How to fix Lync Services Signin : Type your user name and password to connect for retrieving calendar data from outlook.

When signing-in to Lync client using cached Domain Credentials (e.g. you login to your corporate domain-joined laptop at home), Lync Client may prompt you with an additional authentication dialog box:

When Lync Client signs in, it also attempts to retrieve availability data via Exchange 2010 Web Services(EWS). It does so by leveraging the Autodiscover functionality.

Communicator will issue SOAP requests (over HTTPS) to the published Autodiscover server, who returns the URLs for the Microsoft Exchange 2010 Client Access Server(s) that will feed the availability data back to Lync Client.

The additional prompt for authentication stems from Communicator being hard-wired to authenticate using NTLM. When IIS (on the Exchange 2010 CAS machines) returns it’s WWW-Authenticate headers, it does so in the form of:

WWW-Authenticate: Negotiate

WWW-Authenticate: NTLM

When Communicator attempts to negotiate authentication using your cached credentials (over the Internet), it will fail with a “401.2 Unauthorized” (*2), and subsequently prompt you for authentication as above. However, if we force NTLM from either the client side or the server side, we eliminate these additional prompts for credentials

How to Fix:

We are instructing IIS on the Exchange 2010 CAS server(s) to offer NTLM as the first authentication provider (with Negotiate as the fallback provider) in the WWW-Authenticate header.

Fix using command lines

1. On the Exchange 2010 CAS machine(s), start -> run -> cmd -> OK. Change to the C:InetpubAdminScripts directory.

2. Execute the below commands.

a. Inspecting current status:

C:InetpubAdminScripts>cscript adsutil.vbs get w3svc/1/root/NTAuthenticationProviders

Microsoft (R) Windows Script Host Version 5.8

Copyright (C) Microsoft Corporation. All rights reserved.

The parameter “NTAuthenticationProviders” is not set at this node. (*4)

b. Setting the parameter:

C:InetpubAdminScripts>cscript adsutil.vbs set w3svc/1/root/NTAuthenticationProviders “NTLM,Negotiate”

Microsoft (R) Windows Script Host Version 5.8

Copyright (C) Microsoft Corporation. All rights reserved.

NTAuthenticationProviders : (STRING) “NTLM,Negotiate”

c. Verifying the output:

C:InetpubAdminScripts>cscript adsutil.vbs get w3svc/1/root/NTAuthenticationProviders

Microsoft (R) Windows Script Host Version 5.8

Copyright (C) Microsoft Corporation. All rights reserved.

NTAuthenticationProviders : (STRING) “NTLM,Negotiate”

3. Restart the IIS Admin Service (which will restart all dependent services) on the Exchange 2010 CAS machine(s).

IIS 7.0 Configuration

Lists configuration
appcmd list config /section:windowsAuthentication

Removes Negotiate
Appcmd.exe set config /section:windowsAuthentication /-providers.[value=’Negotiate’]

Adds Negotiate
appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication /+”providers.[value=’Negotiate’]” /commit:apphost

Lists configuration
appcmd list config /section:windowsAuthentication

Here is a list of the results:

C:WindowsSystem32inetsrv>appcmd list config /section:windowsAuthentication
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled=”true” useKernelMode=”false”>
<providers>
<add value=”Negotiate” />
<add value=”NTLM” />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>

C:WindowsSystem32inetsrv>Appcmd.exe set config /section:windowsAuthentication /-providers.[value=’Negotiate’]

C:WindowsSystem32inetsrv>appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication /+”providers.[value=’Negotiate’]” /commit:apphost

C:WindowsSystem32inetsrv>appcmd list config /section:windowsAuthentication
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled=”true” useKernelMode=”false”>
<providers>
<add value=”NTLM” />
<add value=”Negotiate” />
</providers>
</windowsAuthentication>
</authentication>
</security>
</system.webServer>

How to Fix using GUI

1. Open the IIS Manager on the Client Access server, “Navigate to default Web site” Autodiscover and select Authentication

2. Open “Windows Authentication”, on the right hand side pane select “Providers”, Move up the “NTLM”.

3. Open the IIS Manager on the Client Access server, “Navigate to default Web site” EWS and select Authentication

4. Open “Windows Authentication”, on the right hand side pane select “Providers”, Move up the “NTLM”.

Advertisements

7 comments on “How to fix Lync Services Signin : Type your user name and password to connect for retrieving calendar data from outlook.

  1. Pingback: Credentials are required, calendar password prompt – Lync/Communicator « ccolonbackslash

  2. Pingback: Lync password prompts when connecting over Edge server : “Type your user name and password to connect for retrieving calendar data from outlook.” « ccolonbackslash

  3. Pingback: How To Check Outlook Calendar For Others | OutlookRecoveryGuide.org

  4. Pingback: Outlook Retrieving Data From Server | OutlookRecoveryGuide.org

  5. Pingback: Retrieving Outlook Calendar | OutlookRecoveryGuide.org

  6. Pingback: Fix Calendar Outlook 2010 - ORG.org

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s