When a Lync phone (in my scenario a Polycom CX700 and a Polycom CX3000) is connected to a Computer using a USB cable you can use the Lync client on the PC to logon to the Lync servers. An additional pop-up is shown where the credentials have to be entered:

But the Lync client will not logon and the pop-up appears all the time. At the same time you may see a message like “Cannot download certificate because domain is no accessible. If the problem persists, contact your system administrator” or something like this.

If you enter the UPN in the username field (i.e. jaapw@contoso.local) it does work though.

In my case the Active Directory domainname turned out to be contoso.local hence the .local UPN name. Using ADSIEdit it is possible to edit the user properties and I’ve changed the UPN to be identical to the SMTP domainname and tne SIP domainname, i.e. jaapw@contoso.com.

Now I still am able to logon to Lync environment (with the Polycom phone that is) successfully. But the strange thing is (I cannot explain this, maybe some Active Directory guru can explain this to me) the at this point the NetBIOS domain style for the username (i.e. Contoso\jaapw) also works when logging in to the Lync environment with the Polycom telephones.

So, if you run into this issue it might be worth looking into the UPN naming convention of your Active Directory environment.