none
New Lync 2013 Pool - Issue with Address Book and two Authentication Prompts with new Lync 2013 pool RRS feed

  • Question

  • Hello,

    I've deployed a new Lync 2013 pool in a second AD site.  This pool has a failover relationship to the first pool.  So when I move a user to the new pool from the control panel, the user signs into the new pool successfully and can chat with other users.  The issue is that shortly after the client signs in, they are presented with an authentication prompt: Skype for business needs your user name and password to connect for retrieving response groups.  I can't successfully authenticate here.  If I click cancel, I then get a new "Credentials are required" prompt: Skype for Business Needs your user name and password to connect to the address book.  Same thing here, can't authenticate so I can only click cancel.  After doing so, the Address Book is not working, even though the mode is WebSearchOnly.  No results are found, I'm not getting a any message here about the Address Book Synchronizing.  

    If I check the Configuration Information from the client, MAPI and EWS Status are OK.  ABS Server Internal URL is right.  

    If I tried to browse to that ABS Server Internal URL, https://lyncpool02.domain.local:443/abs/handler, I get a basic authentication prompt that I can sign into, which is the same result as the working pool.

    Test-CsAddressBookWebQuery Results:

    Target Fqdn   : lyncpool02.domain.local
    Target Uri    : https://lyncpool02.domain.locall/groupexpansion/service.s
                    vc
    Result        : Success
    Latency       : 00:00:06.8179568
    Error Message :
    Diagnosis     :

    Test-CsAddressBookService Results:

    Target Fqdn   : lyncpool02.domain.local
    Target Uri    : https://lyncpool02.domain.local/abs/handler
    Result        : Success
    Latency       : 00:00:00
    Error Message :
    Diagnosis     :

    Update-CsUserDatabase and Update-CsAddressBook report no errors.

    I checked the Skype client logs and examined in Snooper, but didn't find anything of note or any related errors.

    I tried OCSLogger with ABCommon, ABServer and ABServerIISModule set to enabled with all flags but this returned no results.

    What more can I check on?  Are there more components that I can turn on in OCSLogger?  Not sure what to look for here.

    Thursday, April 18, 2019 7:37 PM

Answers

  • The issue was that Kerberos was configured for the site, but the Kerberos Password was not copied from a server from the original pool, (in the same Lync site).

    Set-CsKerberosAccountPassword -FromComputer "atl-cs-001.litwareinc.com" -ToComputer "dublin-cs-001.litwareinc.com"

    • Marked as answer by Brandon74 Monday, May 20, 2019 2:57 PM
    Monday, May 20, 2019 2:55 PM

All replies

  • Hi,

     

    Here I found a blog that explains the same error message and the corresponding resolution. Please refer to: http://communicationsknowledge.blogspot.com/2014/07/type-your-user-name-and-password-to.html

     

    Please have a check the certificate of reverse proxy if you have deployed it and also the authentication delegation settings and make sure you have ticked the authentication to "No delegation, but client may authenticate directly".

     

    Besides, how did you deploy the second AD site, did you add an additional domain?

    If so, here is an article could be as the reference on adding additional sip domain to already deployed SFB server, please check to see if any step missed when deploying the additional domain: https://social.technet.microsoft.com/wiki/contents/articles/30621.lync-2013-step-by-step-add-additional-sip-domains-in-existing-deployment.aspx

     

    Kind regards,

    Calvin Liu


    Please remember to mark the reply as an answer if you find it is helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, April 19, 2019 7:05 AM
    Moderator
  • Thanks, I did also see the blogspot article when I googled the error.  The issue is internal, and the issue persists if I used a hosts file entry to bypass the load balancer and point to the Lync Server directly.  

    I'm not introducing a new SIP or client access domain.  The second pool has a failover relationship with the first.

    Monday, April 22, 2019 1:08 PM
  • Hi,

    I'm wondering if you have checked the following article which is introducing how to make the high availability for front end server?

    https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/high-availability-and-disaster-recovery/high-availability

    https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy-high-availability-and-disaster-recovery/front-end-pools-for-disaster-recovery

    Just in case you missed any steps should be pay attention to. :)

    Kind regards,

    Calvin Liu


    Please remember to mark the reply as an answer if you find it is helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, April 25, 2019 11:03 AM
    Moderator
  • Yes, I've read those.  I don't see any conflicts between these articles and my config.
    Monday, April 29, 2019 6:21 PM
  • Hi,

    Would you please clear the sip cache from client side first, and then reproduce the issue.

    After that, check the client Uccapi log to detect if there is any error message reported. 

    If it still not works, would suggest you to use Fiddler tool to capture the log to further investigate the issue.

    Kind regards,

    Calvin Liu


    Please remember to mark the reply as an answer if you find it is helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, April 30, 2019 9:53 AM
    Moderator
  • Hi,

     

    Are there any update for this issue? If the reply is helpful to you, please try to mark it as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well. :)

    Kind regards,

    Calvin Liu


    Please remember to mark the reply as an answer if you find it is helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, May 6, 2019 9:38 AM
    Moderator
  • The issue was that Kerberos was configured for the site, but the Kerberos Password was not copied from a server from the original pool, (in the same Lync site).

    Set-CsKerberosAccountPassword -FromComputer "atl-cs-001.litwareinc.com" -ToComputer "dublin-cs-001.litwareinc.com"

    • Marked as answer by Brandon74 Monday, May 20, 2019 2:57 PM
    Monday, May 20, 2019 2:55 PM