cannot sign in to lync there was a problem verifying the certificate from the server


  • Hello,


    I have DC with Windows Server 2008 R2

    And Lync Server on top of Windows Server 2008 R2

    I installed Lync Server 2010 Standard Edition and install CA in the same server.

    I export this certificate to client , but unfortuntelly I could not logon to Lync Clients in Windows 7.


    Error from client event log:

    Event Type: Error

    Event Source: Schannel

    Event ID: 36884

    Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is server_name. The SSL connection request has failed. The attached data contains the server certificate


    Lync Client  error:

    cannot sign in to lync there was a problem verifying the certificate from the server


    lync Server warning:

    Source: Microsoft-Windows-CertificationAuthority

    Event ID: 103


    Could you please help.



    lundi 21 février 2011 09:01

Toutes les réponses

  • You'll need to actually issue a certificate to the Lync server from the CA and use that certificate. You can't just use the root CA certificate for Lync server. If  you use the certificate wizard in Lync it will automatically populate the required names. See this document for more guidance:


    The root CA certificate must also be in the "Trusted Certification Authorities" store of the Computer account (not personal/user) on the client.

    lundi 28 février 2011 21:57
  • Hi ,

     I have almost the same setup except for :

    - we have a separate server for Root CA ( standalone ) , Intermediate CA ( enterprisa domain )

    - we generate the certificate for the server

    - installed the certificate on the server

    - imported root and intermediate ca on the domain joined pc


    Still got the same error while connecting to the lync server with the lync client

    Can you help ?



    lundi 11 avril 2011 09:22
  • I have solved the issue .

    I thought that assigning the new certificate to the IIS Lync Website would be enough , instead I had to restart the Lync Certificate Wizard and assign the certificate throught it




    lundi 11 avril 2011 10:49
  • Hi there,

    actually there is a very good documentation of how to design your infrastructure and which certificates you need at 

    I don´t use split-brain-DNS and instead work with DNS-Pin-Point-Zones. I guess that is why I had the same error showing up. In my case the client expects the name specified in the SRV-Record, which was <>. There is a Pin-Point-Zone for, which points to the IP of the internal server. Since the client wants to verify, that the name it requested is signed by the certificate, the name, which the SRV-Record points to has to be in the Subject Alternative Names of the certificate assigned to the lync front end server.

    In the documentation at Microsofts Technet, it is written, that one should put the in the SRV-Record. In my eyes it should instead be, which points directly to the internal domain. I guess MS made a mistake in their docs or that it just doesn´t fit for our deployment.


    lundi 25 juillet 2011 11:44

    Hi Amjed,


    Copy certificate chain from one of the working machine to the affected machine, Follow below guide for installing Lync client certificate,



    jeudi 28 juillet 2011 17:16