When you sign in to Microsoft Lync 2010 by authenticating to the Microsoft Lync Online service, you receive the following message in a certificate trust dialog box:
Collapse this imageExpand this image
This dialog box appears during sign-in or after you sign in.
This dialog box is a "Trust Model Dialog" box. It is displayed when you are connecting to a server that is unknown to Lync. Lync must have your permission to verify whether to trust this server. For example, in the earlier screen shot, domainName.contoso.com
is the unknown server.
The dialog box may be displayed in the following scenarios:
- During sign-in to Lync to connect to the Lync server
This means that the name of the Lync server that you are trying to connect is not trusted yet. Therefore, Lync requests confirmation from you.
- After sign-in to Lync to connect to Exchange server
After you are signed in, Lync tries to connect to your Microsoft Exchange Server mail server. This connection is required to provide you with rich Lync features. If your Lync sign-in address differs from your Exchange address, the dialog box that has the prompt is displayed. Otherwise, the dialog box is not displayed.
Be aware that this is a security feature and is not an issue or a problem. Lync will not connect to any unknown server until you confirm that it is trusted.
We recommend that you verify the domain name that is displayed in the dialog box to verify that it is a trusted server that you want to connect to. After you decide to trust the server, follow these steps:
- In the dialog box, click to select the Always trust this server, do not show me this again check box.
- Click Connect.
After you perform these steps, the dialog box is no longer displayed when you connect to the server.
This section contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
To prevent the dialog box from being displayed, you can edit the following REG_SZ registry value:
To do this manually for one computer, follow these steps:
- Start Registry Editor.
- Locate, and then double-click the TrustModelData egistry value:
- Add the Fully Qualified Domain Name (FQDN) of the server-based computer that is displayed in the Trust Model Dialog to the existing value data that is listed in the TrustModelData registry value.
The value data for the TrustModelData registry value is known as Address of Record (AOR) information. An AOR entry is in the format of a Fully Qualified Domain Name (FQDN). Separate AOR entries will be listed in a comma delimited list that makes up the value data for the TrustModelData registry value. For example: contoso.com, adatum.com, server01.fourthcoffeee.com. All additional AOR entries should be preceded with a comma before they are added to the list.Note
If the user’s Exchange mailbox domain server address differs from the Lync sign-in domain server address, the Trust Model Dialog box may appear after the user signs in. Administrators can use this procedure to append the Exchange mailbox domain server address to the value data of the TrustModelData registry value.
There are no Windows Active Direcrory Group Policies that can be used to manage the Lync 2010 TrustModelData registry value. Group Policy for the Lync 2010 TrustModelData registry value can be managed through manual registry edits on the Windows client-based computer or automated registry edits that are administered globally on the network to the Windows client-based computers. The following is an example of these registry locations to update:
Lync identifies unknown servers and domains by using the Lync Autodiscover service. For more information about the Lync Autodiscover service, visit the following Microsoft website: