Saturday, January 29, 2011

Lync 2010 NTLM Client Authentication Mismatch

I ran into a problem with NTLM Client Authentication Mismatch after I upgraded my Edge and Director to Lync Server 2010 from OCS 2007 R2. 
 
On my Lync Director I found the following error message in Snooper
 
TL_WARN(TF_DIAG) [0]06B8.0B20::01/29/2011-06:08:46.375.00018ce0 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record
LogType: diagnostic
Severity: warning
Text: There is a mismatch between NTLM security settings on client and server computers.
Result-Code: 0xc3e93ee4 SIP_E_AUTH_NTLMMISMATCH
SIP-Start-Line: REGISTER sip:t2mdev.com SIP/2.0
SIP-Call-ID: 09774c9042d54469a7af4818e6364f95
SIP-CSeq: 5 REGISTER
$$end_record
 
A quick search of the net I found an article on Tin Cips and String blog that gave the key to solving the problem. Turns out the problem has more to do with the Operating System rather than Lync Server 2010.
 
I had to spend a little bit of time hunting for the group policy that the blog and technet article referenced. Here is where I found the group policy.
 
Default Domain Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Minumum session security for NTLM SSP based (including secure RPC) clients
 
Default Domain Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Minumum session security for NTLM SSP based (including secure RPC) servers
 
I changed the Default Domain Policy from Not Configured to Configured with the "Require 128-bit encryption" unchecked.

No comments:

Post a Comment