Solved

Lync 2013  - Users Outside Domain Certificate Requirement?

Posted on 2014-12-19
5
88 Views
Last Modified: 2015-07-31
Our main IT person installed Lync on a Hyper-V instance, entirely standalone and away from our domain controller and Exchange server (which is also virtualized). Inside the building, within the domain, it works just fine; however when we attempt to log in to Lync from outside on computers and mobile phones not joined to the domain, we receive an error: "Can't sign in to Lync: There was a problem verifying the certificate from the server."

Our IT person claims this is because we need to install some certificates on these outside machines, as the computers joined to the domain get the trusted root certificate from the domain controller. I am thinking this is unnecessary, however could not find anything online regarding this requirement, which leaves me to believe that he set up the certificates incorrectly.

Are my doubts founded or unfounded, and is this indeed a requirement for machines outside the domain that need to access Lync?

Guidance would be appreciated. Thank you.
0
Comment
Question by:Parrotfish2005
  • 3
5 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40510082
Lync uses mTLS so if you aren't using certs from a public CA then yes, you must establish trust. Of course Lync also needs a DC among other things, so what you describe sounds, at best, incomplete.
0
 

Author Comment

by:Parrotfish2005
ID: 40510191
Just to give everyone the complete picture, here's how everything was setup:

Server A (Domain Controller)
Exchange 2013 set up in VM

Server B (BDC)
BDC set up in VM
Lync Server set up in VM

We have a wildcard SSL certificate from GoDaddy, which I believe fulfills the Public CA requirement -- in hindsight should that have been used instead of having to set up the CA role on the DC?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40511078
Correct. Anything non-domain joined will not trust your domain CA. Also, anything outside the network will not be able to reach your internal CA. I would recommend using a 3rd party certificate.

Otherwise your alternative is to install the root CA on every device. 3rd party CA is easier and less of a headache.
0
 

Accepted Solution

by:
Parrotfish2005 earned 0 total points
ID: 40899552
Apologies, ended up calling Microsoft support. Problem resolved, thanks.
0
 

Author Closing Comment

by:Parrotfish2005
ID: 40907865
Paid for support call, problem resolved.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Read this checklist to learn more about the 15 things you should never include in an email signature.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now