• There Was A Problem Verifying The Certificate From The Server Skype For Business 2016 Mac
• There Was A Problem Verifying The Certificate From The Server Skype For Business Mac Os
• Skype For Business Mac Error There Was A Problem Verifying The Certificate From The Server

Skype for Business There was a problem verifying the certificate from the server. I have a problem with VVX600 it doesnt connect to Skype for Buisnes, referring to the SSL certificate. However, the second phone, too VVX600 conncected without problems. I have a problem with VVX600 it doesnt connect to Skype for Buisnes, referring to the SSL certificate. However, the second phone, too VVX600 conncected without problems. When a user tries to sign in to Microsoft Lync in a Lync Server 2013 environment for the first time, she receives the following message in a dialog box: Lync is attempting to connect to: server Lync cannot verify that the server is trusted for your sign-in address. I had the same issue as well during my isntallation. So I think it is a bug. To work around this, once the Edge server VM gets created and before the script finishes I copy the certificate to the Personal Certificates folder in the MMC on the Edge Server. The script seems happy once it sees it there.

Symptoms

This article describes two scenarios that occur when the Microsoft Lync client can't establish a trust relationship with resources that require a secure TLS connection.

Scenario 1

When a user tries to sign in to Microsoft Lync in a Lync Server 2013 environment for the first time, she receives the following message in a dialog box:

For example, the following trust model dialog box is displayed:

Scenario 2

The Lync – Sign In dialog box that's shown in the screen shot in Scenario 1 displays the fully qualified domain name (FQDN) of the organization's Exchange Client Access server (CAS) interface. This interface is used by the Lync client to access user mailbox information through Exchange Web Services (EWS). This behavior occurs if the Lync user's SIP URI contains a domain suffix that does not match the domain suffix of the Exchange CAS interface. If the user chooses not to trust the connection to the Exchange CAS interface, the Lync client will not have access to the Exchange mailbox services that are provisioned by EWS.

To verify this behavior, follow these steps:

1. Make sure that the Lync client is signed in to on the Windows client's desktop.
2. Hold down the CTRL key and right-click the Lync icon in the Windows client's notification area.
3. In the shortcut menu, click Configuration Information.
4. Locate the 'EWS Information' line.
5. If this line contains 'EWS not fully initialized,' you are experiencing the Scenario 2 behavior.

Cause

This issue occurs because the SIP domain name of the user does not match the domain names in the following properties in the certificate of Lync Web Services and Exchange Web Services:

• Subject Name
• Common Name

Resolution

There Was A Problem Verifying The Certificate From The Server Skype For Business 2016 Mac

To prevent display of the Trust Model dialog box, use the Trusted Domain List (TrustModelData) Group Policy. After you set this policy, Lync will exclusively trust the domains that are specified in the policy. Supported values:

• Not Configured (Default)/Disabled

  Through this setting, the following domains are trusted by default:

  • lync.com
  • outlook.com
  • lync.glbdns.microsoft.com
  • microsoftonline.com

• Enabled

  This setting specifies the list of domains to be trusted—for example: contoso.com, contoso.co.in.

For more information about the Lync 2013 Trusted Domain List (TrustModelData) Group Policy setting, see Configuring client bootstrapping policies.

For more information about the Lync 2013.admx (ADMX) and .adml (ADML) Administrative Templates, see Office 2013 Administrative Template files (ADMX/ADML) and Office Customization tool.

More Information

Scenario 1

The Lync 2013 desktop client uses the new automatic discovery mechanism to locate the internal or external Lync Web Service, depending on the network location of the user.

The following process occurs when the Lync 2013 desktop client tries to locate the Lync Web Service:

1. The Lync 2013 desktop client sends a pair of HTTP and HTTPS requests to locate the Lync Autodiscover Service. The HTTP and HTTPS requests consist of a default set of internal or external host name values and the SIP domain name of the user.

   For example, the Lync 2013 desktop client sends the following requests:

   http://LyncdiscoverInternal.contoso.com and https://LyncdiscoverInternal.contoso.com

   Note

   'LyncdiscoverInternal.contoso.com' is resolved to the FQDN or IP address of the Internal Lync Web Service.

   http://Lyncdiscover.contoso.com and https://Lyncdiscover.contoso.com

   Note

   'Lyncdiscover.contoso.com' is resolved to the FQDN or IP address of the external interface of the Reverse Proxy.

2. The Lync 2013 desktop client receives a response that contains the secure internal and external URLs of the Autodiscover Service from Web Services.

3. The Lync 2013 desktop client tries to contact the Autodiscover Service by using an HTTPS connection. If the SIP domain name of the user does not match the domain name in the Subject Name or Common Name property on the certificate that is assigned to Lync Web Service, the Trust Model dialog box is displayed.

Scenario 2

The Lync client makes https requests to the Exchange CAS interface as part of its post-sign-in process. These requests include access to the Exchange Autodiscover service through URLs that include the FQDN of the Exchange CAS interface. For example:

• https://<smtpdomain>/autodiscover/autodiscover.xml
• https://autodiscover.<smtpdomain>/autodiscover/autodiscover.xml

If the FQDN of the SMTP domain does not match the FQDN of the SIP domain that the Lync client is signed in to, the Scenario 2 issue occurs.

Still need help? Go to Microsoft Community.

