Trusted Domains

The Lync client displays a dialog box that allows users accept the certificate from the Lync server if the SIP domain of the user account signing in is different from the name presented in the Subject or Subject Alt Name on the certificate. If the certificate configured for Lync Server in your organization does not have SIP domain name of LRS account in Subject or Subject Alt Name, you must configure those domains presented on the certificate under the Trusted Domains registry key on the LRS console machine. Your LRS manufacturer-provided LRS admin guide explains how and where to add trusted domains in the Lync client.

For example, assume the certificates configured on Lync Server have a Subject/Subject Alt Name of “CONTOSO.LOCAL” and one of the SIP domains assigned to a user for the LRS sign-in address is “” Because is not in the certificate, on the LRS machine, you will need to configure “contoso.local” as a trusted domain in the registry, as explained in your LRS manufacturer-provided LRS admin guide.