Solved

Lync 2013  - Users Outside Domain Certificate Requirement?

Posted on 2014-12-19
5
97 Views
Last Modified: 2015-07-31
Our main IT person installed Lync on a Hyper-V instance, entirely standalone and away from our domain controller and Exchange server (which is also virtualized). Inside the building, within the domain, it works just fine; however when we attempt to log in to Lync from outside on computers and mobile phones not joined to the domain, we receive an error: "Can't sign in to Lync: There was a problem verifying the certificate from the server."

Our IT person claims this is because we need to install some certificates on these outside machines, as the computers joined to the domain get the trusted root certificate from the domain controller. I am thinking this is unnecessary, however could not find anything online regarding this requirement, which leaves me to believe that he set up the certificates incorrectly.

Are my doubts founded or unfounded, and is this indeed a requirement for machines outside the domain that need to access Lync?

Guidance would be appreciated. Thank you.
0
Comment
Question by:Parrotfish2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40510082
Lync uses mTLS so if you aren't using certs from a public CA then yes, you must establish trust. Of course Lync also needs a DC among other things, so what you describe sounds, at best, incomplete.
0
 

Author Comment

by:Parrotfish2005
ID: 40510191
Just to give everyone the complete picture, here's how everything was setup:

Server A (Domain Controller)
Exchange 2013 set up in VM

Server B (BDC)
BDC set up in VM
Lync Server set up in VM

We have a wildcard SSL certificate from GoDaddy, which I believe fulfills the Public CA requirement -- in hindsight should that have been used instead of having to set up the CA role on the DC?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40511078
Correct. Anything non-domain joined will not trust your domain CA. Also, anything outside the network will not be able to reach your internal CA. I would recommend using a 3rd party certificate.

Otherwise your alternative is to install the root CA on every device. 3rd party CA is easier and less of a headache.
0
 

Accepted Solution

by:
Parrotfish2005 earned 0 total points
ID: 40899552
Apologies, ended up calling Microsoft support. Problem resolved, thanks.
0
 

Author Closing Comment

by:Parrotfish2005
ID: 40907865
Paid for support call, problem resolved.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question