No announcement yet.

Lync 2010 Client - Can't Connect Externally

  • Filter
  • Time
  • Show
Clear All
new posts

  • Lync 2010 Client - Can't Connect Externally

    I am unable to connect my Lync 2010 client from an external non-domain PC over the internet. The client works only if I VPN in to my network, manually configure my client to point to the internal FQDN of my pool, which is FEPOOL.CONSOLTECHLAB.COM, then connects fine. Auto-config does not work. It will yield back the error "There was a problem verifying the certificate from the server." Then a peak in the event logs show Errors 4 (application log) and 36884 (system log), which indicate the client PC was expecting to see and/or in the certificate.

    When I try to connect over the internet (no VPN) with a manual config, setting my external server name/IP address to, I get the error "Cannot sign in because the server is temporarily available". I have also tried

    The certs on my Edge server were both generated by my internal domain CA. The internal is called (server name is, and has no SANs. The external is called, and has the SAN's sip, access, and webconferencing. My Lync topology has as the FQDN of external web services.

    I have installed the root CA from my internal domain on my test PCs.

    Why is my client looking for sipexternal and sipinternal? Are these default names that the Lync client looks for when it can't find the name specified in the SRV record? My internal SRV record is, and it points to port 5061 of, which is an additional "A" record that points to the IP address of my front end pool (and the single server that is in that pool at the moment,

    Some additional details:

    - I have a public SRV record in place for, that points to
    - There is an "A" record in place for It is the IP address of of the external interface of my Edge server.
    - My Edge server's external interface is direct on the internet, with no firewall. Just the Windows Firewall, which has the necessary ports open.
    - I have exported the root CA cert of my domain as well as the front end server's cert to my home PC.

    Any thoughts and ideas will be most appreciated. Thanks!

  • #2
    Re: Lync 2010 Client - Can't Connect Externally

    Figured it out. Wasn't able to resolve the front end pool name from from the Edge server. I had added the front end pool's server name to the Edge server's HOSTS file, but not the pool name. Once I did so, external connectivity was established, and all green lights in the Test Connectivity site.


    • #3
      Re: Lync 2010 Client - Can't Connect Externally

      Please try this :

      - Download & launch the Lync troubleshooting tool (RUCT.ZIP) on the workstation

      - Into certificate information tab, enter Lync server name and port number (eg. 5061) then click GO

      - Once completed, click "install certificate in local machine certificate store" and it's done...