After a server-side operation or update, Lync Online users can’t sign in because of certificate related errors

Article translations Article translations
Article ID: 2604176 - View products that this article applies to.
Not sure what release of Office 365 you're using? Go to the following Microsoft website:
Am I using Office 365 after the service upgrade?
Expand all | Collapse all

On This Page

PROBLEM

When a Microsoft Office 365 user tries to sign in to Microsoft Lync Online by using Microsoft Lync 2010 or Microsoft Lync 2013, the user receives the following error message:
There was a problem acquiring a personal certificate required to sign in. If the problem continues, please contact your support team.
Additionally, when you try to sign in to Lync 2010 after a network outage or a Lync Online service outage, you receive the following error message:
Cannot sign in to Lync. You may have entered your sign-in address, user name, or password incorrectly, or the authentication service may be incompatible with this version of the program. If your sign-in information is correct and the problem persists, please contact your system administrator.

CAUSE

This issue may occur if one or more of the following conditions are true:
  • The Lync client is out of date.
  • If you're using Lync 2010, the Office 365 Desktop Setup Tool hasn't been run, or the Microsoft Online Services Sign In Assistant is out of date.
  • The Lync Online personal certificate or the cached credentials are corrupted or are out of date and have to be refreshed.
  • The system time of the computer is more than five minutes different from the Windows Azure AD authentication system servers.
  • Access to a specific RSA key container is locked after changing passwords.

SOLUTION

Resolution for Lync 2013

Collapse this imageExpand this image
assets folding start collapsed

Delete sign in information

During the sign in process, Lync 2013 caches your credentials and other information about its connection to Lync Online. If you have trouble signing in to Lync Online, click Delete my sign-in information and Lync 2013 will automatically remove any saved password, certificates, and connection settings for the user account.

Collapse this imageExpand this image
Screen shot of Lync 2013 sign in page


Collapse this imageExpand this image
assets folding end collapsed

Resolution for Lync 2010

Collapse this imageExpand this image
assets folding start collapsed
To have us fix the problem for you, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Resolutions for Lync 2010 and Lync 2103" section.

Fix it for me

To fix the problem, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard.

For Windows 8

Collapse this imageExpand this image
assets fixit1
Fix this problem
Microsoft Fix it 20045
Collapse this imageExpand this image
assets fixit2



For Windows 7, Windows Vista, Windows XP, Windows Server 2008, or Windows Server 2003


Collapse this imageExpand this image
assets fixit1
Fix this problem
Microsoft Fix it 50935
Collapse this imageExpand this image
assets fixit2


Notes
  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
  • If you aren't on the computer that has the problem, save the Fix it solution to a flash drive or a CD, and then run it on the computer that has the problem.
Then, go to the "Did this fix the problem?" section.

Collapse this imageExpand this image
assets folding end collapsed

Additional troubleshooting steps for Lync 2013 and Lync 2010

Collapse this imageExpand this image
assets folding start collapsed
If the steps earlier in this article don't resolve the issue, try the following methods, as appropriate for your situation:
  • Update the Lync client to the latest version that's available on the Downloads page of the Office 365 portal.
  • If you're using Lync 2010, update the Microsoft Online Services Sign In Assistant to the latest version by running the Office 365 Desktop Setup Tool from the Downloads page of the Office 365 portal.
  • When Lync connects to a specific front-end server, it caches that endpoint to make the sign-in process faster in the future. However, sometimes the endpoint can be changed and can cause sign-in to fail. To delete the endpoint cache, follow these steps:
    1. Locate the local application data folder:
      • Windows Vista, Windows 7 and Windows 8 (excluding Windows 8 RT):

        %LOCALAPPDATA%\Microsoft\Communicator\<sip_address@contoso.com>\ 
      • Windows XP:

        %USERPROFILE%\Local Settings\Application Data\Microsoft\Communicator\<sip_address@contoso.com>\
    2. Delete the folder associated with the user’s Session Initiation Protocol (SIP) address.
    3. Restart Lync 2010, and then try to sign in to Lync Online.
  • If you're using Lync 2010, delete the Lync Online personal certificate and then download a new one. Be aware that when the user clicks Save Password in Lync 2010, this action also saves the certificate in Windows Certificate Manager.

