none
Lync : There was a problem verifying the certificate from the server RRS feed

  • Question

  • Hello.

    I know this issue is discussed in some other threads but here is my issue with Lync.

    I am using Lync at work. I am in the company network and works fine.

    I can use Lync on my mobile (not in company network) and works fine.

    From my Windows 8.1 laptop it's working fine when I am on my home network.

    When I connect on VPN network I start receiving the error with the certificate and I tried all sort of things but not working well at all.

    Here is my main question: How does it work fine while I am on my private network and it stops working when I connect on VPN?

    If anyone had this issue and resolved it, please let me know how?

    Please note that my personal laptop is not in company's domain.


    • Edited by Andrew(Obi) Sunday, February 2, 2014 3:30 PM spelling mistake
    Sunday, February 2, 2014 3:28 PM

Answers

  • Most likely this will be due to the way you connect to Lync. When you are on your private network, your client will attempt to sign-in over the internet through the Lync Edge services, which will be deployed using a Public certificate (i.e Verisign, Digicert, Comodo, Geotrust, GoDaddy, etc) you will have the root certificate for these Certificate Authorities in your Certificate store already on your computer.

    When you VPN in, you are now an extension of your corporate network and your Lync client will resolve your corporate internal DNS records, rather than the external ones and try to go direct to the Lync Front End servers. These are most likely using Internally issued certificates from your internal CA.

    Because your machine isn't on the domain it will not download the certificate from your internal Enterprise CA and thus throw the error.

    Depending on your network security policies, you could install the Internal CA root certificate on your computer to work around the issue.


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog www.lynced.com.au | Twitter @imlynced



    Sunday, February 2, 2014 3:55 PM
  • Obtain the internal CA root certificate (that is, the CA that issued the certificates for the internal Lync pool) and install it in the trusted root certification authorities store in your home PC.

    You may also try to export the root certificate from your work PC - you say you can sign-in from there so it's almost certainly a domain-joined PC with the root certificate.


    Alessio Giombini | Microsoft Solutions Architect | Twitter: @AlessioGiombini
    Lync 2013 Detailed Design Calculator: try it at http://goo.gl/jU1hZR

    Sunday, February 2, 2014 6:57 PM

All replies

  • Most likely this will be due to the way you connect to Lync. When you are on your private network, your client will attempt to sign-in over the internet through the Lync Edge services, which will be deployed using a Public certificate (i.e Verisign, Digicert, Comodo, Geotrust, GoDaddy, etc) you will have the root certificate for these Certificate Authorities in your Certificate store already on your computer.

    When you VPN in, you are now an extension of your corporate network and your Lync client will resolve your corporate internal DNS records, rather than the external ones and try to go direct to the Lync Front End servers. These are most likely using Internally issued certificates from your internal CA.

    Because your machine isn't on the domain it will not download the certificate from your internal Enterprise CA and thus throw the error.

    Depending on your network security policies, you could install the Internal CA root certificate on your computer to work around the issue.


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog www.lynced.com.au | Twitter @imlynced



    Sunday, February 2, 2014 3:55 PM
  • Obtain the internal CA root certificate (that is, the CA that issued the certificates for the internal Lync pool) and install it in the trusted root certification authorities store in your home PC.

    You may also try to export the root certificate from your work PC - you say you can sign-in from there so it's almost certainly a domain-joined PC with the root certificate.


    Alessio Giombini | Microsoft Solutions Architect | Twitter: @AlessioGiombini
    Lync 2013 Detailed Design Calculator: try it at http://goo.gl/jU1hZR

    Sunday, February 2, 2014 6:57 PM
  • Hi,

    As I understand you are having problem connecting to Lync when your laptop is connected through VPN Network and works fine with home network or Home/public Internet.

    If Yes, Lync is generally not recommended to be allowed via VPN tunnel due to issues in audio/video streaming and other technical conflicts. So Lync is designed to connect in Internal corporate network and from internet using Edge Server.

    If you are not the Lync administrator/architect for your office Lync setup then confirm that if Lync services are allowed in VPN network.

    Monday, February 3, 2014 8:18 AM
  • Hi,

    If you access Lync server through VPN, you access Lync server as an internal user so you must install internal certificate issued by internal enterprise CA. If your laptop doesn't join the domain you need import the certificate to your laptop manually.

    Best Regards,

    Eason Huang


    Eason Huang
    TechNet Community Support


    Friday, February 7, 2014 9:41 AM
    Moderator
  • I am curious about this issue as well.

    Here is my scenario:

    I have a company issued laptop with Windows 7 and Lync 2013 installed and it works fine inside when directly connected to the company network.

    I take that company laptop home and it works fine on my home WiFi when I am VPNed into their network.

    When I take disconnect the VPN connection but am still on my personal WiFi, Lync 2013 does not connect (as I expect).

    I have a personal smartphone with the Lync 2013 app with my company login information and it's data is coming through a carrier network and it works fine. Please note that this is a personal phone, not a company issued phone.

    I have a personal desktop at home with Windows 8.1 with Lync Basic 2013 installed and I am VPNed into the company network and I receive a certificate error.

    I have a colleague in the company who has their own personal laptop with Lync 2013 and is able to use that app at home on their personal WiFi when VPNed.

    I followed my colleague's instructions on she got it to work, but I was unable to get it to work. Essentially, the instructions is that when Lync asks for a user name, the username should be domain/username. This did not work.

    I don't think it has to do something with certificate because my colleague didn't do anything major like certificate installation to get it to work. My only guess is that it has to do something with Windows 8.1.

    Thoughts?

    Monday, November 24, 2014 3:12 PM
  • Hi,

    As I understand you are having problem connecting to Lync when your laptop is connected through VPN Network and works fine with home network or Home/public Internet.

    If Yes, Lync is generally not recommended to be allowed via VPN tunnel due to issues in audio/video streaming and other technical conflicts. So Lync is designed to connect in Internal corporate network and from internet using Edge Server.

    If you are not the Lync administrator/architect for your office Lync setup then confirm that if Lync services are allowed in VPN network.

    I don't think that's necessarily true as we use VPN at our company and my colleague was able to use Lync on their personal computer. In my position, I tend to believe it is something with my setup as I use Windows 8.1 and she is currently using Windows 7.
    Friday, December 5, 2014 1:41 PM