Article ID: 2833618 - View products that this article applies to.
This article describes two scenarios that occur when the Lync client cannot establish a trust relationship with resources that require a secure TLS connection.
When a user tries to sign in to Microsoft Lync in a Lync Server 2013 environment for the first time, she receives the following message in a dialog box:
Lync is attempting to connect to:
<Fully qualified domain name (FQDN) of a server>
Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?
For example, the following Trust Model dialog box is displayed:
Collapse this imageExpand this image
The Lync – Sign In dialog box that's shown in the screen shot in Scenario 1 displays the fully qualified domain name (FQDN) of the organization’s Exchange Client Access Server (CAS) interface that's used by the Lync client to access user mailbox information through Exchange Web Services (EWS). This behavior occurs when the Lync user’s SIP URI contains a domain suffix that does not match the domain suffix of the Exchange CAS’s interface. If the user chooses not to trust the connection to the Exchange CAS interface, the Lync client will not have access to the Exchange mailbox services that are provisioned by EWS.
To confirm this behavior, follow these steps:
This issue occurs because the SIP domain name of the user does not match the domain names in the following properties in the certificate of Lync Web Services and Exchange Web Services:
To work around this issue, use one of the following methods.
Method 1: Manually modify the TrustModelData registry valueImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756)How to back up and restore the registry in Windows
To manually modify the TrustModelData registry value for the user, follow these steps:
Method 2: Use Group Policy to modify the TrustModelData registry valueUse Group Policy to modify the TrustModelData registry value for the user.
For more information about the Lync 2013 Trusted Domain List (TrustModelData) Group Policy, see Configuring client bootstrapping policies
For more information about the Lync 2013.admx (ADMX) and .adml (ADML) Administrative Templates, see Office 2013 Administrative Template files (ADMX/ADML) and Office Customization tool
The Lync 2013 desktop client uses the new automatic discovery mechanism to locate the internal or external Lync Web Service, depending on the network location of the user.
The following process occurs when the Lync 2013 desktop client tries to locate the Lync Web Service:
The Lync client makes https requests to the Exchange CAS interface as part of its post–sign-in process. These requests include access to the Exchange Autodiscover service through URLs that include the FQDN of the Exchange CAS interface. For example:
Article ID: 2833618 - Last Review: March 9, 2015 - Revision: 3.0