No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Lync 2010 Online and iPad can't verify the certificate from the server

This question is answered This question is answered

We have a Lync 2010 Online plan using active directory federated services for single sign-on and an on-premise Exchange 2010 server.

After downloading the Lync 2010 iPad client and configuring the sign-in options, I quickly receive the error "Can't verify the certificate from the server. Please contact your support team."  Unfortunately, I am the support team.

What certificate is it having a problem with?  The lync.online certificate, or our ADFS corporate certificate?  How do I fix this?

Verified Answer
  • Hi Brian,


    Please try using the manual configuration method on your iPad:


    The Sign-in address and Password fields are displayed on the sign-in screen. To access the User name, Domain, Internal discovery address, and External discovery address fields, select Server Settings on the sign-in screen.






    Internal discovery address: https://webdir.online.lync.com/Autodiscover/autodiscoverservice.svc/Root



    External discovery address: https://webdir.online.lync.com/Autodiscover/autodiscoverservice.svc/Root






    Let me know if this helps. If it doesn't, we may need to get a set of logs from you.


    Thanks,

    Justin

    1 out of 1 people found this post helpful.

All Replies
  • Hi Brian,

    Thanks for posting here. Before moving on, I'd like to confirm if the user can sign in Lync on their computer? If the answer is no, please perform the following steps to narrow down the issue:
     1.Can the user sign in to the Office365 portal? If the answer is yes, go next step
     2.Is the user licensed for Lync Online? If the answer is yes, go next step
     3.Is the user enabled for enterprise single sign-on(SSO) through an on-premises AD FS2.0 server? If the answer is yes, go next step
     4.If all SSO-enabled users in your company can't sign in to Lync Online?
    If the answer is yes, do this test:
    Try to access the company’s AD FS 2.0 WS-Metadata Exchange (MEX) document to confirm that rich clients such as Lync 2010 can authenticate through the company’s on-premises authentication system. Open Internet Explorer and browse to the MEX URL. The MEX URL usually has a format that resembles the following :
    https://sts.contoso.com/adfs/services/trust/mex
    Is the document successfully displayed in a web browser?
    Can not display, it means MEX document is not available through the web browser, the user will be unable to authenticate through any rich clients. Please refer to the link:
    http://support.microsoft.com/kb/2541980#ResolveIdentity

    For the detail troubleshooting steps, for your reference:(Please check "Resolve user identity and Office 365 authentication system issues in Lync 2010" part)
    http://support.microsoft.com/kb/2541980#ResolveIdentity

    If there are anything unclear, please feel free to contact me.

    Thanks,
    Allen Qiu

  • 1.Can the user sign in to the Office365 portal? If the answer is yes, go next step

    Yes, I can login without problem to portal using adfs login.

     2.Is the user licensed for Lync Online? If the answer is yes, go next step

    Yes, I am licensed for lync and can use the lync client on my workstation, in addition, the mobile client works fine on my Android mobile phone.

     3.Is the user enabled for enterprise single sign-on(SSO) through an on-premises AD FS2.0 server? If the answer is yes, go next step

    Yes, SSO and ADFS 2.0 is enabled and work fine for other functions such as Android mobile lync, SSO on the Online portal, and we have another application that utilizes the ADFS function as well, which does work on the iPad.

     4.If all SSO-enabled users in your company can't sign in to Lync Online?

    Unclear, All other SSO-enabled users can login to the portal and can use the lync client, but no others have attempted to use an iPad or other iOS device yet.

     5.Try to access the company’s AD FS 2.0 WS-Metadata Exchange (MEX) document

    Yes, from the iPad, I can successfully browse the MEX document.

     

    For what it is worth, the iPad I am trying to install this on uses our ADFS for sign-on to another web application we use and it has no problems at all.

     

    Again, this is a problem specific to the iPad and possibly iOS devices in general.  I am trying to get a iPhone charged and connected to a wireless network to test the iOS general theory.

  • Hi Brian,


    Please try using the manual configuration method on your iPad:


    The Sign-in address and Password fields are displayed on the sign-in screen. To access the User name, Domain, Internal discovery address, and External discovery address fields, select Server Settings on the sign-in screen.






    Internal discovery address: https://webdir.online.lync.com/Autodiscover/autodiscoverservice.svc/Root



    External discovery address: https://webdir.online.lync.com/Autodiscover/autodiscoverservice.svc/Root






    Let me know if this helps. If it doesn't, we may need to get a set of logs from you.


    Thanks,

    Justin

    1 out of 1 people found this post helpful.

  • I was able to get this to work finally, and I believe it had to do with the "User Name" field.  I was able to identify this after sending myself the diagnostic logs.  I am unfortunately one of the few situations at our company where my AD username is not the same as my primary SMTP address.  After making my sign-in address my primary e-mail and my user name, my AD username, it started working.

  • Hi Brian,

    Glad to hear it is working for you. If you have any more questions, please don't hesitate to ask.

    Regards,
    Justin