"Lync cannot verify that the server is trusted for your sign-in address" message when a user tries to sign in to Lync 2013

Article translations Article translations
Article ID: 2833618 - View products that this article applies to.
Expand all | Collapse all

Summary

When a user tries to sign in to Microsoft Lync 2013 in a Lync Server 2013 environment for the first time, the user receives the following message in a dialog box:

Lync is attempting to connect to:
<Fully qualified domain name (FQDN) of a server>
Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?

For example, the following Trust Model dialog box appears:

Collapse this imageExpand this image
Screenshot for Trust Model dialog box

Cause

This issue occurs because the SIP domain name of the user does not match the domain names in the following properties in the certificate of the Lync Web Service:
  • Subject Name
  • Common Name

Workaround

To work around this issue, use one of the following methods:

Method 1: Manually modify the TrustModelData registry value

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

To manually modify the TrustModelData registry value for the user, follow these steps:
  1. Start Registry Editor on the computer on which the Lync 2013 desktop client is installed.
  2. Locate the following registry location on the computer:

    HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync

    Note If the Lync registry key does not exist, you must create the key.
  3. Right-click the Lync key, click New, and then click String Value.
  4. Type TrustModelData, and then press ENTER.
  5. Right-click TrustModelData, and then click Modify.
  6. In the Value date box, add the domain of the server that is displayed in the Trust Model dialog box.

Method 2: Use Group Policy to modify the TrustModelData registry value

Use Group Policy to modify the TrustModelData registry value for the user.

For more information about the Lync 2013 Trusted Domain List (TrustModelData) Group Policy, see Configuring Client Bootstrapping Policies.

For more information about the Lync 2013.admx (ADMX) and .adml (ADML) Administrative Templates, see Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool.

More information

The Lync 2013 desktop client uses the new automatic discovery mechanism to locate the Internal or External Lync Web Service, depending on the network location of the user.  

The following process occurs when the Lync 2013 desktop client tries to locate the Lync Web Service:

  1. The Lync 2013 desktop client sends a pair of HTTP and HTTPS requests to locate the Lync Autodiscover Service. The HTTP and HTTPS requests consist of a default set of internal or external host name values and the SIP domain name of the user.  

    For example, the Lync 2013 desktop client sends the following requests:

    http://LyncdiscoverInternal.contoso.com and https://LyncdiscoverInternal.contoso.com

    Note LyncdiscoverInternal.contoso.com is resolved to the FQDN or IP address of the Internal Lync Web Service.

    http://Lyncdiscover.contoso.com and https://Lyncdiscover.contoso.com 

    Note Lyncdiscover.contoso.com is resolved to the FQDN or IP address of the external interface of the Reverse Proxy.
  2. The Lync 2013 desktop client receives a response that contains the secure internal and external URLs of the Autodiscover Service from the Web Services.
  3. The Lync 2013 desktop client tries to contact the Autodiscover Service by using an HTTPS connection. If the SIP domain name of the user does not match the domain name in the Subject Name or Common Name property on the certificate that is assigned to Lync Web Service, the Trust Model dialog box appears.

Properties

Article ID: 2833618 - Last Review: September 3, 2013 - Revision: 2.0
Applies to
  • Microsoft Lync 2013
  • Microsoft Lync Server 2013
Keywords: 
kbsurveynew kbtshoot kbexpertiseinter KB2833618

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com