Solved

Lync 2013  - Users Outside Domain Certificate Requirement?

Posted on 2014-12-19
5
82 Views
Last Modified: 2015-07-31
Our main IT person installed Lync on a Hyper-V instance, entirely standalone and away from our domain controller and Exchange server (which is also virtualized). Inside the building, within the domain, it works just fine; however when we attempt to log in to Lync from outside on computers and mobile phones not joined to the domain, we receive an error: "Can't sign in to Lync: There was a problem verifying the certificate from the server."

Our IT person claims this is because we need to install some certificates on these outside machines, as the computers joined to the domain get the trusted root certificate from the domain controller. I am thinking this is unnecessary, however could not find anything online regarding this requirement, which leaves me to believe that he set up the certificates incorrectly.

Are my doubts founded or unfounded, and is this indeed a requirement for machines outside the domain that need to access Lync?

Guidance would be appreciated. Thank you.
0
Comment
Question by:Parrotfish2005
  • 3
5 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Lync uses mTLS so if you aren't using certs from a public CA then yes, you must establish trust. Of course Lync also needs a DC among other things, so what you describe sounds, at best, incomplete.
0
 

Author Comment

by:Parrotfish2005
Comment Utility
Just to give everyone the complete picture, here's how everything was setup:

Server A (Domain Controller)
Exchange 2013 set up in VM

Server B (BDC)
BDC set up in VM
Lync Server set up in VM

We have a wildcard SSL certificate from GoDaddy, which I believe fulfills the Public CA requirement -- in hindsight should that have been used instead of having to set up the CA role on the DC?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Correct. Anything non-domain joined will not trust your domain CA. Also, anything outside the network will not be able to reach your internal CA. I would recommend using a 3rd party certificate.

Otherwise your alternative is to install the root CA on every device. 3rd party CA is easier and less of a headache.
0
 

Accepted Solution

by:
Parrotfish2005 earned 0 total points
Comment Utility
Apologies, ended up calling Microsoft support. Problem resolved, thanks.
0
 

Author Closing Comment

by:Parrotfish2005
Comment Utility
Paid for support call, problem resolved.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now