During a Lync 2013 Standard Edition Deployment I came across an issue where the Lync 2013 desktop clients were receiving a certificate prompt when signing in
“Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?”
Usually this indicates that the users SIP domain is different to the server domain name, SRV record is incorrect or certificate issue.
Investigating this issue I found that the new way the Lync 2013 desktop client signs in by using Lyncdiscoverinternal.domainname.com dns record was causing the issue. if I removed this and it then used the SRV records the warning went away.
The issue was because the server was installed in xxx.local and sip domain name was xxxx.com and I was using Lync Standard Edition so I could not change the Internal Web Services URL so the Subject Name of the FE server was in a different domain therefore meaning I get a certificate prompt when I log in.
The two workarounds I found were
1. Remove Lyncdiscoverinternal DNS records but this meant I could not use the Lync Mobility Client which wasn’t an option and caused a delay in sign in as it uses the SRV records.
2. Add a TrustModelData Registry to all Lync 2013 desktop clients which would remove the certificate prompt and allow mobile clients to connect.
So to configure Option 2 using the registry key do the following
Backup the registry before making any changes.
- Start Registry Editor on the computer on which the Lync 2013 desktop client is installed.
- Locate the following registry location on the computer: HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOffice15.0Lync
- Create a new key by Right clicking the Lync key, click New, and then click String Value.
- Type TrustModelData, and then press enter
- Right click TrustModelData, and then click Modify.
- In the Value date add the domain of the server that is displayed in the Trust Model dialog box in the Lync 2013 client.
I deleted the sign in information on the Lync client, exited the client and deleted my profile in %userprofile%AppDataLocalMicrosoftOffice15.0Lync
I retested and the prompt has gone and mobile devices can connect. Winner!