none
Autodiscover authenication RRS feed

  • Question

  • Hi,

    My lync clients connecting externally are prompted for Authention:

    Lync - Services Sign In

    Credentials are required

    Type your username and password to connect for retrieving calendar data from Outlook.

    After entering the password it connects to exchange services ok.  I did have to specify an external URL for web services, previously it was trying to connect to the internal EWS URL.

    Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -externalURL:https://webmail.domain.com/EWS/Exchange.asmx

    I’m running Exchange 2007, the Autodiscover URL is working fine for Outlook, and the Autodiscover site in IIS has both basic authentication and NTLM authentication enabled. 

    In Lync control panel à security à Web Service à Windows Authentication is set to NTLM.

    Internet explorer has the autodiscover URL as a local intranet site, there is a DNS entry for both autodiscover and for _autodiscover,_tcp pointing to autodiscover, and autodiscover is listed as a SAN on the exchange cert.

    What else can I do to get this authenticating correctly?

    Cheers,

    Thursday, March 24, 2011 4:13 AM

Answers

  • Got this sorted following the info in this blog post:

    http://blogs.msdn.com/b/scottos/archive/2008/10/16/why-is-communicator-prompting-me-for-credentials.aspx

    Initially resolved by disabling integrated authentication in internet explorer at the client end, however I didnt want to roll this out as policy to our laptops so we implemented the server side fix for Exchange 2007 / IIS7.  The fix in the blog post only updated the settings for the default website as follows:

    <providers>
    <add value="NTLM" />
    <add value="Negotiate" />
    </providers>

    We then manually updated the c:\windows\system32\inetsrv\config\applicationHost.config file for each of the sub sites to re-order NTLM above Negotiate.

    Friday, March 25, 2011 2:41 AM

All replies

  • Got this sorted following the info in this blog post:

    http://blogs.msdn.com/b/scottos/archive/2008/10/16/why-is-communicator-prompting-me-for-credentials.aspx

    Initially resolved by disabling integrated authentication in internet explorer at the client end, however I didnt want to roll this out as policy to our laptops so we implemented the server side fix for Exchange 2007 / IIS7.  The fix in the blog post only updated the settings for the default website as follows:

    <providers>
    <add value="NTLM" />
    <add value="Negotiate" />
    </providers>

    We then manually updated the c:\windows\system32\inetsrv\config\applicationHost.config file for each of the sub sites to re-order NTLM above Negotiate.

    Friday, March 25, 2011 2:41 AM
  • Can you tell me how you're publishing Autodiscover?  With TMG/ISA?  If so, what are your authentication methods on both your listener and rule?
    Friday, March 25, 2011 4:26 PM