locked
Lync 2013 / SFB 2015 SSO Problems RRS feed

  • Question

  • Six months ago we upgraded from Exchange 2007 to Exchange 2016.  Our client environment included Office 2013 and Lync 2010.  After the Exchange upgrade, we noticed all our users' Lync 2010 required a second log-in after the user logged on.  I was told it was due to an incompatibility between Exchange 2016 and Office 2010 products (including Lync Server 2010).  We upgraded all Lync 2010 clients to Lync 2013 (aka Skype for Business 2015).  I've just completed the on-premise Skype for Business (SFB) 2015 Server and SFB is running splendidly between SFB Server and SFB Clients upon initial domain log-on.  However I still get another username and password request from SFB client after about 45 seconds.  I'm trying to achieve what I had before the Exchange 2016 upgrade, which was a complete SSO environment.  My users do NOT like having to enter in their username and password in SFB client after having just logged on to their computer.

    The research I've done points to UCMapi.exe starting about 30 seconds after SFB Client comes up and requires its own authentication.  How can I get that to be part of SSO?  Or am I missing something else here?

    We do NOT use Office 365, nor cloud-based applications.  All clients use Office 2013 products with an on-premise Exchange 2016 server.  SFB is primarily used for chat / desktop sharing.

    I would love the feedback as to where I can start troubleshooting to isolate the issue. TIA-


    • Edited by MillerRW Wednesday, June 28, 2017 11:34 AM
    Tuesday, June 27, 2017 8:16 PM

Answers

  • It looks like I may have figured it out.  There was an authentication issue on the MAPI side of Exchange.  I went in and checked the boxes for NTLM and Basic authentication and SSO is working for SFB now.

    thanks for all of your help!


    RWM

    • Marked as answer by MillerRW Wednesday, June 28, 2017 1:20 PM
    Wednesday, June 28, 2017 1:20 PM

All replies

  • UCMapi.exe means that it's failing to get EWS. Check your exchange environment have Auto Discover configuration done and EWS configured. Usually, Skype for Business use EWS to connect to exchange. Failing EWS, it tries to connect using MAPI. 

    Try using Fiddler on one of the computers and see where it's failing during the EWS connectivity process. 


    http://thamaraw.com

    • Proposed as answer by Alice-Wang Wednesday, June 28, 2017 8:31 AM
    Wednesday, June 28, 2017 7:15 AM
  • Hi MillerRW,

    Did you have this issue before you upgrade Exchange server 2016?
    Are there any event IDs in SFB FE server?

    Please press Ctrl and right click Lync icon in the taskbar, open configuration information. On the open page check if EWS status and MAPI status are OK.

    If EWS is not deployed, please try to deploy it
    http://lyncnews.tumblr.com/post/100646558195/uc-lobby-configuring-lync-and-exchange-web

    For SFB server, please try to install the latest update for it.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 28, 2017 8:34 AM
  • Thanks, Alice Wang-

    EWS shows "EWS Status OK" on the client configuration information.  MAPI takes about 45 seconds after SFB loads before status is OK.  During that 45 seconds, it states "MAPI unavailable; retrying connection".  EWS status is OK immediately and during MAPI unavailable status.

    The SFB Configuration Information for the client states regarding EWS:

    EWS Internal URL        https://servername.company.com/EWS/Exchange.asmx       --
    EWS External URL        https://webmail.company.com/ews/exchange.asmx             --
    >>>
    EWS Information                                                                                                 EWS Status OK


    RWM

    Wednesday, June 28, 2017 12:05 PM
  • It looks like I may have figured it out.  There was an authentication issue on the MAPI side of Exchange.  I went in and checked the boxes for NTLM and Basic authentication and SSO is working for SFB now.

    thanks for all of your help!


    RWM

    • Marked as answer by MillerRW Wednesday, June 28, 2017 1:20 PM
    Wednesday, June 28, 2017 1:20 PM