same FailedRootCert error. It will work externally if I have previously connected internally, but after a few hours fails again. I would imagine its caching the CRL then there must be a time limit on it. Any help would be great.
    Friday, March 8, 2013 6:08 PM
  • This is fantastic - I have had iPhones and Androids connected to Lync without so much as an sneeze of an issue, I move to a Win 8 phone and it cannot connect.
    Bravo Microsoft, create a device that cannot connect to your own app... iPhone 5 for me it is then.

    As always, an epic waste of my time and money.
    Thursday, September 5, 2013 2:20 PM
  • funny that Lync works on Iphone and Android but not in WP8 phones. It even works in Blackberry phone with Android  emulator.
    • Edited by JPLC Friday, September 13, 2013 4:26 AM
    Friday, September 13, 2013 3:46 AM
  • Agree. That looks unlikely. I have just faced with issue too. (
    Wednesday, February 5, 2014 1:31 PM
  • Hi, We are deploying a Community Wi-Fi service in Europe and want to use an Enterprise Root CA Certificate for the EAP-PEAP connectivity. Since you mention the requirements imposed by WP8, where can I find/do you have the exact list of requirements for this root certificate  ?

    In our testing it turns out that we can establish connectivity using the Enterprise Root CA certificate, only when the Validate Server Certificate is OFF; what we want is to be able to install the Root certificate and do a Validate Server Certificate is ON; we think the reason is in the root certificate, but don't know exaclt what to change.

    Thanks for your response,

    Bart

    Friday, February 14, 2014 7:45 AM