Lync Mobile iOS Client Authentication Issues
Troubleshooting Lync client connectivity can be difficult when there are multiple clients which exhibit slightly different behavior and there are some scenarios where not all clients can successfully sign in.
If the case is that both Windows Phone 7 and Android client are able to successfully login but iOS clients cannot then the cause could be related to a specific configuration change applied to the Lync servers somewhere along the line. More specifically the behavior seen on the iOS clients is that they will hang during the sign-in process and the cancel button is unresponsive.
Basically the iOS clients do not support the basic NTLM Authentication method while Windows Phone and Android clients do.
To determine the available authentication options, the Lync mobile application will retrieve the MEX bindings from the Web Ticket Service and the iOS clients expects to see WebTicketServiceWinNegotiate from the available authentication port names .
const std::string MEX_ATTRIBUTE_VALUE_WIN_NEGOTIATE("WinNegotiate");
const std::string MEX_ATTRIBUTE_VALUE_WEBTICKET_BEARER_TOKEN("WebTicketBearer");
const std::string MEX_ATTRIBUTE_VALUE_FED_BEARER_TOKEN("FedBearer");
When Lync is misconfigured and the iOS clients can not sign-in then the Web Ticket service response will look like this:
<wsdl:port name="WebTicketServiceWinNtlm" binding="tns:WebTicketServiceWinNtlm">
But the iOS client would expect to see the following response from the Web Ticket service:
<wsdl:port name="WebTicketServiceWinNegotiate" binding="tns:WebTicketServiceWinNegotiate">
Verify that the UseWindowsAuth option is correctly set to Negotiate in the Lync Server’s Web Service configuration.
- From the Lync Server Management Shell issue the Get-CsWebServiceConfiguration cmdlet to view the current setting.
- To change the setting use the following cmdlet to revert Lync back to the recommended authentication setting and then verify the new parameter value.
Set-CsWebServiceConfiguration –UseWindowsAuth Negotiate
Thanks again to Dave Howe at Microsoft for sharing details on these Lync mobility topics.