When you sign in to Microsoft Lync 2010 by authenticating to the Skype for Business Online (formerly Lync Online) service, you receive the following message in a certificate trust dialog box:
Lync is attempting to connect to:
Autodiscover Service Address
Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?
This dialog box appears during sign-in or after you sign in.
This dialog box is a "Trust Model Dialog" box. It is displayed when you are connecting to a server that is unknown to Lync. Lync must have your permission to verify whether to trust this server. For example, in the earlier screen shot, domainName.contoso.com is the unknown server.
The dialog box may be displayed in the following scenarios:
During sign-in to Lync to connect to the Lync server
This means that the name of the Lync server that you are trying to connect is not trusted yet. Therefore, Lync requests confirmation from you.
After sign-in to Lync to connect to Exchange server
After you are signed in, Lync tries to connect to your Microsoft Exchange Server mail server. This connection is required to provide you with rich Lync features. If your Lync sign-in address differs from your Exchange address, the dialog box that has the prompt is displayed. Otherwise, the dialog box is not displayed.
Be aware that this is a security feature and is not an issue or a problem. Lync will not connect to any unknown server until you confirm that it is trusted.
We recommend that you verify the domain name that is displayed in the dialog box to verify that it is a trusted server that you want to connect to. After you decide to trust the server, follow these steps:
In the dialog box, click to select the Always trust this server, do not show me this again check box.
After you perform these steps, the dialog box is no longer displayed when you connect to the server.
Important This section contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To prevent the dialog box from being displayed, you can edit the following REG_SZ registry value:
Add the Fully Qualified Domain Name (FQDN) of the server-based computer that is displayed in the Trust Model Dialog to the existing value data that is listed in the TrustModelData registry value.
Important The value data for the TrustModelData registry value is known as Address of Record (AOR) information. An AOR entry is in the format of a Fully Qualified Domain Name (FQDN). Separate AOR entries will be listed in a comma delimited list that makes up the value data for the TrustModelData registry value. For example: contoso.com, adatum.com, server01.fourthcoffeee.com. All additional AOR entries should be preceded with a comma before they are added to the list.
Note If the user’s Exchange mailbox domain server address differs from the Lync sign-in domain server address, the Trust Model Dialog box may appear after the user signs in. Administrators can use this procedure to append the Exchange mailbox domain server address to the value data of the TrustModelData registry value.
There are no Windows Active Direcrory Group Policies that can be used to manage the Lync 2010 TrustModelData registry value. Group Policy for the Lync 2010 TrustModelData registry value can be managed through manual registry edits on the Windows client-based computer or automated registry edits that are administered globally on the network to the Windows client-based computers. The following is an example of these registry locations to update: