LYNC 2010 via VPN

We just got LYNC 2010 working in the office and aside from some tweaking, we're ready to roll out the client replacing Office Communicator.

I (and a few of the resident techs) connect via VPN to the firm network.  Everything else works seamlessly but cannot launch the LYNC2010 (or 2013) clients via VPN.

Get the error "There was a problem verifying the certificate from the server"

Some suggest manually importing the LYNC certificate from the server.  Haven't been able to identify which of hundred or so certs is the right one.

Am I on the right track?  We have no intention at this point to open up Lync to outside users (except for the 4 internal techs), so not contemplating an EDGE server at this time.

Any help appreciated/
Who is Participating?
FarrellFritzConnect With a Mentor Author Commented:

DIdnt forget about you/this.  We just ran inteo a snag.

First, it is a self-sign certificate.

I was able to access the domain controller but got this.

"The certificate enrollment page you are attempting to access cannot be used with this version of Windows."

It thinks I'm running Vista but actualy running windows 7.  Assume because server was built prior to W7.

Believe this to be unrelated issue but termporary roadblock in trying your latest suggestion (accessing via HTTP).  As soon as I figure this one out, will give it a shot.
Gajendra RathodSr. System AdministratorCommented:
Please push the Lync internal URL certificate to domain machine via. GPO

You can also manually download the certificate from Lync server IIS manger and then import on the machine in trusted root certificate.

Export certificate from Lync Server Start | Administrative Tools | IIS | Server Certificate | Export |   Lync.pfx   save it.

Run | mmc | add or remove snap in | certificates | computer account | local computer |finish | OK | expand Certificate | Trusted Root Certification Authorities | Certificate | All task | Import | LYNC.pfx certificate.

Restart Client machine.
Open Microsoft Lync client 2010 and open option menu | Personal | Advanced | choose Auto Configuration | save OK.
FarrellFritzAuthor Commented:

The instructions you provided were concise and very easy to follow.

Unfortunately, still encountering the same error/problem
Get the error "There was a problem verifying the certificate from the server")

On the client the event log entry is:
The description for Event ID 5 from source Lync cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:


Found no corresponding log entry on the server.

I think the 80090325 is the important bit but Googled that and nothing really added to what you had suggested.

(note: I renamed the domain name in the error but it correctly reflects the domain in the actual log entry).

Please let me know if you have any other suggestions.

Thanks for helping out!
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Gajendra RathodSr. System AdministratorCommented:
In case, machine is not into domain you need to download certificate chain.

On client machine, access blow


Then enter your domain credentials.  

Download a CA Certificate, Certificate Chain or CRL.

Click on Certificate chain and install it.

Most it should resolve your certificate issue.

For troubleshooting,

Run Wireshark or Microsoft Network monitor tools to check the Lync client traffic.

Also enable logging in Lync 2010 client.
FarrellFritzAuthor Commented:
Thanks but still no joy.

STRANGLEY, I am getitng a 404  error (Page not found) accessing the LYNC server using the URL

I AM able to ping when connected via VPN (and I am able to  UNC and RDP)

Gajendra RathodSr. System AdministratorCommented:
Let me know which kind of certificate you are using in Lync internal URL.

It is self-sign certificate or certificate issued by active directory.

In case certificate issued by active directory, please enter IP address your domain controller in above URL.
Gajendra RathodSr. System AdministratorCommented:
My apology, as it is self-sign certificate, domain controller chain certificate will not help.

Please run Wireshark or Microsoft Network monitor tools to check the Lync client traffic.

I think, compare the certificate at Lync client with VPN and without VPN.
FarrellFritzAuthor Commented:
I just ran across this article:

I'm wondering if this would have anything to do with resolving our issue.

Gajendra RathodSr. System AdministratorCommented:
Please install Lync Connectivity Analyzer .

Using above tool to check the connectivity between client and server.
FarrellFritzAuthor Commented:
Tried installing the tool.  The test failed.  Thought we were onto something.  But tried running in the office (on a pc in teh domain with Lync working) and it failed there as well
Gajendra RathodSr. System AdministratorCommented:
Lync certificate must have pool.sip_domain in Subject to alternate name.

If SIP domain and Local domain are different than SIP domain name must be added in Subject to Alternate address in your certificate,
FarrellFritzAuthor Commented:
Lync connectivity analyzer only available 64 bit.  All clients are 32Bit
Gajendra RathodSr. System AdministratorCommented:
Lync connectivity analyzer also available 32 bit.
FarrellFritzAuthor Commented:
While implementing the solution required a call to MS, the solution as stated was spot on.  Identifying the correct cert is the biggest challenge, but once done, works(ed) fine.  THANKS!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.