Microsoft Lync Certificate For Mac

admin
-->

Feb 17, 2017  Although an internal enterprise certification authority (CA) is recommended for internal servers, you can also use a public CA. For a list of public CAs that provide certificates that comply with specific requirements for unified communications (UC) certificates and have partnered with Microsoft to ensure they work with the Lync Server Certificate Wizard, see article Microsoft Knowledge Base. To check your preferences, on the Safari menu, click Preferences, and then click General. Double-click the file that you downloaded in step 5 to place the Microsoft Lync for Mac 2011 Update volume on your desktop, and then double-click the volume to open it. This step might have been performed for you. Certificates, MAC Recently we got some support request tickets regarding MAC clients which weren’t able to sign-in into Lync because they were missing the necessary root CA certificates. Those root CA certificates are required in order to sign-in into Lync rather it’s on the internal or external network. DocumentsMicrosoft User DataMicrosoft Lync Data. Start Lync for Mac, and then sign in to Skype for Business Online. On the Lync for Mac menu, click Preferences, click Account, and then clear the Use Microsoft Exchange for managing personal information check box.

Certificate

Sep 19, 2011 The Lync for Mac 2011 Deployment Guide is for system implementers, IT managers, system administrators, or other people who plan for, implement, and maintain Lync in their organizations. Lync is available as a standalone edition for volume licensing customers. To use Lync for Mac 2011, you need an email address and password from an organization that uses Lync Server, or has a business subscription to Office 365. Sign in to Lync for Mac Important: Make sure you’ve installed the most current Microsoft Lync for Mac 2011 Update.

Problem

When an Office 365 user tries to sign in to Skype for Business Online (formerly Lync Online) by using Lync 2010 or Lync 2013, the user receives the following error message:

Additionally, when you try to sign in to Lync after a network outage or a Skype for Business Online service outage, you receive the following error message:

Cause

This issue may occur if one or more of the following conditions are true:

  • The software is out of date.

    • The Lync client is out of date.
    • The Microsoft Online Services Sign-In Assistant is out of date.

  • The certificates cannot be acquired or validated.

    • The Skype for Business Online personal certificate or the cached credentials are corrupted or are out of date.
    • Part of the certificate chain is untrusted and the certificate chain fails validation.

Solution

Resolution for Lync 2013

Delete the sign in information

During the sign in process, Lync 2013 caches your credentials and other information about its connection to Skype for Business Online. If you have trouble signing in to Skype for Business Online, click Delete my sign-in information and Lync 2013 will automatically remove any saved password, certificates, and connection settings for the user account.

Resolution for Lync 2010

  1. Update the Lync client to the latest version that's available on the Downloads page of the Office 365 portal.
  2. Update the Microsoft Online Services Sign-In Assistant to the latest version.
  3. Clear your cached certificates, credentials and connections.

Additional troubleshooting steps for Lync 2013 and Lync 2010

Note

Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

If the steps earlier in this article don't resolve the issue, try the following methods, as appropriate for your situation:

  • When Lync connects to a specific front-end server, it caches that endpoint to make the sign-in process faster in the future. However, sometimes the endpoint can be changed and can cause sign-in to fail. To delete the endpoint cache, follow these steps:

    1. Locate the local application data folder:

      • Windows Vista, Windows 7 and Windows 8 (excluding Windows 8 RT):

        %LOCALAPPDATA%MicrosoftCommunicator<sip_address@contoso.com>

    • Windows XP:

      %USERPROFILE%Local SettingsApplication DataMicrosoftCommunicator<sip_address@contoso.com>

    1. Delete the folder associated with your sign-in address.
    2. Restart Lync, and then try to sign in to Skype for Business Online.

  • If you're using Lync 2010, delete the Skype for Business Online personal certificate and then download a new one. Be aware that when the user clicks Save Password in Lync 2010, this action also saves the certificate in Windows Certificate Manager.

    To delete a personal certificate, follow these steps:

    1. Delete the certificate in Windows Certificate Manager. To do this, follow these steps:
      1. Open Windows Certificate Manager. To do this, press Windows + R, type certmgr.msc, and then click OK.
      2. Expand Personal, and then expand Certificates.
      3. Sort by the Issued By column, and then look for a certificate that's issued by Communications Server.
      4. Verify that the certificate is present and that it isn't expired.
      5. Delete the certificate and try to sign in to Skype for Business Online. If you can't sign in to Skype for Business Online, go to step 2.
    2. If you're running Windows 7, remove the user's stored credentials in Windows Credential Manager. To do this, follow these steps:

      1. Open Control Panel, and then click Credential Manager.

      2. Locate the set of credentials that's used to connect to Skype for Business Online.

      3. Expand the set of credentials, and then select Remove from Vault.

      4. Try to sign in to Skype for Business Online again, and then type your new set of credentials.

        Note

        These steps aren't necessary in Lync 2013 because the steps that were previously mentioned that delete sign in information removes the certificates automatically. Running microsoft windows on mac.

  • Flush the DNS cache. To do this, follow these steps:

    1. Press Windows + R, type the following command, and then press Enter:

      Ipconfig /flushdns

  • Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

    On the affected computers, check the following registry key:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyMachineGuid

    If the value of MachineGuid contains braces around the GUID (for example, {c1cbd94c-0d35-414c-89ef-dd092b984883}), then remove the braces, restart Lync, and then try to sign in again.

Resolution for Skype for Business Online administrators: Validate the certificate chain

End-users may receive an error stating that the certificate can’t be validated, and this usually happens because one of the certificates in the chain is untrusted and can’t be validated. This typically occurs for customers who use single sign-on in Office 365 or for customers who have Lync hybrid deployments.

For more information about certificate validation with Lync, see Lync Mobile users cannot sign in after they update to client version 5.4.

