Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

This issue occurs in the following scenario:

  • You disable Windows Challenge/Response (NTLM) for external authentication of Microsoft Skype for Business 2016 or Microsoft Lync 2013 clients.

  • You are running virtual private network (VPN) split-tunneling that forces all traffic to pass through an Edge server and an encrypted VPN tunnel.

If the validity period for the client certificates that are issued for TLS-DSK authentication is 180 days, the client certificates incorrectly begin to renew within 12 hours before they expire. The correct date of renewing should be 30 days or one-third of the validity period before the expiration date.

When this issue occurs, if a certificate expires when the user device is offline, the user cannot remotely sign in to Skype for Business 2016 or Lync 2013 on the device by using the expired certificate.

This issue also occurs in Microsoft 365 versions of Office.

Cause

This issue occurs because Skype for Business 2016 or Lync 2013 calculates the threshold of when client certificates are renewed incorrectly.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×