    To renew a user account certificate, follow these steps:
    1. Renew the certificate in Windows Certificate Manager. To do this, follow these steps:
      1. Open Windows Certificate Manager. To do this, press Windows + R, type certmgr.msc, and then click OK.
      2. Expand Personal, and then expand Certificates.
      3. Sort by the Issued By column, and then look for a certificate that's issued by Communications Server.
      4. Verify that the certificate is present and that it isn't expired.
      5. Delete the certificate and try to sign in to Lync Online. If you can't sign in to Lync Online, go to step 2.
    2. If you're running Windows 7, remove the user’s stored credentials in Windows Credential Manager. To do this, follow these steps:
      1. Open Control Panel, and then click Credential Manager.
      2. Locate the set of credentials that's used to connect to Lync Online.
      3. Expand the set of credentials, and then select Remove from Vault.
      4. Try to sign in to Lync Online again, and then type your new set of credentials.

        Note These steps aren't necessary in Lync 2013 because the steps that were previously mentioned that delete sign in information removes the certificates automatically.
  • Verify that the system time is within five minutes of the server timeby syncing your computer with a trusted time source.
    • If you're an Office 365 federated user in an organization that uses single sign-on (SSO), see the following Knowledge Base article:
      2578667 "Sorry, but we're having trouble signing you in" and "80045C06" error when a federated user tries to sign in to Office 365, Windows Azure, or Windows Intune
    • If you're using Windows XP, see the following Knowledge Base article:
      314054 How to configure an authoritative time server in Windows XP
    • For more information about how to validate the time, see the following Knowledge Base article:
      2581291 Lync Online sign-in error if settings such as the computer time, date, user name, or password are incorrect
  • Flush the DNS cache. To do this, follow these steps:
    1. Press Windows + R, type the following command, and then press Enter:

      Ipconfig /flushdns
  • On Windows XP, delete the Crypto RSA key container. To do this, follow these steps:
    1. Open Windows Explorer and locate the C:\Documents and Settings\<User>\Application Data\Microsoft\Crypto\RSA\ folder.
    2. Delete the RSA key subfolder. The name of the RSA key subfolder consists of a long string of numbers and characters. For example:

      S-1-5-21-433994307-1646369186-2100375486-500
    3. Restart the computer, and then try to sign in to Lync Online.
Collapse this imageExpand this image
assets folding end collapsed

MORE INFORMATION

If the issue persists after you perform these troubleshooting steps, contact Microsoft Office 365 technical support or the Microsoft Office 365 Community forums. In certain cases, the Active Directory Domain Services user account may be incomplete or corrupted. Therefore, Lync Online can't generate a personal certificate. This may not affect all of a tenant's accounts because the effect depends on the state of the server when the user account was created.

To narrow the issue, determine whether the issue occurs for multiple user accounts on the same computer. Then, try to sign in to Lync Online from the same computer by using multiple user accounts. This process indicates whether the problem is related to the configuration of the computer or an issue with the Lync Online user account.

Did this fix the problem?
  • Check whether the problem is fixed.
    • If the problem is fixed, you are finished with these steps.
    • If the problem isn't fixed, go to the Office 365 Community website, or contact support.
  • We'd appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me" blog or send us an email message.

Still need help? Go to the Office 365 Community website.

Properties

Article ID: 2604176 - Last Review: April 24, 2014 - Revision: 28.0
Applies to
  • Microsoft Office 365 for enterprises (pre-upgrade)
  • Microsoft Office 365 for small businesses  (pre-upgrade)
  • Microsoft Office 365 for education  (pre-upgrade)
  • Microsoft Lync Online
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
Keywords: 
o365 o365a kbfixme kbmsifixme o365p o365062011 pre-upgrade o365m kbgraphxlink o365e o365022013 after upgrade kbgraphic KB2604176

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com