Thursday 20 June 2013

Lync 2013 prompting for credentials after successful sign in

We recently migrated our environment to Microsoft Office 2013 which of course comes with Lync 2013. Through all our testing and validation groups we saw a number of problems and fixed them as they appeared, unfortunately one was missed.



The Problem

After our initial roll out we had a number of users reporting Lync 2013 kept prompting them for credentials at random intervals. Our testing found the following facts regarding this situation.

  1. Lync seemed to be working perfectly minus the prompting for credentials
  2. The problem would only occur if Outlook had been opened at least once,  the prompt is related to Exchange/Outlook integration.
  3. If "Personal information manager" is set to None, under the personal options menu, the problem goes away.
  4. The problem is related to authentication with our internal proxy. If proxy is disabled in IE the problem goes away, it re-appears when proxy is re-enabled.

Even thought this didn't affect Lync performance or functionality it was annoying for the user, disabling Outlook integration wasn't an option as presence is one of our key uses for Lync.



The Solution

We tried all number of fixes before we resolved this problem. If anyone tells you Lync 2013 CU1 fixes this problem, tell them to test it again, it doesn't, at least it doesn't when proxy's are involved.

In our circumstance this error was related to Lync hitting an internal proxy server.We tried adding the URL's we found below to the IE proxy exclusion list, but Lync 2013 seems to ignore this list.

Unlike Lync 2010, Lync 2013 doesn't use pass-through authentication, this is related to the use of win http as an authentication conduit. We did also try playing with win http proxy settings via netsh but we had no success. It is said that this problem will be resolved in a future update.

Initially we tried passing our OWA/Exchange related URL's through the proxy without authentication but still the credentials box appeared.

Out come Wireshark and proxy logs and we finally found all the culprit URL's, you can find them listed below.
  • All exchange OWA/EWS URLs
  • login.microsoftonline.com
  • clientconfig.microsoftonline-p.net
We allowed these to transverse our internal proxy without requiring authentication and the problem was solved, no more authorization prompts, no more frustrated users. I added http and https to the Microsoft URL's for good measure.
Posted by at No comments:
Labels:

Wednesday 19 June 2013

Hiatus

Between the launch of Z87, to multiple projects at work and recently starting an IT degree, I haven't had much time to put into blogging.

Lately I've also had some personal projects such as building a reasonable sized Litecoin/Bitcoin farm, so far we are up to 7000 KH/s with another 2500 coming within a few weeks. I have an upcoming article for ABC Tech covering crypto currency, I can hopefully come at it from a different perspective than most other writers, by looking at the community from inside out.

I have a back log of blog posts to write shortly, the next up within a few weeks (I hope).

Cheers
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)