Microsoft Lync Certificate For Mac Os

Note

Although this article is written for mobile devices, the same concepts apply to Lync clients.

More Information

If the issue persists after you perform these troubleshooting steps, contact Microsoft Office 365 technical support or the Microsoft Office 365 Community forums. In certain cases, the Active Directory Domain Services user account may be incomplete or corrupted. Therefore, Skype for Business Online can't generate a personal certificate. This may not affect all of a tenant's accounts because the effect depends on the state of the server when the user account was created.

Microsoft lync certificate for mac free

To narrow the issue, determine whether the issue occurs for multiple user accounts on the same computer. Then, try to sign in to Skype for Business Online from the same computer by using multiple user accounts. This process indicates whether the problem is related to the configuration of the computer or an issue with the Skype for Business Online user account.

Did this fix the problem?

  • Check whether the problem is fixed.
    • If the problem is fixed, you are finished with these steps.
    • If the problem isn't fixed, go to Microsoft Community, or contact support.
  • We'd appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the 'Fix it for me' blog or send us an email message.

Still need help? Go to Microsoft Community.

-->

Topic Last Modified: 2016-03-29

Microsoft Lync Server 2013 communications software supports the use of a single public certificate for access and web conferencing Edge external interfaces, plus the A/V Authentication service. The Edge internal interface typically uses a private certificate issued by an internal certification authority (CA), but can also use a public certificate, provided that it is from a trusted public CA. The reverse proxy in your deployment uses a public certificate and encrypts the communication from the reverse proxy to clients and the reverse proxy to internal servers by using HTTP (that is, Transport Layer Security over HTTP).

Microsoft Lync Certificate For Mac Download

Following are the requirements for the public certificate used for access and web conferencing Edge external interfaces, and the A/V authentication service:

  • The certificate must be issued by an approved public CA that supports subject alternative name. For details, see Microsoft Knowledge Base article 929395, 'Unified Communications Certificate Partners for Exchange Server and for Communications Server,' at https://go.microsoft.com/fwlink/p/?linkId=202834.

  • If the certificate will be used on an Edge pool, it must be created as exportable, with the same certificate used on each Edge Server in the Edge pool. The exportable private key requirement is for the purposes of the A/V Authentication service, which must use the same private key across all Edge Servers in the pool.

  • If you want to maximize the uptime for your Audio/Video services, review the certificate requirements for implementing a decoupled A/V Edge service certificate (that is, a separate A/V Edge service certificate from the other External Edge certificate purposes). For details, see Changes in Lync Server 2013 that affect Edge Server planning, Plan for Edge Server certificates in Lync Server 2013 and Staging AV and OAuth certificates in Lync Server 2013 using -Roll in Set-CsCertificate.

  • The subject name of the certificate is the Access Edge service external interface fully qualified domain name (FQDN) or hardware load balancer VIP (for example, access.contoso.com). ). The subject name can’t have a wildcard character, it must be an explicit name.

    Note

    For Lync Server 2013, this is no longer a requirement, but it is still recommended for compatibility with Office Communications Server.

  • The subject alternative name list contains the FQDNs of the following:

    • The Access Edge service external interface or hardware load balancer VIP (for example, sip.contoso.com).

      Free microsoft office alternative mac. Collaboration capability: The irony that we still rely on “office” suites when many of us no longer work in physical offices means the ability to collaborate remotely with others is now a required feature.

      Note

      Even though the certificate subject name is equal to the access Edge FQDN, the subject alternative name must also contain the access Edge FQDN because Transport Layer Security (TLS) ignores the subject name and uses the subject alternative name entries for validation.

    • The web conferencing Edge external interface or hardware load balancer VIP (for example, webcon.contoso.com).

    • If you are using client auto-configuration or federation, also include any SIP domain FQDNs used within your company (for example, sip.contoso.com, sip.fabrikam.com).

    • The A/V Edge service does not use the subject name or the subject alternative names entries.

    Note

    The order of the FQDNs in the subject alternative names list does not matter.

Microsoft Lync Download

If you are deploying multiple, load-balanced Edge Servers at a site, the A/V authentication service certificate that is installed on each Edge Server must be from the same CA and must use the same private key. Note that the certificate's private key must be exportable, regardless of whether it is used on one Edge Server or many Edge Servers. It must also be exportable if you request the certificate from any computer other than the Edge Server. Because the A/V authentication service does not use the subject name or subject alternative name, you can reuse the access Edge certificate as long as the subject name and subject alternative name requirements are met for the access Edge and the web conferencing Edge and the certificate’s private key is exportable.

Requirements for the private (or public) certificate used for the Edge internal interface are as follows:

  • The certificate can be issued by an internal CA or an approved public certificate CA.

  • The subject name of the certificate is typically the Edge internal interface FQDN or hardware load balancer VIP (for example, lsedge.contoso.com). However, you can use a wildcard certificate on the Edge internal.

  • No subject alternative name list is required.

The reverse proxy in your deployment services requests for:

  • External user access to meeting content for meetings

  • External user access to expand and display members of distribution groups

  • External user access to downloadable files from the Address Book Service

  • External user access to the Lync Web App client

  • External user access to the Dial-in Conferencing Settings web page

  • External user access to the Location Information Service

  • External device access to the Device Update Service and obtain updates

The reverse proxy publishes the internal server Web Components URLs. The Web Components URLs are defined on the Director, Front End Server or Front End pool as the External web services in Topology Builder.

Wildcard entries are supported in the subject alternative name field of the certificate assigned to the reverse proxy. For details about how to configure the certificate request for the reverse proxy, see Request and configure a certificate for your reverse HTTP proxy in Lync Server 2013.

See Also