An MTLS connection will succeed only if the subject name for the MTLS certificate is the FQDN (fully qualified domain name) of the Communicator Web Access server.
 
 
warning:Communicator was unable to authenticate because an authenticating authority was not reachable.
Resolution:
The server may be asking for Kerberos authentication and Communicator is not able to find the Kerberos Domain Controller in order to generate credentials and authenticate. The network administrator will need to change the configuration on the server to utilize only NTLM authentication before Communicator can login from this location properly, or connectivity will need to be made available to an authenticating authority.
 
solution:Your description of disabling Kerberos is not what I was trying to communicate. Do not disable this for your domain or on domain controllers as this will have significant negative impact to the domain. I wanted you to disable it on the OCS server. Open the OCS MMC - Navigate to the Enterprise or Standard Edtion level, select the pool (if SE this will be the FQDN of the server). Right click, select properties, front end properties and on the authentication tab select NTLM. The setting of Both NTLM and Kerberos won't work for a domain joined system as it will choose Kerberos as it is more secure.