Lync 2013 Authenticating with Windows Account Every Minute

Similar Messages

• Lync 2013 for iPad & Windows Mobile Sign in Issue

  Hi,
  I hope someone can help with a very frustrating issue I'm having with Lync 2013 on iOS & Windows Mobile - it won't sign in with an error message saying 'We can't sign you in. Please check your account info and try again'
  I know my account info is right as I use it to sign in to the desktop client when working remotely, and it also works fine on an Android client.
  The Lync remote connectivity analyser passes all the tests, I can get to the xml file using https://lyncdiscover.domain.org/autodiscover/autodiscoverservice.svc/root from a laptop, but from the iPad it's just a blank screen.
  I've tried using auto detect, and entering details manually, but still no luck. I'm completely stumped. I've trawled blogs, form posts etc, but nothing. HELP!!!
  Some details - we have a FE server, and an Edge Server, both running Lync 2013 with latest updates. We use nGinX as the RP and that all seems to be fine. It just doesn't want to authenticate me (or anyone else).
  See below part of log file from my iPad that shows an error on the FE server.
  </SentRequest>
  2014-03-07 08:19:36.200 Lync[1615:74c6000] INFO UTILITIES CHttpStreamPool.cpp/409:Allocating stream 0x589d0a0 for url - http://lyncdiscover.domain.org/ with persistent id as 7
  2014-03-07 08:19:36.200 Lync[1615:74c6000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/436:CHttpProxyHelper::discoverProxy : No proxy found for url http://lyncdiscover.domain.org/. Sending over direct connection.
  2014-03-07 08:19:36.200 Lync[1615:74c6000] INFO TRANSPORT CHttpStreamPool.cpp/556:Not setting TLS as the url(http://lyncdiscover.domain.org/) is not https
  2014-03-07 08:19:36.205 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-03-07 08:19:36.206 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-03-07 08:19:36.206 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-03-07 08:19:36.206 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-03-07 08:19:36.206 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-03-07 08:19:36.595 Lync[1615:74c6000] INFO UTILITIES CHttpConnection.cpp/577:Received kCFStreamEventEndEncountered (UcwaAutoDiscoveryRequest)isHeadersAvailable = true  responseHeadersHandle = 58b1930
  2014-03-07 08:19:36.596 Lync[1615:74c6000] INFO UTILITIES CHttpConnection.cpp/651:Response status = 200 for request UcwaAutoDiscoveryRequest
  2014-03-07 08:19:36.597 Lync[1615:74c6000] INFO UTILITIES CHttpStreamPool.cpp/455:Scheduling stream 0x58812c0 for release.
  2014-03-07 08:19:36.597 Lync[1615:74c6000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request(UcwaAutoDiscoveryRequest) with status = 0x0
  2014-03-07 08:19:36.598 Lync[1615:74c6000] INFO TRANSPORT TransportUtilityFunctions.cpp/925:<ReceivedResponse>
  GET https://lyncdiscover.domain.org/?sipuri=sip:[email protected]
  Request Id: 0x11d4988
  HttpHeader:Cache-Control no-cache
  HttpHeader:Connection keep-alive
  HttpHeader:Content-Length 1025
  HttpHeader:Content-Type application/vnd.microsoft.rtc.autodiscover+xml; v=1
  HttpHeader:Date Fri, 07 Mar 2014 08:19:34 GMT
  HttpHeader:Expires -1
  HttpHeader:Pragma no-cache
  HttpHeader:Server nginx/1.4.1
  HttpHeader:StatusCode 200
  HttpHeader:X-AspNet-Version 4.0.30319
  HttpHeader:X-Content-Type-Options nosniff
  HttpHeader:X-MS-Server-Fqdn KPPLYN04.ad.domain.org
  HttpHeader:X-Powered-By ASP.NET
  Ôªø<?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link
  token="Domain" href="https://extwebsvc01.domain.org/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=domain.org" /><Link token="User" href="https://extwebsvc01.domain.org/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=domain.org"
