I’ve configured a Skype for Business 2015 Front End Standard Server with an Edge Server. No Proxy Server yet.
I have a separate external third party UCC SSL Cert on the FE server for the external web services and a third party UCC SSL Cert for the Edge Server (just for sip.domain.com and domain.com, the default selections).
On the FE Default Server Certificate and Internal Web Services Certificates I used an internal CA for the certificates.
When external clients using Skype for Business 2015 Client attempt to connect using their email address (we only have to put in our email address and it finds the server) it comes up with an SSL Cert error stating “Lync is attempting to connect to domain.internaldomain.loca
l”, “CERTIFICATE DETAILS: domain.internaldomain.loca
l, Issued by: ‘name of internal CA’… etc” “Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?”
See attached image.
And if I connect anyway it doesn’t work because the internal CA is of course not externally trusted.
Anyhow, I can’t figure out why it’s trying to use the internal URLs rather than the external URLs and external SSL certs?