locked
Skype Client ask for Exchange credentials RRS feed

  • Question

  • Hello, thanks for reading!

    A few month ago, we start having ALL skype clients pompting for Exchange password: 

    I checked and the Exchange/Skype integration is working correctly:

    Besides, the skype client shows conected to the EWS:

    I'm running out of ideas, how shall I proceed?

    Regards!


    Tuesday, April 4, 2017 8:39 PM

Answers

  • Hi, finally the problem was an error with the authentication setting of the TMG rule for EWS, as the EWS URL is pointed to the TMG which load-balances the request  between 2 CAS servers. 

    Thnaks for the help!!

    • Marked as answer by JoaquinGomez Wednesday, April 26, 2017 2:33 PM
    Wednesday, April 26, 2017 2:31 PM

All replies

  • The Skype for business client uses the outlook API for an EWS connection which it must authenticate with for conversation history. Under many configurations this is expected behavior.
    Tuesday, April 4, 2017 8:42 PM
  • Hi JoaquinGomez,

    I can’t see these pictures in your post, could you post it again and could you translate the words in your pictures to English?

    Prompting for exchange credentials can be down to a number of factors:
    1.Basic auth only for exchange instead of NTLM
    2.UPNs not matching SIP address
    3.Autodiscover failures to Exchange
    4.EWS not deployed internally or externally

    Please check if your EWS is available in Lync configuration information, it not available, please try to deploy EWS for your environment. 
    If user’s SIP address does not match his/her SMTP address (mail address), he/she will be prompted for Exchange credential, so please also check if your SIP address is the same as your SMTP address.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Alice-Wang Wednesday, April 5, 2017 3:21 AM
    • Proposed as answer by Liinus Wednesday, April 5, 2017 10:25 AM
    • Marked as answer by JoaquinGomez Wednesday, April 26, 2017 2:28 PM
    • Unmarked as answer by JoaquinGomez Wednesday, April 26, 2017 2:28 PM
    Wednesday, April 5, 2017 3:20 AM
  • Hi JoaquinGomez,

    Have you tried clearing the local SIP cache of an affected user, as well as removing the cached credentials from the credential manager on the local machine?

    I'll often see this issue when users passwords expire or if a user updates their password.

    I've seen this issue too where F5 load balancers were being used for authentication to Exchange, and Skype didnt understand the useragent being presented by the F5, and therefore didnt pass through the credentials.

    - Craig
    blog.chiffers.com



    Wednesday, April 5, 2017 4:49 AM
  • Yes..this is bit problematic in some places.\because of the negotiation.Please refer the url below which solved many times.

    http://lyncforum.blogspot.in/2015/08/lync-2013-issue-with-ews-integration.html


    Jayakumar K

    Wednesday, April 5, 2017 7:19 AM
  • Hi JoaquinGomez,

    Have you tried clearing the local SIP cache of an affected user, as well as removing the cached credentials from the credential manager on the local machine?

    I'll often see this issue when users passwords expire or if a user updates their password.

    I've seen this issue too where F5 load balancers were being used for authentication to Exchange, and Skype didnt understand the useragent being presented by the F5, and therefore didnt pass through the credentials.

    - Craig
    blog.chiffers.com



    Hi, I even tried in a fresh installed VM!

    The problem seems to be general for all clients!

    Wednesday, April 5, 2017 6:02 PM
  • Are your sip and email domains different? If yes, run:

    Set-CsClientPolicy -DisableEmailComparisonCheck $true

    Also keep in mind, that lync client uses autodiscover exchange services (not like outlook clients get SCP from AD) on next dns records:
    https://<SMTP-Domain>/autodiscover/autodiscover.xml
    https://autodiscover.<SMTP-Domain>/autodiscover/autodiscover.xml
    http://autodiscover.<SMTP-Domain>/autodiscover/autodiscover.xml
    _autodiscover._tcp. <Домен SMTP> (SRV-record)
    So check your dns and if exchange autodiscover is different from autodiscover.<SMTP-Domain> then create srv record.

    MCSAnykey



    • Edited by Artem S. Smirnov Wednesday, April 5, 2017 7:26 PM
    • Proposed as answer by Alice-Wang Tuesday, April 11, 2017 10:13 AM
    • Unproposed as answer by JoaquinGomez Wednesday, April 26, 2017 2:28 PM
    Wednesday, April 5, 2017 6:39 PM
  • Hi, finally the problem was an error with the authentication setting of the TMG rule for EWS, as the EWS URL is pointed to the TMG which load-balances the request  between 2 CAS servers. 

    Thnaks for the help!!

    • Marked as answer by JoaquinGomez Wednesday, April 26, 2017 2:33 PM
    Wednesday, April 26, 2017 2:31 PM