  /><Link token="Self" href="https://extwebsvc01.domain.org/Autodiscover/AutodiscoverService.svc/root?originalDomain=domain.org" /><Link token="OAuth" href="https://extwebsvc01.domain.org/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=domain.org"
  /><Link token="External/XFrame" href="https://extwebsvc01.domain.org/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://ly13webpool.ad.domain.org/Autodiscover/XFrame/XFrame.html"
  /><Link token="XFrame" href="https://extwebsvc01.domain.org/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
  </ReceivedResponse>
  2014-03-07 08:19:36.599 Lync[1615:74c6000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/119:location value is external
  2014-03-07 08:19:36.600 Lync[1615:74c6000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/195:User url is https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
  2014-03-07 08:19:36.601 Lync[1615:74c6000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x11d4988)
  2014-03-07 08:19:36.602 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
  2014-03-07 08:19:36.602 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/290:Received a root response
  2014-03-07 08:19:36.602 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with url = https://lyncdiscover.domain.org/?sipuri=sip:[email protected], userUrl = https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org,
  status = S_OK (S0-0-0)
  2014-03-07 08:19:36.603 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-UnAuthenticatedGet(0x11d4988): S_OK (S0-0-0) (Success); Done with req.; Stopping resend timer
  2014-03-07 08:19:36.603 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/399:Cancelling all requests
  2014-03-07 08:19:36.603 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/409:Cancelling request: 0x1124488
  2014-03-07 08:19:36.604 Lync[1615:3bc6218c] INFO TRANSPORT CSessionBase.hxx/158:Cancelling request: 0x1124488
  2014-03-07 08:19:36.604 Lync[1615:3bc6218c] INFO TRANSPORT CTransportThread.cpp/163:Added Request(UcwaAutoDiscoveryRequest) to Request Processor queue
  2014-03-07 08:19:36.604 Lync[1615:3bc6218c] INFO APPLICATION CUrlRedirectAndTrustResolver.cpp/610:UrlRedirectAndTrustResolver complete with url = http://lyncdiscover.domain.org/, Hops = 1, status = W_Cancelled (W0-0-6)
  2014-03-07 08:19:36.605 Lync[1615:74c6000] INFO TRANSPORT CTransportThread.cpp/343:Sent Request(UcwaAutoDiscoveryRequest) to Request Processor
  2014-03-07 08:19:36.605 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with url = http://lyncdiscover.domain.org/?sipuri=sip:[email protected], userUrl = , status = W_Cancelled
  (W0-0-6)
  2014-03-07 08:19:36.605 Lync[1615:74c6000] INFO UTILITIES CHttpStreamPool.cpp/455:Scheduling stream 0x589d0a0 for release.
  2014-03-07 08:19:36.606 Lync[1615:3bc6218c] INFO TRANSPORT CCredentialManager.cpp/176:getSpecificCredential for serviceId(1) returning: credType (1) signInName ([email protected]) domain (ad) username (ab00wk) password.empty() (0) certificate.isValid() (0)
  privateKey.empty() (1) compatibleServiceIds(1)
  2014-03-07 08:19:36.606 Lync[1615:3bc6218c] INFO TRANSPORT CMetaDataManager.cpp/403:Received a request to get the meta data of type 0 for url https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
  2014-03-07 08:19:36.606 Lync[1615:3bc6218c] INFO TRANSPORT CMetaDataManager.cpp/467:Sending Unauthenticated get to get the web-ticket url
  2014-03-07 08:19:36.607 Lync[1615:3bc6218c] INFO TRANSPORT CTransportThread.cpp/131:Added Request() to Request Processor queue
  2014-03-07 08:19:36.607 Lync[1615:3bc6218c] INFO TRANSPORT CAuthenticationResolver.cpp/108:Waiting on Meta Data from https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
  2014-03-07 08:19:36.607 Lync[1615:6081000] INFO TRANSPORT CTransportThread.cpp/343:Sent Request() to Request Processor
  2014-03-07 08:19:36.607 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/385:Submitting new req. GET-AuthenticatedUserGetRequest(0x11e6bf8)
