Lync 2013 – cannot verify that the server is trusted for your sign-in address. Connect anyway?

2017-12-07T14:16:15+00:00 April 15th, 2014|Skype|

During a Lync 2013 Standard Edition Deployment I came across an issue where the Lync 2013 desktop clients were receiving a certificate prompt when signing in

“Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?”

Usually this indicates that the users SIP domain is different to the server domain name, SRV record is incorrect or certificate issue.

Investigating this issue I found that the new way the Lync 2013 desktop client signs in by using Lyncdiscoverinternal.domainname.com dns record was causing the issue. if I removed this and it then used the SRV records the warning went away.

The issue was because the server was installed in xxx.local and sip domain name was xxxx.com and I was using Lync Standard Edition so I could not change the Internal Web Services URL so the Subject Name of the FE server was in a different domain therefore meaning I get a certificate prompt when I log in.

The two workarounds I found were

1. Remove Lyncdiscoverinternal DNS records but this meant I could not use the Lync Mobility Client which wasn’t an option and caused a delay in sign in as it uses the SRV records.

2. Add a TrustModelData Registry to all Lync 2013 desktop clients which would remove the certificate prompt and allow mobile clients to connect.

So to configure Option 2 using the registry key do the following

Backup the registry before making any changes.

  • Start Registry Editor on the computer on which the Lync 2013 desktop client is installed.
  • Locate the following registry location on the computer: HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOffice15.0Lync
  • Create a new key by Right clicking the Lync key, click New, and then click String Value.
  • Type TrustModelData, and then press enter
  • Right click TrustModelData, and then click Modify.
  • In the Value date add the domain of the server that is displayed in the Trust Model dialog box in the Lync 2013 client.

I deleted the sign in information on the Lync client, exited the client and deleted my profile in %userprofile%AppDataLocalMicrosoftOffice15.0Lync

I retested and the prompt has gone and mobile devices can connect. Winner!

Thanks,

Martin B