Can’t sign to Lync Server 2010/2013

I have just installed Lync Server 2013 Std with external connectivity (used free comodo ssl certificate) for my own demo. Everything works as good as expected. But some clients on old operation systems (for example, XP SP3) couldn’t sign to Lync server.

lync can't sign_1

Turned on the logging on the client side and analyzed them in snooper

lync can't sign

Resolution:

By default, Server 2008 R2/2012 require 128 bit encryption for NTLMv2 session. So, if  strong encryption  is not negotiated, connection will fail. In Windows XP/Vista this policy has no requirements. To provide negotiation between servers and all clients you have to do the following actions:

1) Open your gpedit.msc on Lync FE
2) Computer configuration > Windows Settings > Security Settings > Local Policies >Security Options and find following policies:

Network security: Minimum session security for NTLM SSP based (including secure RPC) servers

3) Uncheck all requirements and run gpupdate /force

ntlm

P.S. Lync Server 2013 installation manual is going to publish as soon as possible 🙂

Passed 70-665 exam!!

Woohooo! I’ve passed 70-665 PRO: Lync Server 2010,Administrator exam from a second shot. It’s really great and interesting exam with 48 questions in it. There are two sections : Case Studies  and Multiple Choices (test~70-664). Case studies are set of questions about 3 separate companies (Litware,Contoso,Adatum) and you need to review their existing infrastructure, requiremens and recommend a right solution in diffirent situations (PSTN connection, load balancing, creating certificates and etc.).

Are you preparing for the exam? Use my post about Lync learning resources

——

My preparation materials:

– Mastering Lync Server 2010, Lync Server 2010 Unleashed
– Technet
– Microsoft guide about deploying Lync Server Ent.
– labs, labs, labs and customer projects