Some clients unable to log on externally

Problem

Some users complain about not being able to log in to Lync externally. The domain logon is looping, even though they have entered the password correctly and a check confirms that their account is not locked out or disabled. Additionally, Event ID 14614 from LS Protocol Stack is logged on the FrontEnd server when the users try to log on:

SNAGHTML198fc660

Solution

The solution is mentioned further down in the event log message: “Ensure that the “Network security: Minimum session security for NTLM SSP based (including secure RPC) clients” policy settings on the computers from which users log on are the same as “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers” policy settings on this server.” This translates to a configuration error in the policy mentioned. On Server 2008 R2 and Win7 the default setting is require 128-bit encryption, on earlier versions of windows both 128 bit encryption and NTLMv2 is off. To solve the problem, either turn it off on the server side (not recommended) or turn it on at the client side. This setting can be pushed as a computer GPO.

In my case the user experiencing the problem was actually running Win7, but said computer had joined a Windows 2003 server domain which had probably pushed the wrong setting. Changing the setting was all it took to fix it, no restart of either Lync nor Windows was required.

image