Solved

Cannot Sign into Lync 2010

Posted on 2014-12-24
16
249 Views
Last Modified: 2014-12-28
in my LAB, I have installed Lync 2010 on Windows 2012 R2. I have added and enabled a domain user in Lync Control Panel.
I do not have Exchange server installed in my LAB, but the user email address field in AD is test@test.local
I installed Link client in windows 7, but when I sign in as test@test.local , or as any other domain user that I have enabled on Lync control panel, I get the message shown below:

Any help will be very much appreciated.

Thank you

err==========================
I have added sip.Test.local  "A" record in DNS. Now I am getting different message, the one shown below:
lync
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
16 Comments
 
LVL 20

Assisted Solution

by:Satya Pathak
Satya Pathak earned 50 total points
ID: 40517394
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40517408
You need to export the CA certificate from your certification authority server and added to your client PC. It seems the client you're using is not domain joined so Lync will not trust the connection to it.
0
 
LVL 12

Assisted Solution

by:Md. Mojahid
Md. Mojahid earned 50 total points
ID: 40517431
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:jskfan
ID: 40517670
Md. Mojahid

You are correct.. I have installed Windows Certificate in Lync Server, then exported it to a file, then from each client I imported the Certificate to "Trusted Root Certificates Authorities" store.
If you import it to personal store it will not work. in my case in Lync Server as well as in Lync Clients the certificate is in
"Trusted Root Certificates Authorities" store.
It Worked ...and users can sign in to Lync now...
However, everything was done manual. In real world how does the certificate got copied to each windows client ?
I know that it is something that can be done through GPO or a Script...I am trying to find if there is a way doing that without resorting to GPO or Script.

Any idea ??
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40517797
No, Normally in corporations users are joined to the domain which Lync is part of and that installs all the required "internal" certificates for Lync.

In other scenarios which Lync is connected from personal laptops or externally. Lync can be configured to use public DNS to connect directly to the Edge server instead of Front end but you will need to have 3rd party Public certificate installed on Edge server and all firewall rules related to the Edge must be configured too.
0
 

Author Comment

by:jskfan
ID: 40517825
Mohammed Hamada
In my LAB I have windows domain and Lync Server as well as Lync clients are all members of the domain, but I still had to export and import the certificate file from Lync server to Lync clients to get it to work...
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40518193
It might be the Certification Authority you're using is not in the domain controller itself. How did you deploy Lync server?
0
 

Author Comment

by:jskfan
ID: 40518305
On Lync Server which is member of the domain, I followed the step by step from this Link:
http://careexchange.in/how-to-install-certificate-authority-on-windows-server-2012/
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40518488
If you don't have the CA deployed before the client was joined to the domain it won't push the CA certificate to the clients unless you used GPO to do so. if the CA was deployed and you joined the client to the domain it will automatically take the certification authority on the client and you shouldn't have any issue connecting Lync client.

From what you're saying I think you have deployed the CA while deploying Lync so at that time i'm assuming that Client was already joined to the domain and therefore didn't get the CA certificate.

Anyway, Deploying CA using GPO is not that difficult really..  all you have to do is add the CA to the GPO, run Gpoupdate /force command and restart clients. once restart they'll get the new CA.

I will publish an article on my website on how to do so this weekend.

www.moh10ly.com
0
 

Author Comment

by:jskfan
ID: 40518878
--- What if I join Disjoin the client from the domain the rejoin it back to the domain.
---I also want to know the way I installed CA following this link : http://careexchange.in/how-to-install-certificate-authority-on-windows-server-2012/ 
if it is correct ?

I have seen examples of deploying CA in windows domain, and they each looked different
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40518919
-- Probably if you disjoin the client and rejoin it it'll get the certificate.
--- The link you posted is correct however, I'd really choose standalone CA not Enterprise for your scenario. See this snapshot
http://careexchange.in/wp-content/uploads/2012/11/image_thumb136.png
0
 

Author Comment

by:jskfan
ID: 40520108
That's correct..........in Windows 7 I removed the certificates from "Trusted Root Certificates Authorities" store, then Disjoined Windows 7 from the domain, I rebooted the computer then rejoined the computer to the domain then rebooted it... I managed to sign in to Lync 2010 successfully, then checked Certificates MMC and saw the certificate in Trusted Root Certificates Authorities

So it worked...which is perfect....I am just wondering in real world when you install CA in windows domain, whether you will have to disjoin all your PCs and Rejoin them to the domain or there is an easier way to accomplish this ???
Thanks
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40520263
As I said if you have CA deployed already before the clients were joined to the domain and that this same CA was used to request and install the Certificates for Lync server then you wont have to do anything for the clients side. they will already have the CA certificate installed and all you need to do is just login.

No other configurations needed.
0
 

Author Comment

by:jskfan
ID: 40520441
Mohammed Hamada

I understand what you are saying.
What I am trying to understand is , most of the environments they already have the domain and clients joined to the domain. Then later , they decide to use Certificates for a specific purpose.in our case it's for Lync purpose.

I do not think they will have to go to each PC disjoin/rejoin it to the domain, jus to make the Lync client able to sign in.

Though, at the first place, I am not sure why Lync client even requires Certificate if its usage is only internal(between domain users)
0
 
LVL 24

Accepted Solution

by:
Mohammed Hamada earned 400 total points
ID: 40520496
No they won't go on each PC, that's why I said if Certification authority is not deployed for any purpose and it was deployed during Lync Installation then that's where GPO comes in handy but I've done dozens of Lync projects and in most cases (90%) customers had already CA deployed.

Lync talks only TLS with clients that's why it requires Certificate.

Here's an accurate video on how to deploy the CA certificate for all domain joined clients via the GPO.
http://www.youtube.com/watch?v=5W96z46mKr0
0
 

Author Closing Comment

by:jskfan
ID: 40520644
Excellent !!! well explained....
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fraud Email 22 76
exchange, squid, proxy, linux 6 37
exchange 7 20
exchange , office 365 3 16
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Having trouble getting your hands on Dynamics 365 Field Service or Project Service trial? Worry No More!!!
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question