none
Certificate error on mobile clients

    Question

  • We have a front end server using a internal cert from our CA.
    We also have a digicert certificate on a reverse proxy server (IIS ARR)

    But when you sign in from a android lync device you get a certificate redirect message and it fails if saying unable to verify server in certificate. But if you try again it works.

    Shouldn't it be using the certificate from the Reverse Proxy? Instead of the FE (internal cert)..

    Monday, January 20, 2014 8:48 PM

All replies

  • Hi,

    Are you trying to connect internal or external network?

    You have ywo sip domains or only one?

    David

    Tuesday, January 21, 2014 1:17 AM
  • Two sip domains...trying to connect externally.

    Tuesday, January 21, 2014 1:58 AM
  • In that case the certificate used will be the one installed on Reverse Proxy.

    Did you tried to manually configuring the URL?

    Lync2013

    https://ExtPoolFQDN/Autodiscover/autodiscoverservice.svc/Root for external access
    https://IntPoolFQDN/AutoDiscover/autodiscoverservice.svc/Root for internal access

    David


    Tuesday, January 21, 2014 11:37 AM
  • Configure those on the clients themselves? or on the Lync server?
    Tuesday, January 21, 2014 2:14 PM
  • Manually configure them on Mobile device.

    David

    Wednesday, January 22, 2014 12:12 AM
  • Dear David:

    I am confused, I have just installed LYNC 2010 for ipad, and load the certification file by the iphone configuration utility, but when I try to log in, the circle keeping turning around and never stop. I can log in with my laptop by setting sipinternal.our-domain-name.cn and sip.our-domain-name.com, but when I also set it up in my ipad, it tells me the certification file is wrong...Is there any short-cut to install the certification file on the iOS?Hope you can help me.THX

    TY.Niu

    Wednesday, January 22, 2014 9:38 AM
  • @dano079

    Please check the required SANs for mobility for each SIP domain are updated for certificate for Director , Front End pool and Reverse proxy certificate.

    You can use Remote Connectivity Analyzer to test Lync Autodiscover Web Service remote connectivity at

    https://testconnectivity.microsoft.com/

    @TY.Niu

    Sign in process of Lync mobile client is different from Lync desktop client.

    Lync mobile use DNS record lyncdiscover.<sipdomain> and lyncdiscoverinternal.<sipdomain> to get Lync Server Mobility Service URLs.

    Did you deploy Lync Server 2010 or Lync Server 2013?

    Please check your organization has finished deployment process for mobility.

    For Lync Server 2013, check

    http://technet.microsoft.com/en-us/library/hh690023.aspx

    For Lync Server 2010, check

    http://technet.microsoft.com/en-us/library/hh690023(v=ocs.14).aspx


    Lisa Zheng
    TechNet Community Support

    Monday, January 27, 2014 7:40 AM
    Moderator
  • Lisa, thanks for the reply.

    When I run the test I get 

        Testing connectivity to the Lync Autodiscover Web Service server for a secure connection on port 443 to obtain the root token.
         Connectivity to the Lync Autodiscover Web Service test failed.

    Testing HTTP authentication methods for URL https://lyncdiscover.ourdomain.com/Autodiscover/AutodiscoverService.svc/root/user.
         HTTP authentication test failed.


    We're running IIS ARR for reverse proxy.
    • Edited by dano079 Monday, January 27, 2014 2:20 PM
    Monday, January 27, 2014 2:09 PM
  • Dear lisa, thanks for your reply!

    I can sign in my account use my android phone with lync 2010, with no certification files installed...

    We have LYNC server 2010 installed...

    LYNC on android can sign in but LYNC on ios still turning...

    Tuesday, February 11, 2014 8:25 AM