Several users started receiving certificate expiration warning messages on their computers regarding specific user certificates. Upon checking this certificate it turned out to be Lync Communication certificate as per the below screen shot.
This message is a normal Windows Warning Notification regarding a user certificate stored in the personal certificate store of the user account logged on this machine. In this specific case it was Microsoft Lync Communication certificate. When the Lync communication certificate expires, the client will just receive new certificate for the user SIP URI and everything should work normal.
However to manually stop receiving the warning shown above the user can check the box near the certificate and click done.
The question is why all users in the domain started getting these warning messages. To identify the root cause, i ran a GPRESULT from one of the client computers and i noticed a group policy configured across the domain with these warning settings. These specific settings are located under
“User Configuration/Windows Settings/Security Settings/Public Key Policies/Certificate Services Client – Auto-Enrollment Settings”
There is a checkbox as shown below for the Expiration Notification when the the given percentage of certificate lifetime is reached. To avoid getting these warning you can remove/uncheck this option and users won’t receive this notification.
It should be noted that if there is no group policy set, the users won’t get any notification and won’t even notice that the certificate expired and they got a new one.