  2014-03-07 08:19:36.608 Lync[1615:6081000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential for serviceId (4) type (1)!
  2014-03-07 08:19:36.608 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1194:Submitting Authenticated AutoDiscovery request to https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
  2014-03-07 08:19:36.609 Lync[1615:6081000] INFO TRANSPORT TransportUtilityFunctions.cpp/631:<SentRequest>
  GET https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
  Request Id: 0x1124488
  HttpHeader:Accept 
  HttpHeader:X-MS-WebTicket xxxxxxxxxx
  </SentRequest>
  2014-03-07 08:19:36.609 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1688:Ignoring GetUserUrlOperation event as current state is 6
  2014-03-07 08:19:36.610 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1690:Request url was http://lyncdiscover.domain.org/?sipuri=sip:[email protected]
  2014-03-07 08:19:36.610 Lync[1615:6081000] INFO UTILITIES CHttpStreamPool.cpp/409:Allocating stream 0x58bf6c0 for url - https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user with persistent id as 15
  2014-03-07 08:19:36.610 Lync[1615:6081000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/436:CHttpProxyHelper::discoverProxy : No proxy found for url https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org. Sending over
  direct connection.
  2014-03-07 08:19:36.941 Lync[1615:6081000] INFO UTILITIES CHttpConnection.cpp/577:Received kCFStreamEventEndEncountered (0x%u0x104bc00)isHeadersAvailable = true  responseHeadersHandle = 58b6bd0
  2014-03-07 08:19:36.942 Lync[1615:6081000] INFO UTILITIES CHttpConnection.cpp/651:Response status = 401 for request 0x%u0x104bc00
  2014-03-07 08:19:36.943 Lync[1615:6081000] INFO UTILITIES CHttpConnection.cpp/718:Not send authenticating request(0x%u0x104bc00).  isAuthObjectValid - 0, areCredentialsValid - 0, resendRequestCounter - 1
  2014-03-07 08:19:36.943 Lync[1615:6081000] INFO UTILITIES CHttpStreamPool.cpp/455:Scheduling stream 0x58bf6c0 for release.
  2014-03-07 08:19:36.943 Lync[1615:6081000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x0
  2014-03-07 08:19:36.944 Lync[1615:6081000] INFO TRANSPORT TransportUtilityFunctions.cpp/925:<ReceivedResponse>
  GET https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
  Request Id: 0x1124488
  HttpHeader:Cache-Control no-cache
  HttpHeader:Connection keep-alive
  HttpHeader:Content-Length 1293
  HttpHeader:Content-Type text/html
  HttpHeader:Date Fri, 07 Mar 2014 08:19:35 GMT
  HttpHeader:Server nginx/1.4.1
  HttpHeader:StatusCode 401
  HttpHeader:X-Content-Type-Options nosniff
  HttpHeader:X-MS-Server-Fqdn KPPLYN04.ad.domain.org
  HttpHeader:X-MS-WebTicketSupported cwt,saml
  HttpHeader:X-MS-WebTicketURL https://extwebsvc01.domain.org/WebTicket/WebTicketService.svc
  HttpHeader:X-Powered-By ASP.NET
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
  <title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
  <style type="text/css">
  <!--
  body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
  fieldset{padding:0 15px 10px 15px;} 
  h1{font-size:2.4em;margin:0;color:#FFF;}
  h2{font-size:1.7em;margin:0;color:#CC0000;} 
  h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
  #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
  background-color:#555555;}
  #content{margin:0 0 0 2%;;}
  .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;;}
  -->
  </style>
  </head>
  <body>
  <div id="header"><h1>Server Error</h1></div>
  <div id="content">
   <div class="content-container"><fieldset>
    <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
    <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
   </fieldset></div>
  </div>
  </body>
  </html>
  If you need any further info, please let me know.
  Thanks in advance
  Aron

  Hi,
  Did the sip address name match with User Principle Name?
  If not, when you enter the login information please also populate the Username filed using the format domainusername and test again.
  Here is a blog may help you, it is for Lync server 2010 but similar for Lync server 2013:
  http://blogs.perficient.com/microsoft/2011/12/lync-mobility-understanding-sip-sign-in-address-vs-user-principle-name-upn/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Cannot share desktop - Lync 2013 server and Windows 8 (64-bit) client

  Currently my new Lync server cannot share a desktop through a Lync 2013 client installed on a Windows 8 workstation. The client is patched up with the latest MS patches (much beyond the patch issues noted about a year ago, the patches in question do not
  even show up as installed).
  I get the same "An error occurred during the screen presentation" message. I do have a NVIDIA video cards on the workstations, but they too are patched up. The same systems have no issues sharing desktop screens in the Lync 2013 client on Windows
  8 systems when they are connected to a Lync 2010 server.
  I have no idea where to go from here. Any suggestions or help is greatly appreciated.

  Did this issue happen to other Lync 2013 client?
  As you mentioned that you can used the same Lync 2013 to sharing desktop screen when it connects Lync Server 2010 while you couldn’t share desktop screen when it connects to Lync Server 2013,
  I think it is related with Lync Server.
  Please check if you can find any errors on Lync Front End Server.
  Check all Lync server services are all started.
  Lisa Zheng
  TechNet Community Support

• I have mountain lion OSX and parallels with Windows.  Every time I click on a hyperlink in other applications it opens - some 7 Zip file explorer inside Parallels but doesn't go to Safari.  Does anyone know solution?

  I have mountain lion OSX and parallels with Windows.  Every time I click on a hyperlink in other applications it opens - some 7 Zip file explorer inside Parallels but doesn't go to Safari.  Does anyone know solution?

  I suggest that you run software update, after which you should have Safari 6.0.5 - then check Safari - Preferences - Privacy & see that 'Block cookies' is not set to Always.
  Failing that - switch Safari extensions Off via Safari - Preferences - Extensions & test again

• Lync 2013 failed on windows 7 64-bit system with ErrorCode: 1624(0x658)

  I have HP xw4400 Workstation (64bit) with windows 7 SP1.
  LYNC 2013 is getting failed again and again with error "Microsoft setup bootstrapper has stopped working".
  I checked setup log at %temp% and found something went wrong in c:\MSOCache\All Users but couldn't fix it
  2014/09/02 17:58:28:477::[5164] Error: Failed to configure:  {90150000-012C-0000-0000-0000000FF1CE} ErrorCode: 1624(0x658). 
  2014/09/02 17:58:28:477::[5164] Log level changed from: Standard to: Verbose
  2014/09/02 17:58:28:477::[5164] Rolling back chain
  2014/09/02 17:58:28:477::[5164] Error attaching to OSE, error 0x00000000
  2014/09/02 17:58:28:477::[5164] Stopping running ose
  I followed another TechNet article regarding MSO 2013 getting crashed with same error
  http://social.technet.microsoft.com/forums/office/en-US/4b4c3176-b436-4f07-99c1-ea92091bd621/windows-7-64bit-office-2013-install-error
  Thanks in advance

  Hi,
  Did you solve the issue with the help of Edwin provided above?
  Please try to download the latest version of Office 2013 from Microsoft Website and then install it to check if the issue happen again.
  Please also go to your computer manufacturer’s website and update all driver packages for your computer, such as: Audio drivers, Bluetooth drivers, System chipset drivers, webcam drivers.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Error when starting Lync 2013 meeting with Office 32 bit windows 8.1 64 bit.

  Hi,
  have Office pro 2013 32 bit and lync 2013 32bit on win 8.1 64 bit. And I can't start lync meeting's. Lync are working. When i start lync detting error " that lync have trouble and that the program has to be restarted." the choise
  is to repare or Close. eighter helps. Any one has any suggestions what to do. 

  Its reasonably uncommon for the client to just crash as far as I have seen. As Desmond has mentioned I would try the latest updates (ensuring that you also have the latest supporting updates for Office). If this doesnt help you may need to look deeper in
  the OS.
  Hope it helps!
  Andrew Morpeth
  Lync Server Specialist - Auckland, NZ
  Blog - http://www.lync.geek.nz
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Lync 2013 MX (on windows rt) will not connect to Lync 2010 enterprise server

  Both internal and external (through edge) will not connect. I will put in the SIP address, try to connect and it will ask for the logon credentials (domain is different from SIP domain) A minute later it will state that it was unable to sign on. When I enable
  logs I get a massive log file (~etl.bak) that is garbled and snooper will not read.
  I have had no problem signing in users with Lync for the ipad, windows phone, or android devices. Does anyone know a way to troubleshoot this further?

  Make sure you use the following to log on
  SIP Address : [email protected]
  Account : Domain\user
  - Belgian Unified Communications Community : http://www.pro-lync.be - MCM/MVP/MCT
  Tried all the combinations, but I heard a rumor that the company has messed-up or incomplete DNS entries and won't fix it. On the Lync desktop versions I can work around this by using advanced connection settings (which don't exist on the WinRT/Store
  app) to specify manual internal and external names.
  Also tried entering sip.company.com and sipexternal.company.com in hosts file but that doesn't work either. that was suggested elsewhere as a fallback mechanism, but it doesn't seem to work when potentially invalid SRV entries already exist.
  What I really need is for Microsoft to support the advanced connection settings, there's no other way around that.
  Two questions:
  1) Anyone know how to get access to the logging information which is enabled in the options of the Windows Store app? It's a long shot but maybe I can find somebody in this big company who will want to correct it.
  2) Do we use the usual MS Connect to make bug/feature requests for the store apps too? For many years now a lot of products have been missing from there in favor of other feedback systems like User Voice (e.g. Windows Phone and Visual Studio). So you never
  know exactly which is the right place to report such stuff nowadays (shame because Connect seemed like a universal solution at the start).
  Key Artefacts

• How do I enable users to attend on Lync 2013 meeting on Windows 2008 R2 Terminal Services/XenApp 6?

  Hi,
  We are not using Lync internally. But some of my users need to attend Lync 2013 meetings. We run a Windows 2008 R2 Terminal Services/XenApp environment. Users are not allowed to install applications.
  In the past, I was able to install administratively a Lync 2010 attendee client.
  How do I enable my users to attend a Lync 2013 meeting?
  Thanks.

  This is not viable. I don't know which user is going to be attending Lync meetings from suppliers or customers ahead of time and have no contacts to request a test meeting. This is a loop. How does Microsoft expect sysadmins to support their products if
  the client software is not easily available.
  At this point if I have a user who needs this, I will only know about it after the meeting has failed. At that point the user is not very receptive to the idea of involving his contact in troubleshooting and setting up test meetings. It's even worse if it's
  an executive.
  Is there any way of pre-installing the pre-requisites for attending Lync 2013 meetings?
  My only choice is to inform my user community that we have no way of supporting Lync and request that they use GotoMeeting or WebEx with their contacts who try to do a Lync meeting.
  I am very disappointed in Microsoft's approach with Lync 2013.
  Thanks for your time.

• Azure AAD Mobile Service Authentication with corporate accounts fails.

  I have been having on-going issue with Authenticating against a Windows Azure mobile service with corporate accounts.
  Here is the complete environment.
  Initially we set up with Office 365 / CRM Online / and Azure for our corporate infrastructure. We have set up single sign on. Everything works well. There is ADFS set up and running to allow us to Authenticate with {username}@{companyDomainName} and everything
  works, including single signon. 
  Along comes Azure Active directory. We have an Automatically created Azure active directory in the corporate azure account. The domain is the default created {accountname}.onmicrosoft.com domain structure. This is set as the Default directory.
  We had a consultant come in, who was organized through Microsoft, to do some work. After everything was set and done we ended up with another active directory created in Azure that is named with the corporate domain name. This second domain has had all of
  the corporate accounts synched to it. 
  I have now created an Azure Mobile Service. The service is a basic service, I haven't updated any of the code yet, except to publish the service. I have followed all of the configuration instructions for setting up the authentication. 
  If configure the Authentication to point at the first active directory, I am able to Authenticate against the service using the credentials for a user that has been created in that domain. The Authentication works correctly, and goes through.
  However if I switch the configuration to use the second Active Directory, the one with the corporate accounts synched to it, the authentication fails. I am able to enter my corporate email address into the web page that is presented. Then the web control
  started to call into the ADFS in order to authenticate the corporate user name and password. At this point the authentication fails with a message about the service not being available.
  The login code is the standard:
  user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory);
  The project is a Universal Application as the service needs to be available from both a phone and a desktop. The project was started from the starter project downloaded form the Mobile Service site.
  # Update
  I've just switched the mobile service configuration back to use the AAD with the corporate accounts synchronized. The login through the application fails. However if I log in through IE by browsing to : https://{ServiceName}.azure-mobile.net/login/aad
  The authentication goes through correctly. 

  A few questions on the details:
  What client platform are you using for login. In particular, is this a Windows Store application?
  What do you mean exactly by "authentication fails?" Does an error get thrown, or does the UI just hang?
  Is this being done from a domain-joined machine and/or on a machine connected to a corporate network?
  We have seen an issue where some configurations of ADFS will not play nicely with Windows Store apps since the Web Authentication Broker (WAB) is based on the IE browser, and ADFS will attempt to do SSO in the special IE way instead of presenting a form,
  etc. Unless the WAB is configured to handle this scenario, you will get a non-responsive UI.
  Any details you can provide would be helpful.

• Lync 2013 problem with interaction in Hyper-V

  Hello,
  during the conference in Lync 2013 does
  not work the guest interaction service,
  which has been referred to the control
  (display the
  desktop). The
  guest can move the
  cursor, but
  can't click or
  write in Hyper-V virtual
  machine. In
  a virtual machine running Windows Server 2012R2. Enhanced VM Interaction is
  on.
  What to do to give away full
  control for the guest?

  I may be confused, but it looks like you're trying to control a server VM with this capability.  Do the actions require elevated or administrator access? If so, by security design this won't work.
  "It is worthwhile mentioning that people who you gave control to in a desktop sharing session will not be able to interact with elevated prompts."
  The article below mentions this, and suggests running as Lync as administrator which we've not had great success with.
  http://blogs.technet.com/b/lync/archive/2012/11/02/presenting-your-screen-in-lync-2013.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Machine authentication with Windows 7

  Version: ISE 1.2p12
  Hello,
  I'm doing user and machine authentication with ISE.
  I use a first authorization rule to authenticate the machine against the AD. If it's part computers of the domain.
  Then I use an authorization rule to check if the user's group in AD with the credential he used to open the session + "Network Access:WasMachineAuthenticated = True"
  Things seems to be working and I see my switch port is "Authz Success" but shortly after the Windows 7 machine is behaving like 802.1X authentication fails. The little computer on the bottom right has a cross on it.
  If I disable and enable again the network card of that windows machine it works.
  Does any one of you have an idea about this problem ? something to tweak on Windows 7 like timers...
  Thank you

  Hi Mika. My comments below:
  a) You told me that MAR ("Network Access:WasMachineAuthenticated = True") has some drawbacks. When hibernation is used it can cause problems since the MAC address could have been removed from the cache when the user un-hibernate its computer. Then why not increasing the MAR cache to a value of 7 days then ? Regarding the roaming between wire and wireless it's a problem indeed.
  NS: I don't believe that the MAR cache would be affected by a machine hibernating or going to sleep. There are some dot1x related bug fixes that Massimo outlined in his first pos that you should look into. But yes, you can increase the MAR timer to a value that fits your environent
  b) You suggest to use one authorization rule for the device which should be part of the AD and one authorization rule for the user with the extra result "IdentityAccessRestricted = False". By the was, are we really talking about authorization rules here ? I will try this but it's difficult for me to imagine how it would really work.
  NS: Perhaps there is some confusion here but let me try to explain this again. The "IdentityAccessRestricted" is a check that can be done against a machine or a user account in AD. It is an optional attribute and you don't have to have it. I use it so I can prevent terminated users from gaining access to the network by simply disabling their AD account. Again, that account can be either for a "user" or for a "machine"
  z) One question I was asking myself for a long time. All of us want to do machine+user authentication but Windows write Machine OR User Authentication. This "OR" is very confusing.
  NS: At the moment, the only way you can accomplish a true machine+user authentication is to use the Cisco AnyConnect supplicant. The process is also known as "EAP-Chaining" and/or "EAP-TEAP." In fact there is an official RFC (RFC 7170 - See link below). Now the question is when and if Microsoft, Apple, Linux, etc will start supporting it:
  https://tools.ietf.org/html/rfc7170
  Thank you for rating helpful posts!

• Biztalk 2013 R2 with Windows Server 2003 R2 Domain Controller

  Hello, I have a client right who has a Windows Server 2003 R2 domain controller with active directory installed. Is there any reason why I can't install Biztalk 2013 on a Windows Server 2012 R2 box and add it to that farm to use active directory?
  Thanks in advance,
  -Adam

  BizTalk Server is only going to use the User Groups created in Domain Controller so ideally i don't think there will be any compatibility issue. Also there isn't any microsoft article which talks about BizTalk compatibility with respect to domain controller.
  You will have to create all the Windows Groups and User Accounts in AD, before BizTalk Server configuration.
  Windows Groups and User Accounts in BizTalk Server
  Thanks,
  Prashant
  Please mark this post accordingly if it answers your query or is helpful.

• Cannot sync Outlook 2013 calendar with Windows 8 phone

  I recently bought a Nokia Lumia 1320 with Windows 8. I have tried to sync the calendar app with my Outlook 2013 calendar (on a Windows 8.1 PC).<o:p></o:p>
  I have created a Hotmail account on Outlook and converted my original Outlook calendar to a list before copying it to the Hotmail calendar account, as instructed on various MS web pages (I cannot
  enter hyperlinks here, your genius web site won't let me), but nothing appears on my phone.  It was actually MUCH easier to sync with my previous Android phone and an iPad - so much for seamless Windows connections.<o:p></o:p>
  After wasting many, many hours I noticed that if I
  manually enter an appointment in the Hotmail calendar (in Outlook), then it
  appears in the phone (and vice versa).  However it does not appear for events that I have mass-copied over to the Hotmail account, including recurring events.  This flies in the face of what the instructions say.  There are far too many future
  events for me to re-type, along with the danger that I might miss some.  Why doesn't the mass copy (only of future, recurring and
  active events) work?<o:p></o:p>
  I have wasted way too much time on this and am beginning to deeply regret buying a Windows phone. Any help would be gratefully accepted.

  Thanks for replying, Mike. I have set up two accounts on the phone, one is my 'normal' email account (non-Microsoft) and the other is my Hotmail account, which appears in Email + Accounts as 'Microsoft Account'.  I am now at work (in Australia) and
  don't have the phone with me, so I can't be sure of the exact words.
  Anyway with the MS account there is only one check box - Email.  In my endless trawling through the web I read somewhere that this 'primary' account automatically syncs the Calendar and Contacts, so the additional check boxes are considered redundant
  (which seems pretty dumb - a user might not WANT to sync them).
  I also set up an additional Hotmail account, which appeared as 'Hotmail 2', and this did have the sync Calendar and Contacts check boxes, but it will wouldn't do the job.  I tried deleting the 'primary' account so I could use the secondary account instead
  (and force the syncing through those check boxes), but it would not let me.

• Lync 2013 integration with OWA

  Hi,
  I am integrating Lync 2013 ( with SBAs as branches)  with OWA 2010.
  The IM and presence works fine for users homed in the front end pool. However for users in the branch pool it does not work as the certificate is rejected by the CAS server.
  SBA uses same server authentication certificate ( OAuth) as the front end. ( which I believe is expected)
  Below is the error msg im seeing :
  brief error logs:
  ================
  TL_WARN(TF_PROTOCOL) [<SBA>\<SBA>]0704.11F0::06/04/2014-04:45:05.129.00001662 (UserServices,CRegister::OnClientDisconnected:register.cpp(1130)) ( 0000000002AACC20 ) Disconnecting client [[email protected]]/EndpointId
  [a9cf0cb1-b611-50ae-8652-3cab8a0c8056] as it has crashed
  TL_ERROR(TF_CONNECTION) [<SBA>\<SBA>]0704.11F0::06/04/2014-04:45:05.129.00001663 (SIPStack,SIPAdminLog::WriteConnectionEvent:SIPAdminLog.cpp(460)) [4230621814] $$begin_record
  Severity: error
  Text: The connection was closed before TLS negotiation completed. Did the remote peer accept our certificate?
  Local-IP: <SBA ip>:62858
  Peer-IP: <CAS server ip>:5075
  Connection-ID: 0x1FEB401
  Transport: TLS
  $$end_record

  Similar issue here...users homed on the SBAs can only see each other in OWA...users homed in other pools show gray presence indicators.

• Long time wait for authentication with Windows 2003 AD

  Hello,
  We have a problem with authentication with 2003 AD. If it was no requests from VDI to Windows 2003 AD during some time (10-15 minutes), first request take a lot of time - 3-5 minutes and user need to wait after entering his username/password. Searching users in VDI GUI also take a lot of time in this situation.
  How to resolve this? Size of directory is very small.
  And with 2008 AD and Open LDAP there is no such problem.

  Same thing for 2003, it is called IAS (Internet Authentication Service).
  http://www.microsoft.com/technet/network/ias/default.mspx
  Basically you will set up IAS with a RADIUS Client which would be your wireless access point(s). Then you will set up a remote access policy which will define how connections are authorized or rejected (windows groups, protocols etc.). Don't forget to register IAS with active directory.