When signing-in to Lync client using cached Domain Credentials (e.g. you login to your corporate domain-joined laptop at home), Lync Client may prompt you with an additional authentication dialog box:
When Lync Client signs in, it also attempts to retrieve availability data via Exchange 2010 Web Services(EWS). It does so by leveraging the Autodiscover functionality.
Communicator will issue SOAP requests (over HTTPS) to the published Autodiscover server, who returns the URLs for the Microsoft Exchange 2010 Client Access Server(s) that will feed the availability data back to Lync Client.
The additional prompt for authentication stems from Communicator being hard-wired to authenticate using NTLM. When IIS (on the Exchange 2010 CAS machines) returns it’s WWW-Authenticate headers, it does so in the form of:
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
When Communicator attempts to negotiate authentication using your cached credentials (over the Internet), it will fail with a “401.2 Unauthorized” (*2), and subsequently prompt you for authentication as above. However, if we force NTLM from either the client side or the server side, we eliminate these additional prompts for credentials
How to Fix:
We are instructing IIS on the Exchange 2010 CAS server(s) to offer NTLM as the first authentication provider (with Negotiate as the fallback provider) in the WWW-Authenticate header.
Fix using command lines
1. On the Exchange 2010 CAS machine(s), start -> run -> cmd -> OK. Change to the C:InetpubAdminScripts directory.
2. Execute the below commands.
a. Inspecting current status:
C:InetpubAdminScripts>cscript adsutil.vbs get w3svc/1/root/NTAuthenticationProviders
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
The parameter “NTAuthenticationProviders” is not set at this node. (*4)
b. Setting the parameter:
C:InetpubAdminScripts>cscript adsutil.vbs set w3svc/1/root/NTAuthenticationProviders “NTLM,Negotiate”
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
NTAuthenticationProviders : (STRING) “NTLM,Negotiate”
c. Verifying the output:
C:InetpubAdminScripts>cscript adsutil.vbs get w3svc/1/root/NTAuthenticationProviders
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
NTAuthenticationProviders : (STRING) “NTLM,Negotiate”
3. Restart the IIS Admin Service (which will restart all dependent services) on the Exchange 2010 CAS machine(s).
IIS 7.0 Configuration
Lists configuration
appcmd list config /section:windowsAuthentication
Removes Negotiate
Appcmd.exe set config /section:windowsAuthentication /-providers.[value=’Negotiate’]
Adds Negotiate
appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication /+”providers.[value=’Negotiate’]” /commit:apphost
Lists configuration
appcmd list config /section:windowsAuthentication
Here is a list of the results:
C:WindowsSystem32inetsrv>appcmd list config /section:windowsAuthentication
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled=”true” useKernelMode=”false”>
<providers>
<add value=”Negotiate” />
<add value=”NTLM” />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>
C:WindowsSystem32inetsrv>Appcmd.exe set config /section:windowsAuthentication /-providers.[value=’Negotiate’]
C:WindowsSystem32inetsrv>appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication /+”providers.[value=’Negotiate’]” /commit:apphost
C:WindowsSystem32inetsrv>appcmd list config /section:windowsAuthentication
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled=”true” useKernelMode=”false”>
<providers>
<add value=”NTLM” />
<add value=”Negotiate” />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>
How to Fix using GUI
1. Open the IIS Manager on the Client Access server, “Navigate to default Web site” Autodiscover and select Authentication
2. Open “Windows Authentication”, on the right hand side pane select “Providers”, Move up the “NTLM”.
3. Open the IIS Manager on the Client Access server, “Navigate to default Web site” EWS and select Authentication
4. Open “Windows Authentication”, on the right hand side pane select “Providers”, Move up the “NTLM”.
MS Exchange / Lync / Unified Communications/ O365/ Azure 
Very helpful post, thank you. Solved this exact issue for me. Cheers.
Pingback: Credentials are required, calendar password prompt – Lync/Communicator « ccolonbackslash
Pingback: Lync password prompts when connecting over Edge server : “Type your user name and password to connect for retrieving calendar data from outlook.” « ccolonbackslash
Pingback: How To Check Outlook Calendar For Others | OutlookRecoveryGuide.org
Pingback: Outlook Retrieving Data From Server | OutlookRecoveryGuide.org
Pingback: Retrieving Outlook Calendar | OutlookRecoveryGuide.org
Pingback: Fix Calendar Outlook 2010 - ORG.org