Hi,  

I am having issues with connecting to Lync externally.  When I run a connectivity test with the remote connectivity analyzer it comes back successful with no warnings.  

When I try to connect with the lync 2013 or 2010 mobile app I get "We cant verify the certificate from the server."

When I go to meet.domain.com or dialin.domain.com I get "Content was blocked because it was not signed by a valid security certificate."

I verified with my public CA that the certificate and chain were valid.

Does anyone have any ideas as to why this might be happening?

Servers:

Lync 2013 FE, Lync Reverse proxy with ARR 3.0, Lync 2013 Edge

Thanks

James

Hi I have seen this before. Have you installed your ssl providers root and intermediate certificates to the trusted root and intermediate stores on the reverse proxy server? Depending on your firewall restrictions it may be blocking http 80 outbound and so the arr server cannot perform crl lookups which also produce this error. Thanks Mark

• Proposed as answer by Eason HuangMicrosoft contingent staff, Moderator 5 minutes ago

Hi I have seen this before. Have you installed your ssl providers root and intermediate certificates to the trusted root and intermediate stores on the reverse proxy server? Depending on your firewall restrictions it may be blocking http 80 outbound and so the arr server cannot perform crl lookups which also produce this error. Thanks Mark

• Proposed as answer by Eason HuangMicrosoft contingent staff, Moderator Wednesday, April 01, 2015 7:17 AM

Hi I have seen this before. Have you installed your ssl providers root and intermediate certificates to the trusted root and intermediate stores on the reverse proxy server? Depending on your firewall restrictions it may be blocking http 80 outbound and so the arr server cannot perform crl lookups which also produce this error. Thanks Mark

• Proposed as answer by Eason HuangMicrosoft contingent staff, Moderator Wednesday, April 01, 2015 7:17 AM

Hi I have seen this before. Have you installed your ssl providers root and intermediate certificates to the trusted root and intermediate stores on the reverse proxy server? Depending on your firewall restrictions it may be blocking http 80 outbound and so the arr server cannot perform crl lookups which also produce this error. Thanks Mark

• Proposed as answer by Eason HuangMicrosoft contingent staff, Moderator Wednesday, April 01, 2015 7:17 AM
• Marked as answer by Eason HuangMicrosoft contingent staff, Moderator 5 hours 54 minutes ago

Hi I have seen this before. Have you installed your ssl providers root and intermediate certificates to the trusted root and intermediate stores on the reverse proxy server? Depending on your firewall restrictions it may be blocking http 80 outbound and so the arr server cannot perform crl lookups which also produce this error. Thanks Mark

• Proposed as answer by Eason HuangMicrosoft contingent staff, Moderator Wednesday, April 01, 2015 7:17 AM
• Marked as answer by Eason HuangMicrosoft contingent staff, Moderator Monday, April 13, 2015 1:31 AM

Hi,

Please double check the port on Reverse Proxy, make sure that you meet the port requirement in the link below:

https://social.technet.microsoft.com/Forums/office/en-US/6481e235-9463-47a9-9904-a4f54f38e1cc/lync-mobility-and-meetdialin-certificate-issues-with-lync-2013?forum=ocscertificates

Best Regards,
Eason Huang