I have just installed Lync Server 2013 Std with external connectivity (used free comodo ssl certificate) for my own demo. Everything works as good as expected. But some clients on old operation systems (for example, XP SP3) couldn’t sign to Lync server.
Turned on the logging on the client side and analyzed them in snooper
Resolution:
By default, Server 2008 R2/2012 require 128 bit encryption for NTLMv2 session. So, if strong encryption is not negotiated, connection will fail. In Windows XP/Vista this policy has no requirements. To provide negotiation between servers and all clients you have to do the following actions:
1) Open your gpedit.msc on Lync FE
2) Computer configuration > Windows Settings > Security Settings > Local Policies >Security Options and find following policies:
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
3) Uncheck all requirements and run gpupdate /force
P.S. Lync Server 2013 installation manual is going to publish as soon as possible 🙂
UseIT | Roman Levchenko 