none
There was a problem verifying the certificate from the server.

    Question

  • Hi,

    I am able to login in Lync client from domain network even though some of non-domain system. But God knows what is going wrong from some of system (non-domain) it is giving me error " There was a problem verifying the certificate from the server."

    Please help me any suggestion will be appreciable.

     

    Thanks

    Amit Rawat

     

    Tuesday, March 01, 2011 4:09 PM

Answers

  • Hello Wintel.Amit,

    This message is due to the machine not trusting the issuing CA. The Error message you provided, 0x80090325, corresponds to this. Please verify that the root certificate is the Trusted Root CA container on the machine in question (as well as any intermediate certificates in the Intermediate CA store). Non-domain joined machines do not automatically receive these certificates when you log on.

    Also, do you have the CA on the Lync server? Housing a CA on the same machine as a Front-End server is definitely a cause for concern.


    Richard McGiboney, Support Escalation Engineer, Microsoft
    • Marked as answer by Ben-Shun Zhu Friday, March 11, 2011 8:47 AM
    Sunday, March 06, 2011 11:01 PM

All replies

  • Check the systems Trusted Root CA's.  Is the front end servers CA in there?
    Tuesday, March 01, 2011 4:36 PM
  • I have only one server and have configured CA on the same. Yes i have checked at client system and found that CA is already their as i have installed it manually on the client machine.

    I have checked the event logs and found that "

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Communicator could not connect securely to server lyncserver.mydomainname.com because the certificate presented by the server was not trusted due to validation error 0x80090325. 

     The issuing certificate authority (CA) for the server's certificate may not be locally trusted by the client, 

    the certificate may be revoked, or the certificate may have expired.

     

     Resolution:

     A tool like winerror.exe from the Windows Resource Kit or lcserror.exe from the Office Communications Server Resource Kit can be used in order to interpret the error code listed above.

      If you trust the server certificate, the issuing certificate authority (CA) certificate can be placed in the local trusted root certificate authorities certificate store. 

     If you have logged into the server before without issues the network administrator should carefully examine the certificate if no known configuration changes have been made.

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Any suggestion?

    Thanks

    Amit rawat

    Tuesday, March 01, 2011 5:21 PM
  • Hi,

    I suppose it is still a certificate issue.

    Would you please replace the Certificate with new SAN Certificate?

    Best Regards!


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, March 02, 2011 2:07 AM
    Moderator
  • May be you are right !

    But if it is certificate they why some of non-domain and domain system are being logged in ? Any idea??

     

    Thanks

    Amit Rawat

    Wednesday, March 02, 2011 5:55 PM
  • Did you perhaps install the root certificate in the wrong store?  Or perhaps you put it in the wrong store and then moved it to the proper root store?  I've seen multiple cases whether importing the cert into the wrong store and moving it causes it to malfunction unless you import it directly into the correct store.

    MVP | MCSE:M | MCITP: Enterprise Messaging Administrator | MCTS: OCS + Voice Specialization | http://www.shudnow.net
    Friday, March 04, 2011 5:12 AM
  • Hello Wintel.Amit,

    This message is due to the machine not trusting the issuing CA. The Error message you provided, 0x80090325, corresponds to this. Please verify that the root certificate is the Trusted Root CA container on the machine in question (as well as any intermediate certificates in the Intermediate CA store). Non-domain joined machines do not automatically receive these certificates when you log on.

    Also, do you have the CA on the Lync server? Housing a CA on the same machine as a Front-End server is definitely a cause for concern.


    Richard McGiboney, Support Escalation Engineer, Microsoft
    • Marked as answer by Ben-Shun Zhu Friday, March 11, 2011 8:47 AM
    Sunday, March 06, 2011 11:01 PM
  • You may need to install the certificate again, but this time when it asks you to "Automatically select the container", choose the other option and click borwose.   When the browse window comes up, select the check box "Show Physical Store" then scroll up in the list to the "Trusted Root Certificate Authority and expand it.  Now select teh "Registry" and click INSTAL or OK at that point to install into the Registry of the guest machine.  You should get prompt asking you to trust the new thumbrpint found in the certificate you chose to install.  Please accept and continue on, then test again.
    Juan Dominguez [MCITP,MCTS,CCA,MCP,VCP] Senior Technical Consultant ZAG Technical Services - San Francisco Bay Area
    • Proposed as answer by Scooterq Thursday, December 19, 2013 6:35 PM
    Saturday, March 19, 2011 4:52 AM
  • Richard,

     

    Thank you! I had the same issue with my non-domain machines signing into Lync (DC/Exch/Lync VM's in my home office, lab, tinker cave). I just jumped on my DC, exported the cert from the Root CA (Local Computer - Trusted Root CA's), dropped it on a file share and went around to the other computers in the house and imported into the same Trusted Root CA's store. Blammo! logged in... 

    Thanks for the help!!!

     

    John

     

    Sunday, August 14, 2011 6:07 PM
  • Amit,

    Copy certificate chain from one of the working machine to the affected machine & install it in trusted root certificates.. Below might help you to install certificates on affected machine

     

    http://www.vmwareandme.com/2013/10/guide-microsoft-lync-certificate.html


    www.mytricks.in www.geeklogs.com
    Wednesday, August 17, 2011 6:14 AM