Possible Cause | Resolution |
---|---|
During sign-in, a dialog box appears that contains the following phrase: cannot verify that the server is trusted for your sign-in address. Connect anyway? | Verify that the domain name in the dialog box is a trusted server in your organization—for example, domainName.contoso.com. Ask the user to select the Always trust this server check box, and then click Connect. Enterprise customers can prevent this message from appearing when a user signs in for the first time by modifying the Windows registry on each user's computer. For details, see Modify TrustModelData registry keys. |
Mistyped sign-in address, user name, or password | Confirm that the user's sign-in name and password are correct. Verify that the user's sign-in name is formatted as follows: [email protected]. This may be different from the format you use to sign in to your organization's network. Ask the user to try signing in again. |
Forgotten password | Reset the user's password and notify him or her of the new temporary password. |
Not licensed to use Skype for Business Online | Confirm that the user is registered as a Skype for Business Online user. If not, register the user, and then ask him or her to sign in again. |
Wrong version of Skype for Business Online installed | This issue is usually associated with an error message that contains the following phrase: the authentication service may be incompatible with this version of the program. Ask the user to uninstall and reinstall Skype for Business Online from the Office 365 Portal. |
Problem acquiring a personal certificate that is required to sign in | If the user's sign-in address has recently changed, they may need to delete cached sign-in data. Ask users to sign out, click the Delete my sign-in info link on the sign-in screen, and then try again. |
You set up a custom domain name, and the changes may not have finished propagating through the system. | First, ensure that you have modified the Domain Name Service (DNS) records to reflect the change. If you have already made the necessary DNS changes, advise the user to try logging in later. DNS changes can take up to 72 hours to be reflected throughout the system. |
System clock out of sync with server clock | Ensure that your network domain controller is synchronizing with a reliable external time source. For details, see the Microsoft Knowledge Base article 816042, How to configure an authoritative time server in Windows Server. |
Error message | Possible cause | Resolution |
---|---|---|
Sign-in address not found | Sign-in requests from the Microsoft Online Services Sign-On Assistant (msoidsvc.exe) are not going through your external firewall, or proxy server. | Add a firewall entry for msoidsvc.exe to your proxy server |
Server is temporarily unavailable | If your organization has a custom domain, the necessary Domain Name System (DNS) settings may be missing or incorrect. | Update DNS settings |
Server is temporarily unavailable | If your organization is using single sign-on with Active Directory Federation Services (ADFS), you may have used a self-signed Secure Socket Layer (SSL) certificate rather than one from a third-party certification authority. | Install a third-party SSL certificate on your ADFS server |
Problem acquiring a personal certificate that is required to sign in | If you've already removed the cached server data used to sign in and the error continues to appear, the user's security credentials may be corrupted, or an RSA folder on the user's computer may be blocking authentication. | Update security credentials |
A certificate trust dialog box appears when a user signs in for the first time. | This dialog box appears if your Skype for Business server is not yet listed in the TrustModelData registry key. | Modify TrustModelData registry keys |
User is not SIP enabled | If your organization had a previous installation of Microsoft Office Communications Server or Microsoft Lync Server 2010, you may not have deleted your users from the server before decommissioning it. As a result, the msRTCSIP-UserEnabled attribute is still set to FALSE in Active Directory Domain Services. | Update user settings in Active Directory |
Application | Key | Value |
---|---|---|
msoidsvc | Disable | 0 |
msoidsvc | DisableEx | 0 |