Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

"Lync cannot verify that the server is trusted for your sign-in address." message when you sign in to Lync 2010 by authenticating to Skype for Business Online


View products that this article applies to.

Symptoms

When you sign in to Microsoft Lync 2010 by authenticating to the Skype for Business Online (formerly Lync Online) service, you receive the following message in a certificate trust dialog box:
Lync is attempting to connect to:

Autodiscover Service Address

Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?
A screen shot of the Lync - Sign In dialog box, showing the error message

This dialog box appears during sign-in or after you sign in.

↑ Back to the top


Cause

This dialog box is a "Trust Model Dialog" box. It is displayed when you are connecting to a server that is unknown to Lync. Lync must have your permission to verify whether to trust this server. For example, in the earlier screen shot, domainName.contoso.com is the unknown server.

The dialog box may be displayed in the following scenarios:
  • During sign-in to Lync to connect to the Lync server

    This means that the name of the Lync server that you are trying to connect is not trusted yet. Therefore, Lync requests confirmation from you.
  • After sign-in to Lync to connect to Exchange server

    After you are signed in, Lync tries to connect to your Microsoft Exchange Server mail server. This connection is required to provide you with rich Lync features. If your Lync sign-in address differs from your Exchange address, the dialog box that has the prompt is displayed. Otherwise, the dialog box is not displayed.
Be aware that this is a security feature and is not an issue or a problem. Lync will not connect to any unknown server until you confirm that it is trusted.

↑ Back to the top


Resolution

We recommend that you verify the domain name that is displayed in the dialog box to verify that it is a trusted server that you want to connect to. After you decide to trust the server, follow these steps:
  1. In the dialog box, click to select the Always trust this server, do not show me this again check box.
  2. Click Connect.
After you perform these steps, the dialog box is no longer displayed when you connect to the server.

↑ Back to the top


More Information

Important This section contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows

To prevent the dialog box from being displayed, you can edit the following REG_SZ registry value:
HKEY_CURRENT_USER\Software\Microsoft\Communicator\TrustModelData
To do this manually for one computer, follow these steps:
  1. Start Registry Editor.
  2. Locate, and then double-click the TrustModelData egistry value:

    HKEY_CURRENT_USER\Software\Microsoft\Communicator\TrustModelData
  3. Add the Fully Qualified Domain Name (FQDN) of the server-based computer that is displayed in the Trust Model Dialog to the existing value data that is listed in the TrustModelData registry value.
Important The value data for the TrustModelData registry value is known as Address of Record (AOR) information. An AOR entry is in the format of a Fully Qualified Domain Name (FQDN). Separate AOR entries will be listed in a comma delimited list that makes up the value data for the TrustModelData registry value. For example: contoso.com, adatum.com, server01.fourthcoffeee.com. All additional AOR entries should be preceded with a comma before they are added to the list.

Note If the user’s Exchange mailbox domain server address differs from the Lync sign-in domain server address, the Trust Model Dialog box may appear after the user signs in. Administrators can use this procedure to append the Exchange mailbox domain server address to the value data of the TrustModelData registry value.

There are no Windows Active Direcrory Group Policies that can be used to manage the Lync 2010 TrustModelData registry value. Group Policy for the Lync 2010 TrustModelData registry value can be managed through manual registry edits on the Windows client-based computer or automated registry edits that are administered globally on the network to the Windows client-based computers. The following is an example of these registry locations to update:
  • HKEY_CURRENT_USER\Policies\Microsoft\Communicator
  • HKEY_LOCAL_MACHINE\Policies\Microsoft\Communicator

↑ Back to the top


References

Lync identifies unknown servers and domains by using the Lync Autodiscover service. For more information about the Lync Autodiscover service, visit the following Microsoft website:

↑ Back to the top


Keywords: kbqfe, kbsurveynew, kbexpertisebeginner, kbexpertiseinter, vkbportal231, vkbportal237, vkbportal300, kbgraphic, o15, o365e, o365p, o365a, o365m, o365022013, o365, lynconline, yespartner, sbo, kb, vkbportal339

↑ Back to the top

Article Info
Article ID : 2531068
Revision : 2
Created on : 11/14/2019
Published on : 11/14/2019
Exists online : False
Views : 346