Lync phone unable to sign in after windows update on Lync Server.

After update to Root Sertificates ( KB931125) You are constantly getting Warning in the eventlog. Also Lync Phones will be unable to sign in. The error message on the phone is that the “Registrar FQDN could not be resolved”.

UPDATED: On new Phones you will only get a message that login failed when trying to sign-in using extension and PIN.

On the Lync Frontend server:

Event Type: Warning
Event Source: Schannel
Event Category: None
Event ID: 36885
Date: date
Time: time
Description: When asking for client authentication, this server sends a list of trusted certification authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certification authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certification authorities trusted for client authentication and remove those that do not really need to be trusted.

The solution to this is to make the Lync server to not send the trusted root certification authority list.

Add registry key : (Method 3 : )

Value name: SendTrustedIssuerList
Value type: REG_DWORD
Value data: 0 (False)


This will be a problem for all services that requies client certificates thereby it could be a problem is you run NAC. 


Leave a Reply