No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Lync Certificate Prompts

  • 4 Followers
  • 18 Replies |
  • This post has 0 verified answers |
Answered (Not Verified) This question has suggested answer(s)

Greetings,

 

 It seems that nearly every day, I am being prompted about certificates from Lync.

Today, I am prompted for a certificate that is about to expire, and the date is yesterday.

so, I start Lync, and it renews the certificate, with an expiration date of today!

 

So, tomorrow, I will get the same warning, and then Lync will load, renew it, etc...

 

This is really obnoxious.  What can I do about it?

 

  • Post Points: 95
All Replies
  • Hi Jason,

    I understand the issue is you are promoted about certificate warning when login Lync client.

    Firstly, I’d like to narrow down this issue by asking the following questions:

    1), Can you login Lyn client properly, or have you encountered any other issue when using Lync client?
    2), Did this issue occur with specify user or multiple users in your company?

    Then, I’d like you can do the following steps to troubleshoot this issue:

    1), Update Lync client to the latest version.
    To do this, please download and install the proper version of Lync client from Office 365 portal> downloads page.

    2), Configure Lync client to work with Office 365.
    To do this, please download and run the Desktop setup from Office 365 portal> Downloads page. If you have already done this, please re-run it to insure the configuration.

    In addition, I’d like you can refer to the following KB article to try to resolve this issue: http://support.microsoft.com/kb/2604176

    If you have any additional questions, please feel free to post them in the forum.

    Best Regards,
    Evan Zhang

     

    • Top 25 Contributor
    • Post Points: 0
  • Evan,

    Questions you asked:

    1) The Lync login process is fine.  Windows prompts that the certificate is expiring. Once I load lync a new certificate is issued. But certificate is only good for 1 day.

    2) This happens on all Lync clients

    Suggestions you made:

    1) It is the latest version of lync with all updates applied.

    2) That component is installed.

    The KB you linked is not the same issue. I do not get an error message in Lync.  I get a popup from Windows 7 indicating that my user has  certificates that are going to expire.  When Lync loads, the certificate is renewed.  

    If Lync loads quickly enough then Windows will not prompt because the certificate is renewed before Windows can complain.

    If Lync is configured to load manually, then every day Windows prompts about certificates expiring because Lync is being issues a 1 day certificate.

    Does that make sense?

    • Not Ranked
    • Post Points: 0
  • Hi Jason,

    The above KB article can help to troubleshoot general Lync certificate issues.

    Based on the current situation, I’d like you can troubleshoot this issue by deleting the Crypto RSA key container.

    Please see the following steps:

    1. Open Windows Explorer and locate the C:\Documents and Settings\<User>\Application Data\Microsoft\Crypto\RSA\ folder. (For Windows Vista and Windows 7, the location is C:\Users\<User>\AppData\Roaming\Microsoft\Crypto\RSA)

    2. Delete the RSA key subfolder. The name of the RSA key subfolder consists of a long string of numbers and characters. For example:

    S-1-5-21-433994307-1646369186-2100375486-500

    3. Restart the computer, and then try to sign in to Lync Online.

    If you need any further assistance, please feel free to respond.

    Best Regards,

    Evan Zhang

    • Top 25 Contributor
    • Post Points: 0
  • Hi Jason,

    Any updates on this issue? Have you resolved this issue on your side or do you need any further assistance?

    Best Regards,

    Evan Zhang

    • Top 25 Contributor
    • Post Points: 0
  • I deleted the information you requested and rebooted.  Upon logging in, Windows 7 has indicated that a certificate for Client Authentication is expiring on 05/24/2012 and needs to be renewed.

    This is the certificate that Lync obtained the last time I ran it.  Lync is not running yet.

    • Not Ranked
    • Post Points: 0
  • Hi Jason,

    I understand the promotes appears before you starting Lync client, in addition, this issue occur with all the users in your company.

    Based on the above situation, this issue can be caused the Lync connection issue (can’t generate a correct certificate) or the Lync configuration issue.

    As this issue occur with your own company, to troubleshoot the network connection issue, I suggest you try to reproduce this issue on an external environment (For example: Home computer).
    In addition, I’d like you can refer to the following KB article to make sure the Lync connections was not blocked by firewall: http://support.microsoft.com/kb/2409256

    Then, to troubleshoot the Lync configuration issue, I suggest you try to renew the certificate in Windows Certificate Manager to see if any improvement.
    Please refer to the following steps to do so:
    1.Click Start, click Control Panel, and then click Credential Manager.
    2.Locate the set of credentials that is used to connect to Lync Online.
    3.Expand the set of credentials, and then select Remove from Vault.
    4.Restart computer.

    If you need any further assistance, please feel free to respond.

    Best Regards,
    Evan Zhang

    • Top 25 Contributor
    • Post Points: 0
    Suggested by
  • I do not have any credentials stored in the Credential Manager.

    I believe an important concept is being miss-communicated, so I am going to just outline the scenario from the top.

    1) Configure Lync to not start with windows.

    2) Start Lync manually.

       * Lync gets a certificate that is only valid for 8 hours.

    3) Close Lync.

