DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2531068 - Last Review: July 28, 2014 - Revision: 7.0

Symptoms

When you sign in to Microsoft Lync 2010 by authenticating to the Microsoft Lync Online service, you receive the following message in a certificate trust dialog box:
Lync is attempting to connect to:

Autodiscover Service Address

Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?
Collapse this imageExpand this image
A screen shot of the Lync - Sign In dialog box, showing the error message

This dialog box appears during sign-in or after you sign in.

Cause

This dialog box is a "Trust Model Dialog" box. It is displayed when you are connecting to a server that is unknown to Lync. Lync must have your permission to verify whether to trust this server. For example, in the earlier screen shot, domainName.contoso.com is the unknown server.

The dialog box may be displayed in the following scenarios:
  • During sign-in to Lync to connect to the Lync server

    This means that the name of the Lync server that you are trying to connect is not trusted yet. Therefore, Lync requests confirmation from you.
  • After sign-in to Lync to connect to Exchange server

    After you are signed in, Lync tries to connect to your Microsoft Exchange Server mail server. This connection is required to provide you with rich Lync features. If your Lync sign-in address differs from your Exchange address, the dialog box that has the prompt is displayed. Otherwise, the dialog box is not displayed.
Be aware that this is a security feature and is not an issue or a problem. Lync will not connect to any unknown server until you confirm that it is trusted.

Resolution

We recommend that you verify the domain name that is displayed in the dialog box to verify that it is a trusted server that you want to connect to. After you decide to trust the server, follow these steps:
  1. In the dialog box, click to select the Always trust this server, do not show me this again check box.
  2. Click Connect.
After you perform these steps, the dialog box is no longer displayed when you connect to the server.

More information

Important This section contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows

To prevent the dialog box from being displayed, you can edit the following REG_SZ registry value:
HKEY_CURRENT_USER\Software\Microsoft\Communicator\TrustModelData
To do this manually for one computer, follow these steps:
  1. Start Registry Editor.
  2. Locate, and then double-click the TrustModelData egistry value:

    HKEY_CURRENT_USER\Software\Microsoft\Communicator\TrustModelData
  3. Add the Fully Qualified Domain Name (FQDN) of the server-based computer that is displayed in the Trust Model Dialog to the existing value data that is listed in the TrustModelData registry value.
Important The value data for the TrustModelData registry value is known as Address of Record (AOR) information. An AOR entry is in the format of a Fully Qualified Domain Name (FQDN). Separate AOR entries will be listed in a comma delimited list that makes up the value data for the TrustModelData registry value. For example: contoso.com, adatum.com, server01.fourthcoffeee.com. All additional AOR entries should be preceded with a comma before they are added to the list.

Note If the user’s Exchange mailbox domain server address differs from the Lync sign-in domain server address, the Trust Model Dialog box may appear after the user signs in. Administrators can use this procedure to append the Exchange mailbox domain server address to the value data of the TrustModelData registry value.

There are no Windows Active Direcrory Group Policies that can be used to manage the Lync 2010 TrustModelData registry value. Group Policy for the Lync 2010 TrustModelData registry value can be managed through manual registry edits on the Windows client-based computer or automated registry edits that are administered globally on the network to the Windows client-based computers. The following is an example of these registry locations to update:
  • HKEY_CURRENT_USER\Policies\Microsoft\Communicator
  • HKEY_LOCAL_MACHINE\Policies\Microsoft\Communicator

References

Lync identifies unknown servers and domains by using the Lync Autodiscover service. For more information about the Lync Autodiscover service, visit the following Microsoft website:
Understanding the Autodiscover service (http://technet.microsoft.com/en-us/library/bb124251.aspx)

Applies to
  • Microsoft Lync 2010
  • Microsoft Lync Online
Keywords: 
kbqfe kbsurveynew kbexpertisebeginner kbexpertiseinter vkbportal231 vkbportal237 kbgraphic o365e o365p o365a o365m o365022013 o365 KB2531068
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support