Problem

When an Office 365 user tries to sign in to Skype for Business Online (formerly Lync Online) by using Lync 2010 or Lync 2013, the user receives the following error message:

Additionally, when you try to sign in to Lync after a network outage or a Skype for Business Online service outage, you receive the following error message:

There Was A Problem Verifying The Certificate From The Server Skype For Business Mac Os

Cause

This issue may occur if one or more of the following conditions are true:

• The software is out of date.

  • The Lync client is out of date.
  • The Microsoft Online Services Sign-In Assistant is out of date.

• The certificates cannot be acquired or validated.

  • The Skype for Business Online personal certificate or the cached credentials are corrupted or are out of date.
  • Part of the certificate chain is untrusted and the certificate chain fails validation.

Solution

Resolution for Lync 2013

Delete the sign in information

During the sign in process, Lync 2013 caches your credentials and other information about its connection to Skype for Business Online. If you have trouble signing in to Skype for Business Online, click Delete my sign-in information and Lync 2013 will automatically remove any saved password, certificates, and connection settings for the user account.

Resolution for Lync 2010

1. Update the Lync client to the latest version that's available on the Downloads page of the Office 365 portal.
2. Update the Microsoft Online Services Sign-In Assistant to the latest version.
3. Clear your cached certificates, credentials and connections.

Additional troubleshooting steps for Lync 2013 and Lync 2010

Note

Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

If the steps earlier in this article don't resolve the issue, try the following methods, as appropriate for your situation:

• When Lync connects to a specific front-end server, it caches that endpoint to make the sign-in process faster in the future. However, sometimes the endpoint can be changed and can cause sign-in to fail. To delete the endpoint cache, follow these steps:

  1. Locate the local application data folder:

     • Windows Vista, Windows 7 and Windows 8 (excluding Windows 8 RT):

       %LOCALAPPDATA%MicrosoftCommunicator<sip_address@contoso.com>

  • Windows XP:

    %USERPROFILE%Local SettingsApplication DataMicrosoftCommunicator<sip_address@contoso.com>

  2. Delete the folder associated with your sign-in address.
  3. Restart Lync, and then try to sign in to Skype for Business Online.

• If you're using Lync 2010, delete the Skype for Business Online personal certificate and then download a new one. Be aware that when the user clicks Save Password in Lync 2010, this action also saves the certificate in Windows Certificate Manager.

  To delete a personal certificate, follow these steps:

  1. Delete the certificate in Windows Certificate Manager. To do this, follow these steps:
     1. Open Windows Certificate Manager. To do this, press Windows + R, type certmgr.msc, and then click OK.
     2. Expand Personal, and then expand Certificates.
     3. Sort by the Issued By column, and then look for a certificate that's issued by Communications Server.
     4. Verify that the certificate is present and that it isn't expired.
     5. Delete the certificate and try to sign in to Skype for Business Online. If you can't sign in to Skype for Business Online, go to step 2.
  2. If you're running Windows 7, remove the user's stored credentials in Windows Credential Manager. To do this, follow these steps:

     1. Open Control Panel, and then click Credential Manager.

     2. Locate the set of credentials that's used to connect to Skype for Business Online.

     3. Expand the set of credentials, and then select Remove from Vault.

     4. Try to sign in to Skype for Business Online again, and then type your new set of credentials.

        Note

        These steps aren't necessary in Lync 2013 because the steps that were previously mentioned that delete sign in information removes the certificates automatically.

• Flush the DNS cache. To do this, follow these steps:

  1. Press Windows + R, type the following command, and then press Enter:

     Ipconfig /flushdns

• Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

  On the affected computers, check the following registry key:

  HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyMachineGuid

  If the value of MachineGuid contains braces around the GUID (for example, {c1cbd94c-0d35-414c-89ef-dd092b984883}), then remove the braces, restart Lync, and then try to sign in again.

Resolution for Skype for Business Online administrators: Validate the certificate chain

End-users may receive an error stating that the certificate can't be validated, and this usually happens because one of the certificates in the chain is untrusted and can't be validated. This typically occurs for customers who use single sign-on in Office 365 or for customers who have Lync hybrid deployments.

For more information about certificate validation with Lync, see Lync Mobile users cannot sign in after they update to client version 5.4.

Note

Skype For Business Mac Error There Was A Problem Verifying The Certificate From The Server

Although this article is written for mobile devices, the same concepts apply to Lync clients.

More Information

If the issue persists after you perform these troubleshooting steps, contact Microsoft Office 365 technical support or the Microsoft Office 365 Community forums. In certain cases, the Active Directory Domain Services user account may be incomplete or corrupted. Therefore, Skype for Business Online can't generate a personal certificate. This may not affect all of a tenant's accounts because the effect depends on the state of the server when the user account was created.

To narrow the issue, determine whether the issue occurs for multiple user accounts on the same computer. Then, try to sign in to Skype for Business Online from the same computer by using multiple user accounts. This process indicates whether the problem is related to the configuration of the computer or an issue with the Skype for Business Online user account.

Did this fix the problem?

• Check whether the problem is fixed.
  • If the problem is fixed, you are finished with these steps.
  • If the problem isn't fixed, go to Microsoft Community, or contact support.
• We'd appreciate your feedback. To provide feedback or to report any issues with this solution, please send us an email message.

Still need help? Go to Microsoft Community.