Error message when an Office 365 user tries to sign in to Lync Online: "There was a problem acquiring a personal certificate required to sign in"

When a Microsoft Office 365 user tries to sign in to Microsoft Lync Online by using Microsoft Lync 2010 or Microsoft Lync 2013, the user receives the following error message:

This issue may occur if one or more of the following conditions are true:

• The Lync client is out of date.
• If you're using Lync 2010, the Office 365 Desktop Setup Tool hasn't been run, or the Microsoft Online Services Sign In Assistant is out of date.
• The Lync Online personal certificate or the cached credentials are corrupted or are out of date and have to be refreshed.
• The system time of the computer is more than five minutes different from the Windows Azure AD authentication system servers.
• Access to a specific RSA key container is locked after changing passwords.

Resolution for Lync 2013

Delete sign in information

During the sign in process, Lync 2013 caches your credentials and other information about its connection to Lync Online. If you have trouble signing in to Lync Online, click Delete my sign-in information and Lync 2013 will automatically remove any saved password, certificates, and connection settings for the user account.

Resolution for Lync 2010

To have us fix the problem for you, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Resolutions for Lync 2010 and Lync 2103" section.

Fix it for me

To fix the problem, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard.

For Windows 8

Fix this problem

(http://go.microsoft.com/?linkid=9824106)

Microsoft Fix it 20045


For Windows 7, Windows Vista, Windows XP, Windows Server 2008, or Windows Server 2003

Fix this problem

(http://go.microsoft.com/?linkid=9818930)

Microsoft Fix it 50935

Notes

• This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
• If you aren't on the computer that has the problem, save the Fix it solution to a flash drive or a CD, and then run it on the computer that has the problem.

Then, go to the "Did this fix the problem?" section.

Additional troubleshooting steps for Lync 2013 and Lync 2010

If the steps earlier in this article don't resolve the issue, try the following methods, as appropriate for your situation:

• Update the Lync client to the latest version that's available on the Downloads page of the Office 365 portal.
• If you're using Lync 2010, update the Microsoft Online Services Sign In Assistant
  (http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff637585.aspx)
  to the latest version by running the Office 365 Desktop Setup Tool from the Downloads page of the Office 365 portal.
• If you're using Lync 2010, delete the Lync Online personal certificate and then download a new one. Be aware that when the user clicks Save Password in Lync 2010, this action also saves the certificate in Windows Certificate Manager.
  
  To renew a user account certificate, follow these steps:
  1. Renew the certificate in Windows Certificate Manager. To do this, follow these steps:
     1. Open Windows Certificate Manager. To do this, press Windows + R, type certmgr.msc, and then click OK.
     2. Expand Personal, and then expand Certificates.
     3. Sort by the Issued By column, and then look for a certificate that's issued by Communications Server.
     4. Verify that the certificate is present and that it isn't expired.
     5. Delete the certificate and try to sign in to Lync Online. If you can't sign in to Lync Online, go to step 2.
  2. If you're running Windows 7, remove the user’s stored credentials in Windows Credential Manager. To do this, follow these steps:
     1. Open Control Panel, and then click Credential Manager.
     2. Locate the set of credentials that's used to connect to Lync Online.
     3. Expand the set of credentials, and then select Remove from Vault.
     4. Try to sign in to Lync Online again, and then type your new set of credentials.
        
        Note These steps aren't necessary in Lync 2013 because the steps that were previously mentioned that delete sign in information removes the certificates automatically.
• Verify that the system time is within five minutes of the server timeby syncing your computer with a trusted time source.
  • If you're an Office 365 federated user in an organization that uses single sign-on (SSO), see the following Knowledge Base article: 
    2578667

    (http://support.microsoft.com/kb/2578667/ )

    "Your organization could not sign you in to this service" error and "80045C06" error code when a federated user tries to sign in to Office 365
  • If you're using Windows XP, see the following Knowledge Base article:
    314054

    (http://support.microsoft.com/kb/314054/ )

    How to configure an authoritative time server in Windows XP
  • For more information about how to validate the time, see the following Knowledge Base article:
    2581291

    (http://support.microsoft.com/kb/2581291 / )

    Error message when a user tries to sign in to Lync Online: "Cannot sign in to Lync"
• Flush the DNS cache. To do this, follow these steps:
  1. Press Windows + R, type the following command, and then press Enter:
     
     Ipconfig /flushdns

• On Windows XP, delete the Crypto RSA key container. To do this, follow these steps:
  1. Open Windows Explorer and locate the C:\Documents and Settings\<User>\Application Data\Microsoft\Crypto\RSA\ folder.
  2. Delete the RSA key subfolder. The name of the RSA key subfolder consists of a long string of numbers and characters. For example:
     
     S-1-5-21-433994307-1646369186-2100375486-500
  3. Restart the computer, and then try to sign in to Lync Online.

If the issue persists after you perform these troubleshooting steps, contact Microsoft Office 365 technical support or the Microsoft Office 365 Community forums. In certain cases, the Active Directory Domain Services user account may be incomplete or corrupted. Therefore, Lync Online can't generate a personal certificate. This may not affect all of a tenant's accounts because the effect depends on the state of the server when the user account was created.

To narrow the issue, determine whether the issue occurs for multiple user accounts on the same computer. Then, try to sign in to Lync Online from the same computer by using multiple user accounts. This process indicates whether the problem is related to the configuration of the computer or an issue with the Lync Online user account.

Did this fix the problem?

• Check whether the problem is fixed.
  • If the problem is fixed, you are finished with these steps.
  • If the problem isn't fixed, go to the Office 365 Community
    (http://community.office365.com)
    website, or contact support
    (http://support.microsoft.com/contactus)
    .
• We'd appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me
  (http://blogs.technet.com/fixit4me/)
  " blog or send us an email
  (mailto:fixit4me@microsoft.com?Subject=KB)
  message.