A Director has the capability to use Kerberos, NTLM, or a combination of both to authenticate user traffic. Kerberos or NTLM can be used for authenticating users internally, but only the NTLM authentication protocol can be used to authenticate remote or external users. In the event of an Active Directory failure, clients can use a certificate issued by Lync Server to authenticate to servers.
A certificate is neither issued by nor used by a public key infrastructure. The only purpose for the certificate is in relation to authenticating Lync Server endpoints.
To configure the setting, open the Lync Server Control Panel and perform the following steps:
1. Open the Lync Server Control Panel.
2. Click Security.
3. Click ...