Jump to content



Photo

Problem signing in Lync with certain AD Groups


  • Please log in to reply
No replies to this topic

#1 beLIEve

beLIEve

    Neowinian

  • Joined: 12-August 04
  • Location: Kuala Lumpur, Malaysia

Posted 07 August 2014 - 14:45

Hello World. I'm an HTTP Proxy vendor. A customer using our HTTP Proxy is having problem signing in to Microsoft Lync. I am not familiar with the inner workings of Lync, and already did some web search.

 

Problem : Users from 2 Active Directory Groups are not able to login to Lync.

Group 1 users get Error: "There was a problem acquiring a personal certificate"

Group 2 users get Error: "The server is temporarily unavailable"

Users from other groups are able to login without any problem.

 

Question : Could these problems be caused by some AD Group configuration for Lync?

 

Based on the data that I have :

1. For AD Group 1 "There was a problem acquiring a personal certificate" :

- a Wireshark packet capture shows that the client goes to https://sipdir.online.lync.com.

- SSL handshake was successful and there were some Application Layer traffic before the client sends a TCP Reset.

 

2. For AD Group 2 "The server is temporarily unavailable" :

- a Wireshark packet capture shows that the client goes to https://sipdir.online.lync.com and terminates with a TCP FIN.

- It then goes to https://webpoolhkn0f06.infra.lync.com with a successful SSL handshake, some Application Layer traffic, before the client sends an immediate TCP Reset.

 

3. For other AD Groups, login to Lync was successful.

- a Wireshark packet capture shows that the client goes to https://sipdir.online.lync.com and terminates with a TCP FIN.

- It then goes to https://webpoolhkn0f06.infra.lync.com with a successful SSL handshake, some Application Layer traffic.

- The client sends a TCP Reset after 20 seconds of inactivity.

- The client subsequently goes to https://login.microsoftonline.com and https://webpoolhkn0f06.infra.lync.com and so on.

 

Thank you all in advance.