Tuesday, August 25, 2015

Lync 2013 Issue with EWS integration - Continuous Prompt for Credentials

Reason to write this article is recently i faced an issue for EWS integration with Skype For Business/Lync 2013.This may be helpful for you....

Most of the articles talking about adding the domain to trusted model registry,auto-discovery and EWS URLs configuration.But after doing all these my issue did not solved.

Issue: EWS Status showing EWS is not fully Initialized / EWS Not Deployed

Basic Things we need to check :-

  • DNS Entry for autodiscover.domain.com,Client machine should be able to resolve auto discover and EWS URLs
  • If the SIP domain and SMTP Domain is different Email address Comparisoncheckdisabled value in Client policy should be True.
  • EWS URL Should be deployed in Exchange Organisation
  • Basic Authentication should be Enabled for Auto discover and EWS Virtual directory of Exchange server(All CAS Servers).
  • Verify the Basic authentication using below command
         AutoDiscovery
    Get-AutodiscoverVirtualDirectory -Server <CAS01> |fl BasicAuthentication .This should return value True.
    If false set the value using 
    Set-AutodiscoverVirtualDirectory -Server <CAS01> -BasicAuthentication $true
    EWS
    Get-WebServicesVirtualDirectory -Identity CAS01 |fl BasicAuthentication .This Should return value True.
    If false set the value using
    Set-WebServicesVirtualDirectory -Identity CAS01 -BasicAuthentication $true
  • System web Proxy(PAC File or Manual Proxy) should exclude auto discover and EWS URLs
Now Will come to actual issue.Even after implementing all the above Lync client was not able to authenticate with Exchange server.Authentication windows was continuously popping up/Not accepting the credentials.


Solution:-We used fiddler to check what is happening with Exchange URL connectivity from Lync and found Lync client is trying to authenticate with Exchange using Negotiate:Kerberose mode and getting 401 Unauthorized access

  • Logged on to Exchange server
  • Opened INETMGR
  • Clicked on Auto discover Virtual Directory
  • Clicked on Authentication
  • Right Click on Windows authentication and Select Providers
  • Move NTLM to Top
  • Repeated the same for EWS

But even after doing this Lync is trying to Negotiate for the challenge

  • Logged on to Exchange server
  • Opened INETMGR
  • Clicked on Auto discover Virtual Directory
  • Clicked on Authentication
  • Right Click on Windows authentication and Select Providers
  • Remove Negotiate mode
  • Repeated the same for EWS

Enjoy Reading...Any doubt please comment...