    4) Wait 8 hours

    5) Log off/Reboot

     * Upon logging back in windows will complain that the certificates are going to expire.

     * This is because Lync is getting a certificate that is only valid for 8 hours!!!!

    There is not a technical problem here.

    Now, take it one step further. If Lync is configured to Run at tiem of log in, Lync will typically renew the certificate before Windows has a chance to check it.  However, this does not always occur, causing Windows to complain that the certificate is going to expire as well.

    By the time you check it, Lync has already got a new one.  Sort of like a "race issue."

    But the outlined steps above should be reproducible on any system that does not load Lync at start up.

    • Not Ranked
    • Post Points: 0
  • Hi, this seems to be a client side problem. The certificate expired issue sometimes be caused your system time is not the same as the server, please double confirm that the system time is within five minutes of the server time, and the region you selected at Office 365 portal is the same as you are in.

    • Not Ranked
    • Post Points: 0
  • My system time is the same as "the server" (Not sure what server you mean, in this case, but I'll go with a domain controller)

    The region of Office 365 is the same as the region I'm in.

    • Not Ranked
    • Post Points: 0
  • Jason Gauthier,

    For me to better get an idea of what is going on here, please answer the following questions:

    1)  Are you using an Active Directory within your network?

    2)  Is there a VPN involed in the connection?

    3)  Is this occuring for any other applications, i.e. Outlook?

    4)  Lync Online or Lync On-Premise?

    The previous person asked you if you system time was the same as the server time.  To clearify this questions, is you system time/date within 5min of what time it is actually?  If you systme time/date is being set by the Domain Controller, if could be setting your time incorrectly.  If you system is not correct, by more than 5min, you WILL have issues with certificates. 

    Charlie Gaither
    Microsoft Lync Online Support

    • Not Ranked
    • Post Points: 0
  • Charlie:

    1) Yes, we are using AD, and we are using SSO with Office 365 for Lync.

    2) Nope.

    3) We are only using Lync at this point

    4) Online

    The time is accurate on all my systems.

    • Not Ranked
    • Post Points: 0
  • Were having the same issue, I've tried all the steps related in this post but seriously I don't want to initiate this for over 250 plus users. I've consulted with microsoft and sounds like they want to create a script to address this. The cert is only valid for 8 hour increments according to MS. Does anyone have an idea to fix this seamlessly?

    Thanks,

    • Not Ranked
    • Post Points: 0
  • Jason Gauthier,

    Chadttman is correct when stating that the cert is only valid for 8hr increments.  This issue is that you have a group policy setting enabled for your computer that shows warnings when a certificate is about to expire.  I found this information per this article:

    http://social.technet.microsoft.com/Forums/en-GB/ocscertificates/thread/3db8a65a-5062-4485-a07b-0de4beddd44b

    So it looks like this is group policy is the cause of this and if enabled this is the correct functionality of the eviroment you are in.  Please verify this group policy is the cause of this by disabling it, just for testing, then wait over 8hours for the certificate to expire and renew itself automaticlly.  If you do not receive the warning after this, we can conclude this to be the cause and it will be up to you if you would like to have this group policy enabled or not after this.

    Charlie Gaither
    Microsoft Lync Online Support

    • Not Ranked
    • Post Points: 0
    Suggested by
  • Charlie,

    You were right. this was actually set on the user.  Thanks for pointing that out. I was sure it wasn't!

    • Not Ranked
    • Post Points: 0
  • Jason Gauthier,

    I'm glad to hear that resolved your issue.  Is there anything else I can assist you with?

    Charlie Gaither
    Microsoft Lync Online Support

    • Not Ranked
    • Post Points: 0
  • What was the fix?

    • Not Ranked
    • Post Points: 0
  • Chadttman,

    Here again are the instructions I provided for Jason:

    This issue is that you have a group policy setting enabled for your computer that shows warnings when a certificate is about to expire.  I found this information per this article:

    http://social.technet.microsoft.com/Forums/en-GB/ocscertificates/thread/3db8a65a-5062-4485-a07b-0de4beddd44b


    So it looks like this is group policy is the cause of this and if enabled this is the correct functionality of the eviroment you are in.  Please verify this group policy is the cause of this by disabling it, just for testing, then wait over 8hours for the certificate to expire and renew itself automaticlly.  If you do not receive the warning after this, we can conclude this to be the cause and it will be up to you if you would like to have this group policy enabled or not after this.

    So to fix this please disable the group policy.

    Charlie Gaither
    Microsoft Lync Online Support

    • Not Ranked
    • Post Points: 0
    Suggested by
  • Chadttman,

    Here again are the instructions I provided for Jason:

    This issue is that you have a group policy setting enabled for your computer that shows warnings when a certificate is about to expire.  I found this information per this article:

    http://social.technet.microsoft.com/Forums/en-GB/ocscertificates/thread/3db8a65a-5062-4485-a07b-0de4beddd44b


    So it looks like this group policy is the cause of this and if enabled this is the correct functionality of the eviroment you are in. 

    So to fix this please disable the group policy.

    Charlie Gaither
    Microsoft Lync Online Support

    • Not Ranked
    • Post Points: 0
    Suggested by
Page 1 of 2 (19 items) 1|2|