[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Lync 2013  - Users Outside Domain Certificate Requirement?

Posted on 2014-12-19
5
Medium Priority
?
100 Views
Last Modified: 2015-07-31
Our main IT person installed Lync on a Hyper-V instance, entirely standalone and away from our domain controller and Exchange server (which is also virtualized). Inside the building, within the domain, it works just fine; however when we attempt to log in to Lync from outside on computers and mobile phones not joined to the domain, we receive an error: "Can't sign in to Lync: There was a problem verifying the certificate from the server."

Our IT person claims this is because we need to install some certificates on these outside machines, as the computers joined to the domain get the trusted root certificate from the domain controller. I am thinking this is unnecessary, however could not find anything online regarding this requirement, which leaves me to believe that he set up the certificates incorrectly.

Are my doubts founded or unfounded, and is this indeed a requirement for machines outside the domain that need to access Lync?

Guidance would be appreciated. Thank you.
0
Comment
Question by:Parrotfish2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40510082
Lync uses mTLS so if you aren't using certs from a public CA then yes, you must establish trust. Of course Lync also needs a DC among other things, so what you describe sounds, at best, incomplete.
0
 

Author Comment

by:Parrotfish2005
ID: 40510191
Just to give everyone the complete picture, here's how everything was setup:

Server A (Domain Controller)
Exchange 2013 set up in VM

Server B (BDC)
BDC set up in VM
Lync Server set up in VM

We have a wildcard SSL certificate from GoDaddy, which I believe fulfills the Public CA requirement -- in hindsight should that have been used instead of having to set up the CA role on the DC?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40511078
Correct. Anything non-domain joined will not trust your domain CA. Also, anything outside the network will not be able to reach your internal CA. I would recommend using a 3rd party certificate.

Otherwise your alternative is to install the root CA on every device. 3rd party CA is easier and less of a headache.
0
 

Accepted Solution

by:
Parrotfish2005 earned 0 total points
ID: 40899552
Apologies, ended up calling Microsoft support. Problem resolved, thanks.
0
 

Author Closing Comment

by:Parrotfish2005
ID: 40907865
Paid for support call, problem resolved.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question