Link to home
Create AccountLog in
Avatar of FarrellFritz
FarrellFritz

asked on

LYNC 2010 via VPN

We just got LYNC 2010 working in the office and aside from some tweaking, we're ready to roll out the client replacing Office Communicator.

I (and a few of the resident techs) connect via VPN to the firm network.  Everything else works seamlessly but cannot launch the LYNC2010 (or 2013) clients via VPN.

Get the error "There was a problem verifying the certificate from the server"

Some suggest manually importing the LYNC certificate from the server.  Haven't been able to identify which of hundred or so certs is the right one.

Am I on the right track?  We have no intention at this point to open up Lync to outside users (except for the 4 internal techs), so not contemplating an EDGE server at this time.

Any help appreciated/
Avatar of Gajendra Rathod
Gajendra Rathod
Flag of India image

Please push the Lync internal URL certificate to domain machine via. GPO

You can also manually download the certificate from Lync server IIS manger and then import on the machine in trusted root certificate.

Steps:
Export certificate from Lync Server Start | Administrative Tools | IIS | Server Certificate | Export |   Lync.pfx   save it.

Run | mmc | add or remove snap in | certificates | computer account | local computer |finish | OK | expand Certificate | Trusted Root Certification Authorities | Certificate | All task | Import | LYNC.pfx certificate.

Restart Client machine.
Open Microsoft Lync client 2010 and open option menu | Personal | Advanced | choose Auto Configuration | save OK.
Avatar of FarrellFritz
FarrellFritz

ASKER

Gajendra

The instructions you provided were concise and very easy to follow.

Unfortunately, still encountering the same error/problem
Get the error "There was a problem verifying the certificate from the server")

On the client the event log entry is:
-----------------------------------------------------------
The description for Event ID 5 from source Lync cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Lync
ffmsapps2.domain.com
80090325
------------------------------------------------------------

Found no corresponding log entry on the server.

I think the 80090325 is the important bit but Googled that and nothing really added to what you had suggested.

(note: I renamed the domain name in the error but it correctly reflects the domain in the actual log entry).

Please let me know if you have any other suggestions.

Thanks for helping out!
In case, machine is not into domain you need to download certificate chain.

On client machine, access blow

http://<ip-address-of-CA>/certsrv

Then enter your domain credentials.  

Download a CA Certificate, Certificate Chain or CRL.

Click on Certificate chain and install it.

Most it should resolve your certificate issue.

For troubleshooting,

Run Wireshark or Microsoft Network monitor tools to check the Lync client traffic.

Also enable logging in Lync 2010 client.
Thanks but still no joy.

STRANGLEY, I am getitng a 404  error (Page not found) accessing the LYNC server using the URL http://10.0.40.5/crtsrv

I AM able to ping 10.0.40.5 when connected via VPN (and I am able to  UNC and RDP)

Thanks
Let me know which kind of certificate you are using in Lync internal URL.

It is self-sign certificate or certificate issued by active directory.

In case certificate issued by active directory, please enter IP address your domain controller in above URL.
ASKER CERTIFIED SOLUTION
Avatar of FarrellFritz
FarrellFritz

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
My apology, as it is self-sign certificate, domain controller chain certificate will not help.

Please run Wireshark or Microsoft Network monitor tools to check the Lync client traffic.

I think, compare the certificate at Lync client with VPN and without VPN.
I just ran across this article: http://support.microsoft.com/kb/2566790

I'm wondering if this would have anything to do with resolving our issue.

Thoughts?
Please install Lync Connectivity Analyzer .

Using above tool to check the connectivity between client and server.
Tried installing the tool.  The test failed.  Thought we were onto something.  But tried running in the office (on a pc in teh domain with Lync working) and it failed there as well
Lync certificate must have pool.sip_domain in Subject to alternate name.

If SIP domain and Local domain are different than SIP domain name must be added in Subject to Alternate address in your certificate,
Lync connectivity analyzer only available 64 bit.  All clients are 32Bit
While implementing the solution required a call to MS, the solution as stated was spot on.  Identifying the correct cert is the biggest challenge, but once done, works(ed) fine.  THANKS!