Sunday, October 9, 2011
Cannot sign in to Lync. Lync was unable to sign in. Please verify your logon credentials again
I came across this very weird error when trying to access my Lync Server using our Edge Servers.
To add some background, I was using a non SOE laptop, running Windows 7 64-bit. Below is a description of the problem
1. I started my Microsoft Lync 2010 Client.
2. I entered my sign-in address (my client was set to Automatic Configuration). I clicked on Sign In
3. My client found my server and prompted me for my credentials.
4. I entered my username/password and clicked on Sign In
5. After some time, I got the error shown above.
No matter, how many times I tried entering my password, the same error kept on coming up.
Finally, after some searching I found out that the error was due to a mismatch in NTLM settings between my Lync Server and my client computer. My Lync Server was expecting a 128bit encrypted secure session from the client but my client was not doing this (this is the default setting on a Windows 2008 R2 server). Here is the KB article for it from Microsoft.
I had two options
1. Configure my server so that there was no explicit requirement for the 128bit encryption
2. Change my client computer to have a minimum of at least 128bit encrypted session
I chose to do 2. since I did not want to lower my session encryption.
To do this, on my local computer I did the following.
1. Opened up the Local Group Policy Editor
2. Browsed to
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
and changed both above from No minimum to Require 128-bit encryption
If you want to lower the server security settings, on the Lync Server, open up the Local Security Policy Editor (or your GPO Editor and then Default Domain Policy), then go to
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
and make sure the above are set to No Minimum (you will have to untick the 128-bit requirement)
This saved me a days anguish and hope others find this helpful.
(Special thanks to Rohit Gulati's Blog )
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment