Friday, March 15, 2013

Lync 2013 Client continuously asks for credentials after signing in for response group & Certificate services


Errors that I had with the Lync Client where the following
  • Credentials are required – Type your user name and password to connect for certificate services.
  • Credentials are required – Type your user name and password to connect to the corporate address book.
  • Credentials are required – Type your user name and password to connect for retrieving response groups.
Troubleshooting
The following PS cmdlets are very helpful in diagnosing what could be wrong in an environment. Test-CsKerberosAccountAssignments tests that Kerberos account assignment is configured, the Kerberos account attributes are OK and that the IIS configuration is OK for all servers in the site running WebServices
Test-CsKerberosAccountAssignment -Identity “site:SiteName” -Report “c:\logs\KerberosREport.htm” -Verbose



If you are getting above error, then you need to create Kerberos account and assign it to the site where you lync pool is resides.

Configuration
Create the Kerberos Account
PS C:\Users\TempUser> New-CsKerberosAccount -UserAccount “NTNET\KerbAuthSite” -ContainerDN “OU=Service Accounts,DC=corp,DC=ABC,DC=com”

"this will create a computer object for Kerberos authentication (KerbAuthSite)"

Assign the Account to the site
PS C:\Users\TempUser> New-CsKerberosAccountAssignment -UserAccount “NTNET\KerbAuthSite” -Identity “Site:SiteName”

Enable the topology
PS C:\Users\anisinghadm> Enable-CsTopology

Set the Account Password
PS C:\Users\anisinghadm> Set-CsKerberosAccountPassword -UserAccount “NTNET\KerbAuthSite”

Enable the topology
PS C:\Users\anisinghadm> Enable-CsTopology

Test that the account is assigned properly
PS C:\Users\TempUser> Test-CsKerberosAccountAssignment -Identity “site:SiteName” -Report “c:\logs\KerberosREport.htm” -Verbose




If there was only one server in topology, I would stop right here, but I had a few of them, so I had to synchronize a kerberos computer account password to on every additional server that I had:

Set-CsKerberosAccountPassword –FromComputer lync1.mydomain.local –ToComputer lync2.mydomain.local

Enable-CsTopology


Done, now you will not see this popup again :)